This research presents a novel image classification scheme that preserves privacy by using a feature extractor and an encoder to mask the plaintext image through a Noise-like Adversarial Example (NAE). This not only alters the visual appearance of the encrypted image but also forces the target classifier to predict the ciphertext as the same label as the original plaintext image. The encrypted images can be decrypted back to their original form using a secret key. The scheme maintains the classification accuracy of the classifier trained in the plaintext domain and proves to be secure against potential threat models.
Publication date: 20 Oct 2023
Project Page: https://github.com/csjunjun/RIC.git
Paper: https://arxiv.org/pdf/2310.12707