On the Security of Permutation-Only Image Encryption Schemes
Summary (2 min read)
Study Design and Patients
- A post hoc analysis of a prospective study, including 52 consecutive patients, was performed in order to identify and quantify pitfalls.
- Patients were included if they had biochemically proven EHH with neuroglycopenic symptoms and were excluded if the following conditions were present: (i) evidence of a malignant insulinoma on conventional imaging, (ii) pregnancy or breastfeeding in women, and (iii) renal insufficiency (serum creatinine >140 μmol/L).
- The regional scientific ethics committee approved the study, and all patients provided written consent in accordance with provisions of the Declaration of Helsinki.
Procedures
- The study was supported by the Swiss National Science Foundation (grant 320030-152938) and the Desirée and Niels Yde’s Foundation (grant 389-12), which had no role in study design, data collection, analysis, interpretation, or writing of the report.
- The study was approved by the regional scientific ethics committee, and all procedures performed in studies involving human participants were in accordance with the ethical standards of the regional scientific ethics committee and with the 1964 Helsinki Declaration and its later amendments or comparable ethical standards.
- Damian Wild, MD, PhD, Clinic of Radiology and Nuclear Medicine, University Hospital Basel, Petersgraben 4, 4053 Basel, Switzerland, also known as Correspondence to.
- Detailed information about synthesis and labeling of 68GaDOTA-exendin-4 and 111In- DOTA-exendin-4, co-administration of glucose infusion, as well as scanning information, has been published elsewhere.
Reading and Image Analysis
- All SPECT/CT and PET/CT images were analyzed using a vendor-provided analysis software package (Syngo.via; Siemens Medical Solutions, Malvern, PA).
- For localizing insulinomas, SPECT/CT (4 and 72 hours postinjection) and PET/CT readings were previously carried out in a randomized, blinded manner by 3 board-certified nuclear medicine physicians.
- False reading was defined as follows: (1) false-negative reading: insulinoma/ nesidioblastosis missed by readers and (2) false-positive reading was defined as physiological uptake interpreted by readers as insulinoma or nesidioblastosis.
- Figure 1 illustrates the participant selection and outcome flow figure, whereas the main results are summarized in Table 1.
- The physiological 111In-exendin-4 and 68Ga-DOTA-exendin-4 distribution of a patient with a normal whole-body scintigraphy, SPECT/CT, and PET/CT scan is shown in Figure 2.
Peripancreatic Uptake
- Specific radiotracer accumulation in GLP-1R–positive Brunner glands located in the proximal duodenum (pancreaticoduodenal uptake) was the most common pitfall (100% incidence) and was © 2020 Wolters Kluwer Health, Inc. www.nuclearmed.com e387 Copyright © 2020 Wolters Kluwer Health, Inc.
- False reading results are given as number of false reading per total number of readings (3 readers 52 patients = 156 readings) for PET/CT and SPECT/CT in the same patient cohort.
- ‡Small insulinomas(<1 cm) include multiple small insulinomas in 3 of 52 patients with MEN-1. FN indicates false negative.
- Pancreaticoduodenal uptake did mislead the readers in their interpretation especially in 111In-DOTA-exendin-4 SPECT/CT scans resulting in falsenegative reading results (falsely interpreted as physiological uptake in Brunner glands instead of insulinomas): in 0.6% (1/156) false-negative readings with PET/CT and 9.0% (14/156) falsenegative readings with SPECT/CT (Table 1).
Small Lesions
- Eleven patients had a small insulinoma (diameter <1 cm).
- Three of those 11 patients have genetically proven MEN-1 (Fig. 5).
Kidney Overlap
- Three insulinomas were located in the distal pancreatic tail, close to the kidney.
- One patient had a histopathologically proven nesidioblastosis.
- Only 1 PET/CT reader (1/156 [0.6%]) read false-negative, whereas FIGURE 4. 2.5 hours after injection of 68Ga-DOTA-exendin-4 of the same patient shows a clear focal uptake in the peripancreatic fat consistent with an insulinoma (B). www.nuclearmed.com e389 Copyright © 2020 Wolters Kluwer Health, Inc.
Scan With Peripancreatic Uptake
- Accumulation of GLP-1R–specific radiotracers in Brunner glands is responsible for the physiological peripancreatic uptake.9.
- It is the most common pitfall as Brunner glands are always present and accountable for the pancreaticoduodenal uptake, which can cause confusion for the readers: Brunner glands versus insulinoma.
- Brunner glands including Brunner glands hyperplasia have been shown in ex vivo immunohistochemistry staining and autoradiography to express GLP-1R in high density, making them relevant targets for GLP-1R specific radiotracers.
- The lower rate of false readings in PET/CT can be explained by the results of quantitative measures.
- The difference in ratios was clearly less pronounced in SPECT/CT, which had an influence in the reading confidence in pancreaticoduodenal uptakes.
Scan With Missing Focal Pancreatic Uptake
- 13 ectopic insulinomas can be the reason for missing focal uptake in the pancreas as they can occur anywhere in the peripancreatic fat or in the duodenal wall.
- One of those 2 patients received extensive diagnostic workup since 2010, leading to a pancreatic left resection, which did not reveal any suspicious lesion.
- Also, GLP-1R SPECT/CT performed 2 years later did not reveal any suspicious lesion.
- Both 68Ga-DOTA-exendin-4 PET/ TABLE 2. Comparison of Uptake Ratios Between 2.5 Hours PET/CT, 4 Hours SPECT/CT, and 72 Hours SPECT/CT.
Imaging Modality Insulinoma-to-Background Ratio Duodenum-to-Background Ratio Insulinoma-to-Duodenum Ratio
- Often only ASVS is helpful to identify/ localize focal nesidioblastosis, but comes along with the associated risk of an invasive procedure.
- Glucagon-like peptide-1 receptor imaging for the localisation of insulinomas: a prospective multicentre imaging study.
- Exendin-4–based radiopharmaceuticals for glucagonlike peptide-1 receptor PET/CTand SPECT/CT.
Did you find this useful? Give us your feedback
Citations
169 citations
143 citations
116 citations
103 citations
101 citations
References
1,240 citations
782 citations
612 citations
"On the Security of Permutation-Only..." refers background in this paper
...This is primarily due to the constraints imposed by the data structure and the application requirements, such as format compliance [3], real-time performance [4], complexity [5], compression efficiency [6], perceptibility [7] and the security level [8]....
[...]
375 citations
"On the Security of Permutation-Only..." refers background in this paper
...Therefore, due to the limitations above, permutation-only ciphers are nowadays only used in applications where substitution is technically infeasible and/or only a moderate level of protection is required....
[...]
336 citations
Related Papers (5)
Frequently Asked Questions (13)
Q2. How many pairs of input/output binary images does the adversary need?
To deduce the 256 × 2048 permutation mapping, the adversary only requires dlog2 (256× 2048)e = 19 pairs of input/output binary images.
Q3. How many plain-images can be constructed by 2 digit expansions in radix?
For instance, if M = N = L = 2, then 2 plainimages can be constructed by 2 digit expansions in radix 2 for s = 0, 1, 2, 3, that is, s′ = 00, 01, 10, 11.
Q4. How does Kuhn’s work affect the security of permutation-only image ?
increasing the permutation domain makes the correlation analysis, and hence the ciphertext-only attacks, computationally cumbersome.
Q5. What is the definition of a permutation-only image cipher?
The permutation-only image cipher is pseudo-random if it permutes the location of plain-image entries, with an approximate uniform probability, from the set of all possible (#S)!
Q6. What is the case for a dlogL (MN)e attack?
A best case in connection with lower bounds on pairs can be sharply stated as follows:Lemma 1: Given L color intensities and MN locations, for any permutation ρ, which is applied to get the respective cipher-images, there exist n ≥ dlogL (MN)e, such that ρ is uniquely determined by making use of n pairs of plain-images and cipher-images.
Q7. How many plain-images are generated by splitting this matrix into three?
Hence,P2 = 000 001 002 010 011 012 020 021 022 100 101 102 110 111 112 120 121 122 200 201 202 210 211 212 220 . (5) Then, plain-images whose entries are 0, 1 and 2 are generated by splitting this matrix into three.
Q8. How did they show that the plain-image could be partially recovered?
They showed that the pixel data could be reordered according to a space-filling curve, and hence, the plain-image could be partially recovered by exploiting the correlation between subsequent frames.
Q9. How can the authors improve the security level against plaintext attacks?
To offer an acceptable security level against plaintext attacks, the pseudo-random permutations should be updated to a frequency smaller than dlogL (MN)e.
Q10. what is the main advantage of the proposed attack over the chosen-plaintext attacks?
Based on the discussions above, the main advantage of the proposed attack over the chosen-plaintext attacks of [28] and [29] is that it presents a precise method for the construction of the chosen plain-images which ensures the correct retrieval of the permutation mapping.
Q11. How many matrices are recombined using positional bits?
When these matrices are recombined using positional bits, the mapped locations of the original locations s = 0, 1, . . . , 24 will be revealed.
Q12. How did Li and Lo improve the implementation performance of their attack?
Li and Lo [29] improved the implementation performance of Li et al.’s cryptanalysis by reducing its computational complexity to O (n (MN)).
Q13. How many plain-images are required for the chosen-plaintext attack?
This shows that the proposed cryptanalysis is efficiently achievable by means of a limited number of chosen plain-images using a polynomial amount of computation time.