Perceptual hashing algorithms (PHAs) are utilized extensively for identifying illegal online content. Given their crucial role in sensitive applications, understanding their security strengths and weaknesses is critical. This paper compares three major PHAs deployed widely in practice: PhotoDNA, PDQ, and NeuralHash, and assesses their robustness against three typical attacks: normal image editing attacks, malicious adversarial attacks, and hash inversion attacks. Contrary to prevailing studies, this paper reveals that these PHAs exhibit resilience to black-box adversarial attacks when realistic constraints regarding the distortion and query budget are applied, attributed to the unique property of random hash variations. Moreover, this paper illustrates that original images can be reconstructed from the hash bits, raising significant privacy concerns. By comprehensively exposing their security vulnerabilities, this paper contributes to the ongoing efforts aimed at enhancing the security of PHAs for effective deployment.

翻译：感知哈希算法（PHAs）被广泛应用于识别非法在线内容。鉴于其在敏感应用中的关键作用，理解其安全优势与弱点至关重要。本文比较了三种在实践中广泛部署的主要PHA：PhotoDNA、PDQ和NeuralHash，并评估了它们对三种典型攻击的鲁棒性：正常图像编辑攻击、恶意对抗攻击和哈希逆推攻击。与主流研究相反，本文揭示，当对失真和查询预算施加现实约束时，由于随机哈希变化的独特属性，这些PHA对黑盒对抗攻击表现出一定的抵抗力。此外，本文阐明，原始图像可以从哈希比特中重建，这引发了重大的隐私担忧。通过全面揭示其安全漏洞，本文为旨在增强PHA安全性以实现有效部署的持续努力做出了贡献。