Perceptual hashing algorithms (PHAs) are widely used for identifying illegal online content and are thus integral to various sensitive applications. However, due to their hasty deployment in real-world scenarios, their adversarial security has not been thoroughly evaluated. This paper assesses the security of three widely utilized PHAs - PhotoDNA, PDQ, and NeuralHash - against hash-evasion and hash-inversion attacks. Contrary to existing literature, our findings indicate that these PHAs demonstrate significant robustness against such attacks. We provide an explanation for these differing results, highlighting that the inherent robustness is partially due to the random hash variations characteristic of PHAs. Additionally, we propose a defense method that enhances security by intentionally introducing perturbations into the hashes.

翻译：感知哈希算法（PHAs）被广泛应用于识别非法在线内容，因而是各类敏感应用的重要组成部分。然而，由于其在现实场景中的仓促部署，其对抗安全性尚未得到充分评估。本文评估了三种广泛使用的感知哈希算法——PhotoDNA、PDQ 和 NeuralHash——针对哈希规避与哈希逆推攻击的安全性。与现有文献结论相反，我们的研究结果表明这些算法对此类攻击表现出显著的鲁棒性。我们对此差异结果进行了解释，指出其固有鲁棒性部分源于感知哈希算法固有的随机哈希变异特性。此外，我们提出一种通过在哈希值中刻意引入扰动的防御方法，以增强系统安全性。