CN109194666A - A kind of safe kNN querying method based on LBS - Google Patents
A kind of safe kNN querying method based on LBS Download PDFInfo
- Publication number
- CN109194666A CN109194666A CN201811085432.1A CN201811085432A CN109194666A CN 109194666 A CN109194666 A CN 109194666A CN 201811085432 A CN201811085432 A CN 201811085432A CN 109194666 A CN109194666 A CN 109194666A
- Authority
- CN
- China
- Prior art keywords
- server
- encryption
- voronoi
- encrypted
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to data-privacies to protect field; it is proposed a kind of safe kNN querying method based on LBS; process includes: that data owner generates key pair and encrypted indexes structure; and encrypted indexes structure is sent to server C1; public key is sent to server C1, C2 and user, private key is sent to server C2;Inquiry of the user to oneself generates encrypted query using public key encryption and requests, and the inquiry request is sent to server C1;After the inquiry request of index structure and encryption that server C1 is encrypted, secure two party computation is defined;Based on secure two party computation, design safety kNN vlan query protocol VLAN;Query result is returned to user;The privacy of data on effective protection server of the present invention, the privacy of the inquiry request of user, the privacy of the query result of user, the access module in query process; and provide accurate query result; the mobile device low suitable for processing capacity, and substantially increase the speed for completing inquiry.
Description
Technical field
The invention belongs to data-privacies to protect field, and in particular to a kind of safe kNN querying method based on LBS.
Background technique
In recent years, with the fast development of mobile network and smart phone, location based service (LBS) is social, raw
The various aspects such as the service of living, online shopping, which suffer from, to be widely applied.Wherein, kNN is inquired, that is, is inquired apart from user location most
K close Neighbor Points are a basis and representative important inquiry.However, LBS is bringing huge life for us
While convenient, the hidden danger of privacy leakage also is brought to us.From the angle of privacy of user, carrying out based on position
Inquiry when, server respond user request while can collect the actual position of user easily, and be therefrom inferred to as
The privacy informations such as religious belief, home address, daily life track.From the angle of enterprise, many enterprises pass through outside data
Data are contracted out to third-party server by the form of packet, by third-party server come the inquiry request of relative users.In this mistake
Cheng Zhong, company data is to third-party server it is found that and the number of employee's home address of some secret warehouse addresses or typing
It is privacy information according to library, the leakage of these information will cause company's weight huge economic loss.How location-based look into is being provided
While asking service, the safety of protection data and inquiry request is of great practical significance.Currently, based on encryption
Method for secret protection, sensitive information is encrypted, due to server be not used for decrypt key, hardly result in about
Any privacy information of encrypted data can protect previously mentioned privacy leakage situation.But the intermediate result of computations
Still can be with leak data access module, i.e., which data is accessed, tends to by Inference Attack.Meanwhile in this mistake
Cheng Zhong, server needs the method for carrying out calculating to obtain query result, however proposed at present in ciphertext, due to close
The complexity that text calculates, generally requires to expend biggish time cost, so that the safety of query service and Query Cost are more difficult
It is balanced.
Summary of the invention
The present invention in view of the deficiencies of the prior art, and is efficiently modified and is supplemented to homomorphic encryption scheme, in order to solve
Leakage of private information problem in location-based kNN inquiry, the invention proposes a kind of safe kNN issuer based on LBS
Method.
The technical solution adopted by the present invention is that Paillier homomorphic cryptography system is based on, since the encipherment scheme can be only done
The operation of part homomorphism, i.e. additive homomorphism operate, and the present invention uses two server frame, in the frame, data owner (DO)
Possessing the public key pk and private key sk of initial data and Paillier homomorphic cryptography, user User possesses inquiry request and public key pk,
Cloud Server C1 possesses encrypted indexes structure and public key pk, and Cloud Server C2 possesses public key pk and private key sk.Based on the system frame
The half sincere model that frame and two sides calculate safely, the present invention devise encrypted indexes structure --- safe Voronoi diagram SVD with
Security grid computing divides the safe sub-protocol of SG and the operation of optimized integration cryptogram computation, and is set based on the index structure and sub-protocol
Safe kNN vlan query protocol VLAN is counted.By the agreement, we realize the safe kNN inquiry for meeting the demand, specific steps
It is as follows:
Step 1, data owner DO generate key pair (pk, sk) and encrypted indexes structure, and encrypted indexes structure are sent out
Server C1 is given, public key pk is sent to server C1, C2 and user User, private key sk is sent to server C2;
Encrypted indexes structure includes: that safe Voronoi diagram SVD and security grid computing divide SG;
It generates key pair (pk, sk) and uses Paillier encipherment scheme, wherein public key pk is private for the encryption to data
Key sk is for the decryption to data;
Generating encrypted indexes structure, specific step is as follows:
(1) safe Voronoi diagram (SVD) is generated:
1. carrying out Voronoi diagram division: DO possesses data set D={ p1,…,pn, wherein data point pi={ x, y }.Logarithm
Voronoi diagram division is carried out according to collection D.Plane where D is divided into n convex polygon, the referred to as area Voronoi by Voronoi diagram
Domain, each Voronoi area viOne and only one data point pi, referred to as correspond to Voronoi area viSeed node.It divides
The side of two Voronoi areas is the perpendicular bisector of the two Voronoi area seed nodes.For a Voronoi
Region vi, the arest neighbors for falling point q in the area is the seed node p in the regioni.By the property of Voronoi diagram it is found that looking into
Among the seed node for the adjacent Voronoi area that the kNN object for asking point q is present in (k-1) NN being previously calculated.
2. dividing according to the Voronoi, all Voronoi areas in Voronoi diagram are stored in array with random disorderBy region viId of the corresponding call number as it in array.For any one Voronoi area vi, with a binary
GroupIt indicates, wherein (xi,yi) it is region viCorresponding seed node piCoordinate, aij
For region viAdjacent Voronoi area id, (t1) it is the adjacent Voronoi area quantity of the Voronoi area.
3. adding false data: in order to avoid attacker passes through the adjacent Voronoi area of the Voronoi area inquired
Quantity distinguishes the region, we pass through in arrayThe false adjacent Voronoi area id of middle addition keeps adjacent area
Quantity is definite value t1, the false id added herein is arrayPresent in true call number, but it is not corresponding region
Adjacent id and different.These false id during subsequent query can by beta pruning, behind in query process, often
A minimum value is selected in the secondary value from reading, is executed " reading-selection " and is operated k times, k final result can be obtained.Cause
For the id of the point in these id for reading every time comprising minimum value, thus the corresponding point of false id added at random in selection not
It can be selected, be equivalent to by beta pruning.
4. data compression: the plaintext space in order to make full use of Paillier, usual Paillier have 1024 bits
Plaintext space, to the region v of array V storageiThe id of corresponding coordinate and adjacent area is compressed using following formula:
Wherein λ is the number of the data of compression, and σ is the bit bit length of data compression, in order to which aspect is right in subsequent protocol
The id addition random number disturbance of compression, σ are greater than the bit bit length of data itself.By the calculating, we can be by multiple several tables
It is shown as a number, primary encryption is carried out, takes full advantage of the plaintext space of Paillier, reduce encryption number.
5. to arrayIt is encrypted using pk, obtains SVD.It obtains encryption Voronoi and divides SVD, each storage should
The corresponding encryption binary group of Voronoi area
(2) it generates security grid computing and divides (SG):
1. carrying out grid dividing on the basis of above-mentioned Voronoi is divided, Voronoi is divided into m net by grid dividing
The side length of lattice, each grid is indicated with vector w.The grid dividing can store as matrixThe call number of matrix row and column point
The coordinate of the grid on two dimensions is not corresponded to.Its id of Voronoi area for being covered of each coarse gridding, i.e., and
The id for the Voronoi area that it intersects, is expressed asWherein oijFor region giThe Voronoi of intersection
The id in region, (t2) it is the quantity that Voronoi area is intersected in the region.
2. adding false data: the quantity of the Voronoi area intersected by the grid that inquires in order to avoid attacker come
Distinguish the grid, we pass through in matrixThe false adjacent Voronoi area id of middle addition keeps the id of each coarse gridding
Quantity be definite value t2, the false id added herein is arrayPresent in true call number, but it is not and the net
The id of lattice intersecting area and different.These false id during subsequent query can by beta pruning, behind query process
In, a minimum value is selected from the value of reading every time, " reading-selection " is executed and operates k times, k final knot can be obtained
Fruit.Because the id of the point in these id read every time comprising minimum value, the corresponding point of the false id added at random are selecting
Shi Buhui is selected, and is equivalent to by beta pruning.
3. data compression: the plaintext space in order to make full use of Paillier equally makes the content of each coarse gridding
It is compressed with formula (1).By the calculating, multiple numbers can be expressed as a number by we, carry out primary encryption, sufficiently
The plaintext space of Paillier is utilized, reduces encryption number.
4. being encrypted with public key pk, SG is obtained to matrixIt is encrypted with vector w using pk, obtains SG and Epk(w)。
It obtains shown in refined net SG such as Fig. 2 (d), each refined net content representation is
Safety analysis: server C1 possesses the data structure of encryption but does not have private key sk, and data cannot be decrypted,
Server C2 possesses private key sk but no data, and other than the size of data set, cannot access any has by server C1 and C2
The effective information for closing data, protects data-privacy.
Step 2, user User use public key pk encryption to generate encrypted query and request E to oneself inquiry QpkIt (Q), and will
The inquiry request is sent to server C1, wherein vector Q=(x, y) is the coordinate to be inquired of user, and encryption, which obtains inquiry, asks
Seek Epk(Q)={ Epk(x),Epk(y)};
Safety analysis: in this process, the encrypted query of the available user of server C1 requests Q, but C1 does not have
Private key sk cannot decrypt inquiry Q, cannot inquire content;Server C2 possesses private key sk but without inquiry Q, therefore protects
The inquiry privacy of user is protected.
The inquiry request E of step 3, index structure SVD, SG that server C1 is encrypted and encryptionpk(Q) it after, needs to lead to
Secure two party computation is crossed, safe kNN inquiry is carried out while protecting above-mentioned privacy requirements.Safe kNN is carried out in ciphertext to look into
It when inquiry, needs to calculate the Euclidean distance of point-to-point transmission and compares size, it is therefore desirable to some basic calculation operations in ciphertext
It supports, such as the multiplication operation in ciphertext, divide operations.Since Paillier encipherment scheme only supports the additive homomorphism of two ciphertexts
The multiplicative homomorphic of operation and ciphertext isolog operates, and the multiplication between two ciphertexts, division, the basis such as minimize are grasped
Work cannot be handled directly.Currently, existing foundation for security sub-protocol includes secure multiplication agreement (Secure
Multiplication writes a Chinese character in simplified form SM) and European squared-distance calculating agreement (the Secure Squared Euclidean of safety
Distance writes a Chinese character in simplified form SSED), in the safe kNN vlan query protocol VLAN that the present invention designs, directly these sub-protocols will be adjusted
With.For no or existing defects safe sub-protocol, the present invention devises a series of safety association calculated based on two sides
View, including safe division agreement (Secure Division, write a Chinese character in simplified form SD), safe minimum agreement (Secure Minimum, letter
Write SMIN), security grid computing calculates (Secure Grid Computation, write a Chinese character in simplified form SGC) and safe Voronoi area calculates association
It discusses (Secure Voronoi Cell Computaition, write a Chinese character in simplified form SVCC).Specific protocol contents are as follows:
The safe division agreement SD: two given at the end server C1The integer a, b, C1 and C2 encrypted in range is logical
Two sides calculating is crossed to the truncated division of two encryption datas encrypt, in the quotient that the end server C1 is encrypted.The agreement
When execution, the data of encryption and quotient are only possessed by server C1, and server C2 only possesses key sk.
Shown in the principle of the agreement such as formula (5), for arbitrary
(ar1+br1r2+r3)/(br1)=a/b+r2 (2)
WhereinAnd r3<r1, K is that the bit of Paillier encipherment scheme key is big
It is small, ldataFor data a, the bit length of b.
Specific step is as follows by safe division agreement SD:
1. server C1 generates random number: server C1 possesses the data E of encryptionpk(a),Epk(b), server C2 possesses
Private key sk.Server C1 first, which is generated, to be metAnd r3<r1Random number r1,r2,r3。
2. random number public key pk is encrypted, and server C2: server C1 is sent to using the random number and public affairs generated
Key pk calculates Epk(ar1+br1r2+ r3) and Epk(br1), and send them to server C2.Specific calculation formula is as follows:
3. server C2 is decrypted with private key sk: server C2 receives the E of C1 transmissionpk(ar1+br1r2+ r3) and Epk(br1)
Afterwards, they are decrypted respectively using private key sk, obtain λ 'aWith λ 'b.The formula of decryption is as follows:
λ′a=Dsk(Epk(ar1+br1r2+r3))=ar1+br1r2+r3 (5)
λ′b=Dsk(Epk(br1))=br1 (6)
Result λ ' after 4. server C2 will be decryptedaWith λ 'b, the two are counted and carries out division calculation, the quotient being calculated is made
C1 is sent to after being encrypted with public key: server C2 calculates λ 'a/λ′b(mod n) and it is encrypted, mod indicates modulus
Operation, obtains Epk(λ′a/λ′b), it is sent to server C1.
5. the encrypted result of safe division agreement is calculated in server C1: server C1 receives Epk(λ′a/λ′b) after, make
The E of encryption is calculated with formula (7)pk(a/b)。
Epk(a/b)=Epk(λ′a/λ′b)*Epk(r2)N-1 (7)
Wherein Epk(r2)N-1=Epk(-r2), by ciphertext operation can encrypt by r2It subtracts, N is paillier public affairs
Two Big prime products in key pk.
Safety analysis: in this process, the data of the available encryption of server C1 and the result of division of encryption, but
C1 does not have private key sk, cannot decrypt, cannot get data and resultant content;Server C2 possesses private key sk but no data, therefore
Protect data-privacy and result privacy.It is random number that C1, which is sent to the data of C2, during being somebody's turn to do simultaneously, and C2 is sent to C1's
Data are Paillier probability encryption data, and data access patterns privacy is protected.
Safe minimum agreement SMIN: t are given at the end server C1The integer encrypted in range and encryption
Value range c, C1 and C2 cryptographically calculate the minimum in the t Keyed integer greater than value range c by secure two party computation
Value generates one according to the minimum value and this t Keyed integer is corresponded using t as the ciphering sequence of length, and minimum value is corresponding
The 1 of encryption, remaining is the 0 of encryption, obtains the ciphering sequence at the end server C1.When the agreement executes, data of encryption and most
Small value sequence is only possessed by server C1, and server C2 only possesses key sk.
The principle of the agreement are as follows: give t integerTo each xiIt calculates:
x′i=xi*rmax+ri (8)
Wherein, ri<2K-l-1, each riIt is different from, rmaxFor riIn maximum value.Work as riWhen sufficiently large, pass through formula
(8), available t unequal random integersAnd x 'iAnd xiKeep identical partial ordering relation.
Specific step is as follows by safe minimum agreement SMIN:
1. server C1 generates random number: server C1 possesses the data E of encryptionpk(x1),…,Epk(xt) and encryption model
Enclose value Epk(c), server C2 possesses private key sk.Server C1 first generates t+1 random number { r1,…,rt+1, meetThe maximum value in this t+1 random number is selected later and is denoted as rmax, remaining random number is successively denoted as again
{r1,…,rt}。
2. server C1 calculates each encryption data, obtains each Keyed integer and encrypt the poor E of value rangepk
(xi-c).Specific formula for calculation is as follows:
Epk(xi- c)=Epk(xi)*Epk(c)N-1 (9)
3. server C1 adds random number: difference E of the server C1 to each encryption to the difference of each encryptionpk(xi-c)
It is calculated according to formula (8), obtains the disturbed value E for the encryption that it is added after random numberpk(θi).Specific formula for calculation is as follows:
4. server C1 is sent to server C2 after this t value is upset sequence.Calculation formula is as follows:
Epk(θ ')=π (Epk(θ)) (11)
5. server C2 is decrypted: server C2 receives Epk(θ′i) after, these values are decrypted, θ ' is obtainedi。
6. server C2 calculates θ 'iIn minimum value, and mark the minimum value in sequence θ ' corresponding i be min.
7. the sequence Δ of one t long of server C2 generation ', Δmin' it is 1, residual value 0.By sequence Δ ' middle all elements
Encryption, obtains Epk(Δ ') is sent to server C1.
8. server C1 obtains safe minimum agreement encrypted result with inverse function: server C1 obtains sequence Epk(Δ′)
Afterwards, using the inverse function of formula (11), i.e. formula (12), obtain sequence and encryption data Epk(x1),…,Epk(xt) corresponding
Encryption minimum value mapping 01 sequence Epk(Δ).Specific formula for calculation is as follows:
Epk(Δ)=π-1(Epk(Δ′)) (12)
Safety analysis: in this process, the data of the available encryption of server C1 and the result of division of encryption, but
C1 does not have private key sk, cannot decrypt, cannot get data and resultant content;Server C2 passes through the available process of decryption oprerations
Difference after disturbance is NP-hard problem due to solving the equation group containing (t+1) a variable and t equation, and C2 is very
Find it difficult to learn the x for practising and comparing to needsiWith the value of c, data-privacy is protected;Simultaneously because the sequence that C1 is sent to C2 is out-of-order, and
Ranking functions C2 does not know, therefore even if C2 has calculated corresponding minimum value, can not be corresponded to true sequence,
Protect access module privacy.
Security grid computing calculates agreement SGC: giving the side length of the grid SG of encryption, the grid cell of encryption at the end server C1
Epk(w) and encryption inquiry request Epk(Q), C2 possesses private key sk, C1 and C2 and is somebody's turn to do by the calculating that secure two party computation encrypts
It inquires the grid cell at place and takes out the content of grid cell storage.In the calculating process, the grid cell of encryption
Coordinate and the encrypted content of grid cell storage only obtain at the end server C1, and C2 cannot be about any effective of these contents
Information.
Security grid computing calculates agreement SGC, and specific step is as follows:
1. server C1 calculate inquiry Q where grid encryption coordinate: server C1 possess encryption grid SG, encryption
The side length E of grid cellpk(w) and encryption inquiry request Epk(Q), server C2 possesses private key sk.Server C1 first exists
In each dimension, i.e., in x-axis and y-axis, the coordinate of encrypted query is calculated divided by the dimension using safe division SD agreement respectively
The side length of grid cell on degree calculates the encryption coordinate E of grid g where inquiring Q in the dimensionpk(xi).Since the present invention is suitable
For the inquiry based on location-based service, therefore mentioned herein vector is bivector.Specific formula for calculation is as follows:
Epk(xi)=SD (Epk(Qi),Epk(wi)) (13)
2. server C1 calculates separately grid g in each dimension on two dimensionsiCoordinate and query point where
The difference of the encryption of the coordinate of grid g, and obtain the one-dimensional vector E of two encryptionspk(α),Epk(β).Assuming that in each dimension
There is niA grid cell, then the corresponding coordinate of these grid cells is respectively 0 to ni-1.Specific formula for calculation is as follows:
Epk(αi)=Epk(x1-i),Epk(βi)=Epk(x2-i) (14)
3. the one-dimensional vector that server C1 encrypts two is respectively multiplied by random number, result after being disturbed: server
C1 is by Epk(αi) and Epk(βi) encrypt respectively be multiplied by a random number r, the E disturbedpk(αi) and Epk(βi), it is expressed as
Epk(α′i) and Epk(β′i), wherein in addition to the corresponding coordinate of grid where inquiry is Epk(0), remaining is random number.It is worth note
Meaning, the random number that every number multiplies are different from, and for convenience, we are indicated with r, association described below
View is also in compliance with the expression.Specific formula is as follows:
Epk(α′i)=Epk(αi)r,Epk(β′i)=Epk(βi)r (15)
4. server C1 uses formula (11) by Epk(α ') and EpkServer C2 is sent to after (β ') is out-of-order.
5. server C2 is decrypted and handles: server C2 receives Epk(α′i) and Epk(β′i) afterwards using private key sk to it
It is decrypted, and generates corresponding μiAnd χi.Wherein, if α 'i=0, then μiIt is 1;If β 'i=0, then χiIt is 1, remaining is all
It is 0.
6. server C2 encrypts result after decryption and processing using public key pk, and is sent to server C1: service
Device C2 uses public key pk by μiAnd χiIt is encrypted, obtains Epk(μi) and Epk(χi), and it is sent to server C1.
7. server C1 receives Epk(μ) and EpkAfter (χ), using formula (12) by vector recovery sequence.
8. server C1 calculates the dot product of vector using the property of the additive homomorphism of secure multiplication agreement SM and Paillier
μ SG χ, is equal to, to each grid gijComputations Epk(gij*μi*χj), all calculated result is encrypted later
Addition, so that it may obtain the value of the encryption of the grid cell g where the inquiry.Since Paillier is probability encryption,
The E being calculated by thispk(g) it can not be corresponded to the ciphertext in grid.Specific formula is as follows:
Wherein, the quantity m=n of the grid of division1*n2, n1The quantity of grid, n in x-axis2It is the quantity of grid in y-axis.
Safety analysis: in this process, the data of the available encryption of server C1 and encryption as a result, but C1 do not have
There is private key sk, cannot decrypt, cannot get data and resultant content;Server C2 is by the sequence that decryption oprerations are calculated
Random ordering, and ranking functions C2 is invisible to C2, therefore even if C2 cannot be corresponded to true sequence, where cannot obtaining
The coordinate of grid;Simultaneously as Paillier is probability encryption, the E that C1 cannot will be calculatedpk(g) and grid in ciphertext
It is corresponded to, protects access module privacy.
Safe Voronoi area calculates agreement SVCC: the Voronoi data structure SVD of encryption is given at the end server C1,
The Voronoi area id E of encryptionpk(a1|…|aλ) and λ, wherein λ is the quantity of the id of compression;C2 possesses private key sk.C1 and
The corresponding Voronoi area of the calculating inquiry that C2 is encrypted by secure two party computation and the seed node for taking out region encryption
Value and it adjacent area encryption id.In the calculating process, the value in the Voronoi area id of encryption and the region is only
It is obtained at the end server C1, C2 cannot be about any effective information of these contents.
Safe Voronoi area calculates agreement SVCC, and specific step is as follows:
1. server C1 generates random number, compressed and encrypted to random number: server C1 possesses the Voronoi of encryption
Region SVD, the Voronoi area id E of encryptionpk(a1|…|aλ) and compression id quantity λ, server C2 possesses private key sk.
Server C1 first generates λ random number r, and compresses these random numbers using formula (4) and passed through Epk() encryption,
Obtain Epk(r1|…|rλ)。
2. server C1 is by the compression random number E of encryptionpk(r1|…|rλ) and encryption Voronoi area id Epk(a1
|…|aλ), it is added to obtain E using Paillier additive homomorphism propertypk(a′1|…|a′λ), it is equivalent to aiAnd riAfter addition again
Compression encryption.Specific formula for calculation is as follows:
Epk(a′1|…|a′λ)=Epk(r1+a1|…|rλ+aλ)=Epk(r1|…|rλ)*Epk(a1|…|aλ) (17)
3. server C1 is by Epk(a′1|…|a′λ) it is sent to server C2.
4. server C2 receives Epk(a′1|…|a′λ) be decrypted afterwards using private key sk, it is carried out later according to formula (4)
Decompression, obtains λ numerical value a '1,…,a′λ。
5. two-dimensional array is obtained by calculation in server C2: server C2 calculates each ci=a 'iThe value of mod n, it is corresponding every
A ciGenerate the sequence α of a n longi, whereinIt is 1, remaining is all 0, wherein n is the quantity of Voronoi area.The end C2
Symbiosis obtains the two-dimensional array α of a λ * n size at λ sequence.
6. server C2 is using public key pk to αijIt is encrypted to obtain Epk(αij), by the two-dimensional array E of encryptionpk(α) is sent
Give server C1.
7. server C1 receives EpkAfter (α), the sequence β of a n long is generated, stores real call number from 0 to n-1's
The corresponding selective value of Voronoi area encrypts Voronoi area id E by calculatingpk(a1|…|aλ) include id in Epk
E is corresponded in (β)pk(1), remaining corresponds to Epk(0).Specific formula for calculation is as follows:
8. server C1 uses formula (11) by EpkServer C2 is sent to after (β) is out-of-order;
9. server C2 receives EpkAfter (β), decryption obtains β.The call number of β sequence is divided into λ grouping G, each grouping
GiThe corresponding β of one and only one elementi=1.
10. server C2 is by each grouping GiIn element upset, all grouping G are sent to server C1.
After server C1 receives grouping G, corresponding sequence will be reverted to out-of-order call number in G using formula (12)
Call number, and by Epk(β) recovery sequence.
Server C1 is grouped G to eachiCalculate separately the secret value E of its corresponding Voronoi area seed nodepk
(vi) and the Voronoi area adjacent area encryption id Epk(ai).Specific formula for calculation is as follows:
Wherein, c is grouping GiThe number of middle element.
The additive homomorphism operation uses Paillier addition encipherment scheme:
For in plain textTo ciphertext Epk(m1) and Epk(m2) it is groupInterior multiplication operation is equal to m1
And m2It does add operation to re-encrypt, wherein Epk() indicates cryptographic operation, Dsk() indicates decryption oprerations, and formula is as follows:
Dsk(Epk(m1)Epk(m2)mod N2)=m1+m2mod N (21)
The multiplicative homomorphic operation uses Paillier multiplication encipherment scheme:
For in plain textTo ciphertext Epk(m1) and m2It is groupInterior power operation is equal to m1And m2
It does multiplication operation to re-encrypt, formula is as follows:
Wherein, N is two Big prime products in paillier public key pk.
Safety analysis: in this process, the data of the available encryption of server C1 and encryption as a result, but C1 do not have
There is private key sk, cannot decrypt, cannot get data and resultant content;Server C2 is by the sequence that decryption oprerations are calculated
Random ordering, and ranking functions C2 is invisible to C2, therefore even if C2 cannot be corresponded to true sequence, cannot obtain required
The corresponding call number of Voronoi area;Simultaneously as Paillier is probability encryption, the E that C1 cannot will be calculatedpk
(vi) and Epk(ai) corresponded to the ciphertext in SVD, protect access module privacy.
Step 4 is based on above-mentioned safe sub-protocol, and the present invention devises safe kNN vlan query protocol VLAN SkNN, to complete ciphertext
Safe kNN inquiry.Inquiry request E of the agreement in the input encryption of the end server C1pk(Q) and encryption Security Index structure
SVD, SG and Epk(w), by the secure two party computation of C1 and C2, distance E is searched on index structurepk(Q) nearest k
Pass point, the point of this k encryption are kNN as a result, obtaining at the end C1.The main thought of agreement progress kNN inquiry are as follows:
C1 and C2 calculates agreement SGC by security grid computing first and calculates inquiry request Epk(Q) grid where, to obtain the grid
The call number of the encryption of the Voronoi area of covering;According to the call number, these region seed nodes are calculated from SVD
Value and adjacent area id;Agreement SSED, which is calculated, using safe European squared-distance calculates query point Epk(Q) these seeds are arrived
The European squared-distance of node uses safe minimum agreement SMIN calculated minimum later;The minimum value being calculated is added
Enter in kNN result, is NN object;It reads the value of these adjacent areas and calculates 2NN;From the adjacent of NN object and 2NN object
3NN is calculated in region;And so on, until obtaining the result of kNN.
Specific step is as follows by safe kNN vlan query protocol VLAN SkNN:
1. server C1 initializes three arrays: server C1 possesses the inquiry request E of encryptionpk(Q) and encryption safety
Index structure SVD, SG and Epk(w), server C2 possesses private key sk.Firstly, server C1 initializes three arrays Respectively indicate the seed node collection, subsequent Voronoi area id collection and candidate distance of candidate Voronoi area
Collection.The value of the encryption seed node currently read is stored, it is subsequent for convenience to read current minimum value as a result, and adding
Enter result set Epk(R) in;The encryption id of the adjacent area of (k-1) a Voronoi area before storage, for calculating kNN;Storage currently needs the European squared-distance of the encryption of comparison other.C1 initializes current minimum range E simultaneouslypk(dtemp) value
For current minimum range Epk(0)。
2. server C1 and C2 calculate agreement SGC using security grid computing and calculate inquiry request Epk(Q) grid where, thus
Obtain the call number E of the encryption of the Voronoi area of grid coveringpk(a)。
3. server C1 and C2 calculate agreement SVCC using safe Voronoi area and calculate Epk(a) corresponding seed node
Value Epk(vi) and adjacent area id Epk(ai), these values are respectively added toWithIn.
4. server C1 and C2 calculates agreement SSED using safe European squared-distance and calculates encrypted query E one by onepk(Q) with
3. seed node E that step is calculatedpk(vi) European squared-distance Epk(di), these values are added to later
In.
5. server C1 and C2 calculate Candidate Set using safe minimum agreement SMINIn be greater than current minimum range
Epk(dtemp) minimum value, obtain 01 sequence of encryption of minimum value
6. willWithRegard one-dimensional vector, server C1 computations dot product as WithWhereinencIndicate that encryption dot product calculates to get to step 5. minimized correspondence
Encryption seed node value Epk(v), the id E of adjacent Voronoi area is encryptedpk(a) and encryption European squared-distance
Epk(dtemp), i.e., E is updated by this steppk(a) and Epk(dtemp) value.
Assuming that calculating the encryption dot product of the encryption vector A and B of two λ long, then dot product A is encryptedencBTSpecific calculating it is public
Formula is as follows:
7. server C1 adds Epk(v) result set E is arrivedpk(R) in.
8. server C1 empties Candidate SetWith
It is 2. arrived 7. 9. server C1 and C2 repeat step, until obtaining k arest neighbors as a result, i.e. result set E at the end C1pk
(R) size is k.
Safety analysis:
In safe k query process, the intermediate result that the end server C1 obtains is probability encryption decryption, and C1 is according in this
Between result be inferred to any other information.Meanwhile according to security protocol combinatorial theorem it is found that if forming the son association of the agreement
View is safe, and the intermediate result generated is random number or probability encryption data, then the agreement is safe.
Step 5, return query result give user User: the server C1 query result E for possessing encryptionpk(R), server C2
Possess key sk, to k query result, server C1 generates two random numbers respectively, and the two random numbers are compressed
Encryption disturbs result using encrypted random number is compressed.Cryptogram computation is obtained as a result, server C1 is by ciphertext meter
It calculates result and is sent to server C2, k is sent to user User to random number;Server C2 decrypts result after disturbance, obtains
As a result, and obtaining coordinate value after the disturbance of k group after decryption;Coordinate value is sent to user User after C2 disturbs k group;User User
Receive k group random number from server C1, from server C2 receive the disturbance of k group after coordinate value, user User is by each disturbance recoil
Scale value subtracts the random number of disturbance accordingly, and final query result can be obtained.Herein, the calculating of user terminal is not related to
Encrypting and decrypting and cryptogram computation operation, not will cause heavy time cost.
Returning to query result, specific step is as follows:
1. server C1 generates k to random number, encrypt and compress: server C1 possesses the query result E of encryptionpk(R), it takes
Business device C2 possesses key sk.Server C1 first generates k to random number (ri1,ri2), and they are gone back using formula (4)
Paillier encipherment scheme is compressed and is encrypted, and E is obtainedpk(ri1|ri2)。
2. server C1 is to each query result Epk(Ri) use Epk(ri1|ri2) disturbed, result E after being disturbedpk
(Ri'), specific formula for calculation is as follows:
Epk(R′i)=Epk(Ri+ri1|ri2)=Epk(Ri)*Epk(ri1|ri2) (24)
Result E after 3. server C1 will be disturbedpk(R′i) it is sent to server C2, by k to random number (ri1,ri2) be sent to
User User.
4. server C2 receives Epk(R′i) after, by Epk(R′i) decryption obtain R 'i;According to formula (4) by R 'iDecompression obtains
Coordinate value (the x ' of result points disturbanceiyi′)。
5. coordinate value (the x ' that server C2 disturbs k groupi,yi') it is sent to user User.
6. user User receives k group random number (r from server C1i1,ri2), k group coordinate value (x ' is received from server C2i,
yi′).Final query result can be obtained in the random number that each coordinate is subtracted to disturbance accordingly.Specific formula for calculation is such as
Under:
xi=x 'i-ri1,yi=y 'i-ri2 (25)
Safety analysis: server C1 possesses the query result of encryption, but cannot decrypt without private key sk;Server C2 solution
It is close disturbed as a result, random number due to not knowing addition, and solve the equation group containing 2k variable, k equation
It is HP-hard problem, result privacy cannot be protected by the value that result is calculated in effective time.
Advantageous effects:
(1) it protects the privacy of data on server: in query process, preventing revealing to the attacker of malice for data,
Prevent the data in addition to query result from revealing to user.It is, the data of storage on the server, in addition to that can be user
There is provided outside the query result needed for it, cannot by including server anyone obtain.
(2) protect the privacy of the inquiry request of user: in query process, protecting the inquiry request of user, (i.e. user is looked into
The position of inquiry) it is not revealed to attacker and server.Using agreement designed by this paper, user can not be known in server
Inquiry request what is in the case where, carry out safe kNN and inquire and obtain precise results.
(3) protect the privacy of the query result of user: after the completion of inquiry, the query result of user can only be obtained by user
It arrives, server and other malicious attackers cannot all learn that the query result of user is.
(4) access module in query process is protected: the data access patterns in effectively hiding query process, i.e., to service
Device hides the information being accessed about which data, hides generated all intermediate result in inquiry calculating process, in this way
It is possible to prevente effectively from server carries out the inquiry request of data and user on server by historical record and background knowledge
Inference Attack.
(5) it accurate query result: in the case where protecting privacy as above, can still be obtained using the agreement designed herein
To accurate and correct query result.This is only capable of obtaining that approximation is different with the inquiry of most of secret protections, safety
Improve the accuracy there is no victim queries result.
(6) mobile device low present invention may apply to processing capacity: in the method that the present invention designs, client is not
The process for participating in cryptogram computation, in entire query process, the inquiry that it only needs to complete to oneself carries out encryption and ties from disturbance
Random number two operations are subtracted in fruit.The completion of the two operations is not required for client to the processing capacity of data, also
It is that this method can be adapted for the client of reduction process ability, can be used in the mobile device of low side.
(7) the completion inquiry of effective time: the protocol time complexity for being mostly based on encryption is all larger, is difficult when effective
It is interior to obtain query result.The present invention is based on the completion of the index structure of encryption, the time complexity of power operation is O (n+m),
I.e. for 1,000 datas, on the computer for being configured to [email protected], 8GB RAM, user can be in 30min
Complete the inquiry of k=3, hence it is evident that better than the analogous algorithms for guaranteeing same safety, analogous algorithms generally require 3 hours or so it is complete
At inquiry.
Detailed description of the invention
Fig. 1 is the safe kNN querying method block diagram based on LBS of the embodiment of the present invention;
Fig. 2 (a) is the safe Voronoi diagram of the embodiment of the present invention;
Fig. 2 (b) is that the safe SVD of the embodiment of the present invention schemes;
Fig. 2 (c) is that the security grid computing of the embodiment of the present invention divides figure;
Fig. 2 (d) is that the safe SG of the embodiment of the present invention schemes;
Fig. 3 is the safe kNN querying method flow chart based on LBS of the embodiment of the present invention;
Fig. 4 is the safe Voronoi diagram SVD flow chart of generation of the embodiment of the present invention;
Fig. 5 is that the generation security grid computing of the embodiment of the present invention divides SG flow chart;
Fig. 6 is the safe division agreement SD flow chart of the embodiment of the present invention;
Fig. 7 is the safe minimum agreement SMIN flow chart of the embodiment of the present invention;
Fig. 8 is that the security grid computing of the embodiment of the present invention calculates agreement SGC flow chart;
Fig. 9 is that the safe Voronoi area of the embodiment of the present invention calculates agreement SVCC flow chart;
Figure 10 is the safe kNN vlan query protocol VLAN SkNN flow chart of the embodiment of the present invention;
Figure 11 is the return query result flow chart of the embodiment of the present invention.
Specific embodiment
Invention is described further with specific implementation example with reference to the accompanying drawing, as shown in Figures 1 and 3, detailed process
Include:
Step 1, data owner DO generate key pair (pk, sk) and encrypted indexes structure, wherein the Paillier of generation
Key length be 1024, and encrypted indexes structure is sent to server C1, public key pk is sent to server C1, C2
With user User, private key sk is sent to server C2.It is registered data set using Gowalla, and therefrom randomly selects 1000
Point is tested, and using point of interest POI as data point, and data standard is turned to 16 big integers, each integer is possessed with data
Person DO regard treated data point as seed node, using Fortune's algorithm building Voronoi diagram, net later
Lattice divide, and generate encrypted indexes structure SVD and SG;
Encrypted indexes structure includes: that safe Voronoi diagram SVD and security grid computing divide SG;
It generates key pair (pk, sk) and uses Paillier encipherment scheme, wherein public key pk is private for the encryption to data
Key sk is for the decryption to data;
Generating encrypted indexes structure, specific step is as follows:
(1) safe Voronoi diagram SVD is generated, as shown in Figure 4:
1. carrying out Voronoi diagram division: DO possesses data set D={ p1,…,pn, wherein data point pi={ x, y }, n=
1000.Voronoi diagram division is carried out to data set D, shown in division result such as Fig. 2 (a).Voronoi diagram is by the plane where D
It is divided into n convex polygon, referred to as Voronoi area, each Voronoi area viOne and only one data point pi, referred to as
Corresponding Voronoi area viSeed node.The side for dividing two Voronoi areas is the two Voronoi area seeds
The perpendicular bisector of node.For a Voronoi area vi, the arest neighbors for falling point q in the area is the kind in the region
Child node pi.By the property of Voronoi diagram it is found that the kNN object of query point q is present in the adjacent of (k-1) NN being previously calculated
Among the seed node in the region Voronoi.
2. dividing according to the Voronoi, all Voronoi areas in Voronoi diagram are stored in array with random disorder
V, by region viId of the corresponding call number as it in array.For any one Voronoi area vi, with a binary groupIt indicates, wherein (xi,yi) it is region viCorresponding seed node piCoordinate, aijFor this
Region viAdjacent Voronoi area id, (t1) it is the adjacent Voronoi area quantity of the Voronoi area.
3. adding false data: in order to avoid attacker passes through the adjacent Voronoi area of the Voronoi area inquired
Quantity distinguishes the region, we pass through in arrayThe false adjacent Voronoi area id of middle addition keeps adjacent area
Quantity is definite value t1, the false id added herein is arrayPresent in true call number, but it is not corresponding region
Adjacent id and different.These false id can be by beta pruning during subsequent query.
4. data compression: the plaintext space in order to make full use of Paillier, usual Paillier have 1024 bits
Plaintext space, to arrayThe region v of storageiThe id of corresponding coordinate and adjacent area is compressed using following formula:
Wherein λ is the number of the data of compression, and σ is the bit bit length of data compression, in order to which aspect is right in subsequent protocol
The id addition random number disturbance of compression, σ are greater than the bit bit length of data itself, and test uses 78.Pass through the calculating, Wo Menke
Multiple numbers are expressed as a number, primary encryption is carried out, the plaintext space of Paillier is taken full advantage of, reduces encryption
Number.
5. to arrayIt is encrypted using pk, obtains SVD.Encryption Voronoi is obtained to divide shown in SVD such as Fig. 2 (b),
Fig. 2 (a) is the figure of intuitivism apprehension, and Fig. 2 (b) is the data structure stored when realizing.
Each stores the corresponding encryption binary group of the Voronoi area
T when test1=13.
(2) it generates security grid computing and divides SG, as shown in Figure 5:
1. grid dividing is carried out on the basis of above-mentioned Voronoi is divided, shown in division result such as Fig. 2 (c).Grid dividing
Voronoi is divided into m grid, the side length of each grid is indicated with vector w, m=16*16 when test.The grid dividing
It can store as matrixThe call number of matrix row and column respectively corresponds the coordinate of the grid on two dimensions.Each grid
The id for the Voronoi area that it is covered is stored, i.e., the id of the Voronoi area intersected with it is expressed asWherein oijFor region giThe id of the Voronoi area of intersection, (t2) it is that Voronoi is intersected in the region
The quantity in region.
2. adding false data: the quantity of the Voronoi area intersected by the grid that inquires in order to avoid attacker come
Distinguish the grid, we pass through in matrixThe false adjacent Voronoi area id of middle addition keeps the id of each coarse gridding
Quantity be definite value t2, the false id added herein is arrayPresent in true call number, but it is not and the net
The id of lattice intersecting area and different.These false id can be by beta pruning during subsequent query.
3. data compression: the plaintext space in order to make full use of Paillier equally makes the content of each coarse gridding
It is compressed with formula (1).By the calculating, multiple numbers can be expressed as a number by we, carry out primary encryption, sufficiently
The plaintext space of Paillier is utilized, reduces encryption number.
4. being encrypted with public key pk, SG is obtained to matrixIt is encrypted with vector w using pk, obtains SG and Epk
(w).It obtains shown in refined net SG such as Fig. 2 (d), Fig. 2 (c) is the figure of intuitivism apprehension, and Fig. 2 (d) is the number stored when realizing
According to structure.Each refined net content representation isT when test2=38.
Safety analysis: server C1 possesses the data structure of encryption but does not have private key sk, and data cannot be decrypted,
Server C2 possesses private key sk but no data, and other than the size of data set, cannot access any has by server C1 and C2
The effective information for closing data, protects data-privacy.
Step 2, user User use public key pk encryption to generate encrypted query and request E to oneself inquiry QpkIt (Q), and will
The inquiry request is sent to server C1, wherein vector Q=(x, y) is the coordinate to be inquired of user, and encryption, which obtains inquiry, asks
Seek Epk(Q)={ Epk(x),Epk(y)};
Safety analysis: in this process, the encrypted query of the available user of server C1 requests Q, but C1 does not have
Private key sk cannot decrypt inquiry Q, cannot inquire content;Server C2 possesses private key sk but without inquiry Q, therefore protects
The inquiry privacy of user is protected.
The inquiry request E of step 3, index structure SVD, SG that server C1 is encrypted and encryptionpk(Q) it after, needs to lead to
Secure two party computation is crossed, safe kNN inquiry is carried out while protecting above-mentioned privacy requirements.Safe kNN is carried out in ciphertext to look into
It when inquiry, needs to calculate the Euclidean distance of point-to-point transmission and compares size, it is therefore desirable to some basic calculation operations in ciphertext
It supports, such as the multiplication operation in ciphertext, divide operations.Since Paillier encipherment scheme only supports the additive homomorphism of two ciphertexts
The multiplicative homomorphic of operation and ciphertext isolog operates, and the multiplication between two ciphertexts, division, the basis such as minimize are grasped
Work cannot be handled directly.Currently, existing foundation for security sub-protocol includes secure multiplication agreement (Secure
Multiplication writes a Chinese character in simplified form SM) and European squared-distance calculating agreement (the Secure Squared Euclidean of safety
Distance writes a Chinese character in simplified form SSED), in the safe kNN vlan query protocol VLAN that the present invention designs, directly these sub-protocols will be adjusted
With.For no or existing defects safe sub-protocol, the present invention devises a series of safety association calculated based on two sides
View, including safe division agreement (Secure Division, write a Chinese character in simplified form SD), safe minimum agreement (Secure Minimum, letter
Write SMIN), security grid computing calculates (Secure Grid Computation, write a Chinese character in simplified form SGC) and safe Voronoi area calculates association
It discusses (Secure Voronoi Cell Computaition, write a Chinese character in simplified form SVCC).Specific protocol contents are as follows:
Safe division agreement SD: two given at the end server C1The integer a, b, C1 and C2 encrypted in range passes through two
Side calculates the truncated division encrypt to two encryption datas, in the quotient that the end server C1 is encrypted.The agreement executes
When, the data of encryption and quotient are only possessed by server C1, and server C2 only possesses key sk.
Shown in the principle of the agreement such as formula (5), for arbitrary
(ar1+br1r2+r3)/(br1)=a/b+r2 (2)
WhereinAnd r3<r1, K is that the bit of Paillier encipherment scheme key is big
It is small, ldataFor data a, the bit length of b.
Specific step is as follows by safe division agreement SD, as shown in Figure 6:
1. server C1 generates random number: server C1 possesses the data E of encryptionpk(a),Epk(b), server C2 possesses
Private key sk.Server C1 first, which is generated, to be metAnd r3<r1Random number r1,r2,r3。
2. random number public key pk is encrypted, and server C2: server C1 is sent to using the random number and public affairs generated
Key pk calculates Epk(ar1+br1r2+ r3) and Epk(br1), and send them to server C2.Specific calculation formula is as follows:
3. server C2 is decrypted with private key sk: server C2 receives the E of C1 transmissionpk(ar1+br1r2+ r3) and Epk(br1)
Afterwards, they are decrypted respectively using private key sk, obtain λ 'aWith λ 'b.The formula of decryption is as follows:
λ′a=Dsk(Epk(ar1+br1r2+ r3))=ar1+br1r2+r3 (5)
λ′b=Dsk(Epk(br1))=br1 (6)
Result λ ' after 4. server C2 will be decryptedaWith λ 'b, the two are counted and carries out division calculation, the quotient being calculated is made
C1 is sent to after being encrypted with public key: server C2 calculates λ 'a/λ′b(mod n) and it is encrypted, mod indicates modulus
Operation, obtains Epk(λ′a/λ′b), it is sent to server C1.
5. the encrypted result of safe division agreement is calculated in server C1: server C1 receives Epk(λ′a/λ′b) after, make
The E of encryption is calculated with formula (7)pk(a/b)。
Epk(a/b)=Epk(λ′a/λ′b)*Epk(r2)N-1 (7)
Wherein, Epk(r2)N-1=Epk(-r2), by ciphertext operation can encrypt by r2It subtracts.
Safety analysis: in this process, the data of the available encryption of server C1 and the result of division of encryption, but
C1 does not have private key sk, cannot decrypt, cannot get data and resultant content;Server C2 possesses private key sk but no data, therefore
Protect data-privacy and result privacy.It is random number that C1, which is sent to the data of C2, during being somebody's turn to do simultaneously, and C2 is sent to C1's
Data are Paillier probability encryption data, and data access patterns privacy is protected.
Safe division agreement SD content is as shown in algorithm 1.
Safe minimum agreement SMIN: t are given at the end server C1The integer encrypted in range and encryption
Value range c, C1 and C2 cryptographically calculate the minimum in the t Keyed integer greater than value range c by secure two party computation
Value generates one according to the minimum value and this t Keyed integer is corresponded using t as the ciphering sequence of length, minimum value pair
Should encrypt 1, remaining is the 0 of encryption, obtains the ciphering sequence at the end server C1.The agreement execute when, the data of encryption and
Minimum value sequence is only possessed by server C1, and server C2 only possesses key sk.
The principle of the agreement are as follows: give t integerTo each xiIt calculates:
x′i=xi*rmax+ri (8)
Wherein, ri<2K-l-1, each riIt is different from, rmaxFor riIn maximum value.Work as riWhen sufficiently large, pass through formula
(8), available t unequal random integersAnd x 'iAnd xiKeep identical partial ordering relation.
Specific step is as follows by safe minimum agreement SMIN, as shown in Figure 7:
1. server C1 generates random number: server C1 possesses the data E of encryptionpk(x1),…,Epk(xt) and encryption model
Enclose value Epk(c), server C2 possesses private key sk.Server C1 first generates t+1 random number { r1,…,rt+1, meetThe maximum value in this t+1 random number is selected later and is denoted as rmax, remaining random number is successively denoted as again
{r1,…,rt}。
2. server C1 calculates each encryption data, obtains each Keyed integer and encrypt the poor E of value rangepk
(xi-c).Specific formula for calculation is as follows:
Epk(xi- c)=Epk(xi)*Epk(c)N-1 (9)
3. server C1 adds random number: difference E of the server C1 to each encryption to the difference of each encryptionpk(xi-c)
It is calculated according to formula (8), obtains the disturbed value E for the encryption that it is added after random numberpk(θi), specific formula for calculation is as follows:
4. server C1 is sent to server C2 after this t value is upset sequence.Calculation formula is as follows:
Epk(θ ')=π (Epk(θ)) (11)
5. server C2 is decrypted: server C2 receives Epk(θ′i) after, these values are decrypted, θ ' is obtainedi。
6. server C2 calculates θ 'iIn minimum value, and mark the minimum value in sequence θ ' corresponding i be min.
7. the sequence Δ of one t long of server C2 generation ', Δmin' it is 1, residual value 0.By sequence Δ ' middle all elements
Encryption, obtains Epk(Δ ') is sent to server C1.
8. server C1 obtains safe minimum agreement encrypted result with inverse function: server C1 obtains sequence Epk(Δ′)
Afterwards, using the inverse function of formula (11), i.e. formula (12), obtain sequence and encryption data Epk(x1),…,Epk(xt) corresponding
Encryption minimum value mapping 01 sequence Epk(Δ).Specific formula for calculation is as follows:
Epk(Δ)=π-1(Epk(Δ′)) (12)
Safety analysis: in this process, the data of the available encryption of server C1 and the result of division of encryption, but
C1 does not have private key sk, cannot decrypt, cannot get data and resultant content;Server C2 passes through the available process of decryption oprerations
Difference after disturbance is NP-hard problem due to solving the equation group containing (t+1) a variable and t equation, and C2 is very
Find it difficult to learn the x for practising and comparing to needsiWith the value of c, data-privacy is protected;Simultaneously because the sequence that C1 is sent to C2 is out-of-order, and
Ranking functions C2 does not know, therefore even if C2 has calculated corresponding minimum value, can not be corresponded to true sequence,
Protect access module privacy.
Safe minimum agreement SMIN content is as shown in algorithm 2.
Security grid computing calculates agreement SGC: giving the side length of the grid SG of encryption, the grid cell of encryption at the end server C1
Epk(w) and encryption inquiry request Epk(Q), C2 possesses private key sk, C1 and C2 and is somebody's turn to do by the calculating that secure two party computation encrypts
It inquires the grid cell at place and takes out the content of grid cell storage.In the calculating process, the grid cell of encryption
Coordinate and the encrypted content of grid cell storage only obtain at the end server C1, and C2 cannot be about any effective of these contents
Information.
Security grid computing calculates agreement SGC, and specific step is as follows, as shown in Figure 8:
1. server C1 calculate inquiry Q where grid encryption coordinate: server C1 possess encryption grid SG, encryption
The side length E of grid cellpk(w) and encryption inquiry request Epk(Q), server C2 possesses private key sk.Server C1 first exists
In each dimension, i.e., in x-axis and y-axis, the coordinate of encrypted query is calculated divided by the dimension using safe division SD agreement respectively
The side length of grid cell on degree calculates the encryption coordinate E of grid g where inquiring Q in the dimensionpk(xi).Since the present invention is suitable
For the inquiry based on location-based service, therefore mentioned herein vector is bivector.Specific formula for calculation is as follows:
Epk(xi)=SD (Epk(Qi),Epk(wi)) (13)
2. server C1 calculates separately grid g in each dimension on two dimensionsiCoordinate and query point where
The difference of the encryption of the coordinate of grid g, and obtain the one-dimensional vector E of two encryptionspk(α),Epk(β).Assuming that in each dimension
There is niA grid cell, then the corresponding coordinate of these grid cells is respectively 0 to ni-1.Specific formula for calculation is as follows:
Epk(αi)=Epk(x1-i),Epk(βi)=Epk(x2-i) (14)
3. the one-dimensional vector that server C1 encrypts two is respectively multiplied by random number, result after being disturbed: server
C1 is by Epk(αi) and Epk(βi) encrypt respectively be multiplied by a random number r, the E disturbedpk(αi) and Epk(β i) is expressed as
Epk(α′i) and Epk(β′i), wherein in addition to the corresponding coordinate of grid where inquiry is Epk(0), remaining is random number.It is worth note
Meaning, the random number that every number multiplies are different from, and for convenience, we are indicated with r, association described below
View is also in compliance with the expression.Specific formula is as follows:
Epk(α′i)=Epk(αi)r,Epk(β′i)=Epk(βi)r (15)
4. server C1 uses formula (11) by Epk(α ') and EpkServer C2 is sent to after (β ') is out-of-order.
5. server C2 is decrypted and handles: server C2 receives Epk(α′i) and Epk(β′i) afterwards using private key sk to it
It is decrypted, and generates corresponding μiAnd χi.Wherein, if α 'i=0, then μiIt is 1;If β 'i=0, then χiIt is 1, remaining is all
It is 0.
6. server C2 encrypts result after decryption and processing using public key pk, and is sent to server C1: service
Device C2 uses public key pk by μiAnd χiIt is encrypted, obtains Epk(μi) and Epk(χi), and it is sent to server C1.
7. server C1 receives Epk(μ) and EpkAfter (χ), using formula (12) by vector recovery sequence.
8. server C1 calculates the dot product of vector using the property of the additive homomorphism of secure multiplication agreement SM and Paillier
μ SG χ, is equal to, to each grid gijComputations Epk(gij*μi*χj), all calculated result is encrypted later
Addition, so that it may obtain the value of the encryption of the grid cell g where the inquiry.Since Paillier is probability encryption,
The E being calculated by thispk(g) it can not be corresponded to the ciphertext in grid.Specific formula is as follows:
Safety analysis: in this process, the data of the available encryption of server C1 and encryption as a result, but C1 do not have
There is private key sk, cannot decrypt, cannot get data and resultant content;Server C2 is by the sequence that decryption oprerations are calculated
Random ordering, and ranking functions C2 is invisible to C2, therefore even if C2 cannot be corresponded to true sequence, where cannot obtaining
The coordinate of grid;Simultaneously as Paillier is probability encryption, the E that C1 cannot will be calculatedpk(g) and grid in ciphertext
It is corresponded to, protects access module privacy.
Security grid computing calculates the content of agreement SGC as shown in algorithm 3:
Safe Voronoi area calculates agreement SVCC: the Voronoi data structure SVD of encryption is given at the end server C1,
The Voronoi area id E of encryptionpk(a1|…|aλ) and λ, wherein λ is the quantity of the id of compression;C2 possesses private key sk.C1 and
The corresponding Voronoi area of the calculating inquiry that C2 is encrypted by secure two party computation and the seed node for taking out region encryption
Value and it adjacent area encryption id.In the calculating process, the value in the Voronoi area id of encryption and the region is only
It is obtained at the end server C1, C2 cannot be about any effective information of these contents.
Safe Voronoi area calculates agreement SVCC, and specific step is as follows, as shown in Figure 9:
1. server C1 generates random number, compressed and encrypted to random number: server C1 possesses the Voronoi of encryption
Region SVD, the Voronoi area id E of encryptionpk(a1|…|aλ) and compression id quantity λ, server C2 possesses private key sk.
Server C1 first generates λ random number r, and compresses these random numbers using formula (4) and passed through Epk() encryption,
Obtain Epk(r1|…|rλ)。
2. server C1 is by the compression random number E of encryptionpk(r1|…|rλ) and encryption Voronoi area id Epk(a1
|…|aλ), it is added to obtain E using Paillier additive homomorphism propertypk(a′1|…|a′λ), it is equivalent to aiAnd riAfter addition again
Compression encryption.Specific formula for calculation is as follows:
Epk(a′1|…|a′λ)=Epk(r1+a1|…|rλ+aλ)=Epk(r1|…|rλ)*Epk(a1|…|aλ) (17)
3. server C1 is by Epk(a′1|…|a′λ) it is sent to server C2.
4. server C2 receives Epk(a′1|…|a′λ) be decrypted afterwards using private key sk, it is carried out later according to formula (4)
Decompression, obtains λ numerical value a '1,…,a′λ。
5. two-dimensional array is obtained by calculation in server C2: server C2 calculates each ci=a 'iThe value of mod n, it is corresponding every
A ciGenerate the sequence α of a n longi, whereinIt is 1, remaining is all 0, wherein n is the quantity of Voronoi area.The end C2
Symbiosis obtains the two-dimensional array α of a λ * n size at λ sequence.
6. server C2 is using public key pk to αijIt is encrypted to obtain Epk(αij), by the two-dimensional array E of encryptionpk(α) is sent
Give server C1.
7. server C1 receives EpkAfter (α), the sequence β of a n long is generated, stores real call number from 0 to n-1's
The corresponding selective value of Voronoi area encrypts Voronoi area id E by calculatingpk(a1|…|aλ) include id in Epk
E is corresponded in (β)pk(1), remaining corresponds to Epk(0).Specific formula for calculation is as follows:
8. server C1 uses formula (11) by EpkServer C2 is sent to after (β) is out-of-order;
9. server C2 receives EpkAfter (β), decryption obtains β.The call number of β sequence is divided into λ grouping G, each grouping
GiThe corresponding β of one and only one elementi=1.
10. server C2 is by each grouping GiIn element upset, all grouping G are sent to server C1.
After server C1 receives grouping G, corresponding sequence will be reverted to out-of-order call number in G using formula (12)
Call number, and by Epk(β) recovery sequence.
Server C1 is grouped G to eachiCalculate separately the secret value E of its corresponding Voronoi area seed nodepk
(vi) and the Voronoi area adjacent area encryption id Epk(ai).Specific formula for calculation is as follows:
Wherein, c is grouping GiThe number of middle element.
Safety analysis: in this process, the data of the available encryption of server C1 and encryption as a result, but C1 do not have
There is private key sk, cannot decrypt, cannot get data and resultant content;Server C2 is by the sequence that decryption oprerations are calculated
Random ordering, and ranking functions C2 is invisible to C2, therefore even if C2 cannot be corresponded to true sequence, cannot obtain required
The corresponding call number of Voronoi area;Simultaneously as Paillier is probability encryption, the E that C1 cannot will be calculatedpk
(vi) and Epk(ai) corresponded to the ciphertext in SVD, protect access module privacy.
Safe Voronoi area calculates the particular content of agreement SVCC as shown in algorithm 4:
The additive homomorphism operation uses Paillier addition encipherment scheme:
For in plain textTo ciphertext Epk(m1) and Epk(m2) it is groupInterior multiplication operation is equal to m1
And m2It does add operation to re-encrypt, wherein Epk() indicates cryptographic operation, Dsk() indicates decryption oprerations, and formula is as follows:
Dsk(Epk(m1)Epk(m2)mod N2)=m1+m2mod N (21)
The multiplicative homomorphic operation uses Paillier multiplication encipherment scheme:
For in plain textTo ciphertext Epk(m1) and m2It is groupInterior power operation is equal to m1And m2
It does multiplication operation to re-encrypt, formula is as follows:
Step 4 is based on above-mentioned safe sub-protocol, and the present invention devises safe kNN vlan query protocol VLAN (SkNN), to complete ciphertext
Safe kNN inquiry.Inquiry request E of the agreement in the input encryption of the end server C1pk(Q), the Security Index knot of k and encryption
Structure SVD, SG and Epk(w), by the secure two party computation of C1 and C2, distance E is searched on index structurepk(Q) nearest k
The point of a pass point, this k encryption is kNN as a result, k=3 when test.The main thought of agreement progress kNN inquiry
Are as follows: C1 and C2 calculates agreement SGC by security grid computing first and calculates inquiry request Epk(Q) grid where, to obtain the net
The call number of the encryption of the Voronoi area of lattice covering;According to the call number, these region seed sections are calculated from SVD
The value of point and the id of adjacent area;Agreement SSED, which is calculated, using safe European squared-distance calculates query point Epk(Q) these kinds are arrived
The European squared-distance of child node uses safe minimum agreement SMIN calculated minimum later;The minimum value that will be calculated
It is added in kNN result, is NN object;It reads the value of these adjacent areas and calculates 2NN;From the phase of NN object and 2NN object
3NN is calculated in neighbouring region;And so on, until obtaining the result of kNN.
Server C1 possesses encrypted indexes structure and encrypted query request Epk(Q), server C2 possesses key.It cooperates with first
Calculate the grid G found where inquiry Qi, later according to GiThe encryption Voronoi area id of middle preservation is found corresponding
The region Voronoi, computations obtain Voronoi area where obtaining inquiry Q, obtain the seed node of the Voronoi area
As arest neighbors node, the i.e. result of k=1.The adjacent unit of the unit is added in Candidate Set later, and from Candidate Set
Middle computations obtain k=2's as a result, recycling the process until obtain k result.
Specific step is as follows by safe kNN vlan query protocol VLAN SkNN, as shown in Figure 10:
1. server C1 initializes three arrays: server C1 possesses the inquiry request E of encryptionpk(Q), the peace of k and encryption
Full index structure SVD, SG and Epk(w), server C2 possesses private key sk.Firstly, server C1 initializes three arraysRespectively indicate the seed node collection of candidate Voronoi area, subsequent Voronoi area id collection and
Candidate distance collection.The value of the encryption seed node currently read is stored, it is subsequent for convenience to read current minimum value
As a result, and result set E is addedpk(R) in;The encryption id of the adjacent area of (k-1) a Voronoi area before storage is used
In calculating kNN;Storage currently needs the European squared-distance of the encryption of comparison other.C1 initializes current minimum range simultaneously
Epk(dtemp) value be current minimum range Epk(0)。
2. server C1 and C2 calculate agreement SGC using security grid computing and calculate inquiry request Epk(Q) grid where, thus
Obtain the call number E of the encryption of the Voronoi area of grid coveringpk(a)。
3. server C1 and C2 calculate agreement SVCC using safe Voronoi area and calculate Epk(a) corresponding seed node
Value Epk(vi) and adjacent area id Epk(ai), these values are respectively added toWithIn.
4. server C1 and C2 calculates agreement SSED using safe European squared-distance and calculates encrypted query E one by onepk(Q) with
3. seed node E that step is calculatedpk(vi) European squared-distance Epk(di), these values are added to later
In.
5. server C1 and C2 calculate Candidate Set using safe minimum agreement SMINIn be greater than current minimum range
Epk(dtemp) minimum value, obtain 01 sequence of encryption of minimum value
6. willWithRegard one-dimensional vector, server C1 computations dot product as WithWhereinencIndicate that encryption dot product calculates to get to step 5. minimized correspondence
Encryption seed node value Epk(v), the id E of adjacent Voronoi area is encryptedpk(a) and encryption European squared-distance
Epk(dtemp), i.e., E is updated by this steppk(a) and Epk(dtemp) value.
Assuming that calculating the encryption dot product of the encryption vector A and B of two λ long, then dot product A is encryptedencBTSpecific calculating it is public
Formula is as follows:
7. server C1 adds Epk(v) result set E is arrivedpk(R) in.
8. server C1 empties Candidate SetWith
It is 2. arrived 7. 9. server C1 and C2 repeat step, until obtaining k arest neighbors as a result, i.e. result set E at the end C1pk
(R) size is k.
Safety analysis:
In safe k query process, the intermediate result that the end server C1 obtains is probability encryption decryption, and C1 is according in this
Between result be inferred to any other information.Meanwhile according to security protocol combinatorial theorem it is found that if forming the son association of the agreement
View is safe, and the intermediate result generated is random number or probability encryption data, then the agreement is safe.
The particular content of safe kNN vlan query protocol VLAN SkNN is as shown in algorithm 5:
Step 5, return query result give user User: the server C1 query result E for possessing encryptionpk(R), server C2
Possess key sk, to k query result, server C1 generates two random numbers respectively, and the two random numbers are compressed
Encryption disturbs result using encrypted random number is compressed, and obtains cryptogram computation as a result, server C1 is by ciphertext meter
It calculates result and is sent to server C2, k is sent to user User to random number;Server C2 decrypts result after disturbance, obtains
As a result, and obtaining coordinate value after the disturbance of k group after decryption;Coordinate value is sent to user User after C2 disturbs k group;User User
Receive k group random number from server C1, from server C2 receive the disturbance of k group after coordinate value, user User is by each disturbance recoil
Scale value subtracts the random number of disturbance accordingly, and final query result can be obtained.Herein, the calculating of user terminal is not related to
Encrypting and decrypting and cryptogram computation operation, not will cause heavy time cost.
Returning to query result, specific step is as follows, as shown in figure 11:
1. server C1 generates k to random number, encrypt and compress: server C1 possesses the query result E of encryptionpk(R), it takes
Business device C2 possesses key sk.Server C1 first generates k to random number (ri1,ri2), and they are gone back using formula (4)
Paillier encipherment scheme is compressed and is encrypted, and E is obtainedpk(ri1|ri2)。
2. server C1 is to each query result Epk(Ri) use Epk(ri1|ri2) disturbed, result E after being disturbedpk
(Ri'), specific formula for calculation is as follows:
Epk(R′i)=Epk(Ri+ri1|ri2)=Epk(Ri)*Epk(ri1|ri2) (24)
Result E after 3. server C1 will be disturbedpk(R′i) it is sent to server C2, by k to random number (ri1,ri2) be sent to
User User.
4. server C2 receives Epk(R′i) after, by Epk(R′i) decryption obtain R 'i;According to formula (4) by R 'iDecompression obtains
Coordinate value (the x ' of result points disturbancei,yi′)。
5. coordinate value (the x ' that server C2 disturbs k groupi,yi') it is sent to user User.
6. user User receives k group random number (r from server C1i1,ri2), k group coordinate value (x ' is received from server C2i,
yi′).Final query result can be obtained in the random number that each coordinate is subtracted to disturbance accordingly.Specific formula for calculation is such as
Under:
xi=x 'i-ri1,yi=y 'i-ri2 (25)
Safety analysis: server C1 possesses the query result of encryption, but cannot decrypt without private key sk;Server C2 solution
It is close disturbed as a result, random number due to not knowing addition, and solve the equation group containing 2k variable, k equation
It is HP-hard problem, result privacy cannot be protected by the value that result is calculated in effective time.
The protocol contents of query result are returned as shown in algorithm 6:
Conclusion:
The program can protect inquiry privacy, data-privacy, result privacy, data access patterns privacy in secure context;
It is encrypted on search efficiency and the time complexity of power is O (n+m), wherein n is the quantity of data point, as Voronoi
The quantity in region, m are the quantity of the grid divided, and when there are many data point, i.e., when n is very big, m will be much smaller than n.Meanwhile client
End is usually the mobile terminal for having lower processing capacity, is not involved in inquiry and calculates;In validity, this method returns correct and accurate
Query result.Herein, inquiry privacy refers to the location information submitted when server cannot obtain user query, i.e. protection is used
The location privacy information at family;Data-privacy refers to that server cannot obtain other letters relevant with data in addition to data set size
Breath, user can not obtain other information relevant with data set other than query result;As a result privacy refers to looking into for user
Asking result cannot reveal and data owner's leakage to server;Data access patterns privacy refers to that server cannot be by looking into
It askes the intermediate result for calculating and generating and obtains any effective information in relation to data access patterns, data access patterns refer to and look into
The relevant data of point are ask, are mainly guaranteed by the way that intermediate result is probability encryption data or random number in solution.
Claims (10)
1. a kind of safe kNN querying method based on LBS, which comprises the steps of:
Step 1, data owner DO generate key pair (pk, sk) and encrypted indexes structure, and encrypted indexes structure are sent to
Server C1, is sent to server C1, C2 and user User for public key pk, and private key sk is sent to server C2;
Step 2, user User use public key pk encryption to generate encrypted query and request E to oneself inquiry Qpk(Q), it and by this looks into
It askes request and is sent to server C1, wherein vector Q=(x, y) is the coordinate to be inquired of user, and encryption obtains inquiry request Epk
(Q)={ Epk(x),Epk(y)};
The inquiry request E of step 3, the index structure that server C1 is encrypted and encryptionpk(Q) after, secure two party computation is defined;
Wherein, secure two party computation includes: safe division agreement SD, safe minimum agreement SMIN, security grid computing calculate SGC and
Safe Voronoi area calculates agreement SVCC;Paillier addition encipherment scheme, multiplicative homomorphic are used about additive homomorphism operation
Operation uses Paillier multiplication encipherment scheme;
Step 4 is based on secure two party computation, design safety kNN vlan query protocol VLAN SkNN;The agreement is inputted at the end server C1 and is encrypted
Inquiry request Epk(Q) and encryption index structure and Epk(w), by the secure two party computation of C1 and C2, in encrypted indexes
Distance E is searched in structurepk(Q) point of k nearest pass point, this k encryption is kNN query result Epk(R), in C1
End obtains;
Step 5, return query result give user User: the server C1 query result E for possessing encryptionpk(R), server C2 possesses
Key sk, to k query result, server C1 generates two random numbers respectively, and the two random numbers are carried out compression encryption,
Result is disturbed using encrypted random number is compressed, obtains cryptogram computation as a result, server C1 is by cryptogram computation result
It is sent to server C2, k is sent to user User to random number;Server C2 decrypts result after disturbance, after obtaining decryption
As a result, and obtaining coordinate value after the disturbance of k group;Coordinate value is sent to user User after C2 disturbs k group;User User is from server
C1 receives k group random number, receives coordinate value after k group disturbs from server C2, user User is corresponding by coordinate value after each disturbance
The random number for subtracting disturbance, final query result can be obtained.
2. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the encrypted indexes knot
Structure includes: that safe Voronoi diagram SVD and security grid computing divide SG:
(1) safe Voronoi diagram SVD is generated:
1. carrying out Voronoi diagram division: DO possesses data set D={ p1,…,pn, wherein data point pi={ x, y }, to data set
D carries out Voronoi diagram division, and the plane where D is divided into n convex polygon, referred to as Voronoi area by Voronoi diagram, often
A Voronoi area viOne and only one data point pi, referred to as correspond to Voronoi area viSeed node, divide two
The side of Voronoi area is the perpendicular bisector of the two Voronoi area seed nodes, for a Voronoi area
vi, the arest neighbors for falling point q in the area is the seed node p in the regioni, by the property of Voronoi diagram it is found that query point q
The kNN object adjacent dimension promise unit that is present in (k-1) NN being previously calculated seed node among;
2. dividing according to the Voronoi, all Voronoi areas in Voronoi diagram are stored in array with random disorderIt will
Region viCorresponding call number is as its id in array, for any one Voronoi area vi, with a binary groupIt indicates, wherein (xi,yi) it is region viCorresponding seed node piCoordinate, aijFor this
Region viAdjacent Voronoi area id, (t1) it is the adjacent Voronoi area quantity of the Voronoi area;
3. adding false data: by arrayThe false adjacent Voronoi area id of middle addition keeps the quantity of adjacent area to be
Definite value t1, the false id added herein is arrayPresent in true call number, but it is not the adjacent id of corresponding region
And it is different;
4. data compression: to arrayThe region v of storageiThe id of corresponding coordinate and adjacent area is pressed using following formula
Contracting:
Wherein, λ is the number of the data of compression, and σ is the bit bit length of data compression, and σ is greater than the bit bit length of data itself;
5. to arrayIt is encrypted using pk, obtains SVD to get to encryption Voronoi and divide SVD, each storage should
The corresponding encryption binary group of Voronoi area
(2) it generates security grid computing and divides SG:
1. carrying out grid dividing on the basis of Voronoi is divided: Voronoi is divided into m grid, each net by grid dividing
The side length of lattice indicates that the grid dividing can store as matrix with vector wThe call number of matrix row and column respectively corresponds the net
The coordinate of lattice on two dimensions, each coarse gridding its id of Voronoi area for being covered intersect with it
The id of Voronoi area, is expressed asWherein oijFor region giThe id of the Voronoi area of intersection,
(t2) it is the quantity that Voronoi area is intersected in the region;
2. adding false data: by matrixThe false adjacent Voronoi area id of middle addition keeps each coarse gridding
The quantity of id is definite value t2, the false id added herein is arrayPresent in true call number, but it is not and the net
The id of lattice intersecting area and different;
3. data compression: equally using formula (1) to compress the content of each coarse gridding;
4. being encrypted with public key pk, SG is obtained: to matrixIt is encrypted with vector w using pk, obtains SG and Epk(w), often
A refined net content representation is
3. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the generation key pair
(pk, sk) uses Paillier encipherment scheme, wherein public key pk is used for the solution to data for the encryption to data, private key sk
It is close.
4. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the safe division association
Discuss SD: two given at the end server C1Integer a, the b encrypted in range, server C1 and C2 are calculated by two sides to two
The truncated division of encryption data encrypt, in the quotient that the end server C1 is encrypted, when which executes, the data of encryption
Only possessed by server C1 with quotient, server C2 only possesses key sk;
Shown in the principle of the agreement such as formula (2), for arbitrary
(ar1+br1r2+r3)/(br1)=a/b+r2 (2)
Wherein,And r3<r1, K is the bit size of Paillier encipherment scheme key,
ldataFor data a, the bit length of b;
Specific step is as follows for safe division agreement:
1. server C1 generates random number: server C1 possesses the data E of encryptionpk(a),Epk(b), server C2 possesses private key
Sk, server C1, which are generated, to be metAnd r3<r1Random number r1,r2,r3;
2. random number public key pk is encrypted, and server C2: server C1 is sent to using the random number and public key pk generated
Calculate Epk(ar1+br1r2+ r3) and Epk(br1), and server C2 is sent them to, specific calculation formula is as follows:
3. server C2 is decrypted with private key sk: server C2 receives the E of C1 transmissionpk(ar1+br1r2+ r3) and Epk(br1) after, make
They are decrypted respectively with private key sk, obtains λ 'aWith λ 'b, the formula of decryption is as follows:
λ′a=Dsk(Epk(ar1+br1r2+ r3))=ar1+br1r2+r3 (5)
λ′b=Dsk(Epk(br1))=br1 (6)
Result λ ' after 4. server C2 will be decryptedaWith λ 'b, the two are counted and carries out division calculation, the quotient being calculated is used public
Key is sent to C1 after being encrypted: server C2 calculates λ 'a/λ′b(mod n) and it being encrypted, mod indicates modulo operation,
Obtain Epk(λ′a/λ′b), it is sent to server C1;
5. the encrypted result of safe division agreement is calculated in server C1: server C1 receives Epk(λ′a/λ′b) after, use public affairs
The E of encryption is calculated in formula (7)pk(a/b):
Epk(a/b)=Epk(λ′a/λ′b)*Epk(r2)N-1 (7)
Wherein, Epk(r2)N-1=Epk(-r2), by ciphertext operation can encrypt by r2It subtracts, N is paillier public key pk
In two Big prime products.
5. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the safe minimum
Agreement SMIN: t are given at the end server C1The integer encrypted in range and the value range c, C1 and C2 of an encryption pass through
Secure two party computation cryptographically calculates the minimum value in the t Keyed integer greater than value range c, generates one according to the minimum value
A and this t Keyed integer is corresponded using t as the ciphering sequence of length, and the 1 of the corresponding encryption of minimum value, remaining is encryption
0, the ciphering sequence is obtained at the end server C1, when which executes, the data of encryption and minimum value sequence are only by server C1
Possess, server C2 only possesses key sk;
The principle of the agreement are as follows: give t integerTo each xiIt calculates:
x′i=xi*rmax+ri (8)
Wherein, ri<2K-l-1, each riIt is different from, rmaxFor riIn maximum value, work as riIt, can by formula (8) when sufficiently large
To obtain t unequal random integersAnd x 'iAnd xiKeep identical partial ordering relation;
Specific step is as follows by safe minimum agreement SMIN:
1. server C1 generates random number: server C1 possesses the data E of encryptionpk(x1),…,Epk(xt) and encryption value range
Epk(c), server C2 possesses private key sk, and server C1 first generates t+1 random number { r1,…,rt+1, meet
The maximum value in this t+1 random number is selected later and is denoted as rmax, remaining random number is successively denoted as { r again1,…,rt};
2. server C1 calculates each encryption data, obtains each Keyed integer and encrypt the poor E of value rangepk(xi-
c);Specific formula for calculation is as follows:
Epk(xi- c)=Epk(xi)*Epk(c)N-1 (9)
3. server C1 adds random number: difference E of the server C1 to each encryption to the difference of each encryptionpk(xi- c) foundation
Formula (8) is calculated, and the disturbed value E for the encryption that it is added after random number is obtainedpk(θi), specific formula for calculation is as follows:
4. server C1 is sent to server C2 after this t value is upset sequence, calculation formula is as follows:
Epk(θ ')=π (Epk(θ)) (11)
5. server C2 is decrypted: server C2 receives Epk(θ′i) after, these values are decrypted, θ ' is obtainedi;
6. server C2 calculates θ 'iIn minimum value, and mark the minimum value in sequence θ ' corresponding i be min;
7. the sequence Δ of one t long of server C2 generation ', Δmin' it is 1, residual value 0 adds sequence Δ ' middle all elements
It is close, obtain Epk(Δ ') is sent to server C1;
8. server C1 obtains safe minimum agreement encrypted result with inverse function: server C1 obtains sequence EpkAfter (Δ '), make
With the inverse function of formula (11), i.e. formula (12), sequence E is obtainedpk(Δ), specific formula for calculation is as follows:
Epk(Δ)=π-1(Epk(Δ′)) (12)
Wherein, Epk(Δ) is sequence Epk(Δ ') obtain sequence using formula (12) and encryption data Epk(x1),…,Epk(xt)
01 sequence of the minimum value mapping of corresponding encryption.
6. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the security grid computing meter
It calculates agreement SGC: giving the side length E of the grid SG of encryption, the grid cell of encryption at the end server C1pk(w) and encryption inquiry
Request Epk(Q), C2 possess private key sk, C1 and C2 by secure two party computation encrypt calculate the inquiry where grid cell simultaneously
The content for taking out grid cell storage, in the calculating process, coordinate and the grid cell storage of the grid cell of encryption
Encrypted content only obtains at the end server C1, C2 cannot about any effective information of these contents,
Security grid computing calculates agreement SGC, and specific step is as follows:
The encryption coordinate of grid where 1. server C1 calculates inquiry Q: server C1 possesses the grid of the grid SG of encryption, encryption
The side length E of unitpk(w) and encryption inquiry request Epk(Q), server C2 possesses private key sk, and server C1 first is at each
In dimension, i.e., in x-axis and y-axis, the coordinate for being calculated encrypted query using safe division SD agreement respectively is surfed the Internet divided by the dimension
The side length of lattice unit calculates the encryption coordinate E of grid g where inquiring Q in the dimensionpk(xi), due to based on location-based service
Inquiry, therefore described vector is bivector, specific formula for calculation is as follows:
Epk(xi)=SD (Epk(Qi),Epk(wi)) (13)
2. server C1 calculates separately grid g in each dimension on two dimensionsiCoordinate and query point where grid g
Coordinate encryption difference, and obtain two encryption one-dimensional vector Epk(α),Epk(β), it is assumed that have n in each dimensioniA net
Lattice unit, then the corresponding coordinate of these grid cells is respectively 0 to ni- 1, specific formula for calculation is as follows:
Epk(αi)=Epk(x1-i),Epk(βi)=Epk(x2-i) (14)
3. the one-dimensional vector that server C1 encrypts two is respectively multiplied by random number, result after disturb: server C1 general
Epk(αi) and Epk(βi) encrypt respectively be multiplied by a random number r, the E disturbedpk(αi) and Epk(βi), it is expressed as Epk
(α′i) and Epk(β′i), wherein in addition to the corresponding coordinate of grid where inquiry is Epk(0), remaining is random number, specific formula
It is as follows:
Epk(α′i)=Epk(αi)r,Epk(β′i)=Epk(βi)r (15)
4. server C1 uses formula (11) by Epk(α ') and EpkServer C2 is sent to after (β ') is out-of-order;
5. server C2 is decrypted and handles: server C2 receives Epk(α′i) and Epk(β′i) it is carried out using private key sk afterwards
Decryption, and generate corresponding μiAnd χi;Wherein, if α 'i=0, then μiIt is 1;If β 'i=0, then χiIt is 1, remaining is all 0;
6. server C2 encrypts result after decryption and processing using public key pk, and is sent to server C1: server C2
Using public key pk by μiAnd χiIt is encrypted, obtains Epk(μi) and Epk(χi), and it is sent to server C1;
7. server C1 receives Epk(μ) and EpkAfter (χ), using formula (12) by vector recovery sequence;
8. server C1 calculates the dot product μ of vector using the property of the additive homomorphism of secure multiplication agreement SM and Paillier
SG χ, is equal to, to each grid gijComputations Epk(gij*μi*χj), the phase for later encrypting all calculated result
Add, so that it may the value of the encryption of the grid cell g where the inquiry is obtained, specific formula is as follows:
Wherein, the quantity m=n of the grid of division1*n2, n1The quantity of grid, n in x-axis2It is the quantity of grid in y-axis.
7. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the safety
Voronoi area calculates agreement SVCC: the Voronoi data structure SVD of encryption is given at the end server C1, encryption
Voronoi area id Epk(a1|…|aλ) and λ, wherein λ is the quantity of the id of compression;C2 possesses private key sk, and C1 and C2 pass through peace
Complete two side calculate the corresponding Voronoi area of the calculatings inquiry of encryption and take out the seed node that the region encrypts value and it
Adjacent area encryption id, in the calculating process, the Voronoi area id of encryption and the value in the region are only in server
The end C1 obtains, and C2 cannot be about any effective information of these contents;
Safe Voronoi area calculates agreement SVCC, and specific step is as follows:
1. server C1 generates random number, compressed and encrypted to random number: server C1 possesses the Voronoi area of encryption
SVD, the Voronoi area id E of encryptionpk(a1|…|aλ) and compression id quantity λ, server C2 possesses private key sk, takes first
Be engaged in device C1 λ random number r of generation, and compresses these random numbers using formula (1) and passed through Epk() encryption, obtains
Epk(r1|…|rλ);
2. server C1 is by the compression random number E of encryptionpk(r1|…|rλ) and encryption Voronoi area id Epk(a1|…|
aλ), it is added to obtain E using Paillier additive homomorphism propertypk(a′1|…|a′λ), it is equivalent to aiAnd riIt is recompressed after addition
Encryption, specific formula for calculation are as follows:
Epk(a′1|…|a′λ)=Epk(r1+a1|…|rλ+aλ)=Epk(r1|…|rλ)*Epk(a1|…|aλ) (17)
3. server C1 is by Epk(a′1|…|a′λ) it is sent to server C2;
4. server C2 receives Epk(a′1|…|a′λ) be decrypted afterwards using private key sk, it is decompressed later according to formula (1)
Contracting, obtains λ numerical value a '1,…,a′λ;
5. two-dimensional array is obtained by calculation in server C2: server C2 calculates each ci=a 'iThe value of mod n, corresponding each ci
Generate the sequence α of a n longi, whereinBe 1, remaining is all 0, wherein n be Voronoi area quantity, the symbiosis of the end C2 at
λ sequence obtains the two-dimensional array α of a λ * n size;
6. server C2 is using public key pk to αijIt is encrypted to obtain Epk(αij), by the two-dimensional array E of encryptionpk(α) is sent to clothes
Be engaged in device C1;
7. server C1 receives EpkAfter (α), the sequence β of a n long is generated, stores real call number from 0 to n-1's
The corresponding selective value of Voronoi area encrypts Voronoi area id E by calculatingpk(a1|…|aλ) include id in Epk
E is corresponded in (β)pk(1), remaining corresponds to Epk(0), specific formula for calculation is as follows:
8. server C1 uses formula (11), by EpkServer C2 is sent to after (β) is out-of-order;
9. server C2 receives EpkAfter (β), decryption obtains β, and the call number of β sequence is divided into λ grouping G, each grouping GiHave
And the corresponding β of an only elementi=1;
10. server C2 is by each grouping GiIn element upset, all grouping G are sent to server C1;
After server C1 receives grouping G, using formula (12), by G to the rope for reverting to corresponding sequence with out-of-order call number
Quotation marks, and by Epk(β) recovery sequence;
Server C1 is grouped G to eachiCalculate separately the secret value E of its corresponding Voronoi area seed nodepk(vi)
With the encryption id E of the Voronoi area adjacent areapk(ai), specific formula for calculation is as follows:
Wherein, c is grouping GiThe number of middle element.
8. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the additive homomorphism behaviour
Make to use Paillier addition encipherment scheme:
For in plain textTo ciphertext Epk(m1) and Epk(m2) it is groupInterior multiplication operation is equal to m1And m2
It does add operation to re-encrypt, wherein Epk() indicates cryptographic operation, Dsk() indicates decryption oprerations, and formula is as follows:
Dsk(Epk(m1)Epk(m2)mod N2)=m1+m2mod N (21)
The multiplicative homomorphic operation uses Paillier multiplication encipherment scheme:
For in plain textTo ciphertext Epk(m1) and m2It is groupInterior power operation is equal to m1And m2It does and multiplies
Method operation re-encrypts, and formula is as follows:
Wherein, N is two Big prime products in paillier public key pk.
9. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that the safe kNN is looked into
Ask agreement SkNN, the specific steps are as follows:
1. server C1 initializes three arrays: server C1 possesses the inquiry request E of encryptionpk(Q) and encryption Security Index
Structure SVD, SG and Epk(w), server C2 possesses private key sk, firstly, server C1 initializes three arrays Respectively indicate the seed node collection, subsequent Voronoi area id collection and candidate distance of candidate Voronoi area
Collection,The value of the encryption seed node currently read is stored, it is subsequent for convenience to read current minimum value as a result, and adding
Enter result set Epk(R) in;The encryption id of the adjacent area of (k-1) a Voronoi area before storage, for calculating kNN;Storage currently needs the European squared-distance of the encryption of comparison other, while C1 initializes current minimum range Epk(dtemp) value
For current minimum range Epk(0);
2. server C1 and C2 calculate agreement SGC using security grid computing and calculate inquiry request Epk(Q) grid where, to obtain
The call number E of the encryption of the Voronoi area of grid coveringpk(a);
3. server C1 and C2 calculate agreement SVCC using safe Voronoi area and calculate Epk(a) value of corresponding seed node
Epk(vi) and adjacent area id Epk(ai), these values are respectively added toWithIn;
4. server C1 and C2 calculates agreement SSED using safe European squared-distance and calculates encrypted query E one by onepk(Q) and step
3. the seed node E being calculatedpk(vi) European squared-distance Epk(di), these values are added to laterIn;
5. server C1 and C2 calculate Candidate Set using safe minimum agreement SMINIn be greater than current minimum range Epk
(dtemp) minimum value, obtain 01 sequence of encryption of minimum value
6. willWithRegard one-dimensional vector, server C1 computations dot product as WithWhereinencIndicate that encryption dot product calculates to get to step 5. minimized correspondence
Encryption seed node value Epk(v), the id E of adjacent Voronoi area is encryptedpk(a) and encryption European squared-distance
Epk(dtemp), i.e., E is updated by this steppk(a) and Epk(dtemp) value;
Assuming that calculating the encryption dot product of the encryption vector A and B of two λ long, then dot product A is encryptedencBTSpecific formula for calculation such as
Under:
7. server C1 adds Epk(v) result set E is arrivedpk(R) in;
8. server C1 empties Candidate SetWith
It is 2. arrived 7. 9. server C1 and C2 repeat step, until obtaining k arest neighbors as a result, i.e. result set E at the end C1pk(R)
Size is k.
10. a kind of safe kNN querying method based on LBS according to claim 1, which is characterized in that return to query result
Specific step is as follows:
1. server C1 generates k to random number, encrypt and compress: server C1 possesses the query result E of encryptionpk(R), server
C2 possesses key sk, and server C1 first generates k to random number (ri1,ri2), and formula (1) also Paillier is used to them
Encipherment scheme is compressed and is encrypted, and E is obtainedpk(ri1|ri2);
2. server C1 is to each query result Epk(Ri) use Epk(ri1|ri2) disturbed, result E after being disturbedpk
(Ri'), specific formula for calculation is as follows:
Epk(Ri')=Epk(Ri+ri1|ri2)=Epk(Ri)*Epk(ri1|ri2) (24)
Result E after 3. server C1 will be disturbedpk(R′i) it is sent to server C2, by k to random number (ri1,ri2) it is sent to user
User;
4. server C2 receives Epk(R′i) after, by Epk(R′i) decryption obtain R 'i;According to formula (1) by R 'iDecompression obtains result
Coordinate value (the x ' of point disturbancei,yi′);
5. coordinate value (the x ' that server C2 disturbs k groupi,yi') it is sent to user User;
6. user User receives k group random number (r from server C1i1,ri2), k group coordinate value (x ' is received from server C2i,
yi′);Final query result can be obtained in the random number that each coordinate is subtracted to disturbance accordingly, and specific formula for calculation is such as
Under:
xi=x 'i-ri1,yi=y 'i-ri2 (25)
Wherein, (xi,yi) it is final query result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811085432.1A CN109194666B (en) | 2018-09-18 | 2018-09-18 | LBS-based security kNN query method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811085432.1A CN109194666B (en) | 2018-09-18 | 2018-09-18 | LBS-based security kNN query method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109194666A true CN109194666A (en) | 2019-01-11 |
CN109194666B CN109194666B (en) | 2021-06-01 |
Family
ID=64911650
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811085432.1A Active CN109194666B (en) | 2018-09-18 | 2018-09-18 | LBS-based security kNN query method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109194666B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109818729A (en) * | 2019-01-28 | 2019-05-28 | 东北大学 | Secret protection average distance querying method based on Paillier homomorphic cryptography |
CN111131327A (en) * | 2020-01-06 | 2020-05-08 | 湖北工业大学 | Sphere-based privacy protection satellite collision detection method and system |
CN114021172A (en) * | 2021-11-10 | 2022-02-08 | 苏州同济区块链研究院有限公司 | Multi-party joint security calculation method and device based on alliance chain |
CN115102733A (en) * | 2022-06-13 | 2022-09-23 | 西安电子科技大学 | Efficient packed image encryption retrieval method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102930051A (en) * | 2012-11-16 | 2013-02-13 | 上海交通大学 | Safe nearest neighbor search method and system based on isometric partition and random filling |
WO2016195552A1 (en) * | 2015-06-02 | 2016-12-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and encryption node for encrypting message |
US20170048208A1 (en) * | 2010-02-26 | 2017-02-16 | Microsoft Technology Licensing, Llc | Secure computation using a server module |
CN108111294A (en) * | 2017-12-13 | 2018-06-01 | 南京航空航天大学 | A kind of multiple labeling sorting technique of the protection privacy based on ML-kNN |
CN108133229A (en) * | 2017-12-11 | 2018-06-08 | 广州能量盒子科技有限公司 | The classification encryption method and system of a kind of Android APK file |
CN108363689A (en) * | 2018-02-07 | 2018-08-03 | 南京邮电大学 | Secret protection multi-key word Top-k cipher text retrieval methods towards mixed cloud and system |
-
2018
- 2018-09-18 CN CN201811085432.1A patent/CN109194666B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048208A1 (en) * | 2010-02-26 | 2017-02-16 | Microsoft Technology Licensing, Llc | Secure computation using a server module |
CN102930051A (en) * | 2012-11-16 | 2013-02-13 | 上海交通大学 | Safe nearest neighbor search method and system based on isometric partition and random filling |
WO2016195552A1 (en) * | 2015-06-02 | 2016-12-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and encryption node for encrypting message |
CN108133229A (en) * | 2017-12-11 | 2018-06-08 | 广州能量盒子科技有限公司 | The classification encryption method and system of a kind of Android APK file |
CN108111294A (en) * | 2017-12-13 | 2018-06-01 | 南京航空航天大学 | A kind of multiple labeling sorting technique of the protection privacy based on ML-kNN |
CN108363689A (en) * | 2018-02-07 | 2018-08-03 | 南京邮电大学 | Secret protection multi-key word Top-k cipher text retrieval methods towards mixed cloud and system |
Non-Patent Citations (2)
Title |
---|
崔宁宁: "《移动K-支配最近邻查询验证研究》", 《计算机学报》 * |
李璐: "《 安全两方计算关键技术及应用研究》", 《中国博士学位论文全文数据库信息科技辑》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109818729A (en) * | 2019-01-28 | 2019-05-28 | 东北大学 | Secret protection average distance querying method based on Paillier homomorphic cryptography |
CN109818729B (en) * | 2019-01-28 | 2021-10-29 | 东北大学 | Privacy protection average distance query method based on Paillier homomorphic encryption |
CN111131327A (en) * | 2020-01-06 | 2020-05-08 | 湖北工业大学 | Sphere-based privacy protection satellite collision detection method and system |
CN111131327B (en) * | 2020-01-06 | 2022-04-01 | 湖北工业大学 | Sphere-based privacy protection satellite collision detection method and system |
CN114021172A (en) * | 2021-11-10 | 2022-02-08 | 苏州同济区块链研究院有限公司 | Multi-party joint security calculation method and device based on alliance chain |
CN115102733A (en) * | 2022-06-13 | 2022-09-23 | 西安电子科技大学 | Efficient packed image encryption retrieval method |
CN115102733B (en) * | 2022-06-13 | 2023-11-21 | 西安电子科技大学 | Efficient packed image encryption retrieval method |
Also Published As
Publication number | Publication date |
---|---|
CN109194666B (en) | 2021-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Liu et al. | An efficient privacy-preserving outsourced calculation toolkit with multiple keys | |
Paulet et al. | Privacy-preserving and content-protecting location based queries | |
KR101679156B1 (en) | Secure private database querying with content hiding bloom filters | |
Shao et al. | FINE: A fine-grained privacy-preserving location-based service framework for mobile devices | |
KR100398319B1 (en) | Encrypting/decrypting system | |
CN109194666A (en) | A kind of safe kNN querying method based on LBS | |
WO2018210895A1 (en) | Post-quantum secure private stream aggregation | |
Li et al. | EPLQ: Efficient privacy-preserving location-based query over outsourced encrypted data | |
CN112270006A (en) | Searchable encryption method for hiding search mode and access mode in e-commerce platform | |
US20090138698A1 (en) | Method of searching encrypted data using inner product operation and terminal and server therefor | |
CN105049196B (en) | The encryption method that multiple keywords of designated position can search in cloud storage | |
CN102314580A (en) | Vector and matrix operation-based calculation-supported encryption method | |
Jayapandian et al. | Secure and efficient online data storage and sharing over cloud environment using probabilistic with homomorphic encryption | |
Yang et al. | Flexible wildcard searchable encryption system | |
CN108833077A (en) | Outer packet classifier encipher-decipher method based on homomorphism OU password | |
Li et al. | Double chaotic image encryption algorithm based on optimal sequence solution and fractional transform | |
CN110392038A (en) | The multi-key cipher that can verify that under a kind of multi-user scene can search for encryption method | |
Zhang et al. | A privacy protection scheme for IoT big data based on time and frequency limitation | |
CN107885705A (en) | A kind of efficiently expansible safe document similarity computational methods and device | |
Guo et al. | Enabling privacy-preserving geographic range query in fog-enhanced IoT services | |
Gahi et al. | Privacy preserving scheme for location-based services | |
Corena et al. | Secure and fast aggregation of financial data in cloud-based expense tracking applications | |
Tallapally et al. | Competent multi-level encryption methods for implementing cloud security | |
Liu et al. | Secure and efficient multi-attribute range queries based on comparable inner product encoding | |
Tang | Secret sharing-based IoT text data outsourcing: A secure and efficient scheme |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |