CN102945282B - Based on the method and system of the safe nearest neighbor of isometric Data Placement - Google Patents

Abstract

The present invention relates to a method and system for secure nearest neighbor query based on equal-length data division. The method includes: the data master divides the Voronoi graph containing the outsourced database into k divisions, records the boundaries of the divisions, and adds random words to the divisions. section, and establish a corresponding index for each boundary according to the preset hash function, and send all the encrypted partitions and their corresponding indexes to the server, and send the corresponding boundaries of all partitions to the data user; the data user will include The index corresponding to the division of the real query point is sent to the server; the server sends the encrypted division containing the real query point to the data user; the data user obtains the encrypted division containing the real query point, and calculates the nearest neighbor after decryption, When the data user performs the nearest neighbor query on the outsourced database stored on the server, the server cannot know the data, query points and query results in the outsourced database, ensuring data security.

Description

Method and system for secure nearest neighbor query based on equal-length data division

technical field

The invention relates to the field of safe query processing, and relates to a method and system for safe nearest neighbor query based on equal-length data division.

Background technique

Existing research in the area of secure query processing involves basic SQL queries on encrypted databases (see literature 3: H. Hacigumus, BRIyer, C. Li, and S. Mehrotra. Executing SQL overencrypted data in the database service provider model. In SIGMOD, 2002), aggregation query (see literature 4: H.Hacigumus, BRIyer, and S.Mehrotra. execution of aggregation queries over encrypted relational databases. In DASFAA, pages 125–136, 2004 and literature 5: E. Mykletun and G. Tsudik. Aggregation queries in the database-as-a-service model. In DBSec, 2006) and range queries ( See Document 6: B. Hore, S. Mehrotra, M. Canim, and M. Kantarcioglu. Secure multidimensional range queries over outsourced data. VLDBJ. To Appear. and Document 7: E. Shi, J. Bethencourt, HT-H. Chan , DXSong, and A. Perrig. Multi-dimensional range query over encrypted data. In IEEE Symposium on Security and Privacy, pages 350-364, 2007). As many existing studies (see literature 1: H.Hu, J.Xu, C.Ren, and B.Choi. Processing private queries over untrusted data cloud through privacy homomorphism. In ICDE, pages 601-612, 2011 and literature 2: WKWong, DW-L.Cheung, B.Kao, and N.Mamoulis. Secureknn computation on encrypted databases. In SIGMOD, pages 139–152, 2009 and literature 6 and literature 7) proved that in order to meet certain security requirements And to achieve greater efficiency, more complex query types often require some special handling. In particular, many predecessors have done research work on the SNN problem (see Document 1 and Document 2), but the solutions they propose are often proved to be insecure and can be successfully attacked easily.

Hacigumus and others first proposed the "outsourced database" (ODB) model (see literature 8: H. Hacigumus, BRIyer, and S. Mehrotra. Providing database as a service. In ICDE, 2002), in this model, the data The owner (data owner) outsources the two services of "data management" and "query answering" to an unreliable service provider (service provider). Security research on ODB aims to ensure data security through encryption and query processing on encrypted data. For example, use an order-preserving encryption scheme (OPES, see Document 9: R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In SIGMOD, 2002) , apply the function E to an ordinal domain, so that for any pair of values x, y satisfying x<y, E(x)<E(y). In addition, Hacigumus et al. also proposed an additive and multiplicative homomorphic (additive and multiplicative homomorphic) encryption function E (E satisfies E(x)+E(y)=E(x+y), E(x)E(y )=E(xy)) to support aggregation queries on encrypted data (see literature 4: H. Hacigumus, BRIyer, and S. execution of aggregation queries over encrypted relational databases. In DASFAA, pages 125-136, 2004). However, as demonstrated by Mykletun et al., in practice homomorphic laws cannot guarantee even the lowest level of security (see ref. 5). In a nutshell, the previous ODB models only considered simple numerical fields and SQL operations, but did not consider more complex operations such as kNN (k nearest neighbor, k nearest neighbor) queries as research objects; in addition, ODB model research Always assume a single type of attack without comprehensive consideration of different levels of attack, which is not universal.

In addition to various encryption techniques, there are other data protection methods to ensure the security of query calculations. The SQL statement execution on the ODB model uses the "coarse index" (coarse index, also known as "bucket-based index", bucket-based index) technology (see Document 3). The tuple is encrypted by a common encryption method such as RSA; each database attribute field is divided, and each part obtained after division (that is, a "partition", partition) is assigned an ID through a hash function. The data master sends the encrypted tuple together with the ID of its partition to the server to act as a "coarse index". The query becomes fetching the split containing the target tuple. The server returns a superset of the query results. Then, the user who has the key can decrypt the result, and then filter out useless information through certain post-processing. The amount of useless information in an advanced query can be enormous, and it can become very burdensome for the user. For example, the distance between data points and query points required in kNN calculation is difficult to obtain easily through the divided ID. Therefore, directly applying this "coarse index" technology will cause the server to return the entire database to the user, leaving the user alone to bear the calculation of the query results. Obviously, this method is not suitable when the user has limited processing power (such as the user is using a mobile device).

Another secure query processing method utilizes special hardware - a secure coprocessor (see literature 10: E. Mykletun and G. Tsudik. Incorporating a secure coprocessor in the database-as-a-service model. In IWIA, 2005 and Literature 11: R. Agrawal, D. Asonov, M. Kantarcioglu, and Y. Li. Sovereignjoins. In ICDE, 2006). It is a secure computing unit whose computing process and stored data are transparent to any party in the query. The use of the coprocessor is very simple, only need to install the encryption and decryption keys, and directly deploy the application logic. However, on the other hand, it is not as fast as ordinary processors, so it is not suitable for complex applications that require a lot of calculations. In addition, coprocessors must be maintained by the user. For example, if a processor goes down unexpectedly, the user must redeploy it. This is obviously contradictory to the fact that in cloud computing, users do not need to maintain the original data themselves.

In addition, Sweeney, Li, Machanavajjhala et al. proposed various data anonymity models, such as k-anonymity (k-anonymity), for privacy protection when data is released (see literature 12: L.Sweeney.k-anonymity: A model for protecting privacy. In IJUFKS, 2002). Their basic idea is to make each tuple in the database indistinguishable from the "quasi-identifiers" of at least k-1 other tuples. "k-anonymity" can be achieved by generalizing "quasi" identifiers, suppressing tuples, and perturbing tuples. However, the "k-anonymous" model has information loss during the query process, and the model itself has specific flaws. As pointed out by Machanavajjhala et al., the anonymized non-identifiable "quasi" identifier set also contains many sensitive values, so an attacker with limited background knowledge can cause information leakage (see literature 13: A.Machanavajjhala, J . Gehrke, D. Kifer, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In ICDE, 2006). In addition, the generalized value domain will also facilitate potential attackers to make accurate estimates of the original data or some valuable statistical information. In particular, it should be noted that the goals of privacy protection when data is released and data security in the ODB model are different: the former tries to prevent the published information from exposing specific individuals, while the latter focuses on protecting information from unauthorized users.

In order to better solve the problem of secure query processing, W.K.Wong et al. focused on the kNN query in SCONEDB model (see literature 2). Oliveira and others proposed "distance-preserving transformation" (distance-preserving transformation, DPT) as its encryption method (see literature 14: S.R.M. Oliveira and O.R. Zaiane. Privacy preserving clustering by data transformation. In SBBD, Manaus, Amazonas, Brazil, 2003). DPT converts a given point x into Nx+t, where N is a d×d orthogonal matrix and t is a d-dimensional vector. The main feature of DPT is that the point spacing remains unchanged before and after conversion, that is, d(x,y)=d(E(x),E(y)), where d represents the Euclidean distance, and E is encryption (conversion) function. Since the distance does not change, the kNN query is computed correctly. However, Liu et al. proved that DPT is insecure with respect to level 2 attacks and level 3 attacks [8]. For a level 3 attack, W.K.Wong et al. reviewed a set of points {x1,x2,...,xm} in the DB and their corresponding encrypted values {y1,y2,...,ym}, and then established a The group equation yi=Nxi+t forms a linear equation group, where d2 of N and d of t are unknown. So, if m>=d+1, then this system of equations can be solved. For a level 2 attack, the attacker sees a set of points P in DB. Since DPT preserves the correlation between dimensions, Liu et al. used PCA to determine the principal components in the point set P and the transformed database. By matching the principal components, the attacker can make accurate estimates of N and t (see literature 8).

Computation of kNN on unreliable platforms is also an issue that needs to be considered in the "Locality-Based Service" (LBS) system. In the LBS model, the server has a set of tuples (that is, "point of interest" point of interest, POI). The user submits a query (range query or kNN query) to the server to obtain the desired POI. The main security goal is to protect the location information of the query point, and some other models will also consider the privacy of POI. The "k-anonymous" model is often used to convert the location of the query point into a spatial range, such that this range contains at least other k-1 points, and it is difficult for the server to determine the location of the user (query point). Location. Although this model can be used to solve our problem, it has certain drawbacks. First, the anonymized data will approximately expose the original data value; second, in a specific model (see literature 15: G.Ghinita, P.Kalnis, A.Khoshgozaran, C.Shahabi, and K.L.Tan. services:Anonymizers are not necessary.In SIGMOD,2008), the database is assumed to be owned by the server, so the server can see the original data; again, in some systems (such as "coarse indexing" systems), the server usually returns super Sets are used for post-processing by users, which increases the burden on users, and for some "light-weight" clients, this is even unaffordable. Khoshgozaran et al. proposed an LBS model that can be encrypted for kNN queries (see literature 16: A.Khoshgozaran and C.Shahabi. Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy.InSSTD, 2007). The main idea is to use Hilbert curves to "encrypt" data points and queries. The Hilbert value of each point is sent to the server. Then calculate kNN in the space obtained after the Hilbert transformation to get an approximate result. In addition to returning approximate results, this method also has problems similar to DPT, and it is easy to be successfully attacked.

Contents of the invention

The object of the present invention is to provide a method and system for safe nearest neighbor query based on equal-length data division, which can make the server unable to know the data in the outsourced database when the data user performs the nearest neighbor query on the outsourced database stored on the server , the query point of the data user and the query result of the nearest neighbor to ensure data security.

In order to solve the above problems, the present invention provides a method of safe nearest neighbor query based on equal-length data division, including:

The data master generates a Voronoi diagram containing all data points of the outsourced database, where each data point has the same number of bytes, and the number of data points in the outsourced database is N, where N is a positive integer;

The data user or data master gives a parameter K, and the data master divides the Voronoi diagram into k divisions according to the parameter k, and records the boundaries corresponding to each division, wherein each division is disjoint, and the data contained in different divisions Points are partially repeated or not repeated at all, k is greater than or equal to 1 and less than or equal to N;

The data master takes the byte count of the partition containing the most data points among all partitions as the longest byte count, and adds random bytes in every other partition except the partition containing the most The number of bytes of each other division than the division of data points is equal to the longest number of bytes;

The data master establishes a corresponding index for each boundary according to a preset hash function, and sends all encrypted partitions and all indexes corresponding to corresponding boundaries to the server for storage according to a preset encryption algorithm;

The data master sends the boundaries corresponding to all partitions, the decryption algorithm corresponding to the encryption algorithm, and the hash function to the data user for storage;

The data user determines a real query point, determines a boundary corresponding to a partition containing the real query point according to the real query point, and obtains a boundary corresponding to a partition containing the real query point according to the hash function the corresponding index, and send the corresponding index containing the corresponding boundary of the division of the real query point to the server;

The server sends the corresponding encrypted partition containing the real query point to the data user according to the received corresponding index of the corresponding boundary of the partition containing the real query point;

The data user decrypts the received encrypted partition containing the real query point according to the decryption algorithm, obtains the partition containing the real query point, and obtains all the partitions containing the real query point. The nearest neighbor data point of the true query point.

Further, in the above method, the outsourced database is a one-to-three-dimensional outsourced database.

Further, in the above method, when the outsourced database is a one-dimensional outsourced database, the boundary of each division is a vertical bisector between two adjacent data points.

Further, in the above method, when the outsourced database is a two-dimensional outsourced database, the boundary of each division is a grid surrounded by straight lines parallel to the X-coordinate axis and the Y-coordinate axis of the voronoi diagram.

Further, in the above method, in the step of dividing the Voronoi diagram into k divisions according to the parameter k, the data master divides the Voronoi diagram into k square grids of equal size, wherein k is one Squares.

According to another aspect of the present invention, a system of safe nearest neighbor query based on equal-length data division is provided, including:

The data master is used to generate a Voronoi diagram containing all data points of the outsourced database given the parameter k, wherein the number of bytes of each data point is the same, and the number of data points in the outsourced database is N, and N is Positive integer; divide the Voronoi diagram into k divisions according to the parameter k, and record the boundary corresponding to each division, wherein each division does not intersect with each other, and the data points contained in different divisions are partially repeated or not repeated at all, and k is greater than or equal to 1 and less than or equal to N; get the number of bytes of the partition containing the most data points among all partitions as the longest byte count, add random bytes in every other partition except the partition containing the most data points, Make the number of bytes of each other partition except the partition containing the most data points equal to the longest number of bytes; establish a corresponding index for each boundary according to a preset hash function, and according to a preset The encryption algorithm sends all the encrypted partitions and the indexes corresponding to all the corresponding boundaries to the server for storage and sends all the indexes corresponding to the corresponding boundaries to the server for storage; The decryption algorithm and the hash function are sent to the data user for storage;

The data user is used to determine the real query point given the parameter k, determine the corresponding boundary of the partition containing the real query point according to the real query point, obtain and contain the real query according to the hash function The corresponding index of the corresponding boundary of the point division, and the corresponding index of the corresponding boundary of the division containing the real query point is sent to the server; according to the decryption algorithm, the received encrypted data containing the real decrypting the division of the query point, obtaining the division containing the real query point, and obtaining the nearest neighbor data point of the real query point from the division containing the real query point;

The server is configured to send to the data user a corresponding encrypted partition containing the real query point according to the received corresponding index of the corresponding boundary of the partition containing the real query point. Create a corresponding index for each boundary according to a preset hash function, and send all encrypted divisions and the corresponding indexes of all corresponding boundaries to the server for storage and all corresponding boundaries according to a preset encryption algorithm The corresponding index is sent to the server for storage.

Further, in the above system, the outsourced database is a one-to-three-dimensional outsourced database.

Further, in the above system, when the outsourced database is a one-dimensional outsourced database, the boundary of each division is a vertical bisector between two adjacent data points.

Further, in the above system, when the outsourced database is a two-dimensional outsourced database, the boundary of each division is a grid surrounded by straight lines parallel to the X-coordinate axis and the Y-coordinate axis of the voronoi diagram.

Further, in the above system, the data master divides the Voronoi diagram into k square grids of equal size, where k is a square number.

Compared with the prior art, the present invention generates a Voronoi diagram containing all data points of the outsourced database through the data master, wherein the number of bytes of each data point is the same, and the number of data points in the outsourced database is N, where N is Positive integer; the data user or data master gives a parameter K, and the data master divides the Voronoi diagram into k divisions according to the parameter k, and records the boundary corresponding to each division, wherein each division is disjoint, and different divisions The included data points are partially repeated or not repeated at all, k is greater than or equal to 1 and less than or equal to N; the data master obtains the number of bytes of the division that contains the most data points in all divisions as the longest number of bytes, except for the division that contains the most data Random bytes are added to each other division than the division containing the most data points so that the number of bytes in each division other than the division containing the most data points is equal to the longest number of bytes; The hash function establishes a corresponding index for each boundary, and sends all encrypted partitions and all indexes corresponding to the corresponding boundary to the server for storage according to a preset encryption algorithm; the data master stores all partitions corresponding to the boundary, The decryption algorithm corresponding to the encryption algorithm and the hash function are sent to the data user for storage; the data user determines the real query point, and determines the corresponding division of the real query point according to the real query point A boundary, obtaining, according to the hash function, an index corresponding to a boundary corresponding to the partition containing the real query point, and sending the index corresponding to the boundary corresponding to the partition containing the real query point to the server; The server sends the corresponding encrypted division containing the real query point to the data user according to the received corresponding index of the corresponding boundary of the division containing the real query point; the received encrypted containing The division of the real query point is decrypted. The data user decrypts the received encrypted division containing the real query point according to the decryption algorithm, obtains the division containing the real query point, and obtains the division containing the real query point from the In the division of the real query point, the nearest neighbor data point of the real query point can be obtained, so that when the data user performs the nearest neighbor query on the outsourced database stored on the server, the server cannot know the data in the outsourced database and the data user The query points and the query results of the nearest neighbors ensure data security.

Description of drawings

Fig. 1 is the flowchart of the method for safe nearest neighbor query based on equal-length data division according to an embodiment of the present invention;

Fig. 2 is a schematic diagram of division of a method for safe nearest neighbor query based on equal-length data division according to an embodiment of the present invention;

Fig. 3 is a schematic diagram of one-dimensional space division according to an embodiment of the present invention;

Fig. 4 is a schematic diagram of division of the MinCs method according to an embodiment of the present invention;

Fig. 5 a is the impact diagram of k on the division time cost under the MinCs division method of an embodiment of the present invention;

Fig. 5b is a diagram showing the influence of |D| on the division time cost under the MinCs division method according to an embodiment of the present invention;

Fig. 6a is a diagram showing the variation of the average value, maximum value and minimum value of the division size with parameter k according to an embodiment of the present invention;

Fig. 6b is a diagram showing the variation of the average value, maximum value and minimum value of the division size with |D| according to an embodiment of the present invention

Fig. 7a is a graph of the total running time of the MinCs division method according to an embodiment of the present invention as a function of parameter k;

Fig. 7b is a diagram showing the variation of the total running time with |D| of the MinCs division method according to an embodiment of the present invention;

Fig. 8a is a diagram of |E(D)| changing with k under the MinCs division method according to an embodiment of the present invention;

Fig. 8b is a graph showing the variation of |E(D)| with |D| under the MinCs division method according to an embodiment of the present invention;

Fig. 9a is a graph showing the variation of query communication cost with k under the MinCs division method according to an embodiment of the present invention;

Fig. 9b is a graph showing the variation of query communication cost with |D| under the MinCs division method according to an embodiment of the present invention;

Fig. 10a is a diagram showing the variation of query time with |D| under the MinCs division method according to an embodiment of the present invention;

Fig. 10b is a graph showing the variation of query time with k under the MinCs division method according to an embodiment of the present invention;

FIG. 11 is a schematic diagram of functional modules of a system for secure nearest neighbor query based on equal-length data division according to an embodiment of the present invention.

Detailed ways

In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

With the increasing popularity of the concept of "cloud computing" and its applications, more and more attention has been paid to the "security query problem" for the encrypted data set E(D) on the "cloud". In the present invention, the problem of "secure nearest neighbor (SNN)" (secure nearest neighbor, SNN) has been studied in depth; The query ciphertext (encrypted query, E(q)) will be sent to the server to obtain the ciphertext of the nearest data point (that is, "nearest neighbor") of the query point in E(D), but it must be ensured that the server cannot be informed of the data and The specific content of the query. Specifically, the SNN problem involves the three parties of data master, data user and server and the corresponding actions of the three parties:

(1) Data Master: Owns an outsourced database D consisting of d-dimensional Euclidean points or objects, and outsources D to an incompletely reliable server.

(2) Data user: need to query the outsourced database D.

(3) Server: It is not completely reliable, and will spy on the data content from the data master and the query content from the data user due to its own reasons or third-party reasons.

In order to allow data users to perform nearest neighbor (NN, nearest neighbor) queries on the outsourced database D, without allowing the server to know the data in the data master’s outsourced database D, the actual query of the data user, and the specific information of the query results, The data master must apply a certain encryption algorithm E to the outsourced database D to encrypt. E(D) can be used to represent the ciphertext of D, and E-1 can be used to represent the corresponding decryption algorithm. Similarly, data users should encrypt their query point q (representing a query point) to obtain E(q) and send it to the server. Here, we need to try to ensure that the SNN method is the same as the encryption algorithm E used by the data owner in terms of security. That is, all E are proven to be secure (indistinguishable under chosen-plaintext attack, or indistinguishable under chosen-ciphertext attack) attack models in SNN methods.

In fact, it can be proved that, given only E(q) and E(D), it is impossible for the server to find the exact nearest neighbor of the query point. But what if the server is not required to give the precise location of the SNN query result, but only needs to give a "rough location" of the query result? Let’s imagine a very simple and direct query processing method: the data owner regards the outsourced database D as a whole and encrypts it to obtain E(D), then sends it to the server; and the server can return the entire E(D) as a query result to the data user; The data user then uses E ^-1 to decrypt E(D) (assuming that the data master shares E ^-1 with the data user) to obtain D, so that the result of the SNN query can be calculated locally - this "simple" method can be Called the "(direct) transmission D" (Send-D method) algorithm. Obviously, this algorithm has the same security as E, but it is very inefficient. On this basis, as shown in Figure 1, a more efficient SNN processing method is further proposed, that is, a secure nearest neighbor query method (secure voronoi diagram, SVD) based on equal-length data division provided by the present invention, It includes steps S1-S5 in the preprocessing stage, and the query stage includes steps S6-S8. Steps S6-S8 in the query stage can be repeated according to the actual query needs. Among them,

Step S1, the data master generates a Voronoi diagram including all data points p _i of the outsourced database D, where the number of bytes of each data point p _i is the same, and the number of data points in the outsourced database is N, where N is a positive integer. Since k partitions of the outsourced database D are to be generated in the subsequent step S2, a key issue here is how to generate (possibly overlapping) “partitions” G(D)={G ₁ ,...,G _k }, two goals are considered: (1) SNN query results (nearest neighbors of query points) should be included in at least one partition, and (2) data users can determine G _i is used to reduce the query cost, so a natural choice is to use the voronoi diagram based on the outsourced database D to construct G(D), where each data point p _i is represented by a voronoi cell.

The present invention needs to address following four problems:

Problem 1: The boundary P(D) uses voronoi cell to describe the space cost too much. For example, when the outsourced database D is two-dimensional, that is, d=2, each voronoi cell is a convex polygon of any shape, and these polygons have an average of 6 vertices. Therefore, the storage space occupied by the boundary P(D) represented in this way will be much larger than that of the outsourced database D itself.

Question 2: How to establish an index for the boundary P(D) so that data users can quickly determine the required original index value i. This problem is particularly prominent when the elements in the boundary P(D) have irregular boundaries, for example: when B _j ∈ P(D) is a voronoi cell (at this time B _j is a convex polygon of any shape) .

Question 3: Guarantee |E(G _i )|=|E(G _j )|(i≠j), so that the server will not distinguish them according to the size of the division (ciphertext), and then understand the division situation. We need to ensure this in any secure encryption algorithm E, so we need to enforce constraints on G(D) |G _i | _b = |G _j | _b (i≠j), where |G _i | _b represents the division of G The number of bytes of _i (note that the number of data points in G _i is distinguished as |G _i |).

Question 4: After the data user calculates the original index value i satisfying nn(q,D)∈G _i locally, he should not directly send the original index value i to the server to obtain E(G _i ), so as to ensure that the server does not Any information about the partition is learned during query processing. If the data user only sends the ciphertext of the original index value i to the server, then this problem does not exist; but this means that the server must be able to find E(G _i ) through the ciphertext of the original index value i.

Step S2, the data user or data master gives a parameter K, and the data master divides the Voronoi diagram G(D) into k partitions G ₁ ,...,G _k according to the parameter k, and records the corresponding Boundary P(D)={B ₁ ,...,B _k }, where each partition is mutually disjoint, data points contained in different partitions are partially repeated or not repeated at all, and k is greater than or equal to 1 and less than or equal to N. Specifically, according to the parameter k given by the user, D is divided into k parts, and each such part is called a "partition" (intersections are allowed between the partitions, that is, each partition can contain the same data points), that is, G( D)={G ₁ ,...,G _k }, and then transmit E(D)={E(G ₁ ),...,E(G _k )} to the server. In this process, it is also necessary to store the "geometric boundary" P(D)={B ₁ ,...,B _k } of each division (where B _i is the geometric boundary of division G _i ), such information is in Under the premise of ensuring sufficient description of the division, the smaller the occupied space, the better.

Here we first consider an extreme situation: if k=N (N is the number of data points in the data set D, ie |D|), then each G _i is a set composed of a single data point p _i ∈ D, The boundary P(D) is the set of voronoi cells of D. Suppose the voronoi cell of p _i is vc _i (p _i is included in vc _i ), then given any query point q, the data user needs to find the voronoi cell containing q; suppose Then the data user needs to request E(G _i ) from the server; here obviously nn(q,D)=p _i and G _i ={p _i }, and the algorithm returns nn(q,E ^-1 (E(G _i )))=nn(q,{p _i })=p _i , it can be seen that the result is correct. It can be considered to apply the above idea to the general situation of k<<N.

Step S3, the data master obtains the number of bytes of the division that contains the most data points among all the divisions as the longest number of bytes, and adds random bytes to each division except the division that contains the most data points, so that The number of bytes for each of the divisions other than the division containing the most data points is equal to the longest number of bytes. Specifically, assume that the data master has generated G(D) and P(D). In order to solve the above problem three, the data master needs to ensure that |G _i |=|G _j | (i≠j). Let G _x be the partition with the most data points (hereinafter referred to as "size", size) in G(D), that is, for any i∈[1,k], there is |G _i |≤|G _x |. For each partition G _i (i≠x), add (|G _x | _b -|G _i | _b ) random bytes to it, where the character * can be used to represent any random byte to match the actual data point in G _i (None of these random characters represented by * will actually appear in G _i ), this process can be called "random filling operation". Obviously, after this "random filling operation", for any partition G _i , there is |G _x | _b =|G _i | _b . In this way, in the subsequent step S4, no matter which secure encryption algorithm the data owner uses to generate {E(G ₁ ),...,E(G _k )}, there is |E(G _i )| _b =|E( G _j )| _b (i≠j), so as to ensure that the server cannot distinguish any partition in G(D), so as to understand the partition situation.

Step S4, the data master establishes a corresponding index for each boundary according to a preset hash function, and sends all encrypted divisions and all indexes corresponding to corresponding boundaries to the server for storage according to a preset encryption algorithm. Specifically, in order to solve the above problem 4, the data master applies a secret random hash function g:[1,N]→Z+, and finally converts E(D)={(E(g(1)),E(G1)) ,...,(E(g(k)),E(Gk))} are published to the server, and P(D), E ^-1 and g are published to data users.

Step S5, the data master sends the boundary P(D) corresponding to all divisions, the decryption algorithm corresponding to the encryption algorithm and the hash function to the data user for storage. Store P(D) in the data user end, so that for any query point q, the data user can efficiently determine the original index value i of the boundary P(D) satisfying nn(q,D)∈G _i , and then according to the hash The corresponding index of the boundary corresponding to the function division makes a request to the server to obtain E(G _i ). This process can be carried out without the server knowing the specific original i value, so that it can be guaranteed that the server will not respond to the query. Knowing the division; finally, data users can easily derive nn(q,D)=nn(q,E ^-1 (E(G _i ))).

Step S6, the data user determines the real query point q, determines the corresponding boundary of the partition containing the real query point according to the real query point, and obtains the boundary of the partition containing the real query point according to the hash function The corresponding index of the corresponding boundary, and the corresponding index E(g(j)) of the corresponding boundary containing the division of the real query point is sent to the server, that is, the data user will E(D)={(E( g(1)),E(G ₁ )),...,(E(g(k)),E(G _k ))} are sent to the server.

In step S7, the server sends the corresponding encrypted partition containing the real query point to the data user according to the received corresponding index of the corresponding boundary of the partition containing the real query point. Specifically, after the server receives all encrypted partitions and indexes corresponding to all corresponding boundaries, it will directly establish a corresponding relationship between all encrypted partitions and corresponding indexes.

Step S8, the data user decrypts the received encrypted partition containing the real query point according to the decryption algorithm, obtains the partition containing the real query point, and obtains the partition containing the real query point from the partition containing the real query point Obtain the nearest neighbor data point of the real query point.

Steps S6-S8 of the above query stage can be repeated according to actual query needs until no query points are input.

Preferably, the outsourced database is a one-to-three-dimensional outsourced database.

Preferably, when the outsourced database is a one-dimensional outsourced database, the boundary of each division is a perpendicular bisector between two adjacent data points. Specifically, in order to solve the first and second problems, it is stipulated that each partition in G(D) must have a regular shape. As shown in Figure 3, there is an "optimal solution" in the one-dimensional case, which can produce balanced and mutually disjoint partitions, because the Voronoi diagrams of one-dimensional data points are composed of continuous disjoint intervals Formation, to generate "completely balanced" (i.e. equal in size) partitions, simply find their 1/k, ..., (k-1)/k quantiles in D, and use them to generate G(D) , the boundary of the voronoi cell corresponding to these quantile points and ±∞ determine P(D)={B ₁ ,...,B _k }.

The above process of finding (k-1) quantile points and dividing the Voronoi diagram of D through them can be completed by a linear scan of D. Therefore, the IO (input/output) cost of the algorithm in the external memory model is O(N log N). Since each partition is of size |D|/k=N/k, G _i is of size |E(N/k)|, so E(D) is of size k|E(N/k)|; and Obviously the size of P(D) is O(k).

Preferably, when the outsourced database is a two-dimensional outsourced database, the boundary of each division is a grid surrounded by straight lines parallel to the X-coordinate axis and the Y-coordinate axis of the voronoi diagram. Specifically, in order to solve the above-mentioned problem 1 and problem 2, it is stipulated that each division in G(D) must have a regular shape, specifically, each division must be limited to a shape defined by the X coordinate axis and the Y coordinate axis (X axis or Y axis) in a "grid" (box) surrounded by parallel sides. However, this means that the boundary B _i that divides G _i may contain or run through multiple voronoi cells, as shown in Figure 2, where the dotted lines are the divided boundaries B ₁ and B ₂ , representing the convexity of different data points p ₁ ~p ₁₆ The polygons are voronoi cells.

In order to solve the above problem 2, set the voronoi cell corresponding to point p _i in D as vc _i , in order to ensure that data users can index P(D) and easily and efficiently determine the index satisfying nn(q,D)∈G _i value i, the division principle can be determined as follows: Let the geometric boundary of G _i be represented by B _i , then

Principle 1: Bi is a "grid" surrounded by sides parallel to the X-coordinate axis and the Y-coordinate axis;

Principle two: That is, the corresponding boundaries of different partitions in G(D) are mutually disjoint;

Principle 3: If B _i completely contains or intersects with a voronoi cell set V _i , then G _i ={p _j |v _cj ∈V _i }, but different G _i may contain repeated data points. As shown in Figure 2, the data points in the dark voronoi cell will be added to the division G ₁ and G ₂ at the same time, that is, G ₁ ={p ₁ ,p ₂ ,p ₃ ,p ₄ ,p ₅ ,p ₆ ,p ₇ ,p ₈ ,p ₁₀ }, G ₂ ={p ₅ ,p ₆ ,p ₇ ,p ₈ ,p ₁₀ ,p ₁₁ ,p ₁₂ ,p ₁₃ ,p ₁₄ ,p ₁₅ ,p ₁₆ ,p ₉ }.

Lemma 1. As shown in Figure 2, according to the above division principle, if nn(q,D)=pi and q∈B _j , then there is p _{i ∈G j .}

Proof: If there is a query point q∈B _j , that is, q belongs to the area framed by B _j , then q must belong to a voronoi cell completely contained or penetrated by B _j . According to the above division principle, this voronoi cell must belong to V _j , and V _j determines the elements of G _j . Assuming that q is included in v _ci (then nn(q,D)=p _i ), we can see from the above that v _ci ∈ Vj, and then p _i ∈ G _j .

From Lemma 1 above, in step S6, for any query point q, the job of the data client is to find B _j ∈ P(D) satisfying q ∈ B _j , that is, to find a grid containing q in P(D) , which is actually a "point location query" (point location query) process. Since the grids in P(D) are all disjoint, but will cover the space of the Voronoi diagram of the entire outsourced database D, there is one and only one grid containing point q; in addition, since the sides of these grids are all aligned with the X coordinate axis is parallel to the Y axis, so data users can easily index i for P(D). Afterwards, the data user can request E(G _j ) from the server, because according to Lemma 1, as long as q is included in B _j , then there is nn(q,D)∈G _j .

Through step S7, once E(G _j ) is returned by the server, in step S8, the data user can decrypt E(G _j ) by E ^-1 to obtain G _j ; after that, the data user can easily identify the random character * Previously, the data master removed the random byte sequence added in G _j through "random padding operation"; finally, the data user can obtain nn(q,D)=nn(q,G _j ).

However, don’t forget that the data user needs to solve the fourth problem when requesting E(G _j ) from the server. Through step S4, the data master establishes a corresponding index for each boundary according to the preset hash function, and encrypts all encrypted After the partition and all corresponding indexes are sent to the server for storage, in step S6, the data user is asked to send E(g(j)) to the server. In step S7, on the server side, there is a pairing relationship between E(g(i)) sent by the data master and E(G _i ), and after receiving E(D) sent by the data master, the server will create a record hash table T, mapping E(g(i)) to E(G _i ). In this way, given a request E(g(i)) by the data user, the server can finally find E(G _i ) by searching in T. The time complexity of this process is only O(1), so the server can pass The above process efficiently finds E(G _j ) from E(g(j)).

Furthermore, this embodiment provides a MinCs division method, which follows the above-mentioned division principles 1 to 3. Since the "random padding operation" is added, it is obvious that the communication cost and the server-side storage cost of this embodiment are determined by The difference between the largest partition and the size of each partition, i.e. |G _x| - |G _i| , or more precisely, |E(G _x )|-|E(G _i )|), that is, for To reduce communication costs and server-side storage costs, principle 4 should be followed as much as possible when designing the partition method: generate partitions with "balanced" (equal or close) sizes as much as possible.

In the MinCs method, the data master divides the voronoi diagram into K divisions according to the parameter K, and divides the voronoi diagram into K square grids of equal size, wherein k is a square number.

The MinCs method is the simplest division method, which divides D and its voronoi diagram into a grid shape, where the geometric size of each grid in the "grid" is the same. Such a division determines that the elements in P(D) are square lattices whose sides are parallel to the X-coordinate axis and the Y-coordinate axis. Once P(D) is given, G(D) can be generated according to the ideas shown in Figure 2. As shown in Figure 4, where k=4; please note that here k must be a square number. In the MinCs method, only one value—the side length l of the small square—can express P(D) (assuming that the boundary value of D is a known parameter).

To simplify the discussion, a grid can be represented by a pair of parameter values {x, y} in order from left to right and bottom to top. For example, in FIG. 4 , the lower left grid is marked C _1,1 , and the upper right grid is marked C _2,2 . According to the corresponding relationship between each grid C _{i, j} and each divided geometric boundary B _x , in this example we can get $C_{i,j}=B_{(i-1)\&Center\; Dot;\sqrt{k}+j}.$

It is easy to prove: only need to know l and k (k can be calculated from the boundary value of l and D) and the coordinates of point q, the data user can find out the grid where q is located at the time cost of O(1). Therefore, among all partition methods, this method has the lowest storage cost on the data client side, because P(D) only needs a value l to represent, so it is called "MinCs (Minimum Client Storage) method".

In more detail, the above MinCs division method can be implemented in C++ language. In the experiment implemented in this implementation, the data set D was divided by voronoi using the Qhull library; it was encrypted using the latest Crypto++ library. Subsequent experiments were performed on a Linux machine configured with an Intel Xeon 3.07GHz CPU and 8GB of memory.

For the two-dimensional outsourcing database D, tens of millions of data points sampled from California (CA) and Texas (TX) were used as the original data set in the experiment, and these data came from the OpenStreetMap project. In the CA and TX data sets, 2,000,000 data points were randomly selected as the largest experimental data set Dmax, and a smaller-scale data set was formed based on Dmax. What needs to be specially mentioned here is that when changing the size of the data set to test the scalability of the division method of this embodiment, it will ensure that the small data set is always a subset of the large data set, so as to avoid specific data points in D The impact of the change, thus only reflecting the impact of |D|.

The default settings for the parameters involved in the experiment are as follows: |D|=106, k=625 (|D|, k are the number of data points and the number of final divisions respectively); the number of data points uses the data from CA by default ; Use the AES encryption algorithm for encryption, and its key size and block size are both 256 bits. What needs to be particularly mentioned here is that after experimenting with other encryption algorithms, it is found that different encryption algorithms have almost no impact on the performance of this embodiment. Therefore, any secure public key or symmetric key encryption algorithm can be used to implement this embodiment, and the performance of different encryption algorithms to achieve this embodiment can be demonstrated by experiments. Finally, it should be noted that in all experiments, unless otherwise stated, when a parameter is studied as a variable, other parameters are default values.

The specific experimental results are as follows:

1. Preprocessing stage

In the preprocessing stage, the data master needs to perform two tasks: division and encryption, both of which are mainly affected by the number of divisions k and the size of the data set |D|. Figures 5a and 5b show the effects of k and |D| on the running time under the MinCs method, respectively. In Figure 5a, it is obvious that the time cost of MinCs is almost a constant independent of k, because the simplicity and complexity of the division process of MinCs itself has nothing to do with the size of k. MinCs is actually the most simple and direct method of division; it is particularly worth mentioning that it only takes 22 seconds to divide 1,000,000 points into 1,225 divisions.

Figure 5b shows the effect of varying the data size |D| (from 250,000 to 2,000,000) on the partition time cost. Obviously, the processing time of MinCs is linear with N=|D|.

Let's look at the size of the partition G(D)={G1,...,Gk} generated under the MinCs method (before performing the "random filling operation"). Since the "random pad operation" increases the size of all partitions to be as large as the largest partition by padding with random bytes, the following two values are critical for evaluating the performance of the partitioning method of this embodiment: Size of largest partition|G The variance of _x | and (|G _x |-|G _i |) (i∈[1,k]). |G _x | determines the storage cost on the server side and the communication cost of each query; the variance of (|G _x |-|G _i |) determines the cost of the filling operation itself. In order to present these values simply and intuitively in one graph, Figures 6a and 6b show the average value of the division size (avg partition size), maximum |G _x |=max _{i∈[1, k]} |G _i | and minimum |G _y |=min _{i∈[1, k]} |G _i | with parameters k and | The change of D|.

As shown in Figures 6a and 6b, in the MinCs division method, the average value and maximum value of the division size decrease with the increase of k.

Let's look at the total running time (total running time) of the MinCs method in the preprocessing stage through Figures 7a and 7b. The so-called total running time specifically includes the time of the two steps of division and encryption (Voronoi division time and "random filling operation" time are also included, but they are relatively smaller than the division and encryption time). In Figs. 7a and 7b, the preprocessing time of the Send-D method is also added for reference, and the preprocessing time of the Send-D method is the time for encrypting D as a whole.

In addition, it can be seen from Figures 7a and 7b that the total time of the preprocessing stage of the MinCs method increases linearly with the increase of k or |D|.

Let's look at the size of the final E(D), which is a key factor affecting the storage cost on the server side and the communication cost from the data master to the server. After random padding, each partition has the same size as the largest partition, so |E(D)|=k|E(Gx)|=k|E(Gi)|(i∈[1, k]).

Figures 8a and 8b show the variation of |E(D)| (size of E(D)) with k or |D| under the MinCs method, respectively. Similar to the discussion of Figures 7a and 7b, the size of D and the size of E(D) obtained by encrypting D as a whole (that is, the cost of Send-D) are also added to Figures 8a and 8b for reference. Obviously, the size of E(D) in the MinCs method increases linearly with the increase of k or |D|. The size of E(D) corresponding to Send-D also increases linearly with |D|, but it has nothing to do with k. Naturally, compared to directly transmitting the plaintext of the outsourced database D itself, the MinCs method will introduce communication costs from the data master to the server and storage costs on the server side.

The storage cost of the data client depends on the size of P(D), and this cost is O(1) in the MinCs method.

Finally, it should be stated that there is almost no significant difference in the experimental results which data set (CA data set or TX data set) is used in the experiment, so for the sake of brevity, the experimental results on the TX data set are not discussed here .

2. Query processing cost

First, for any query point q, using the method of this embodiment, the communication cost from the server to the data client only depends on |E(G _j )|. However, just like the above analysis of the results of Fig. 8a, 8b, due to the random padding operation, each partition has the same size, and |E(G _i )|=|E(D)|/k(i∈ [1,k]). On the contrary, in the Send-D method, the communication cost from the server to the data client is the size of the overall encrypted data set D, ie |E(D as one message)|. Therefore, although |E(D as one message)| is much smaller than |E(D)| generated by the MinCs method (as shown in Figures 8a and 8b), as shown in Figures 9a and 9b, in the method of this embodiment The query communication cost from the server to the data client is still much smaller than that of Send-D.

Next, let's look at the query processing cost of the data client. For each experiment, 100 queries were randomly performed, and then the average processing time of the MinCs method as shown in Figure 10a and 10b was obtained. Figure 10a shows that the query time of the MinCs method decreases as k increases, which is obviously because the division becomes smaller as k increases. Compared with Send-D, the performance of MinCs method is much better. As shown in Figure 10b, when |D| increases, the query time of the MinCs method increases linearly.

The algorithm efficiency of this embodiment includes the space-time cost of the preprocessing stage and the query cost of the query stage. The space-time cost of the preprocessing stage includes time cost and storage cost, and the query cost of the query stage includes time cost and communication cost:

1. The time cost of the SVD algorithm for preprocessing is mainly reflected in the following three stages:

(1) Get the voronoi diagram of D;

(2) Divide D;

(3) Generate E(D).

For one-dimensional and two-dimensional outsourced databases, the cost of stage (1) is O(NlogN).

In the (2) stage (dividing D), in the one-dimensional case, it is obvious that the required quantile points can be obtained through one traversal after sorting the data, so the cost of stage 2 is also O(NlogN) ; in the two-dimensional case, the cost of this stage depends on the division method we choose. The cost of the MinCs method is O(N).

The cost of stage (3) is linear with the encryption cost. Assume that the cost of encrypting information m through the encryption algorithm E is e(m); since the "random padding operation" increases the size of each division to the maximum, the time complexity of generating E(D) is O( ke(|Gx|b)), where $G_x={\arg \max }_{G_i\&Element;G\left(\mathrm{D.}\right)}\left|G_i\right|.$

2. Storage cost in the preprocessing stage

The storage cost on the server side is |E(D)|, which is O(k|E(Gx)|).

The storage cost of the data client is the space occupied by P(D) and index i. For most index structures of the same type (such as kd tree, R tree, line segment tree, etc.), the size of i is linearly related to |P(D)|, so the storage cost of the data client is O(|P(D )|); As for P(D), in one-dimensional case, P(D) only contains (k-1) values, so |P(D)|=k-1; in two-dimensional case, |P( D) | is determined by the selected division method. The |P(D)| of the MinCs method is O(1).

3. Query cost in the query phase

The time cost of the query phase is mainly reflected in two ends: data client and server. Among them, the data user needs to look up the Bi _∈ P(D) containing the query point q through the index of P(D), where any _Bi is a d-dimension surrounded by sides parallel to the X coordinate axis and the Y coordinate axis ( One to three-dimensional) grids; since it has been guaranteed that any two grids in P(D) will not intersect, and there must be a grid containing q, this kind of search is actually a typical output size of 1 (there is only one result). "Point position query"process; in a one-dimensional situation, the cost of the above process is only O(logk).

On the server side, when the data user gives a request E(g(j)), the server finds E(Gj) by querying the hash table T, and this process is O(1).

The single communication cost in the system is |E(D)| and |P(D)|, which can be derived naturally from our discussion of storage cost above. The communication cost of the query is |E(g(j))|+|E(Gj)|, or |E(g(j))|+|E(Gx)|, or |E(g(j))| +|E(Gj)|/k.

In terms of security in this embodiment, since the data user in this embodiment only uses E(D)={(E(g(1)),E(G1)),...,(E(g(k )), E(Gk))} are sent to the server, and only E(g(j)) is visible to the server during query processing, so we can prove the following Theorem 1.

Theorem 1. Assuming that E is an encryption algorithm that has been proven safe in the standard security model M (eg, IND-CPA), then the SVD algorithm in M has the same security as E.

Proof: During the whole process, the server can only see the E(D) from the data master and the E(g(j)) random sequence from the data user, therefore, the server can only know the number k of partitions. Since the "random padding operation" guarantees that |E(G _j )|=|E(G _i )|(i≠j), if E is safe in M, then obviously, the server will not learn about arbitrary division of G Boundary information of _i . Furthermore, because the random hash function g:[1,N]→Z ⁺ is unknown to the server, it is impossible for the server to restore the original index value i given only E(g(j)), That is, it is impossible for the server to know the original index value i of the pair (E(g(i), E(G _i )) in E(D).

In summary, this embodiment can prevent the server from knowing the data in the outsourced database, the query point of the data user, and the query result of the nearest neighbor when the data user performs the nearest neighbor query on the outsourced database stored on the server, thereby ensuring data security.

As shown in FIG. 11 , the present invention also provides another secure nearest neighbor query system based on equal-length data division, which includes a data master 1 , a data user 2 and a server 3 .

Data master 1 is used to generate a Voronoi diagram containing all data points of the outsourced database given the parameter k, wherein each data point has the same number of bytes, and the number of data points in the outsourced database is N, N is a positive integer; divide the Voronoi diagram into k divisions according to the parameter k, and record the boundary corresponding to each division, wherein each division does not intersect with each other, and the data points contained in different divisions are partially repeated or not repeated at all, and k is greater than Equal to 1 and less than or equal to N; get the number of bytes of the partition containing the most data points among all partitions as the longest byte count, and add random bytes in every other partition except the partition containing the most data points , make the number of bytes of each other division equal to the longest number of bytes except the division containing the most data points; establish a corresponding index for each boundary according to a preset hash function, and according to a preset The encrypted algorithm sends all encrypted partitions and indexes corresponding to all corresponding boundaries to the server for storage and sends all indexes corresponding to corresponding boundaries to the server for storage; The corresponding decryption algorithm and the hash function are sent to the data user for storage. Wherein, the parameter k is given by the data master 1 or the data user 2 .

The data user 2 is used to determine the real query point given the parameter k, determine the corresponding boundary of the partition containing the real query point according to the real query point, obtain and contain the real query point according to the hash function Query the corresponding index of the corresponding boundary of the division of the query point, and send the corresponding index of the corresponding boundary of the division containing the real query point to the server; according to the decryption algorithm, receive the encrypted data containing the The division of the real query point is decrypted, the division containing the real query point is obtained, and the nearest neighbor data point of the real query point is obtained from the division containing the real query point.

The server 3 is configured to send the corresponding encrypted partition containing the real query point to the data user according to the received corresponding index of the corresponding boundary of the partition containing the real query point.

Preferably, the outsourced database is a one-to-three-dimensional outsourced database.

Preferably, when the outsourced database is a one-dimensional outsourced database, the boundary of each division is a perpendicular bisector between two adjacent data points.

Preferably, when the outsourced database is a two-dimensional outsourced database, the boundary of each division is a grid surrounded by straight lines parallel to the X-coordinate axis and the Y-coordinate axis of the voronoi diagram.

Wherein, the data master divides the Voronoi diagram into k square grids of equal size, where k is a square number.

In summary, the present invention generates a Voronoi diagram containing all data points of the outsourced database through the data master, wherein each data point has the same number of bytes, and the number of data points in the outsourced database is N, and N is a positive integer ; The data user or the data master gives a parameter K, and the data master divides the Voronoi diagram into k divisions according to the parameter k, and records the boundary corresponding to each division, wherein each division is mutually disjoint, and different divisions include Data points are partially repeated or not repeated at all, k is greater than or equal to 1 and less than or equal to N; the data master obtains the number of bytes of the division that contains the most data points in all divisions as the longest number of bytes, except for the division that contains the most data points Random bytes are added to every other partition except the partition containing the most data points so that the number of bytes in every other partition is equal to the longest number of bytes; The Hive function establishes a corresponding index for each boundary, and sends all encrypted partitions and all corresponding indexes to the server for storage; the data master stores the corresponding boundaries of all partitions, the decryption algorithm corresponding to the encryption algorithm and the The hash function is sent to the data user for storage; the data user determines the real query point, determines the corresponding boundary of the partition containing the real query point according to the real query point, and obtains and contains the real query point according to the hash function. The corresponding index of the corresponding boundary of the division of the real query point, and send the corresponding index of the corresponding boundary of the division containing the real query point to the server; The corresponding index of the corresponding boundary of the partition sends the corresponding encrypted partition containing the real query point to the data user; the data user sends the received encrypted partition containing the real query point according to the decryption algorithm Decrypt the division of points, obtain the division containing the real query point, and obtain the nearest neighbor data point of the real query point from the division containing the real query point, which can be stored on the server by the data user When the nearest neighbor query is performed in the database, the server cannot know the data in the outsourced database, the query point of the data user, and the query result of the nearest neighbor, ensuring data security.

Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for relevant information, please refer to the description of the method part.

Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

Obviously, those skilled in the art can make various changes and modifications to the invention without departing from the spirit and scope of the invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.

Claims (10)

1. based on a method for the safe nearest neighbor of isometric Data Placement, it is characterized in that, comprising:

The main generation of data comprises the voronoi figure of all data points of Outsourced database, and wherein, the byte number of each data point is identical, and the number of the data point in Outsourced database is N, N is positive integer;

Data user or the main given parameters K of data, described voronoi figure is partitioned into k division according to described parameter k by data main root, record each border dividing correspondence, wherein, each division is mutually disjointed, the data point part that different demarcation comprises repeats or does not repeat completely, and k is more than or equal to 1 and is less than or equal to N;

The byte number comprising the division of an at most data point in all divisions of the main acquisition of data is as most long word joint number, in each other except comprising the division of an at most data point divides, add random bytes, make each byte number that other divides except comprising the division of a data point at most equal described in most long word joint number;

Data main root sets up corresponding index according to the hash function preset to each border, and according to a cryptographic algorithm preset, index corresponding to all divisions after encryption and all with corresponding border thereof is sent to server stores;

All corresponding border, the decipherment algorithm corresponding with described cryptographic algorithm and the described hash functions of dividing of data chief commander send to described data user to store;

Described data user determines true query point, the border of the correspondence of the division comprising described true query point is determined according to described true query point, obtain the corresponding index with the corresponding border of the division comprising described true query point according to described hash function, and the index of the correspondence comprising the border of the correspondence of the division of described true query point is sent to server;

Described server sends the division comprising described true query point after corresponding encryption according to the index comprising the correspondence on the border of the correspondence of the division of described true query point received to described data user;

The division comprising described true query point after the encryption received is decrypted according to described decipherment algorithm by described data user, obtain the division comprising described true query point, and from the division comprising described true query point, obtain the data point of the arest neighbors of described true query point.

2. as claimed in claim 1 based on the method for the safe nearest neighbor of isometric Data Placement, it is characterized in that, described Outsourced database is one to three-dimensional Outsourced database.

3., as claimed in claim 2 based on the method for the safe nearest neighbor of isometric Data Placement, it is characterized in that, when described Outsourced database is one dimension Outsourced database, the border of each division is the perpendicular bisector between two consecutive number strong points.

4. as claimed in claim 2 based on the method for the safe nearest neighbor of isometric Data Placement, it is characterized in that, when described Outsourced database is two-dimentional Outsourced database, the border of each division is the grid surrounded by the straight line parallel with Y-coordinate axle with the X-coordinate axle of described voronoi figure.

5. as claimed in claim 4 based on the method for the safe nearest neighbor of isometric Data Placement, it is characterized in that, described voronoi figure is partitioned in k the step divided according to described parameter k by data main root, described voronoi figure is partitioned into the foursquare grid of the sizes such as k, wherein, k is a square number.

6. based on a system for the safe nearest neighbor of isometric Data Placement, it is characterized in that, comprising:

Data master, for given parameters k, generate the voronoi figure comprising all data points of Outsourced database, wherein, the byte number of each data point is identical, and the number of the data point in Outsourced database is N, N is positive integer; According to parameter k, described voronoi figure is partitioned into k division, record each border dividing correspondence, wherein, each division is mutually disjointed, and the data point part that different demarcation comprises repeats or do not repeat completely, and k is more than or equal to 1 and is less than or equal to N; The byte number obtaining in all divisions the division comprising an at most data point is as most long word joint number, in each other except comprising the division of an at most data point divides, add random bytes, make each byte number that other divides except comprising the division of a data point at most equal described in most long word joint number; According to the hash function preset, corresponding index is set up to each border, and to be sent to by index corresponding for the border of all divisions after encryption and all correspondences thereof index corresponding to server stores and all with corresponding border thereof to send to server stores according to a cryptographic algorithm preset; Described data user is sent to store all corresponding border, the decipherment algorithm corresponding with described cryptographic algorithm and described hash functions of dividing;

Data user, for given described parameter k, determine true query point, the border of the correspondence of the division comprising described true query point is determined according to described true query point, obtain the corresponding index with the corresponding border of the division comprising described true query point according to described hash function, and the index of the correspondence comprising the border of the correspondence of the division of described true query point is sent to server; According to described decipherment algorithm, the division comprising described true query point after the encryption received is decrypted, obtain the division comprising described true query point, and from the division comprising described true query point, obtain the data point of the arest neighbors of described true query point;

Server, for sending the division comprising described true query point after corresponding encryption according to the index comprising the correspondence on the border of the correspondence of the division of described true query point received to described data user.

7. as claimed in claim 6 based on the system of the safe nearest neighbor of isometric Data Placement, it is characterized in that, described Outsourced database is one to three-dimensional Outsourced database.

8., as claimed in claim 7 based on the system of the safe nearest neighbor of isometric Data Placement, it is characterized in that, when described Outsourced database is one dimension Outsourced database, the border of each division is the perpendicular bisector between two consecutive number strong points.

9. as claimed in claim 7 based on the system of the safe nearest neighbor of isometric Data Placement, it is characterized in that, when described Outsourced database is two-dimentional Outsourced database, the border of each division is the grid surrounded by the straight line parallel with Y-coordinate axle with the X-coordinate axle of described voronoi figure.

10. as claimed in claim 9 based on the system of the safe nearest neighbor of isometric Data Placement, it is characterized in that, voronoi figure described in described data chief commander is partitioned into the foursquare grid of the size such as k, and wherein, k is a square number.