CN107360146B - Privacy protection space crowdsourcing task allocation system and method for receiving guarantee - Google Patents

Privacy protection space crowdsourcing task allocation system and method for receiving guarantee Download PDF

Info

Publication number
CN107360146B
CN107360146B CN201710533887.4A CN201710533887A CN107360146B CN 107360146 B CN107360146 B CN 107360146B CN 201710533887 A CN201710533887 A CN 201710533887A CN 107360146 B CN107360146 B CN 107360146B
Authority
CN
China
Prior art keywords
worker
workers
task
server
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710533887.4A
Other languages
Chinese (zh)
Other versions
CN107360146A (en
Inventor
毛睿
李荣华
陆敏华
王毅
罗秋明
商烁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen University
Original Assignee
Shenzhen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen University filed Critical Shenzhen University
Priority to CN201710533887.4A priority Critical patent/CN107360146B/en
Publication of CN107360146A publication Critical patent/CN107360146A/en
Priority to PCT/CN2017/113468 priority patent/WO2019006968A1/en
Application granted granted Critical
Publication of CN107360146B publication Critical patent/CN107360146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a privacy protection space crowdsourcing task distribution system and method for receiving guarantee, which comprises an SC server, an encryption service provider, a space task requester and workers, wherein the SC server is used for providing a privacy protection space crowdsourcing task; the encryption service provider generates a key by adopting a Paillier password and an ElGamal password system; the space task requester creates a space task and returns the task position to the SC server; the SC server encrypts the task position, and each worker calculates the distance between the task position and the worker position; the speed of each worker is encrypted and sent to the SC server, and each worker calculates the traveling time of the worker and sends the traveling time to the SC server after encryption; the SC server calculates winning workers by means of an encryption service provider, and the encryption service provider encrypts a winner set containing a plurality of winners and returns the winner set to the SC server; the SC server encrypts the task position and broadcasts to all workers, and the winning workers arrive at the designated position to execute the task. The invention realizes privacy protection of both parties in space crowdsourcing, greatly reduces the calculation cost and can ensure that the task is accepted with high probability.

Description

Privacy protection space crowdsourcing task allocation system and method for receiving guarantee
Technical Field
The invention belongs to the field of computers, and particularly relates to a spatial crowdsourcing task distribution system, in particular to a privacy protection spatial crowdsourcing task distribution system for receiving guarantee; in addition, the invention also relates to an implementation method of the privacy protection space crowdsourcing task allocation system for receiving guarantee.
Background
Crowdsourcing drastically changes the landscape of problem solving methods by outsourcing a task (usually performed by a designated agent) to the public in the form of public recruitment. Crowdsourcing can provide talent capacity and expert service on demand, at a much lower cost than hiring professionals, and has been successfully applied to transcription books, protein folding, astrological classification, traffic monitoring, and the like. Recently, crowd sourcing has also been widely used for emergency management because it can collect critical information such as affected areas, dangerous people, and potential areas that may require search and rescue actions, efficiently and at low cost in emergency and disaster situations. For example, Nipol suffered a 7.8 earthquake attack on 25/4/2015. To provide detailed damage assessment, digitalglob gathers pre-and post-earthquake to high resolution satellite images of the affected area, which are segmented and provided to online crowds to identify damaged buildings and roads. 21000 multiple damaged buildings and roads are identified and marked within a month because of crowdsourcing help, providing valuable data for aid and reconstruction.
Crowdsourcing in emergency management can play a more active role due to the rapid development of ubiquitous wireless networks and intelligent mobile devices. A new type of crowdsourcing, Spatial Crowdsourcing (SC) outsources a spatial task (i.e., a location-related task) to a plurality of workers holding mobile devices that need to reach a specified location and complete the task. We continue with the above example of emergency management in earthquakes. The SC server sends a spatial task of whether or not survivors are present in a particular collapsed building to all available workers, including volunteers and professionals equipped with life detection instrumentation. Workers willing to perform the task arrive at the building for inspection and send the results back to the SC server. Based on the rescue plan that can be subsequently performed, professional heavy rescue equipment may be deployed on site, for example, if someone is identified as being trapped in debris.
Regardless of the field of application, the success of crowdsourcing depends on the active participation of the population. For space crowdsourcing, the location privacy problem is a major factor that prevents workers from engaging in space tasks. To achieve efficient task allocation (where efficiency means that space tasks can be quickly completed by being allocated to nearby workers), the SC server needs to constantly collect their locations via the workers' mobile devices. However, it is very difficult for workers to control the use of their location data stored by an untrusted third party, i.e. the SC server. In fact, the collected location data is likely to be shared, rented or sold, which has a serious impact on the privacy of the individual. Based on these location data, an intruder can make extensive attacks on an individual, such as physical monitoring and tracking, identity theft, and destruction of sensitive information (e.g., home address and lifestyle habits). Thus, location privacy protection, or more generally, worker privacy protection, is an important aspect of space crowdsourcing as it may encourage workers to actively participate in completing space tasks. This is particularly important for emergency management, as more active workers generally mean that tasks can be completed faster.
Tasks on existing crowdsourcing platforms (such as Amazon Mechanical turn) are public to all workers. This mode may not be suitable for spatial crowdsourcing in emergency situations. Once the location of the task is disclosed, the stakeholders may go there to perform the task even though they are not required to do so. This may cause more confusion, such as traffic congestion. Therefore, the location of the task should not be grasped by the staff member except the person to which the task is assigned. Sometimes, task location protection is also popular from the perspective of the task requester. For example, people with health problems at home may seek help by crowdsourcing, but disclosing their health problems and home address significantly violates individual privacy. Therefore, task location privacy should also be protected in spatial crowdsourcing.
In the context of location-based services, while there have been many efforts directed to location privacy policies, there has been less research effort in spatial crowdsourcing applications. In [ To, H., Ghinita, G.and Shahabi, C.: A frame for detecting work location privacy in specific computing resource PVLDB,7(10),919-930(2014) ], the location of the worker is collected and disturbed by the trusted party, and calibration noise is injected into the raw data according To privacy differentiation [ see Dwork, C., 2008. April. Difference privacy: A surview of resources in International Conference on therapy and Applications of Models of computing (pp.1-19). spring Berlin Heidelberg. Upon receiving the spatial task, the SC server queries the interfered location data to determine areas that may contain enough workers near the task location. Workers located in the area will receive the task notification and have the right to decide whether to perform or not. The solution proposed in this pioneering work has several drawbacks. First, it only considers the privacy of the location of the worker, not the privacy of the task location. Second, it performs task assignment based mainly on the travel distance of the worker without considering other important factors such as the travel speed of the worker, which makes the assignment result sometimes unsatisfactory. Furthermore, its work is based on a very strong assumption that a trusted party has access to the location of all workers. A scheme based on Fully Homomorphic Encryption (FHE) can be designed to implement the computation of the system, but this would result in high computation costs, making this approach of limited practical significance.
Therefore, it is urgently needed to develop a space crowdsourcing task allocation system which can protect the position privacy of workers and the task position privacy, and the calculation cost for controlling the system also becomes a technical problem.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a privacy protection space crowdsourcing task allocation system which is guaranteed by acceptance, not only the privacy of workers but also the privacy of tasks are protected during task allocation, the private data of both parties are encrypted by the system, so that strong mutual protection is realized, the computing cost of the system is greatly reduced, and the task can be guaranteed to be accepted at high probability by the system. Therefore, the invention also provides an implementation method of the privacy protection space crowdsourcing task allocation system for receiving guarantee.
In order to solve the technical problem, the invention provides a privacy protection space crowdsourcing task distribution system for receiving guarantee, which comprises an SC server, an encryption service provider, a space task requester and a worker; the SC server is a space crowdsourcing server;
the encryption service provider is used for generating a key, a Paillier cryptosystem and an ElGamal cryptosystem are adopted, the encryption service provider generates a domain parameter of the ElGamal and a key pair of the Paillier and the ElGamal, the encryption service provider keeps secret on a private key and sends the public key to the SC server and all workers;
the space task requester is used for creating a space task and transmitting a task position to the SC server; after the SC server encrypts the task position by using the public key, ciphertext is sent to all workers, and after the encrypted information is received from the SC server, each worker calculates the distance between the task position and the worker position, so that the privacy protection distance is calculated;
the speed of each worker is encrypted and sent to an SC server cooperating with an encryption service provider, and the SC server multiplies the speeds of all encrypted workers, decrypts the speed by the encryption service provider to obtain V, and sends the V to each worker; each worker calculates the traveling time of the worker, encrypts the traveling time and sends the encrypted traveling time to the SC server;
the SC server calculates winning workers according to the encrypted privacy protection traveling time by means of an encryption service provider, and the encryption service provider encrypts a winner set containing a plurality of winners and returns the winner set to the SC server; the encryption service provider obtains the travel time of all workers from the SC server, sorts the travel time of all workers according to ascending order, and adds the workers to a winner set one by one until the expected acceptance rate is reached;
the SC server encrypts the task position and broadcasts the task position to all workers, the tasks are distributed to the workers, only the winning workers can decrypt the encrypted task position, and the winning workers arrive at the designated position to execute the corresponding tasks.
As a preferred technical scheme of the invention, the space task s is to be at the position lsExecution, and expiration date esAn associated task; the workers w are persons willing to perform space tasks, each worker being associated with an ID ID assigned by the SC serverwVelocity vwAnd its current location lwAnd (4) associating.
As a preferred embodiment of the present invention, the SC server sets W ═ W according to the set of workers { W ═ W }1,w2,…,wnAnd the location l of the spatial task ssAnd expiration date esAssigning tasks to workers w by a task assignment algorithmi*Worker wi*Two conditions need to be met: first, wi*May be at the expiration date esBefore arriving ats(ii) a Second, no other worker can be at wi*Before arriving ats
As a preferred technical solution of the present invention, the ElGamal cryptographic system can be extended to support switched encryption, and the following two new algorithms are adopted and defined as follows:
-secondary encryption
Figure BDA0001340105120000031
Given public key haEncrypted ciphertext E'ha(m)=(gra,mha ra) It can be obtained by selecting a random number rbWherein r is not less than 0bQ-1 or less, and calculating c1=gra,c2=grbAnd c3=mha rahb rbWherein h isbIs a public key, to perform a secondary encryption. E'ha(m) the ciphertext is
Figure BDA0001340105120000032
-secondary decryption
Figure BDA0001340105120000041
Ciphertext (c1, c2, c3) may be encrypted by using private key x in a different orderaAnd xbDecryption is performed, the decryption result of which is the same. If the private key x is used firstaWe have
Figure BDA0001340105120000042
Figure BDA0001340105120000043
Can be xbDecrypted again to obtain m. It is easy to verify if x is used firstbThen use xaThe decryption result is also the same.
As a preferred embodiment of the present invention, the plurality of winner sets are W ═ W1,w2,…,wnIs a set of n workers, and given a spatial task s, the task s is assigned to a set of workers W*Called the winner set, such that:
1, each worker wi*∈W*Can be at the expiration date esBefore reaching position ls
2, no other worker wj∈W\W*Can be used in any worker wi*∈W*Before reaching position ls
3,η(W*S) is ≧ alpha, where alpha is W*At least one worker receives the expected acceptance rate of task s.
In addition, the invention also provides a method for realizing the privacy protection space crowdsourcing task allocation system which receives the guarantee, comprising the following steps:
in the first stage, the distance between the task position and the worker position is calculated: space packet server uses Paillier public key encryption task position ls ═ (x)s,ys) After that, three ciphertexts are sent to all workers: e (x)s 2+ys 2),E(xs) And E (y)s) After receiving the encrypted information from the spatial crowdsourcing server, each worker wiCalculating lsAnd its current position liAnd encryption is performed, i.e.:
Figure BDA0001340105120000044
second stage, each worker travel time calculation: let W be { W ═ W1,w2,…,wnIs a set of n workers and V is the product of the speeds of all workers, i.e.
Figure BDA0001340105120000045
And v isk‘=V/vkWherein k is more than or equal to 1 and less than or equal to n; for any two workers wi,wjE W, if and only if d (l)i,ls)vi‘<d(lj,ls)vjWhen there is d (l)i,ls)/vi<d(lj,ls)/vj(ii) a Calculating a virtual travel time t for each workeri’=d(li,ls)vi', which equates to the exact time of flight ti=d(li,ls)/viThat is, the worker with the shortest virtual travel time must have the shortest exact travel time;
in the third stage, the winning worker calculates: the SC server has a list of 2 tuples < i, E (ti' 2) > where i is the ID of worker wi, i is greater than or equal to 1 and less than or equal to n; to protect the identity of workers, especially winners, it encrypts each worker's ID by a PRF fk function and sends < fk (i), E (tfk (i)' 2 >) to the encryption service provider, which computes a set of winners for the travel time, sorts them in ascending order, and then adds workers to the set of winners one by one until the expected acceptance rate is reached;
fourth phase, task location broadcast: once E 'is received'C(fk(i*) Spatial crowdsourcing server encrypts task location l)sAnd broadcasts to all workers
Figure BDA0001340105120000046
Encrypt l in the following manners
Figure BDA0001340105120000047
Where h is a length matching hash function for mapping longer bit strings to shorter bit strings; a method of constructing h, which has proven to be semantically secure, is to truncate a long bit string into a plurality of fixed bitsShort bit strings with fixed length, and performing exclusive OR calculation on the short bit strings and outputting the result; only E 'was obtained'C(fk(i*) Workers of information can pass calculations
Figure BDA0001340105120000051
Figure BDA0001340105120000052
And obtaining task position information.
As a preferred technical solution of the present invention, in the first stage, all workers are required to use E (x)i 2+yi 2),E(xi) And E (y)i) Sends the encrypted location to the spatial crowdsourcing server and asks the spatial crowdsourcing server to compute E (d)2(li,ls))。
In the second stage, as a preferred technical scheme of the invention, each worker encrypts the speed of the worker through an ElGamal password system and transmits E' (v)i) Sending to a spatial crowdsourcing server, wherein the spatial crowdsourcing server obtains E' (V) by multiplying all encrypted speeds; then, the space crowdsourcing server requires the encryption service providing unit to decrypt E' (V) and send V to all worker mobile terminals; by using its speed viExcept for V, for each worker wiTo obtain vi' and calculating E (d)2(li,ls))vi’2=E(d2(li,ls)vi2)=E(ti2) (ii) a The encrypted virtual travel time is sent to a spatial crowdsourcing server for further processing; the exact value of V is known by the cryptographic service providing unit and all workers in the process, which does not violate the personal privacy of any worker.
As a preferred technical solution of the present invention, in the third stage, since the encryption service provider has a Paillier private key, it is able to obtain ti '2 by decrypting E (ti' 2) and calculate the actual travel time
Figure BDA0001340105120000053
Then, the encryption service provider sorts all workers by travel time and judges whether the workers can reach the task position before the expiration date es, and then adds the workers to the winner set one by one until the expected acceptance rate is reached; if the task cannot be accepted at the expected acceptance rate, the encryption service provider informs the SC server that no set of workers can guarantee that the task is accepted; otherwise, it encrypts the ID fk (i) of each winner in the set of winners using ElGamal and sends E' C (fk (i)) to the SC server.
As a preferred aspect of the present invention, in the fourth stage, the following steps ensure that only the winner can obtain E'C(fk(i*) Information) of:
first, each worker wiObtaining encrypted ID f from spatial crowdsourcing serverk(i) And encrypted by ElGamal using its own public key, and then encrypted information E'wi(fk(i) Is transmitted to an encryption service providing unit, and the encryption service providing unit, upon receiving the information, uses the public key and E 'for encryption'C(fk(i*) The same random number r of) is encrypted again by ElGamal; the encryption service providing unit then sends the result
Figure BDA0001340105120000054
Sent to each can be decrypted by its private key to obtain E'C(fk(i) Workers of (c); the public key should be kept secret to protect privacy.
Compared with the prior art, the invention has the following beneficial effects:
1. privacy protection of both parties. Not only should the privacy of the workers be protected, but also the task privacy should be protected during task allocation. The invention adopts a famous password system to encrypt the private data of both parties, thereby realizing strong mutual security.
2. Efficient task allocation. During task allocation, travel time is more important than travel distance, especially for deadline tasks, and thus worker speed is considered an important indicator in recent spatial crowd-sourcing applications. The invention unifies worker speed and worker position to achieve more efficient task allocation. According to the invention, the worker calculates the travel distance and the travel time, so that the load of the SC server can be greatly reduced, and more effective task allocation is realized.
3. An acceptable overhead. The strength of privacy protection comes at the expense of additional computational or communication costs. During task allocation, the present invention combines partially homomorphic encryption schemes to effectively achieve the complex operations required on encrypted data, thereby avoiding significant performance penalties. Compared with the high calculation cost caused by adopting a scheme based on Fully Homomorphic Encryption (FHE), the method effectively reduces the high calculation cost by using a partially homomorphic encryption scheme. And the system algorithm of the invention solves the technical problem that all operations required for calculating the inequality (8) cannot be supported.
4. The invention can realize efficient task allocation in space crowdsourcing and provide privacy protection for both workers and tasks. The method realizes privacy protection of both parties in space crowdsourcing for the first time, and is creative.
5. The invention can realize some complex operations which can not be supported by the prior practical cryptosystem, and through the strategy, the protocol of the invention can realize the privacy protection of both parties under the acceptable expenditure.
6. The invention can ensure that the task is accepted with high probability.
Drawings
The invention is further illustrated with reference to the following figures and examples.
FIG. 1 is a schematic diagram of a system model for spatial crowdsourcing; wherein, FIG. 1(a) is a schematic diagram of a system model for non-private space crowdsourcing; FIG. 1(b) is a schematic diagram of a task allocation system model for privacy preserving space crowdsourcing according to the present invention.
FIG. 2 is a flow diagram of the guaranteed-privacy-preserving-space-crowdsourcing task allocation system of the present invention.
FIG. 3 is a graphical illustration of the efficiency of the number of workers versus travel time (changing MARs) in the protocol of the present invention; where fig. 3(a) represents a key length of 1024 and fig. 3(b) represents a key length of 2048.
FIG. 4 is a graphical illustration of the efficiency of the number of workers versus travel time (change α) in the protocol of the present invention; where fig. 3(a) represents a key length of 1024 and fig. 3(b) represents a key length of 2048.
FIG. 5 is a diagram of the number of workers in the protocol of the present invention versus the communication overhead of the parties (change MAR); where fig. 4(a) represents a key length of 1024 and fig. 4(b) represents a key length of 2048.
FIG. 6 is a diagram of the number of workers in the protocol of the present invention versus the communication overhead of the parties (change α); where fig. 4(a) represents a key length of 1024 and fig. 4(b) represents a key length of 2048.
FIG. 7 is a schematic diagram showing the efficiency of the protocol of the present invention in terms of WTD (worker travel distance) by changing MARs; wherein fig. 7(a) represents that the used data set is Gowalla, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 7(b) represents that the used data set is Gowalla, the worker acceptance rate obeys a Zipf distribution, fig. 7(c) represents that the used data set is Yelp, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 7(d) represents that the used data set is Yelp, and the worker acceptance rate obeys the Zipf distribution.
FIG. 8 is a schematic diagram showing the efficiency of the protocol of the present invention in terms of WTD (worker travel distance) by varying α; wherein fig. 8(a) represents that the used data set is Gowalla, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 8(b) represents that the used data set is Gowalla, the worker acceptance rate obeys a Zipf distribution, fig. 8(c) represents that the used data set is Yelp, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 8(d) represents that the used data set is Yelp, and the worker acceptance rate obeys the Zipf distribution.
FIG. 9 is a schematic diagram showing the efficiency of the protocol of the present invention in terms of WTD (worker travel distance) by varying ∈; where fig. 9(a) represents that the used data set is Gowalla, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 9(b) represents that the used data set is Gowalla, the worker acceptance rate obeys a Zipf distribution, fig. 9(c) represents that the used data set is Yelp, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 9(d) represents that the used data set is Yelp, and the worker acceptance rate obeys the Zipf distribution.
FIG. 10 is a graph showing the effectiveness of the inventive protocol in NNW (number of announcements) by changing the MAR; wherein fig. 10(a) represents that the used data set is Gowalla, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 10(b) represents that the used data set is Gowalla, the worker acceptance rate obeys a Zipf distribution, fig. 10(c) represents that the used data set is Yelp, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 10(d) represents that the used data set is Yelp, and the worker acceptance rate obeys the Zipf distribution.
FIG. 11 is a schematic diagram showing the effectiveness of the inventive protocol in NNW (number of people notified) by changing α; where fig. 11(a) represents that the used data set is Gowalla, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 11(b) represents that the used data set is Gowalla, the worker acceptance rate obeys a Zipf distribution, fig. 11(c) represents that the used data set is Yelp, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 11(d) represents that the used data set is Yelp, and the worker acceptance rate obeys the Zipf distribution.
FIG. 12 is a graph showing the effectiveness of the inventive protocol in NNW (number of announcements) by changing e; wherein fig. 12(a) represents that the used data set is Gowalla, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 12(b) represents that the used data set is Gowalla, the worker acceptance rate obeys a Zipf distribution, fig. 12(c) represents that the used data set is Yelp, the worker acceptance rate is a linearly decreasing function of the travel time, fig. 12(d) represents that the used data set is Yelp, and the worker acceptance rate obeys the Zipf distribution.
Detailed Description
The present invention will now be described in further detail with reference to the accompanying drawings. These drawings are simplified schematic views illustrating only the basic structure of the present invention in a schematic manner, and thus show only the constitution related to the present invention.
System model and problem definition
FIG. 1 depicts a system model for spatial crowdsourcing. There are three components for non-private space crowdsourcing (see fig. 1(a)), namely the SC server (SC-server), the workers holding mobile devices (workers) and the space task requester (task request). The SC server is responsible for assigning the appropriate staff members to the space tasks created by the task requester. Workers need to report their private information (such as location and speed) to the SC server through their mobile devices. Based on this framework we give the following definitions.
Defining 1 (spatial task) A spatial task s is to be at location lsExecution and expiration date esAn associated task.
Definition 2 (worker) worker w is a person willing to perform a space task. Each worker is associated with an ID ID specified by the SC serverwVelocity vwAnd its current location lwAnd (4) associating.
With spatial crowdsourcing, a task requester creates a spatial task s and specifies its location/sAnd expiration date es. To perform the task, the worker must be on the expiration date esBefore reaching position ls. Upon receiving the space task, the SC server assigns it to the appropriate worker based on some predefined policy. In the present invention, we assume that the SC server prefers that l may arrive firstsThe worker of (1). We also assume that each worker accepts the assigned task with a certain probability, denoted as Acceptance Rate (AR). Assuming that the AR for each worker is 100%, we first define a simple task assignment problem as follows:
define 3 (task assignment problem) let W ═ W1,w2,…,wnIs a set of n workers. Given a spatial task s, a task assignment problem PTA(W, s) is the assignment of task s to worker Wi*So that:
1,wi*may be at the expiration date esBefore arriving ats
2, no other worker can be at wi*Before arriving ats
In definition 3, the first requirement means tc+d(li*,ls)/vi*≤esWherein t iscIs the current time,/i*Is wi*Current position of vi*Is wi*Speed of,d(li*,ls) Is position li*And lsThe euclidean distance between them. The second requirement means that w is absentjSo that d (l)j*,ls)/vj<d(li*,ls)/vi*. For the sake of the following discussion, we call the winner of this problem wi*And takes i as its ID. Note that when all workers do not arrive by the expiration date,/sSuch a winner does not exist. In this case, the SC server may notify the task requester that there is no competent person.
However, in practice, workers do not necessarily receive the tasks assigned to them. To ensure that the task is accepted with a high probability, multiple workers may be required to perform the task. Suppose worker wiAR ofi. The probability of at least one worker in W accepting the task s is represented by η (W, s). It is clear that,
Figure BDA0001340105120000081
therefore, we define another task assignment problem as follows:
define 4 (task assignment problem with acceptance guarantee) let W ═ W1,w2,…,wnIs a set of n workers. Given a spatial task s, a task allocation problem P with acceptance guaranteesTAG(W, s) is the assignment of a task s to a group of workers W*(referred to as a winner set) such that:
1, each worker wi*∈W*Can be at the expiration date esBefore reaching position ls
2, no other worker wj∈W\W*Can be used in any worker wi*∈W*Before reaching position ls
3,η(W*S) is ≧ alpha, where alpha is W*The expected probability of at least one worker receiving task s.
An opponent model. Fig. 1(b) is a system model of privacy preserving spatial crowdsourcing. It introduces a new Cryptographic Service Provider (CSP), a key Service for SC server and worker key generation, etc. For the adversary model, we assume that although there are all parties that are semi-honest. That is, they are fully compliant with a prescribed protocol, but may learn as much as possible from other parties' private inputs when the protocol executes, based on the attempts they see. In particular, the SC server may be interested in the location and speed of each worker and the ID of each winner. The CSP is also interested in this and the location of the task. Each worker would like to know the location and speed of the other workers, the ID of each winner, and the location of the task. As a special worker, each winner has the right to know its ID and the location of the task, but it also wants to know the location and speed of other workers, as well as the ID of other winners. Based on the adversary model, we have the following definitions:
define 5 (privacy preserving task assignment problem) let W ═ W1,w2,…,wnIs a set of n workers. Given a spatial task s, a privacy preserving task assignment problem PPTA(W, s) is to find P in the following wayTAWinner W of (W, s)i*
1, for each worker wiE.g. W, its position liAnd velocity viInformation cannot be sent to SC server, CSP and any other worker wj∈W,wj<>wjObtaining;
2, task location information lsCannot be measured by CSP andi*all but obtained by workers;
3 except for wi*In addition, SC server, CSP and all other workers cannot obtain wi*ID information of (2).
Albeit its non-private version (i.e., P)TA) Very simple, but PPTAIt is very challenging to try to protect both worker privacy and task privacy. In particular, the winner is determined not only by the location of the worker, but also by its speed, both of which should be kept secret in the calculation process. At first glance, this requirement means we need to partition the ciphertext. However, effective homomorphic splitting is still a pending problem. In addition, task location lsIt is necessary to keep secret all staff except the winner, which makes d (l)i,ls) Is more difficult to compute than by plaintext. Note that the winner must know the task location lsThis is not considered a privacy leak because it needs to reach the location to perform the task. PPTAThe last requirement of (2) indicates that the SC server is not allowed to know the identity of the winner. If the SC server knows who the winner is, the approximate location of the winner may be inferred based on some background knowledge (e.g., task location and expiration date). Obviously, the SC server decides PTAThe winner of (1). However, at PPTAThe SC server is not allowed to know who the winner is. The contradiction is PPTAAnother problem of (2).
Also, we define the problem of task assignment with guaranteed acceptance privacy protection as follows:
definition 6 (privacy preserving task assignment with acceptance guarantee problem) let W ═ W1,w2,…,wnIs a set of n workers. Given a spatial task s, a privacy preserving task allocation problem P with acceptance guaranteesPTAG(W, s) is to find P in the following wayTAGSet of winners of (W, s) W*
1, for each worker wiE.g. W, its position liAnd velocity viInformation cannot be sent to SC server, CSP and any other worker wj∈W,wj<>wjObtaining;
2, task location information lsCannot be read by CSP and other than W*All workers other than the winner in (1);
3 except for wi*In addition, SC server, CSP and all other workers cannot obtain wi*ID information of (2).
Second, definition of privacy criteria
The invention uses the ideal paradigm to define the security of the protocol. Intuitively, a protocol is secure or privacy-preserving if each party involved does not obtain more information than it is authorized to obtain during its execution. This can be defined by the ideal paradigm as follows: for all opponents, there is one probability-based polynomial time simulator, making the real world opponent's point of view computationally indistinguishable from the ideal world simulator point of view.
Let P-1Is CSP, P0To SC servers, P1,…,PnIs n workers. Order viewi,xiAnd KiN is more than or equal to (-1) and is PiIts privacy input and additional information that can be obtained during the execution of the protocol P. The criteria for the privacy requirements of protocol P are defined as follows:
definition 7 if there is a probability-based polynomial time simulator SiSo that:
Figure BDA0001340105120000101
since the protocol P does not leak the ratio PiWe consider the protocol P to P as outputting more informationiIs completely privacy protected. Wherein for all possible inputs (x)-1,x0,…,xn),
Figure BDA0001340105120000102
The ≡ representation is computationally indistinguishable. If it is not
Figure BDA0001340105120000103
Figure BDA0001340105120000104
The protocol P is considered to be P to PiHas privacy protection of KiLeakage because it does not leak the final output sum ratio KiMore information to Pi
It is clear that complete privacy protection is a very strong privacy guarantee. However, such strong guarantees are sometimes difficult to achieve with efficient protocols. In fact, additional knowledge K may be allowed during the execution of the protocol P, as long as privacy is not breachediIs disclosed. That isThat is, even based on knowledge KiThe probability that an adversary can obtain privacy input from either party is also negligible.
Third, cipher building block
To solve P defined abovePTAAnd PPTAGThe problem is that the invention uses several encryption tools: the pseudo-random function, the Paillier cryptosystem and the ElGamal cryptosystem, are briefly introduced below.
Pseudo-random function (PRF) is observed by black box means and the random nature cannot be distinguished from the true random function. Typically, the PRF is formed by fkRepresentation of belonging to the PRF family of functions Fλ={fk:{0,1}λ→{0,1}λ}k∈{0,1}λIndexed by k. Our work assumes that keyed one-way hash functions (such as HMAC) can be modeled as pseudo-random functions. Thus, fkThe function may be implemented by typing a hash function using k and applying it to x.
Paillier is a public key cryptosystem whose security is based on assumptions about (and not yet known about or not equivalent to) the hardness of the decomposition. It consists of the following three algorithms:
-key generation: two different random large prime numbers p and q are selected, and N ═ pq is calculated. Selecting an element
Figure BDA0001340105120000112
The public key pk is (N, g) and the private key sk is (p, q).
-encryption E: let m be ZNOne message in (2). By selecting Z* NIs encrypted by a random number and calculated
c=E(m)=gmrN mod N, (1)
Where N and g are obtained from the public key pk and c is the ciphertext of m.
-decryption D: the ciphertext c is decrypted by the following calculation:
Figure BDA0001340105120000111
where λ ═ lcm (p-1, q-1) can be calculated by the private key sk.
One of the most important features of the Paillier cryptosystem is homomorphic addition. Specifically, m is1M and2multiplying the ciphertext to obtain m1+m2The ciphertext of (1); the k power of the m ciphertext is the km ciphertext. Namely:
E(m1)E(m2)=E(m1+m2), (3)
E(m)k=E(km). (4)
furthermore, Paillier is semantically secure, that is, an attacker cannot obtain any information about the plaintext part from the ciphertext. It is also a probabilistic encryption scheme, which means that different ciphertexts are generated when encrypting the same message multiple times. As is clear from equation (1), the random number r participates in the encryption process.
ElGamal is a public key cryptosystem whose security is based on the difficulty of discrete logarithm problems. It consists of some common domain parameters that can be shared by multiple users and three algorithms:
-a domain parameter. Let p be a large prime number and q a medium prime number, such that q | p-1. Let g be r(p–1/q)mod p<>1, where r ∈ Fp *. These common parameters use a common finite abelian group G that creates a prime order q with the generation parameters G.
-key generation. Selecting an integer x such that x is 0 ≦ q-1 and calculating h ≦ gxmod p. The public key pk is h and the secret key sk is x.
-an encryption E'. Let m be the message in G. Encrypting by selecting a random number r, wherein r is more than or equal to 0 and less than or equal to q-1, and calculating:
c1=gr,c2=mhr. (5)
the ciphertext c of m is E' (m) ═ c1,c2)。
-decrypting D'. The ciphertext c is decrypted by the following calculation:
m=D’(c)=c2(c1 x)-1 (6)
ElGamal is also a probabilistic encryption scheme because each message is encrypted by a different random number r, as shown in equation (5). The ElGamal cryptosystem has an interesting property of homomorphic multiplication. Specifically, m is1M and2multiplying the ciphertext to obtain m1m2I.e.:
E’(m1)E’(m2)=E’(m1m2), (7)
switched encryption satisfies two encryption order independent properties. ElGamal may be extended to support switched encryption. In particular, two new algorithms are defined as follows:
-secondary encryption
Figure BDA0001340105120000121
Given public key haEncrypted ciphertext E'ha(m)=(gra,mha ra) It can be obtained by selecting a random number rbWherein r is not less than 0bQ-1 or less, and calculating c1=gra,c2=grbAnd c3=mha rahb rbWherein h isbIs a public key, to perform a secondary encryption. E'ha(m) the ciphertext is
Figure BDA0001340105120000122
-secondary decryption
Figure BDA0001340105120000123
Ciphertext (c1, c2, c3) may be encrypted by using private key x in a different orderaAnd xbDecryption is performed, the decryption result of which is the same. If the private key x is used firstaWe have
Figure BDA0001340105120000124
Figure BDA0001340105120000125
Can be xbDecrypted again to obtain m. Is easily verified, e.g. byFruit first use xbThen use xaThe decryption result is also the same.
Fourth, privacy protection task allocation protocol
According to definition 5, our goal is to find P without revealing worker location informationTAThe winner of (1). While some existing privacy protection tools, such as k-anonymity and differential privacy, may be employed to protect personal privacy, they typically assume that there is a trusted third party that has access to the entire original data (such as location information for all workers), which is difficult to implement in practice. Furthermore, they protect individual privacy at the cost of reduced data utilization, which means that methods based on them may not be able to find P accuratelyTAThe winner of (1). Therefore, we decided to solve P accurately with the encryption toolPTAAnd (5) problems are solved. To prevent privacy leakage, the dead data of each worker is encrypted before being sent to the SC server. From definition 3, PPTAThe key to the problem is to determine which worker arrived at location/firsts. To solve this problem, we need to compare two workers wiAnd wjThe following inequality is calculated:
Figure BDA0001340105120000126
obviously, the calculation includes several basic operations: addition and multiplication (for distance calculation), division, and comparison. It should be noted that these operations should be performed through ciphertext, because, for example, to protect privacyiAnd viNow already encrypted. Theoretically, we can design a scheme based on Fully Homomorphic Encryption (FHE) to implement the above calculation, but this will result in high calculation cost, making this approach of limited practical significance. Therefore, we consider using a partially homomorphic encryption scheme. Although they are more efficient than FHE, none of them can support all of the operations required to compute inequality (8). We will show in the next subsection how this problem is solved.
4.1 protocol overview
Extended Algorithm 1 privacy preserving task distribution protocol
Inputting: set of n workers, each worker wiID of i and location information of liVelocity information is vi(ii) a A spatial task s (created by the task requester) with a task position of lsThe expiration date is es(ii) a One SC server and one CSP. And (3) outputting: winner w*Get task location ls
Figure BDA0001340105120000131
Figure BDA0001340105120000141
As shown in fig. 2, the present invention employs two partially homomorphic encryption schemes Paillier and ElGamal to build our solution, which consists of five stages depicted in fig. 2. In phase 0, the CSP generates the domain parameters of ElGamal and the key pair of Paillier and ElGamal according to the security requirements. It keeps the private key secret and sends the public key to the SC server and all workers. The task requester creates a space task to trigger the start of phase 1 during which the SC server and all workers run a privacy preserving distance calculation protocol based on the encrypted location information and output the encrypted distance information. In stage 2, the speed of each worker is encrypted and sent to the SC server cooperating with the CSP to calculate the travel time for each worker. Based on the encrypted journey time obtained in stage 2, the SC server calculates the winner in stage 3 by means of the CSP, but the result is still in encrypted form. In stage 4, the location information of the encrypted task is broadcast to all workers, but only the winner can retrieve the location of the task. After that, the winner arrives at the designated location to perform the corresponding task.
4.2 detailed construction
The extended algorithm 1 is a specific implementation of a privacy protection task allocation protocol. We explain in detail as follows.
Stage 1. Since the key code of the Paillier and ElGamal cryptographic systems required in phase 0 has already been introduced in the "third, cipher building Block", we start with phase 1 to introduce the detailed construction of the protocol. The SC server uses Paillier public key to encrypt task position ls ═ (x)s,ys) After that, three ciphertexts are sent to all workers: e (x)s 2+ys 2),E(xs) And E (y)s). After receiving the encrypted information from the SC server, each worker wiCalculating lsAnd its current position liAnd encryption is performed, i.e.:
Figure BDA0001340105120000151
its correctness is easily verified according to equations (3) and (4). Note that we can also ask all the staff to send the encrypted location to the SC server (in E (x)i 2+yi 2),E(xi) And E (y)i) Of (d) and requires the SC server to compute E (d)2(li,ls)). Although this process is similar to what we do in the non-privacy case, it incurs more computational cost for the SC server. In other words, our current design has the advantage of distributing the computational cost for all workers.
Stage 2. As previously mentioned, the privacy preserving travel time calculation requires a division operation on the ciphertext. However, efficient implementation of homomorphic splitting remains an open problem. Therefore, our goal is not to design an efficient homomorphic splitting scheme, but rather to technically exclude division operations in the calculation of travel time. For this reason, we use an interesting attribute to compare travel times, i.e. the calculation of the exact travel time is not necessary. This property is guaranteed by the following lemma:
lei 1 makes W ═ W1,w2,…,wnIs a set of n workers and V is the product of the speeds of all workers, i.e.
Figure BDA0001340105120000152
Figure BDA0001340105120000153
And v isk‘=V/vkWherein k is more than or equal to 1 and less than or equal to n. For any two workers wi,wjE W, if and only if d (l)i,ls)vi‘<d(lj,ls)vjWhen there is d (l)i,ls)/vi<d(lj,ls)/vj
Proof
Figure BDA0001340105120000154
Based on this lemma, we calculate the virtual travel time t for each workeri’=d(li,ls)vi', which equates to the exact time of flight ti=d(li,ls)/viI.e., the worker with the shortest virtual travel time must have the shortest exact travel time. Specifically, each worker encrypts its speed through the ElGamal cryptosystem and encrypts E' (v)i) And sending the data to the SC server. The SC server can obtain E' (V) by multiplying all the encrypted speeds. The SC server then asks the CSP to decrypt E' (V) and send V to all workers. By using its speed viExcept for V, for each worker wiCan obtain vi' and calculating E (d)2(li,ls))vi’2=E(d2(li,ls)vi2)=E(ti2). The encrypted virtual travel time is sent to the SC server for further processing. Note that the exact value of V is known to CSP and all staff in the above process. However, this does not violate the personal privacy of any worker, as will be demonstrated in the next subsection.
Stage 3. In practice, workers do not necessarily receive the tasks assigned to them. To is coming toEnsuring that the task is accepted with a high probability may require multiple workers to perform the task. Suppose worker wiAR (acceptance rate) of (A)i. The probability of at least one worker in W accepting the task s is represented by η (W, s). It is clear that,
Figure BDA0001340105120000161
now, the SC Server has a 2-tuple<i,E(ti’2)>Where i is the ID of person wi, 1 ≦ i ≦ n. In order to protect the identity of workers, in particular the winner, it encrypts each worker's ID by means of a PRF fk function and sends it to the CSP<fk(i),E(tfk(i)’2)>. Since CSP has Paillier's private key, it is possible to obtain ti ' 2 by decrypting E (ti ' 2) and calculate the actual travel time
Figure BDA0001340105120000162
The CSP then sorts all workers by travel time and determines if they can reach the task position before the expiration date es, and then adds workers one by one to the winner set until the expected acceptance rate is reached, i.e., η (W, s) ≧ α. If the task cannot be accepted at the acceptance rate of α, the CSP informs the SC server that no set of workers can guarantee that the task is accepted α. Otherwise, it encrypts the ID fk (i) of each winner in the set of winners using ElGamal and sends E' C (fk (i)) to the SC server. Encryption is necessary here because the SC server can deduce who the winner is after getting fk (i). On the other hand, the privacy of the winner-gather workers remains protected due to the pseudo-randomness of the PRF.
The AR (acceptance rate) of the worker is modeled as a decreasing function of travel time phi and two cases are considered: 1) linear, where AR decreases linearly with travel time starting from the starting MAR (maximum acceptance rate) value (when the worker is right at the task location); and 2) Zipf, wherein the acceptance rate follows a Zipf distribution. Then, the addition of new workers into the winner set W is stopped*Under the condition that
Figure BDA0001340105120000163
Figure BDA0001340105120000164
Wherein a isi=η(tfk(i),MAR)。
When all parties have rights up to | W*I.e. the number of winners, it is easy to verify that our protocol is still secure. Assuming that all workers have the same Acceptance Rate (AR), we can calculate W*Is of a size of
Figure BDA0001340105120000165
Thus, in stage 3, the CSP needs to perform | W*ElGamal encryption is performed for the degree I, and the communication overhead between the CSP and SC server is changed from 2L' to 2W*|L‘。
And 4, a stage. Once E 'is received'C(fk(i*) SC server encrypts task location l)sAnd broadcasts to all workers
Figure BDA0001340105120000166
Figure BDA0001340105120000167
Specifically, l is encrypted in the following manners
Figure BDA0001340105120000168
Where h is a length matching hash function for mapping longer bit strings to shorter bit strings. One method of constructing h, which has proven to be semantically secure, is to truncate a long bit string into a plurality of short bit strings of fixed length, and perform an exclusive-or calculation on the short bit strings and output them. Obviously, only E 'is obtained'C(fk(i*) Workers of information can calculate
Figure BDA0001340105120000169
Figure BDA00013401051200001610
Get task bitAnd setting information. The following flow ensures that only the winner can obtain E'C(fk(i*) ) information.
First, each worker wiObtaining encrypted ID f from SC Serverk(i) And encrypted by ElGamal using its own public key, and then encrypted information E'wi(fk(i) To the CSP. The CSP receives the information, and uses the public key and E 'for encryption'C(fk(i)) the same random number r is again encrypted by ElGamal. CSP then compares the results
Figure BDA0001340105120000171
Sent to each can be decrypted by its private key to obtain E'C(fk(i) A worker). Obviously, only the winner wfk(i*)Can be obtained of'C(fk(i)). It should be noted that the public key used here should be kept secret to protect privacy.
And (5) remarking. In calculating E' (V), the appropriate key length should be set to avoid overflow of the velocity product for all workers. For example, we used a 2048 bit key to process 1000 workers in the experiment. If the number of workers is large, a possible approach is to use the Least Common Multiple (LCM) rather than multiplication. However, privacy preserving LCM calculation (i.e. calculating the least common multiple of multiple encrypted numbers) is a very challenging problem, which we will consider as one of our future research directions.
4.3 Performance analysis
And calculating the cost. Table 1 summarizes the computational costs of our protocol. We assume that all workers can perform computations (such as encryption and decryption) in parallel and can interact with the SC server and CSP in parallel, so we only need to consider the computational cost of one user. Furthermore, we ignore less costly operations, such as large integer multiplication and exclusive-or operations of bit strings. The detailed analysis is as follows. In extended Algorithm 1, the SC Server performs three Paillier encryptions (line 5), worker wiOne Paillier encryption and two modular exponentiations (lines 7, 8) are performed for privacy computation of the trip distance. In 2 ndStage, the worker performs ElGamal encryption once to protect his speed (line 12). The product of the encrypted speeds is decrypted by the CSP (line 15) to enable the calculation of the subsequent travel time. This requires a worker wiA modular exponentiation is performed (line 18). In stage 3, the SC server uses n PRF functions to protect the worker's ID (line 21), and the CSP performs n ElGamal decryptions (line 23) and one ElGamal encryption (line 25) to find the winner and protect its ID. In stage 4, in order to exchange decryption keys, worker wiOne ElGamal encryption (line 29) and one ElGamal decryption (line 31), the CSP then performs n ElGamal encryptions (line 30).
Table 1 presents the computational cost of the protocol. E, D, E ', D'
Figure BDA0001340105120000172
e, PRF respectively represent Paillier encryption, Paillier decryption, ElGamal encryption, ElGamal decryption, ElGamal quadratic encryption, ElGamal quadratic decryption, modular exponentiation, and pseudorandom functions.
Figure BDA0001340105120000173
Table 2 presents the communication overhead of the protocol. L and L' are Paillier and ElGamal encryption system key lengths, respectively.
Figure BDA0001340105120000181
The communication overhead. Table 2 summarizes the communication overhead of our protocol. Since the size of the ciphertext is usually larger than the size of the plaintext, we only consider the ciphertext that each party sends and receives. It should be noted that the cipher text lengths of ElGamal encryption and quadratic encryption are twice and three times the key length, respectively. We omit detailed analysis, and refer to table 2 for analysis results.
4.4 safety analysis
The security of the proposed protocol is analyzed below.
Theorem 1 our task distribution protocol(extended Algorithm 1) has K for SC Server, CSP and all workers respectively0=V,K-1={V,tfk(1),…,tfk(n)And KiV (1 ≦ i ≦ n) for privacy protection.
And (3) proving that: we first prove that there is a probability simulator S of polynomial time0Can be at K0View angle (view) of the SC server is simulated under the condition of V. Assume the view of the SC server is
Figure BDA0001340105120000182
S0Generating a view0′={E′(x1),...,E′(xn),E(y1),...,E(yn),E′(xn+1) V, where xi(1. ltoreq. i. ltoreq. n +1) is a random element uniformly distributed in G, yi(1. ltoreq. i. ltoreq. n) is ZNThe middle garment is uniformly distributed with random elements. Since Paillier and ElGamal are semantically secure, we can easily prove view0≡view0′。
Then, we prove the existence of a polynomial time probability simulator SiCan be at KiSimulation of worker w under condition of ViView (view). If wiIf it is not the winner, then
Figure BDA0001340105120000183
When it is simulated, SiGenerating
Figure BDA0001340105120000184
Wherein xi(i ═ 1, 2, 3) is ZNThe uniform random elements, y randomly sampled from G, and k uniformly distributed in {0, 1}λRandom elements of (c). For the winner
Figure BDA0001340105120000188
Angle of view thereof
Figure BDA0001340105120000185
Therefore, it is not only easy to use
Figure BDA0001340105120000186
Generate { E (x)1),E(x2),E(x3) K, t, V } is
Figure BDA0001340105120000187
In both cases, we can get view based on the semantic security of Paillier and ElGamal and the pseudo-randomness of PRFi≡viewi′。
Finally, we demonstrate that there is a probability simulator S of polynomial time-1Can be arranged in
Figure BDA0001340105120000193
Simulating the viewing angle (view) of the CSP. In the protocol, the CSP has a view angle of
Figure BDA0001340105120000194
When it is simulated, S-1Generating views-1′={E′(x1),...,E′(xn)}∪K-1Wherein x isi(1. ltoreq. i. ltoreq. n) is a random element uniformly distributed in G. View because of the semantic Security of ElGamal-1≡view-1' obviously holds.
The above theorem proves that our protocol is K-leak secure. Before explaining that revealing the limited impact of K on the privacy of an individual, we give the following reasoning.
2-connecting product of leading theory
Figure BDA0001340105120000195
From 1 to d (d)>n) random integers between
Figure BDA0001340105120000196
And (4) generating. When d → ∞ is reached, for
Figure BDA0001340105120000197
Fang Cheng
Figure BDA0001340105120000198
The number of solutions is at leastIs n! The probability of (2) is 1.
And (3) proving that:
Figure BDA0001340105120000199
the probability that all elements in the sequence are not equal is
Figure BDA0001340105120000191
Sequence of
Figure BDA00013401051200001910
Is a legal solution. Therefore, equation
Figure BDA00013401051200001911
At least n! The probability of each solution is η (d, n), and we have limd→∞η(d,n)=1。
Lemma 3-linked product pi and positive rational number set { b1,…,bnFrom 1 to d (d)>n) random positive integers between
Figure BDA00013401051200001912
Generated, and satisfies the following equation:
Figure BDA0001340105120000192
where (σ (1) · σ (n)) is the full permutation of (1, …, n), then the equation has at least n! The probability of each solution is 1.
And (3) proving that: the certification process is similar to that of lemma 2. When d → ∞ is reached,
Figure BDA00013401051200001913
the probability of being unequal to each other is 1, and the sequences
Figure BDA00013401051200001914
Any permutation of (a) produces a different solution.
Lemma 4 selects a random number a from 1, …, d, and when d → ∞, the probability that a is a prime number is 1/log d.
This theorem can be taken directly from the prime theorem [24], which states that when d → ∞ the number of primes before the number d converges on d/log d.
And (5) remarking. By leading to 4, x can be knowniThe probability of being a prime number or 1 can be approximated as (1/log d + 1/d). Thus, all xiAll have a probability of at least two prime factors of
(1–1/log d–1/d)n (11)
When d → ∞, the value converges to 1. This means that as long as d is chosen large enough, the probability of having at least 2n prime factors for the product pi is 1. In practice, the equation
Figure BDA0001340105120000204
The number of solutions is much larger than n! .
Theorem 2 based on information Ki(-1. ltoreq. i. ltoreq. n), intruder PiThe probability that private information of either party is available during execution of the task allocation protocol (extended algorithm 1) is negligible.
And (3) proving that: first consider P0Case of SC Server, which owns information K0V. The SC server can construct an equation
Figure BDA0001340105120000205
Suppose 1 ≦ vi≤d,η(vi) Is P0Can acquire viProbability of, η (v)i|K0) Is P0At K0Can acquire viThe probability of (c). By introduction 2, we have
Figure BDA0001340105120000201
In general, this is clearly negligible.
To PiIs proved with P0Similarly, we now consider P-1(i.e., CSP). Because of the fact that
Figure BDA0001340105120000206
The CSP can construct a nonlinear system containing n +1 equations:
Figure BDA0001340105120000202
by the introduction of 3, we also have
Figure BDA0001340105120000203
In general, this is negligible. And, even if the CSP acquires d (l)s,li) Is not able to obtain the precise value of lsAnd liThe probability of information is much higher than random guessing. After the syndrome is confirmed.
And (5) remarking. It should be noted that theorem 2 states that the privacy preserving task allocation protocol is generally secure. In some extreme cases, for example, V ═ 1, the intruder can immediately know that the speed of each worker is 1. However, as the number of workers increases, the likelihood of this situation decreases dramatically.
Fifth, performance evaluation
5.1 Experimental setup
We evaluate the performance of our protocol (extended algorithm 1) based on two types of metrics: efficiency and effectiveness are related. The former includes runtime and communications overhead, Worker Travel Distance (WTD), Worker Travel Time (WTT), and number of announcements (NNW). Generally, workers tend to be shorter WTDs, as do task requesters, because tasks can be performed earlier if the workers have the same speed. However, if the workers are at different speeds, it is not necessarily better to have a short WTD. In this case, both staff and task requesters prefer a short WTT. NNW should be kept low to reduce computational cost and communication overhead.
For effectiveness evaluation, we used the methods of To [ To, H., Ghinita, G.and Shahabi, C.: A frame for protecting work location privacy in spatial crown resource PVLDB,7(10),919-930(2014) ] and the like as a basis. Since their method does not take into account the effect of speed, the speed of each worker was set to 1 in the experiment. In this case, WTT equals WTD. Further, the expiration date of each task is set to a large value so that all workers can arrive before the expiration date. Since our agreement does not take into account the acceptance rate of workers, and always returns one worker (i.e., NNW is always equal to 1), we randomly generated 1000 tasks and reported the average result.
For efficiency evaluation, we note that differential privacy is significantly less computationally expensive than public key cryptography, but it does not protect the data during computation (e.g., allowing a trusted third party to view the location of all workers). Therefore, it is meaningless To compare our protocol (based on public key cryptography) with To et al's method (based on differential privacy) in terms of runtime. Therefore, we only focus on the efficiency of our protocol, testing if its overhead is acceptable in practice. We run our protocol 10 times and report its average results.
We evaluated performance using two real world datasets, Gowalla and Yelp. Gowalla contains a log-in history of users in a location-based social network. We chose a region of the state of california with latitudes 33.720183 to 34.149932 and longitudes-118.399999 to-117.900516. This region has 5830 users logged in, which are considered workers in the spatial crowdsourcing system. We take the location where the user logs the most as its current location and assume that a spatial task can be created at any location where there is a log-in record. For Yelp, we selected an area of phoenix city with latitude from 33.205308 to 33.924407 and longitude from-112.400283 to-111.218100. The region has about 67000 users and 11200 companies. The company location is considered a task and the user's location is chosen randomly from the companies that they have viewed.
We set the worker population # W ∈ {100,400,700,1000}, the maximum acceptance rate MAR ∈ {0.4,0.6,0.8,1}, and the expected task acceptance probability α ∈ {0.7,0.8,0.9,0.99 }. Since the performance benchmark depends on the differential privacy based on the privacy budget E, we also set E {0.1,0.4,0.7,1.0 }. For the security parameters of Paillier and ElGamal we refer to the NIST recommendation (2016) and set the key length KL e {1024,2048}, where a key length of 1024 is suitable for the current application and it is recommended to use a key of length 2048 in the next 15 years (2016-2030). The default values for each parameter are shown in bold.
In our experiments, the SC servers and CSPs were run on machines with four Intel Xeon E7-88602.2 GHz CPUs (16 cores per CPU) and 1TB RAM. Each worker was simulated by a Mi 2 cell phone with APQ 80641.5 GHz CPU and 2GB RAM. We implement our protocol using the Bouncy Castle Crypto package. The code is written in Java and executed in JDK 1.8. As can be seen from table 1, the performance bottleneck of our protocol is a series of Paillier decryption processes. Fortunately, these expensive operations are easy to compute in parallel because they are performed independently. In our experiment, we performed these decryptions using 64 threads.
4.2 results of the experiment
4.2.1 efficiency
Fig. 3 and 4 depict the runtime of a protocol extension version by changing MAR and alpha, respectively. In general, protocol extension versions add only limited overhead to provide specified acceptance guarantees. For example, when MAR is 1, our protocol requires approximately 1.79 seconds in order for α to be 0.9. However, when the MAR is reduced to 0.4, it takes about 1.84 seconds (see FIG. 4 (a)). As another example, when MAR is 0.8, our protocol may find a winner set of α 0.7 in 1.81 seconds. To ensure that tasks can be accepted with a high probability, e.g., 0.99, our protocol only requires 1.94 seconds. The additional overhead comes primarily from ElGamal encryption, since the number of encryptions is limited by the size of the winner set, which is usually small (more results can be found in fig. 10,11 and 12).
The communication overhead for the worker is still a small constant. We further investigated the communication cost of the protocol extension version by changing MAR and α and obtained the results of fig. 5 and 6. For all three parties, the communication costs increase slightly due to the participation of multiple winners. In summary, our protocol is also scalable in terms of communication overhead.
4.2.2 effectiveness
Fig. 7,8, 9 show the behavior of our protocol in terms of WTD (worker travel distance) by changing MAR, α and e, respectively. In all graphs, our protocol performed better than the baseline in all combinations of datasets (Gowalla, Yelp) and acceptance rate functions (Linear, Zipf). Specifically, in fig. 7, we observe that as MAR falls, the difference between our protocol and the benchmark increases. To explain this, we first note that the benchmark needs to visit more grid cells to achieve the desired acceptance rate. Each unit typically contains a number of workers. Some of which may be remote from the task location, but they may accept the task. However, our agreement always selects workers according to their travel time (or travel distance in this case). This is why our protocol is much better than the benchmark when the MAR is small. Fig. 9 shows that the benchmark has a larger WTD when more privacy protection is provided (e.g., e 0.1). However, even if only weak privacy protection is provided (e.g., e ═ 1), our protocol is still superior to the benchmark.
We further evaluated our protocol performance in NNW (notifier count) by changing MAR, α and ∈, and report the results in FIGS. 10,11, 12, respectively. Again, our protocol performed better than the baseline in all combinations of datasets (Gowalla, Yelp) and acceptance rate functions (Linear, Zipf). In most cases, the number of workers notified is not more than 5. In some extreme cases, e.g., α ═ 0.99, our protocol selects less than 15 workers to perform the task. This may explain why our protocol can be extended to P with very low overheadPTAG. On the other hand, the benchmark needs to inform many workers because it works on grid cells.
In light of the foregoing description of the preferred embodiment of the present invention, many modifications and variations will be apparent to those skilled in the art without departing from the spirit and scope of the invention. The technical scope of the present invention is not limited to the content of the specification, and must be determined according to the scope of the claims.

Claims (8)

1. A privacy protection space crowdsourcing task distribution system receiving guarantee is characterized by comprising an SC server, an encryption service provider, a space task requester and a worker; the SC server is a space crowdsourcing server;
the encryption service provider is used for generating a key, a Paillier cryptosystem and an ElGamal cryptosystem are adopted, the encryption service provider generates a domain parameter of the ElGamal and a key pair of the Paillier and the ElGamal, the encryption service provider keeps secret on a private key and sends the public key to the SC server and all workers;
the space task requester is used for creating a space task and transmitting a task position to the SC server; after the SC server encrypts the task position by using the public key, ciphertext is sent to all workers, and after the encrypted information is received from the SC server, each worker calculates the distance between the task position and the worker position, so that the privacy protection distance is calculated;
the speed of each worker is encrypted and sent to an SC server cooperating with an encryption service provider, the SC server multiplies the speeds of all encrypted workers, the encryption service provider decrypts the product to obtain V, and the V is sent to each worker and is the product of the speeds of all workers; each worker calculates the traveling time of the worker, encrypts the traveling time and sends the encrypted traveling time to the SC server;
the SC server calculates winning workers according to the encrypted privacy protection traveling time by means of an encryption service provider, and the encryption service provider encrypts a winning worker set containing a plurality of winning workers and returns the encrypted winning worker set to the SC server; the encryption service provider obtains the travel time of all workers from the SC server, sorts the travel time of all workers according to an ascending order, and adds the workers to a winning worker set one by one until an expected acceptance rate is reached;
the SC server encrypts the task position and broadcasts the task position to all workers, the tasks are distributed to the workers, only the winning workers can decrypt the encrypted task position, and the winning workers arrive at the designated position to execute the corresponding tasks;
spatial task s means to be at location lsExecution, and expiration date esAn associated task; the workers w are persons willing to perform space tasks, each with an ID designated by the SC serverwVelocity vwAnd its current location lwAssociating;
the SC server according to the set of workers W ═ { W ═ W1,w2,…,wnAnd the location l of the spatial task ssAnd expiration date esAssigning tasks to workers w by a task assignment algorithmi*,wnN in denotes the number of workers, wnRefers to the nth worker, worker wi*Two conditions need to be met: first, wi*May be at the expiration date esBefore arriving ats(ii) a Second, no other worker can be at wi*Before arriving ats
2. The system of claim 1, wherein the ElGamal is a public key cryptosystem, the security of which is based on the difficulty of discrete logarithm problem, and which is composed of a common domain parameter shared by a plurality of users and three algorithms:
-domain parameters: let p be a large prime number and q be a medium prime number, such that q | p-1; let g be r(p–1/q)mod p<>1, where r ∈ Fp *(ii) a These common parameters use a common finite abelian group G that creates a prime order q with a generation parameter G;
-key generation: selecting an integer x such that x is 0 ≦ q-1 and calculating h ≦ gxmod p; the public key pk is h, and the secret key sk is x;
-encryption E': let m be the message in G; encrypting by selecting a random number r, wherein r is more than or equal to 0 and less than or equal to q-1, and calculating:
c1=gr,c2=mhr. (5)
the ciphertext c of m is E' (m) ═ c1,c2);
-decryption D': the ciphertext c is decrypted by the following calculation:
m=D’(c)=c2(c1 x)-1 (6)
the ElGamal cryptosystem can be extended to support switched encryption, defined as follows using two new algorithms:
-secondary encryption
Figure FDA0002823411200000021
Given ciphertext E' ha (m) encrypted with public key ha, (gra, mhara), ra is a random number, where ra is 0 ≦ q-1; it is obtained by selecting a random number rb, where 0 rb q-1, and calculating c 1-gra, c 2-grb and c 3-mha rahb rbWherein h isbPerforming secondary encryption for the public key; e'ha(m) the ciphertext is
Figure FDA0002823411200000022
-secondary decryption
Figure FDA0002823411200000023
Ciphertext (c1, c2, c3) by using private key x in a different orderaAnd xbDecrypting, wherein the decryption results are the same; if the private key x is used firstaIs provided with
Figure FDA0002823411200000024
E’hb(m) is substituted by xbDecrypting again to obtain m; it is easy to verify if x is used firstbThen use xaThe decryption result is also the same.
3. The system of claim 1, wherein the multiple winning worker set is W ═ W1,w2,…,wnIs a set of n workers, and given a spatial task s, the task s is assigned to a set of workers W*Called the winning set of workers, such that:
1, each worker wi*∈W*Can be at the expiration date esBefore reaching position ls;wi*Represents the ith winning worker;
2, no other worker wj∈W\W*Can be used in any worker wi*∈W*Before reaching position ls;wjRepresents the jth non-winning worker;
3,η(W*s) is not less than alpha, where eta (W)*S) represents W*The probability of at least one worker receiving a task s, α is W*At least one worker receives the expected acceptance rate of task s.
4. A method for implementing a system according to any one of claims 1 to 3, comprising the steps of:
in the first stage, the distance between the task position and the worker position is calculated: paillier public key encryption task position l for space packet servers=(xs,ys) After that, three ciphertexts are sent to all workers: e (x)s 2+ys 2),E(xs) And E (y)s) After receiving the encrypted information from the spatial crowdsourcing server, each worker wiCalculating lsAnd its current position liAnd encryption is performed, i.e.:
Figure FDA0002823411200000031
wherein d is2(li,ls) Is a position liAnd lsThe square of the euclidean distance between; x is the number ofsRepresentative task position lsAbscissa, ysRepresentative task position lsOrdinate, xiRepresenting the current position liAbscissa, yiRepresenting the current position liA vertical coordinate;
second stage, each worker travel time calculation: let W be { W ═ W1,w2,…,wnIs a set of n workers, V is the speed of all workersProduct, i.e.
Figure FDA0002823411200000032
vkIs the speed of the kth worker, k is taken from 1-n, and vk' is V/vk, wherein k is greater than or equal to 1 and less than or equal to n; for any two workers wi,wjE W, if and only if d (li, ls) vi'<d (li, ls)/vi when d (lj, ls) vj' is<d (lj, ls)/vj; d represents the Euclidean distance between two positions; calculating a virtual travel time ti '═ d (li, ls) vi' for each worker, which is equivalent to an exact travel time ti ═ d (li, ls)/vi, i.e., the worker having the shortest virtual travel time must have the shortest exact travel time; lj is the location of the worker wj, vj is the velocity of the worker wj, vi is the worker wiThe speed of (d);
in the third stage, the winning worker calculates: SC Server has 2 tuples<i,E(ti’2)>Where i is worker wiI is more than or equal to 1 and less than or equal to n; in order to protect the identity of the workers, it encrypts each worker's ID by a PRF pseudo-random function and sends it to the encryption service provider<fk(i),E(tfk(i)’2)>The encryption service provider calculates a winning worker set of the travel time, sorts the winning worker set in ascending order, and then adds workers to the winning worker set one by one until a desired acceptance rate is reached; f. ofk(i) In fkIs a PRF pseudo-random function, fk(i) For each worker wiThe ID of (1) is encrypted by a PRF pseudo-random function;
fourth phase, task location broadcast: once E 'is received'C(fk(i*) Spatial crowdsourcing server encrypts task location l)sAnd broadcasts to all workers
Figure FDA0002823411200000033
Encrypt l in the following manners
Figure FDA0002823411200000034
Where h is a length matching hash function for mapping long bit strings to short bit strings; a method for constructing h proved to be semantically safe includes that a long bit string is cut into a plurality of short bit strings with fixed length, exclusive OR calculation is carried out on the short bit strings, and then output is carried out; only E 'was obtained'C(fk(i*) Workers of information can pass calculations
Figure FDA0002823411200000035
And obtaining task position information.
5. The method of claim 4, wherein in the first stage, all workers are required to be E (x)i 2+yi 2),E(xi) And E (y)i) Sends the encrypted location to the spatial crowdsourcing server and asks the spatial crowdsourcing server to compute E (d)2(li,ls))。
6. The method of claim 4, wherein in the second stage, each worker encrypts its speed through the ElGamal cryptosystem and applies E' (v) to the speedi) Sending to a spatial crowdsourcing server, wherein the spatial crowdsourcing server obtains E' (V) by multiplying all encrypted speeds; then, the space crowdsourcing server requires the encryption service providing unit to decrypt E' (V) and send V to all worker mobile terminals; by using its speed viExcept for V, for each worker wiTo obtain vi' and calculating E (d)2(li,ls))vi2=E(d2(li,ls)vi2)=E(ti2) (ii) a The encrypted virtual travel time is sent to a spatial crowdsourcing server for further processing; the exact value of V is known by the encryption service providing unit and all workers in the second stage process described above, which does not violate the individual privacy of any worker.
7. The method of claim 4, wherein the method further comprises the step of adding a second surfactant to the mixtureIn the third phase, since the encryption service provider has Paillier's private key, E (ti'2) To obtain ti'2And calculating the actual travel time
Figure FDA0002823411200000041
Then, the encryption service provider sorts all workers by travel time and judges whether the workers can reach the task position before the expiration date es, and then adds the workers to the winning worker set one by one until the expected acceptance rate is reached; if the task cannot be accepted at the expected acceptance rate, the encryption service provider informs the SC server that no set of workers can guarantee that the task is accepted; otherwise, it encrypts the ID f of each winning worker in the set using ElGamalk(i), and adding E' C (f)k(i)) to the SC server.
8. A method according to claim 4, wherein in the fourth stage, the following step ensures that only winning workers can obtain E'C(fk(i*) Information) of:
first, each worker wiObtaining an encrypted ID (f) from a spatial crowdsourcing serverk(i) And encrypted by ElGamal using its own public key, and then encrypting the encrypted information E' wi(fk(i) Is transmitted to an encryption service providing unit, and the encryption service providing unit, upon receiving the information, uses the public key and E 'for encryption'C(fk(i*) The same random number r of) is encrypted again by ElGamal; the encrypted service providing unit then provides the result E'C(E’wi(fk(i*) Sent to each can be decrypted by its private key to obtain E'C(fk(i) Workers of (c); the public key should be kept secret to protect privacy.
CN201710533887.4A 2017-07-03 2017-07-03 Privacy protection space crowdsourcing task allocation system and method for receiving guarantee Active CN107360146B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710533887.4A CN107360146B (en) 2017-07-03 2017-07-03 Privacy protection space crowdsourcing task allocation system and method for receiving guarantee
PCT/CN2017/113468 WO2019006968A1 (en) 2017-07-03 2017-11-29 Warrantable task allocation system and method for privacy protected spatial crowdsourcing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710533887.4A CN107360146B (en) 2017-07-03 2017-07-03 Privacy protection space crowdsourcing task allocation system and method for receiving guarantee

Publications (2)

Publication Number Publication Date
CN107360146A CN107360146A (en) 2017-11-17
CN107360146B true CN107360146B (en) 2021-03-26

Family

ID=60292821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710533887.4A Active CN107360146B (en) 2017-07-03 2017-07-03 Privacy protection space crowdsourcing task allocation system and method for receiving guarantee

Country Status (2)

Country Link
CN (1) CN107360146B (en)
WO (1) WO2019006968A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107360146B (en) * 2017-07-03 2021-03-26 深圳大学 Privacy protection space crowdsourcing task allocation system and method for receiving guarantee
CN109033865B (en) * 2018-06-20 2021-10-01 苏州大学 Task allocation method for privacy protection in space crowdsourcing
CN109003172A (en) * 2018-07-09 2018-12-14 中国科学技术大学苏州研究院 Protect the space crowdsourcing task auction bidding method of privacy
CN109600709B (en) * 2018-11-27 2021-01-26 南方科技大学 Space crowdsourcing task allocation method and system
CN110062042B (en) * 2019-04-16 2021-09-24 南京信息工程大学 Decentralized video streaming service method and system supported by mobile crowdsourcing
CN110232507B (en) * 2019-05-28 2021-07-27 中国人民解放军国防科技大学 Intelligent contract-based crowdsourcing activity overall process supervision method and system
CN110620774B (en) * 2019-09-20 2021-06-08 西安电子科技大学 Position strategy privacy protection method for block downlink space crowdsourcing
CN111563789B (en) * 2020-03-30 2022-03-25 华东师范大学 Recommendation method based on privacy protection
CN113761555B (en) * 2021-07-20 2024-04-09 杭州师范大学 Safe and reliable vehicle networking space crowdsourcing task matching method based on intelligent contracts
CN114978492A (en) * 2022-05-11 2022-08-30 西安电子科技大学 Privacy protection method for centralized space crowdsourcing task allocation in spatial information network
CN114944960B (en) * 2022-06-20 2023-07-25 成都卫士通信息产业股份有限公司 Password application method, device, equipment and storage medium
CN115587716B (en) * 2022-12-12 2023-03-14 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Privacy protection space crowdsourcing task allocation method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104731860A (en) * 2015-02-04 2015-06-24 北京邮电大学 Space keyword query method protecting privacy
CN105243501A (en) * 2015-10-13 2016-01-13 重庆大学 Spatial crowdsourcing network node position privacy protection method
CN105825333A (en) * 2016-03-14 2016-08-03 南京邮电大学 Crowdsourcing service system based on anonymous places of cloud platform and task distribution method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120046995A1 (en) * 2009-04-29 2012-02-23 Waldeck Technology, Llc Anonymous crowd comparison
US20140343984A1 (en) * 2013-03-14 2014-11-20 University Of Southern California Spatial crowdsourcing with trustworthy query answering
CN107360146B (en) * 2017-07-03 2021-03-26 深圳大学 Privacy protection space crowdsourcing task allocation system and method for receiving guarantee

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104731860A (en) * 2015-02-04 2015-06-24 北京邮电大学 Space keyword query method protecting privacy
CN105243501A (en) * 2015-10-13 2016-01-13 重庆大学 Spatial crowdsourcing network node position privacy protection method
CN105825333A (en) * 2016-03-14 2016-08-03 南京邮电大学 Crowdsourcing service system based on anonymous places of cloud platform and task distribution method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
支持工作者位置隐私保护的众包质量控制模型;初翔,仲秋雁;《系统工程理论与实践 基础科学专辑》;20160825;第36卷(第8期);第2047-2055页 *

Also Published As

Publication number Publication date
CN107360146A (en) 2017-11-17
WO2019006968A1 (en) 2019-01-10

Similar Documents

Publication Publication Date Title
CN107257381B (en) Task allocation system model for privacy protection space crowdsourcing and implementation method
CN107360146B (en) Privacy protection space crowdsourcing task allocation system and method for receiving guarantee
Belguith et al. Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted iot
Liu et al. Efficient task assignment in spatial crowdsourcing with worker and task privacy protection
Song et al. Eppda: An efficient privacy-preserving data aggregation federated learning scheme
Xing et al. Mutual privacy preserving $ k $-means clustering in social participatory sensing
Li et al. Privacy-preserving-outsourced association rule mining on vertically partitioned databases
Van Den Hooff et al. Vuvuzela: Scalable private messaging resistant to traffic analysis
Zhou et al. TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems
Paulet et al. Privacy-preserving and content-protecting location based queries
CN107222302B (en) The space crowdsourcing task distribution system and method constructed with part homomorphic encryption scheme
Li et al. Efficient and privacy-preserving data aggregation in mobile sensing
Ruan et al. Secure and privacy-preserving average consensus
Chen et al. Private data aggregation with integrity assurance and fault tolerance for mobile crowd-sensing
Yu et al. Verifiable outsourced computation over encrypted data
Tang et al. Achieve privacy-preserving truth discovery in crowdsensing systems
Karl et al. Cryptonite: a framework for flexible time-series secure aggregation with online fault tolerance
Vishwakarma et al. A secure three-party authentication protocol for wireless body area networks
Li et al. Epps: Efficient privacy-preserving scheme in distributed deep learning
Yuvaraju et al. Energy proficient hybrid secure scheme for wireless sensor networks
Hwang et al. An SKP-ABE scheme for secure and efficient data sharing in cloud environments
Zhang et al. Privacy‐friendly weighted‐reputation aggregation protocols against malicious adversaries in cloud services
Wang et al. pdRide: Privacy-Preserving Distributed Online Ride-Hailing Matching Scheme
Al-Zumia et al. A novel fault-tolerant privacy-preserving cloud-based data aggregation scheme for lightweight health data
Karl et al. Cryptonite: A framework for flexible time-series secure aggregation with non-interactive fault recovery

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant