CN112565081B - Privacy protection processing method and device for shortest path - Google Patents

Privacy protection processing method and device for shortest path Download PDF

Info

Publication number
CN112565081B
CN112565081B CN202011426818.1A CN202011426818A CN112565081B CN 112565081 B CN112565081 B CN 112565081B CN 202011426818 A CN202011426818 A CN 202011426818A CN 112565081 B CN112565081 B CN 112565081B
Authority
CN
China
Prior art keywords
node
nodes
deleted
shortest path
successor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011426818.1A
Other languages
Chinese (zh)
Other versions
CN112565081A (en
Inventor
张翰林
赵哲群
李新亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao University
Original Assignee
Qingdao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao University filed Critical Qingdao University
Priority to CN202011426818.1A priority Critical patent/CN112565081B/en
Publication of CN112565081A publication Critical patent/CN112565081A/en
Application granted granted Critical
Publication of CN112565081B publication Critical patent/CN112565081B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a privacy protection processing method for a shortest path, which ensures the safety of user information by blinding an input node graph of a Dijkstra algorithm and then sending the blinded input data to a cloud server for privacy protection processing of the shortest path; in addition, in order to guarantee the safety of the cloud computing process or the transmission process, the blind computing result is firstly verified after being received; if the verification is passed, the blind calculation result is restored, and if the verification is not passed, the result is not restored, so that the safety and reliability of the calculation result can be guaranteed; meanwhile, the method only uses one cloud server to complete the safety outsourcing calculation on the shortest path, and compared with the traditional method in which a plurality of servers complete the calculation task together, the method has higher safety in the calculation process. The application also provides a privacy protection processing device, a user side, a system and a readable storage medium with the shortest path, and the privacy protection processing device, the user side and the system have the beneficial effects.

Description

Shortest path privacy protection processing method and device
Technical Field
The present application relates to the field of computing technologies, and in particular, to a method, an apparatus, a user side, a system, and a readable storage medium for privacy protection processing of a shortest path.
Background
The shortest path problem is a classic algorithm problem in graph theory research and aims to find the shortest path between two nodes in a graph (composed of nodes and paths). In actual operation, for a graph containing thousands of nodes, the device is limited by resources and cannot take the task of calculation.
In recent years, with the continuous development of the technology in the field of cloud computing, cloud computing services increasingly and deeply enter people's lives, and the outsourcing computing technology in cloud computing also becomes a hot point of interest for people. Outsourcing computation enables a user with limited resources to deliver a computation task with large computation amount to a cloud server for processing, the new computation mode reduces the burden of personal computation, avoids a large amount of investment on local software and hardware and maintenance of the user, and the user can remotely store data in a cloud for processing and enjoy high-quality application and service in the cloud as required. Outsourcing computation provides the possibility of acceleration of the distance for which the shortest path is computed. The shortest path problem can be outsourced to the cloud server, so that the user only needs to perform a small amount of calculation locally, and the purpose of accelerating the calculation of the shortest path problem can be achieved.
While bringing benefits to people, outsourcing computation inevitably faces some new security challenges and problems, and the first problem is how to ensure the security of data information in the process of outsourcing computation. In a cloud computing environment, outsourcing computing tasks often include some sensitive information, once data are uploaded to a cloud end, the data are separated from physical control of a user, and main bodies such as a cloud service provider and a cloud data manager having access control authority on a cloud server can directly acquire private information contained in the data uploaded by the user through data access, so that great potential safety hazards exist for privacy of the private data of the user; on the other hand, the cloud server may also be subject to external attacks, such as hacking, etc., which may also result in disclosure of user details and personal privacy.
In order to protect the confidentiality of user data in the cloud server, before outsourcing of the data, the user generally encrypts sensitive data. Therefore, even if the cloud server administrator has data access authority, the actual contact is only in the form of the data ciphertext. Data encryption, while protecting the privacy of data, poses difficulties in the use of data.
Therefore, how to facilitate the use of data information by other devices while ensuring the security of the data information is an urgent problem to be solved by those skilled in the art.
Disclosure of Invention
The method can ensure the safety of data information and facilitate other equipment to use the data information; another object of the present application is to provide a shortest path privacy protection processing apparatus, a user terminal, a system and a readable storage medium.
In order to solve the above technical problem, the present application provides a privacy protection processing method for a shortest path, which is based on a cloud server, and includes:
the user side uploads a Dijkstra algorithm for calculating the shortest path to a cloud server;
taking a node graph to be processed as input data to be subjected to blind processing to obtain blind input data;
sending the blinded input data to the cloud server so that the cloud server calls the Dijkstra algorithm to calculate the shortest path after receiving the blinded input data;
receiving a calculation result returned by the cloud server as a blind calculation result;
verifying the blind calculation result;
if the blind calculation result passes the verification, recovering the blind calculation result to obtain an expected calculation result;
if the verification fails, outputting error prompt information.
Optionally, the blind processing is performed on the node map to be processed as input data to obtain blind input data, and the blind processing includes:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
randomly selecting a plurality of pairs of nodes with paths in the matrix as target node pairs;
determining a node in the direct connection line of the target node pair as a new node;
and adding paths between the newly added nodes and nodes with paths between the newly added nodes and the target node pairs as newly added paths.
Optionally, the blind processing is performed on the node map to be processed as input data to obtain blind input data, and the blind processing includes:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
deleting a plurality of nodes with the level of 1 in the node graph to be processed in the matrix;
adding the distance between the deleted node with the degree of 1 and the successor node thereof to other paths connected with the successor node;
recording the front-back relationship and the path length between the node with the deletion degree of 1 and the subsequent node.
Optionally, the blind processing is performed on the node map to be processed as input data to obtain blind input data, and the blind processing includes:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
determining a plurality of nodes with the matrix middle degree of 2 as nodes to be deleted;
judging whether a path exists between the node to be deleted and the subsequent node;
if yes, judging whether the sum of the distances from the node to be deleted to the subsequent node is larger than the distance between the subsequent nodes or not;
if the distance between the node to be deleted and the successor node of the node to be deleted is not larger than the preset distance, deleting the node to be deleted, replacing the value of the path between the successor nodes with the sum of the distances between the node to be deleted and the successor node of the node to be deleted, recording that the node to be deleted is a precursor node of the node closest to the node to be deleted, and recording the distance between the node to be deleted and the successor node of the node to be deleted;
if the number of the nodes to be deleted is larger than the preset value, deleting the nodes to be deleted, recording the nodes to be deleted as predecessor nodes of successor nodes closest to the nodes to be deleted, and recording the distances from the nodes to be deleted to the successor nodes;
and if the node to be deleted does not exist, deleting the node to be deleted, assigning the sum of the distances between the node to be deleted and the successor node thereof to the path between the successor nodes thereof, recording the node to be deleted as a precursor node of the successor node closest to the node to be deleted, and recording the distance from the node to be deleted to the successor node thereof.
Optionally, the blind processing is performed on the node map to be processed as input data to obtain blind input data, and the blind processing includes:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
and multiplying all the points in the matrix by random numbers to obtain a matrix after blinding, and using the matrix as blinding output data.
Optionally, verifying the blinded computation result includes:
randomly selecting a plurality of nodes as verification nodes;
calculating the distance from the verification node to other nodes in the blinded input data as a verification value;
comparing whether the blind calculation result is the same as the verification value;
if not, judging that the verification is not passed;
if the two are the same, the verification is judged to be passed.
The application also provides a privacy protection processing apparatus of the shortest path, which is applied to the user side, and comprises:
the task uploading unit is used for uploading a Dijkstra algorithm for calculating the shortest path to the cloud server;
the parameter blinding unit is used for blinding the node graph to be processed as input data to obtain blinded input data;
the parameter transmission unit is used for sending the blinded input data to the cloud server so that the cloud server can call the Dijkstra algorithm to calculate the shortest path after receiving the blinded input data;
the result receiving unit is used for receiving a calculation result returned by the cloud server as a blinded calculation result;
the verification unit is used for verifying the blinded calculation result; if the verification is passed, triggering the first unit; if the verification fails, triggering the second unit;
the first unit is used for recovering the blinded calculation result to obtain an expected calculation result;
and the second unit is used for outputting error prompt information.
The present application further provides a user side, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the shortest path privacy protection processing method when executing the computer program.
The present application further provides a privacy protection processing system for a shortest path, including: the cloud server is connected with the user side;
the cloud server is used for receiving a Dijkstra algorithm uploaded by the user side and the node graph to perform privacy protection processing on the shortest path, generating a calculation result and feeding the calculation result back to the user side.
The application also provides a readable storage medium, which stores a program, and the program realizes the steps of the shortest path privacy protection processing method when being executed by a processor.
According to the privacy protection processing method for the shortest path, the input node graph of the Dijkstra algorithm is subjected to blind processing, then the blind input data are sent to the cloud server to be subjected to privacy protection processing of the shortest path, user sensitive data can be subjected to blind processing, and safety of user information is guaranteed; in addition, in order to ensure the safety of the cloud computing process or the transmission process, the blind computing result is firstly verified after being received; if the verification is passed, the blind calculation result is restored, and if the verification is not passed, the result is not restored, so that the safety and reliability of the calculation result can be guaranteed; meanwhile, the method only uses one cloud server to complete the safety outsourcing calculation on the shortest path, and compared with the traditional method in which a plurality of servers complete the calculation task together, the method has higher safety in the calculation process.
The application also provides a privacy protection processing device, a user side, a system and a readable storage medium for the shortest path, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only the embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a shortest path privacy protection processing method according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a node with a degree of 1 according to an embodiment of the present disclosure;
fig. 3 is a schematic node diagram after a node with a degree of 1 is deleted according to an embodiment of the present application;
fig. 4 is a schematic diagram of a node with a degree of 2 according to an embodiment of the present application;
fig. 5 is a schematic diagram after a node with a degree of 2 is deleted according to an embodiment of the present application;
fig. 6 is a schematic diagram of another node with degree 2 according to the embodiment of the present application;
fig. 7 is a schematic diagram after another node with a degree of 2 is deleted according to the embodiment of the present application;
fig. 8 is a schematic node diagram of a degree 2 where a successor node has no path according to the embodiment of the present application;
fig. 9 is a schematic diagram after a node with a path-free degree of 2 of a successor node is deleted according to the embodiment of the present application;
fig. 10 is a block diagram of a shortest path privacy protection processing apparatus according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a user side according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a shortest path privacy protection processing system according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a privacy protection processing method of the shortest path, and the method can ensure the safety of data information and simultaneously facilitate the use of other equipment for the data information; at the other core of the application, a shortest path privacy protection processing device, a user side, a system and a readable storage medium are provided.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
From an application perspective, an efficient outsourcing computation protocol should satisfy 3 basic conditions: (1) ensuring the confidentiality of user data; (2) ensuring that a user can verify the correctness of cloud computing output; (3) it is ensured that the workload (including correctness verification) required by the user side under this protocol is less than the workload the user calculates alone, otherwise the user does not have to seek help from the cloud. In view of the above problems and requirements, it is necessary to fully consider privacy of user data and verifiability of results when designing how to outsource operations to a cloud server.
The shortest path searching method is generally applied to the fields of navigation in daily life, friend recommendation algorithms of social networks and the like, and is closely related to our lives. Based on this, the present application provides a privacy protection processing method for shortest path, please refer to fig. 1, where fig. 1 is a flowchart of the privacy protection processing method for shortest path provided in this embodiment, where the method is based on a cloud server, and mainly includes:
step s110, the user side uploads a Dijkstra algorithm for calculating the shortest path to a cloud server;
the user side has a resource-limited device, but wants to run a calculation task of a calculation amount, and the cloud side has almost infinite calculation energy, so that the resource use right as required can be provided for the user. When the user side uses outsourcing calculation, firstly, a calculation task F (x) is uploaded to the cloud server, wherein the calculation task is Dijkstra algorithm used for calculating the shortest path, the Dijkstra algorithm needs to find a node closest to a current node, the current node is assumed to be a, the found closest node is b, a third node c is found in the graph, and the 'relaxation' between the nodes is realized by judging the magnitude relation between the distance between a → b and the sum of the distances between a → c and c → b, if the distance between a → b is larger than the sum of the distances between a → c and c → b, the value of the shortest path between a → b is replaced by the sum of the distances between a → c and c → b, and the shortest path also becomes a > c > b. Finally, the shortest path from the point a to all other nodes can be found through circulation.
The specific calculation task setting, i.e. the steps of Dijkstra algorithm, can refer to the description of the related art, and will not be described herein again.
Step s120, performing blind processing on the node map to be processed as input data to obtain blind input data;
in order to implement secure outsourcing, the user end performs blind processing on input data x of a computation task, that is, performs blind processing on a node map of a shortest path to be computed to obtain blind input data x ', the blind node map blinds sensitive information, and the user's sensitive data cannot be directly obtained even if the node map is sent to a cloud server or other service ends, so that security of the user data can be guaranteed.
On the premise that the algorithm is difficult to blind, the embodiment performs the blind processing on the whole node map, and the blind processing on the node map can be realized by adding nodes and edges and deleting the nodes and the edges.
Step s130, sending the blinded input data to a cloud server so that the cloud server calls a Dijkstra algorithm to calculate the shortest path after receiving the blinded input data;
after the blinded input data is sent to the cloud server, the cloud server may perform the shortest path calculation processing according to the given input x', that is, the blinded input data and the calculation task f (x), that is, Dijkstra algorithm, and specifically, a specific implementation process of the cloud server performing calculation based on the set calculation task and the input data to obtain the result y may refer to an implementation manner of the related art, and the calculation process of the cloud server is not limited in this embodiment.
Meanwhile, it should be noted that, in this embodiment, the computing task is issued to a single cloud server, and is not completed together by calling multiple cloud servers, so that the security of the computing process is improved by reducing the number of computing parties.
Step s140, receiving a calculation result returned by the cloud server as a blinded calculation result;
the cloud server obtains a calculation result y after calculating the shortest path, and feeds the result back to the user side initiating the task.
And the user side receives the calculation result returned by the cloud server and takes the calculation result as a calculation result before de-blinding processing.
Step s150, verifying the blinded calculation result;
the user verifies the correctness of the blind calculation result y, and can verify whether the result is correct or not through the verification of the result, or whether the cloud server has a behavior that is not correct, such as a behavior of tampering data.
Specifically, the verification means is not limited in this embodiment, and may correspond to a way of performing blind processing on the input data in the above steps, for example, a calculation processing for calculating a small part of the shortest path may be performed, and the result may be compared with a result returned by the cloud server, or a way of assigning a special value to the input blind node map may be performed, and a result returned by the cloud server may be compared with a calculation result set by the special value in an equivalent manner.
Optionally, a verification of the blinded calculation result includes the following steps:
randomly selecting a plurality of nodes as verification nodes;
calculating the distance from the verification node to other nodes in the blinded input data as a verification value;
comparing whether the blind calculation result is the same as the verification value or not;
if not, judging that the verification is not passed;
if the two are the same, the verification is judged to be passed.
Verifying the received result y, and randomly selecting a positive integer r 4 ,r 4 Has a value range of [1, n/2 ]]Randomly select r 4 And (4) calculating the distance from the node to other nodes at the client by each node, and comparing the results returned by the cloud server. If the conditions are different, returning to 0 to indicate that the verification is not passed; if the two are the same, 1 is returned, and the cloud service can be considered to be credible with a probability close to 1, that is, the verification is judged to be passed. The verification means is strong in randomness, and can guarantee verification accuracy and validity.
In this embodiment, only the three implementation manners are described as an example, and other implementation means can refer to the description of this embodiment, which is not described herein again.
If the verification is passed, recovering the blinded calculation result to obtain an expected calculation result, and executing step s 160; otherwise, it indicates that the computing process of the cloud server is abnormal, and at this time, step s170 may be executed.
Step s160, recovering the blinded calculation result to obtain an expected calculation result;
the method for recovering the blinded calculation result corresponds to the implementation of the blinding process in the step s120, and the method for the blinding process in the step is not limited, so the method for recovering the result, i.e., the method for de-blinding process, in this step is not limited.
And step s170, outputting error prompt information.
The method includes outputting error prompt information to prompt that an exception exists in the outsourcing calculation process to prompt a user or other personnel to process in time, and certainly, besides outputting the prompt information, other processing modes can be further adopted, for example, a calculation task is uploaded again.
Based on the introduction, in the privacy protection processing method for the shortest path provided by this embodiment, the input node graph of the Dijkstra algorithm is subjected to the blinding processing, and then the blinded input data is sent to the cloud server for the shortest path calculation processing, so that the user sensitive data can be blinded, and the security of the user information is guaranteed; in addition, in order to guarantee the safety of the cloud computing process or the transmission process, the method firstly verifies the blind computing result after receiving the blind computing result; if the verification is passed, the blind calculation result is restored, and if the verification is not passed, the result is not restored, so that the safety and reliability of the calculation result can be guaranteed; meanwhile, the method only uses one cloud server to complete the safety outsourcing calculation on the shortest path, and compared with the traditional method in which a plurality of servers complete the calculation task together, the method has higher safety in the calculation process.
In the foregoing embodiment, a specific implementation process of performing blind processing on a node map to be processed as input data is not limited, and this embodiment introduces several blind processing modes for the node map, which mainly include the following modes:
1. optionally, the node map to be processed is used as input data to be blinded, and the process of obtaining the blinded input data may include the following steps:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
randomly selecting a plurality of pairs of nodes with paths in the matrix as target node pairs;
determining a node in the direct connection of the target node pair as a new node;
and adding paths between a plurality of newly added nodes and nodes with paths between the newly added nodes and the target node pair as newly added paths.
For example, the input matrix x stores the relationship between nodes in the graph using a two-dimensional array, assuming that there are many nodes with degree 1 or 2 in the graph, and the number of nodes with degree 1 or 2 is denoted as d.
The user terminal can select a random real number p and a random positive integer r 1 The number of nodes in the original graph is n, r 1 ∈ [1,n/2]。
Based on the selected r 1 Randomly select r 1 For nodes with paths, a starting node is a, an ending node is b, and a distance between a → b is s, a node can be determined arbitrarily by a direct connection line between c and a, a node is added between two points and is marked as c, at this time, the node c can enable the distance between a → c and the distance between c → b to be equal to s, wherein the value of the distance between a → c is [1, s ].
Meanwhile, the number of nodes with paths of the nodes a and b is recorded as m, and a positive integer r is randomly selected 2 Wherein r is 2 ∈[1,m]Increase r 2 And a path between the node c and a node having a path between the node c and the nodes a and b, wherein the distance value from the node c to the point is larger than the distance from the node a or the node b to the point.
The above describes a means for implementing node blinding by adding nodes, and the following describes several means for implementing node blinding by deleting nodes.
2. Optionally, the node map to be processed is used as input data to be blinded, and the process of obtaining the blinded input data may include the following steps:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
deleting a plurality of nodes with the degree of 1 in the node graph to be processed in the matrix;
adding the distance between the deleted node with the degree of 1 and the successor node thereof to other paths connected with the successor node;
recording the front and back relationship and the path length between the node with the deletion degree of 1 and the subsequent node.
Still by way of example, the input matrix x stores the relationships between nodes in the graph using a two-dimensional array, assuming there are more nodes with degrees of 1 or 2 in the graph, and the number of nodes with degrees of 1 or 2 is denoted as d. The user terminal can select a random real number p and a random positive integer r 1 The number of nodes in the original image is n, r 1 ∈[1,n/2]。
Randomly selecting a positive integer r 3 ,r 3 Has a value range of [1, d]At the same timeMachine deletion r 3 For a node with the degree of 1, one deletion rule corresponds to the following: as shown in fig. 2, a node with a degree of 1 is shown, for a node with a degree of 1, the node (the node without shading in the figure) is directly deleted, and the distance between the node and its successor node is added to other paths connected with the successor node, as shown in fig. 3, the node with a degree of 1 is deleted, the front-back relationship between the node and its successor node is recorded in a dictionary M (a preset storage space), and the length of the path is recorded, so that the blind-solving process is performed according to the dictionary M subsequently.
3. Optionally, the node map to be processed is used as input data to be blinded, and the process of obtaining the blinded input data may include the following steps:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
determining a plurality of nodes with the medium degree of 2 in the matrix as nodes to be deleted;
judging whether a path exists between the node to be deleted and the subsequent node;
if so, judging whether the sum of the distances from the node to be deleted to the subsequent node is greater than the distance between the subsequent nodes;
if the distance between the node to be deleted and the subsequent node is not greater than the preset distance, deleting the node to be deleted, replacing the value of the path between the subsequent nodes with the sum of the distances from the node to be deleted to the subsequent node, recording that the node to be deleted is a precursor node of the node closest to the node to be deleted, and recording the distance from the node to be deleted to the subsequent node;
if the number of the nodes is larger than the preset value, deleting the nodes to be deleted, recording the nodes to be deleted as predecessor nodes of successor nodes closest to the nodes to be deleted, and recording the distances from the nodes to be deleted to the successor nodes;
and if the node does not exist, deleting the node to be deleted, assigning the sum of the distances between the node to be deleted and the subsequent node to the path between the subsequent node, recording the node to be deleted as a precursor node of the subsequent node closest to the node to be deleted, and recording the distance between the node to be deleted and the subsequent node.
Also in the aboveFor example, the data is introduced, a two-dimensional array is used to store the relationship between nodes in the graph, and it is assumed that there are many nodes with degree of 1 or 2 in the graph, and the number of nodes with degree of 1 or 2 is denoted as d. The user terminal can select a random real number p and a random positive integer r 1 The number of nodes in the original image is n, r 1 ∈[1,n/2]。
Randomly selecting a positive integer r 3 ,r 3 Has a value range of [1, d]Random deletion of r 3 For a node with degree 2, one deletion rule corresponds to the following: for a node with degree 2, if there is a path between the successor nodes, and if the sum of the distances from the node to the successor nodes is less than or equal to the distance between the successor nodes. As shown in fig. 4 (a schematic diagram of a node with degree 2), the node is deleted and the value of the path between the successor nodes is replaced by the sum of the distances from the node to the successor nodes thereof, as shown in fig. 5 (a schematic diagram after deletion of a node with degree 2), the node is recorded in the dictionary M as a predecessor of the node closest to the node and the distance from the node to the successor nodes thereof is recorded.
For a node with degree 2, if there is a path between the successor nodes and the sum of the distances from the node to the successor nodes is greater than the distance between the successor nodes, as shown in fig. 6 (another node schematic diagram with degree 2), the node is deleted, as shown in fig. 7 (another node schematic diagram after deletion of degree 2), the node is recorded in the dictionary M as a predecessor node of the successor node closest to the node and the distance from the node to the successor node is recorded.
And if the subsequent node has no path, as shown in fig. 8 (a node schematic diagram with a degree of 2 that the subsequent node has no path), deleting the node, as shown in fig. 9 (a node schematic diagram with a degree of 2 that the subsequent node has no path, deleting the node), assigning the sum of the distances between the node and the subsequent nodes thereof to the path between the subsequent nodes thereof, recording the node as a precursor node of the subsequent node closest to the node in the dictionary M, and recording the distance between the node and the subsequent nodes thereof.
The three blinding methods need to recover the deleted nodes and paths according to the node context and distance recorded in the dictionary and delete the newly added nodes when de-blinding.
4. Optionally, the node map to be processed is used as input data to be blinded, and the process of obtaining the blinded input data may include the following steps:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
and multiplying all the points in the matrix by the random number to obtain a matrix after the blinding, wherein the matrix is used as blinding output data.
For example, all the points in the matrix are multiplied by p to obtain the matrix x' after the blinding.
The blind process and the blind-removing realization process are simple.
It should be noted that the above steps may be randomly combined, for example, all of the steps may be executed from 1 to 4, or one or more of the steps may be selected to be executed, which may be specifically set according to the actual blind requirement, and is not limited herein.
Referring to fig. 10, fig. 10 is a block diagram of a privacy protecting and processing apparatus with shortest path according to this embodiment; the method mainly comprises the following steps: a task uploading unit 210, a parameter blinding unit 220, a parameter delivery unit 230, a result receiving unit 240, a verification unit 250, a first unit 260, and a second unit 270. The shortest path privacy protection processing apparatus provided in this embodiment may be collated with the shortest path privacy protection processing method described above.
The task uploading unit 210 is mainly used for uploading a Dijkstra algorithm for calculating the shortest path to the cloud server;
the parameter blinding unit 220 is mainly configured to perform blinding processing on the node map to be processed as input data to obtain blinded input data;
the parameter transferring unit 230 is mainly configured to send the blinded input data to the cloud server, so that the cloud server invokes a Dijkstra algorithm to perform shortest path calculation after receiving the blinded input data;
the result receiving unit 240 is mainly configured to receive a computation result returned by the cloud server as a blinded computation result;
the verification unit 250 is mainly used for verifying the blinded calculation result; if the verification is passed, the first unit 260 is triggered; if the verification fails, the second unit 270 is triggered;
the first unit 260 is mainly used for recovering the blinded calculation result to obtain an expected calculation result;
the second unit 270 is mainly used for outputting error prompt information.
The present embodiment provides a user end for calculating a shortest path, mainly including: a memory and a processor.
Wherein, the memory is used for storing programs;
the processor is configured to implement the steps of the shortest path privacy protection processing method described in the foregoing embodiment when executing a program, and specifically, refer to the description of the shortest path privacy protection processing method.
Referring to fig. 11, a schematic structural diagram of the user end provided in the present embodiment is shown, where the user end may generate a large difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, where the memory 332 stores one or more computer applications 342 or data 344. Memory 332 may be, among other things, transient or persistent storage. The program stored in memory 332 may include one or more modules (not shown), each of which may include a sequence of instructions operating on a data processing device. Further, the cpu 322 may be configured to communicate with the memory 332 to execute a series of instruction operations in the storage medium 330 on the user terminal 301.
Client 301 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input/output interfaces 358, and/or one or more operating systems 341, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
The steps in the shortest path privacy protection processing method described in fig. 1 above may be implemented by the structure of the user side described in this embodiment.
In this embodiment, a shortest path privacy protection processing system is introduced, where the system mainly includes a user side and a cloud server connected to the user side.
The related descriptions of the user side can refer to the descriptions of the above method embodiments, and are not described herein again.
The cloud server is mainly used for receiving a Dijkstra algorithm uploaded by the user side and the node graph to perform privacy protection processing on the shortest path, generating a calculation result and feeding the calculation result back to the user side.
As shown in fig. 12, which is a schematic diagram of a shortest path privacy protection processing system, a process of a user side (client) interacting with a cloud server is as follows: when using outsourced computing, the user first uploads the computing task f (x) to the cloud server. Secondly, the user performs blind processing on the input data x of the computing task to obtain blind input data x ', and then the blind input data x' are sent to the cloud server. After receiving the computing task F (x) and the input data x' sent by the user, the cloud server performs computing according to the requirements of the computing task. And after the calculation is completed, the calculation result Y '-F (x') is sent to the user. After that, the user verifies the received result Y' to see whether the result is correct, and if the result is verified, the user recovers the result to obtain the expected result Y. Otherwise, an error is output.
In this embodiment, only the above-mentioned processes are described as an example, and other implementation processes can refer to the description of this embodiment, which is not described herein again.
The present embodiment discloses a readable storage medium, on which a program is stored, and the program, when being executed by a processor, implements the steps of the shortest path privacy protection processing method described in the foregoing embodiment, which may be specifically referred to the description of the shortest path privacy protection processing method in the foregoing embodiment.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed in the embodiment corresponds to the method disclosed in the embodiment, so that the description is simple, and the relevant points can be referred to the description of the method part.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The shortest path privacy protection processing method, device, user side, system and readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, without departing from the principle of the present application, the present application can also make several improvements and modifications, and those improvements and modifications also fall into the protection scope of the claims of the present application.

Claims (6)

1. A privacy protection processing method of a shortest path is characterized by comprising the following steps based on a cloud server:
the user side uploads a Dijkstra algorithm for calculating the shortest path to a cloud server;
taking a node graph to be processed as input data to be subjected to blind processing to obtain blind input data;
sending the blinded input data to the cloud server so that the cloud server calls the Dijkstra algorithm to calculate the shortest path after receiving the blinded input data;
receiving a computing result returned by the cloud server as a blinded computing result;
verifying the blind calculation result;
if the blind calculation result passes the verification, recovering the blind calculation result to obtain an expected calculation result;
if the verification fails, outputting error prompt information;
the blind processing is performed by taking the node map to be processed as input data to obtain blind input data, and the blind processing method comprises the following steps:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
randomly selecting a plurality of pairs of nodes with paths in the matrix as target node pairs;
determining a node in the direct connection line of the target node pair as a new node;
adding paths between a plurality of newly added nodes and nodes with paths between the newly added nodes and the target node pairs as newly added paths;
or:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
deleting a plurality of nodes with the degree of 1 in the node graph to be processed in the matrix;
adding the distance between the node with the deleted degree of 1 and the successor node thereof to other paths connected with the successor node;
recording the front-back relationship and the path length of the node with the deleted degree of 1 and the subsequent node;
or:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
determining a plurality of nodes with the matrix middle degree of 2 as nodes to be deleted;
judging whether a path exists between the node to be deleted and the subsequent node;
if so, judging whether the sum of the distances from the node to be deleted to the subsequent node is greater than the distance between the subsequent nodes;
if the distance between the node to be deleted and the successor node of the node to be deleted is not larger than the preset distance, deleting the node to be deleted, replacing the value of the path between the successor nodes with the sum of the distances between the node to be deleted and the successor node of the node to be deleted, recording that the node to be deleted is a precursor node of the node closest to the node to be deleted, and recording the distance between the node to be deleted and the successor node of the node to be deleted;
if the number of the nodes to be deleted is larger than the preset value, deleting the nodes to be deleted, recording the nodes to be deleted as predecessor nodes of successor nodes closest to the nodes to be deleted, and recording the distances from the nodes to be deleted to the successor nodes;
and if the node to be deleted does not exist, deleting the node to be deleted, assigning the sum of the distances between the node to be deleted and the subsequent nodes thereof to the path between the subsequent nodes thereof, recording the node to be deleted as a precursor node of the subsequent node closest to the node to be deleted, and recording the distance from the node to be deleted to the subsequent node thereof.
2. The shortest path privacy-preserving processing method of claim 1, wherein verifying the blinded computation result comprises:
randomly selecting a plurality of nodes as verification nodes;
calculating the distance from the verification node to other nodes in the blinded input data to be used as a verification value;
comparing whether the blinded calculation result is the same as the verification value;
if not, judging that the verification is not passed;
if the two are the same, the verification is judged to be passed.
3. A shortest path privacy protection processing device is applied to a user side, and comprises:
the task uploading unit is used for uploading the Dijkstra algorithm for calculating the shortest path to the cloud server;
the parameter blinding unit is used for blinding the node graph to be processed as input data to obtain blinded input data;
the parameter transmission unit is used for sending the blinded input data to the cloud server so that the cloud server can call the Dijkstra algorithm to calculate the shortest path after receiving the blinded input data;
the result receiving unit is used for receiving a calculation result returned by the cloud server as a blinded calculation result;
the verification unit is used for verifying the blinded calculation result; if the verification is passed, triggering the first unit; if the verification fails, triggering the second unit;
the first unit is used for recovering the blinded calculation result to obtain an expected calculation result;
the second unit is used for outputting error prompt information;
the parameter blinding unit is specifically configured to:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
randomly selecting a plurality of pairs of nodes with paths in the matrix as target node pairs;
determining a node in the direct connection line of the target node pair as a new node;
adding paths between a plurality of newly added nodes and nodes with paths between the newly added nodes and the target node pairs as newly added paths;
or:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
deleting a plurality of nodes with the level of 1 in the node graph to be processed in the matrix;
adding the distance between the node with the deleted degree of 1 and the successor node thereof to other paths connected with the successor node;
recording the front-back relationship and the path length of the node with the deleted degree of 1 and the subsequent node;
or:
establishing a two-dimensional array to store the relationship among the nodes in the node graph to be processed to obtain a matrix;
determining a plurality of nodes with the medium degree of 2 in the matrix as nodes to be deleted;
judging whether a path exists between the node to be deleted and the subsequent node;
if yes, judging whether the sum of the distances from the node to be deleted to the subsequent node is larger than the distance between the subsequent nodes or not;
if the distance between the node to be deleted and the successor node of the node to be deleted is not larger than the preset distance, deleting the node to be deleted, replacing the value of the path between the successor nodes with the sum of the distances between the node to be deleted and the successor node of the node to be deleted, recording that the node to be deleted is a precursor node of the node closest to the node to be deleted, and recording the distance between the node to be deleted and the successor node of the node to be deleted;
if the number of the nodes to be deleted is larger than the preset value, deleting the nodes to be deleted, recording the nodes to be deleted as predecessor nodes of successor nodes closest to the nodes to be deleted, and recording the distances from the nodes to be deleted to the successor nodes;
and if the node to be deleted does not exist, deleting the node to be deleted, assigning the sum of the distances between the node to be deleted and the subsequent nodes thereof to the path between the subsequent nodes thereof, recording the node to be deleted as a precursor node of the subsequent node closest to the node to be deleted, and recording the distance from the node to be deleted to the subsequent node thereof.
4. A user terminal, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the shortest path privacy preserving processing method of any one of claims 1 to 2 when executing the computer program.
5. A shortest path privacy preserving processing system, comprising: the user terminal of claim 4, and a cloud server connected to the user terminal;
the cloud server is used for receiving a Dijkstra algorithm uploaded by the user side and the node graph to perform privacy protection processing on the shortest path, generating a calculation result and feeding the calculation result back to the user side.
6. A readable storage medium, characterized in that the readable storage medium has stored thereon a program which, when executed by a processor, implements the steps of the shortest path privacy protection processing method according to any one of claims 1 to 2.
CN202011426818.1A 2020-12-09 2020-12-09 Privacy protection processing method and device for shortest path Active CN112565081B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011426818.1A CN112565081B (en) 2020-12-09 2020-12-09 Privacy protection processing method and device for shortest path

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011426818.1A CN112565081B (en) 2020-12-09 2020-12-09 Privacy protection processing method and device for shortest path

Publications (2)

Publication Number Publication Date
CN112565081A CN112565081A (en) 2021-03-26
CN112565081B true CN112565081B (en) 2022-09-13

Family

ID=75060773

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011426818.1A Active CN112565081B (en) 2020-12-09 2020-12-09 Privacy protection processing method and device for shortest path

Country Status (1)

Country Link
CN (1) CN112565081B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209371A (en) * 2016-07-25 2016-12-07 青岛大学 It is applied to RSA Algorithm and generates the outsourcing method of key
CN106775576A (en) * 2017-03-28 2017-05-31 青岛大学 The safely outsourced computational methods and system of the matrix multiplication that can verify that
CN111539024A (en) * 2020-05-06 2020-08-14 青岛大学 Secondary residual operation method and system under assistance of secure cloud computing

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110060750A1 (en) * 2009-09-08 2011-03-10 Palo Alto Research Center Incorporated Max-value-first search for target value problems
CN109842555B (en) * 2019-03-26 2021-02-09 安徽师范大学 Privacy protection method for network shortest path based on anonymity

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209371A (en) * 2016-07-25 2016-12-07 青岛大学 It is applied to RSA Algorithm and generates the outsourcing method of key
CN106775576A (en) * 2017-03-28 2017-05-31 青岛大学 The safely outsourced computational methods and system of the matrix multiplication that can verify that
CN111539024A (en) * 2020-05-06 2020-08-14 青岛大学 Secondary residual operation method and system under assistance of secure cloud computing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种面向云存储的数据动态验证方案;李树全等;《计算机科学》;20200229;全文 *

Also Published As

Publication number Publication date
CN112565081A (en) 2021-03-26

Similar Documents

Publication Publication Date Title
US20210271764A1 (en) Method for storing data on a storage entity
US8776190B1 (en) Multifactor authentication for programmatic interfaces
US9747434B1 (en) Authenticating with an external device by providing a message having message fields arranged in a particular message field order
US20090138951A1 (en) Dynamic Cache Lookup Based on Dynamic Data
WO2018035002A1 (en) Protection feature for data stored at storage service
KR20140009105A (en) One-time password authentication with infinite nested hash chains
US10362007B2 (en) Systems and methods for user account recovery
US20190394040A1 (en) User Security Token Invalidation
Hou et al. Efficient audit protocol supporting virtual nodes in cloud storage
CN107948210A (en) A kind of login method, device, client, server and medium
CN112565081B (en) Privacy protection processing method and device for shortest path
CN115357939B (en) Privacy protection data calculation method and device
Hussien et al. Public auditing for secure data storage in cloud through a third party auditor using modern ciphertext
CN110266490B (en) Keyword ciphertext generation method and device of cloud storage data
JP6933290B2 (en) Secret calculation device, secret calculation authentication system, secret calculation method, and program
CN116992480A (en) Method for providing publicly verifiable outsourcing computing service
US20200304308A1 (en) Method for providing a proof-of-retrievability
CN113225348B (en) Request anti-replay verification method and device
JP2024510461A (en) Multi-factor authentication with connection resilience
CN107787494B (en) Recovery of login across reboots
CN114745173A (en) Login verification method, login verification device, computer equipment, storage medium and program product
US11210428B2 (en) Long-term on-demand service for executing active-secure computations
US9558359B1 (en) Information theoretically secure protocol for mobile proactive secret sharing with near-optimal resilience
CN109862008B (en) Key recovery method and device, electronic equipment and storage medium
CN108243148B (en) Method and apparatus for authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Zhang Hanlin

Inventor after: Zhao Zhequn

Inventor after: Li Xinliang

Inventor before: Zhang Hanlin

Inventor before: Zhao Zhequn

Inventor before: Li Xinliang