CN114866222B - Ciphertext data statistical analysis system and method supporting privacy protection - Google Patents

Abstract

The invention provides a ciphertext data statistical analysis system and method supporting privacy protection, which belong to the technical field of network information security, wherein the scheme realizes the statistical analysis energy supply of ciphertext data based on adopting homomorphic encryption algorithm and digital signature algorithm, and supports the statistical analysis function calculation and abnormal value detection statistical analysis function in ciphertext state, thereby providing data analysis service and system condition early warning for a supervision mechanism; according to the scheme, a multi-layer aggregation structure is adopted, namely, the edge nodes and the cloud nodes share the statistical calculation task, so that the calculation load at a single node is reduced; the edge node and the cloud node perform homomorphic statistical operation in a ciphertext state, so that user data and statistical data are prevented from being stolen by opponents, and meanwhile malicious behaviors in the system are also resisted; meanwhile, the scheme uses a secret sharing technology, so that the total number of the sensor devices cannot be known when the edge devices and the control center can calculate the average value.

Description

Ciphertext data statistical analysis system and method supporting privacy protection

Technical Field

The disclosure belongs to the technical field of network information security, and particularly relates to a ciphertext data statistical analysis system and method supporting privacy protection.

Background

The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.

In recent years, the Internet of things and the wireless sensor network are widely applied to application scenes such as intelligent agriculture, industrial manufacturing, intelligent traffic, intelligent home, automatic driving automobiles, medical care and the like. The sensor equipment and the terminal in the Internet of things are responsible for sensing real-time data, and the sensed data are transmitted to the control center for data analysis and intelligent control. Meanwhile, a supervision organization (such as security, environmental protection, electric power, agriculture, factory and other scenes) needs to make corresponding management measures or emergency response through real-time statistical analysis of abnormal conditions of terminal equipment and data through the Internet of things.

In various internet of things and wireless sensor networks, edge computing devices are deployed near terminal and sensor device areas, and can distribute a part of data statistics and computation tasks of the terminal and the sensor devices to the edge devices, thereby providing computation enhancement services for the terminal and the sensor with limited resources. The edge computing devices of the multiple areas transmit the aggregated data to a cloud control center for further statistical computation.

However, the inventors have found that the data aggregation, transmission and statistical analysis process may be subject to some potential attack and security risks such as illegal eavesdropping, malicious tampering, counterfeiting, etc. Because the internet of things terminal and the wireless sensor are usually deployed in an unattended environment, data can be captured or forged in the transmission process; an adversary can invade the edge gateway to steal the private data of the user; the adversary may eavesdrop when the statistical analysis data is transmitted in a wireless local area network or the internet. Meanwhile, if the cloud control center is used as a third party service provider and the statistical data is known, the corresponding business secret can be presumed and utilized; the supervision organization only has the right to acquire the statistical data in the authority range, and the number of the sensors and the represented industrial scale are required to be kept secret; in order to realize the security guarantee of data statistics analysis aiming at the security risk, the traditional encryption method cannot effectively solve the problem of cryptograph data statistics analysis enhanced by edge calculation.

Disclosure of Invention

In order to solve the problems, the disclosure provides a ciphertext data statistical analysis system and a method supporting privacy protection, wherein the scheme is characterized in that a plurality of parties such as an edge aggregator, a cloud control center, a supervision mechanism and the like participate in calculation, the quantity of sensors of the internet of things is not leaked to the cloud control center and the supervision mechanism, the confidentiality and the integrity of data are ensured by using an addition homomorphic encryption algorithm and a digital signature algorithm, the quantity of blind sensors is linearly transformed, and the confidentiality of equipment scale is realized; the scheme supports the statistical analysis function calculation and abnormal value detection statistical analysis function in the ciphertext state, and provides data analysis service and system condition early warning for the supervision mechanism.

According to a first aspect of an embodiment of the present disclosure, there is provided a ciphertext data statistical analysis system supporting privacy protection, comprising:

a trusted authority for generating independent public and private keys for the sensor device, the edge aggregator, the control center, and the regulatory agency;

the sensor equipment is used for carrying out basic preprocessing on the acquired data, encrypting the data through a homomorphic encryption algorithm, generating a digital signature of the sensor equipment by utilizing a digital signature algorithm based on the ID of the sensor equipment, forming a ciphertext data report, and sending the ciphertext data report to the edge aggregator;

the edge aggregator is used for receiving the ciphertext data report of the sensor equipment in the preset area and carrying out preset operation processing on the encrypted data in the ciphertext data report; meanwhile, carrying out blinding processing on the equipment number of the current area based on blinding numbers from a supervision mechanism, forming a ciphertext data report based on data subjected to preset operation processing and a digital signature of an edge aggregator, and sending the ciphertext data report to a control center;

the control center is used for receiving the ciphertext data report from the edge aggregator and carrying out preset operation processing on the encrypted data in the ciphertext data report; forming a ciphertext data report based on the processed encrypted data and the digital signature of the control center, and sending the ciphertext data report to a supervision organization;

and the supervisory mechanism is used for receiving the ciphertext data report from the control center, decrypting the ciphertext data and performing blind removing processing on the ciphertext data to obtain a statistical analysis result.

Further, the edge aggregator receives the ciphertext data report of the sensor device in the preset area, and then specifically executes the following operations: verifying the signature validity of the ciphertext data report; carrying out preset operation on ciphertext data for the ciphertext data report passing verification; generating a digital signature of the edge aggregator based on the edge aggregator ID; forming a ciphertext data report based on the data and the digital signature after the aggregation operation, and sending the ciphertext data report to a control center;

further, the trusted authority is further configured to: and generating an encryption public key and a decryption private key of the homomorphic encryption algorithm, and a signature public key and a signature private key of the digital signature algorithm according to preset safety parameters, and distributing the keys based on preset rules.

Further, the device number of the current area is subjected to blinding processing based on the blinding number from the supervision mechanism, and the device number is processed by adopting the following formula:

m′ _k ＝αm _k +β _k

wherein m' _k For the number of blind devices, m _k Alpha and beta are the actual equipment number _k Together forming the blinding number pairs.

Further, the distribution of the key is specifically: the trusted authority center encrypts the public key pk through a preset secure channel _AHE And a signature private key sk _DS,i Distributing to the sensor device; will encrypt public key pk _AHE Signature private key sk _DS,EA Public key pk for signature _DS,i Sending to an edge aggregator; will encrypt public key pk _AHE Signature private key sk _DS,CC Public key pk for signature _DS,EA Sending the data to a control center; will decrypt the private key sk _AHE = (p, q, λ) and public key pk for signing _DS,CC And sent to the regulatory agency.

Further, the generation of the digital signature specifically includes: based on the device ID identification, a digital signature corresponding to the device is generated through a digital signature algorithm.

Further, the homomorphic encryption algorithm includes, but is not limited to, the Paillier homomorphic encryption algorithm, and the digital signature algorithm includes, but is not limited to, the ECDSA digital signature algorithm.

Further, the preset operation includes a summation operation, an arithmetic average, a quadratic average, a weighted average, a variance, a number of data anomalies, and a data anomaly duty ratio.

Further, the basic preprocessing includes representing the acquired data as a data vector, a square perception data vector, a weighted perception data vector, and determining whether the data is abnormal.

According to a second aspect of the embodiments of the present disclosure, there is provided a ciphertext data statistical analysis method supporting privacy protection, which is based on the above-mentioned ciphertext data statistical analysis system supporting privacy protection, including:

the trusted authority center generates independent public keys and private keys for the sensor equipment, the edge aggregator, the control center and the supervision mechanism;

the sensor equipment performs basic preprocessing on the acquired data, encrypts the data through a homomorphic encryption algorithm, generates a digital signature of the sensor equipment by utilizing a digital signature algorithm based on the ID of the sensor equipment, forms a ciphertext data report, and sends the ciphertext data report to an edge aggregator;

the edge aggregator receives a sensor equipment ciphertext data report in a preset area and performs preset operation processing on encrypted data in the ciphertext data report; meanwhile, carrying out blinding processing on the equipment number of the current area based on blinding numbers from a supervision mechanism, forming a ciphertext data report based on data subjected to preset operation processing and a digital signature of an edge aggregator, and sending the ciphertext data report to a control center;

the control center receives the ciphertext data report from the edge aggregator and performs preset operation processing on the encrypted data in the ciphertext data report; forming a ciphertext data report based on the processed encrypted data and the digital signature of the control center, and sending the ciphertext data report to a supervision organization;

and the supervision mechanism receives the ciphertext data report from the control center, and performs decryption processing and blind removing processing on the ciphertext data to obtain a statistical analysis result.

Compared with the prior art, the beneficial effects of the present disclosure are:

(1) The scheme of the present disclosure provides a ciphertext data statistical analysis method supporting privacy protection, and the scheme realizes the statistical analysis energy supply of ciphertext data based on adopting homomorphic encryption algorithm and digital signature algorithm, and supports the statistical analysis function calculation and abnormal value detection statistical analysis function in ciphertext state, thereby providing data analysis service and system condition early warning for the supervision mechanism.

(2) According to the scheme, a multi-layer aggregation structure is adopted, namely, the edge nodes and the cloud nodes share the statistical calculation task, so that the calculation load of a single node is reduced. Meanwhile, the edge node and the cloud node perform homomorphic statistical operation under the ciphertext state, so that user data and statistical data are prevented from being stolen by opponents, and meanwhile malicious behaviors inside the system are also resisted.

(3) The scheme disclosed by the disclosure uses a secret sharing technology, so that the total number of the sensor devices cannot be known when the edge devices and the control center can calculate the average value. The control center uses the encrypted ciphertext and the total number of the blind devices to execute statistical function calculation in the ciphertext state; and after receiving the ciphertext, the supervision mechanism processes the decrypted mean value by utilizing an improved extended Euclidean algorithm, and calculates the correct mean value. The method avoids the control center from explicitly calculating the numerical value and/or total number based on the plaintext, thereby realizing the privacy protection of the equipment scale.

Additional aspects of the disclosure will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the disclosure.

Drawings

The accompanying drawings, which are included to provide a further understanding of the disclosure, illustrate and explain the exemplary embodiments of the disclosure and together with the description serve to explain the disclosure, and do not constitute an undue limitation on the disclosure.

Fig. 1 is a data transmission flow chart of a ciphertext data statistical analysis system supporting privacy protection according to an embodiment of the present disclosure;

FIG. 2 is a flow chart of the overall generation and distribution of trusted authority TA keys as described in embodiments of the present disclosure;

FIG. 3 is a flow chart of a sensor group transmitting ciphertext data reports to an edge aggregator EA according to an embodiment of the disclosure;

FIG. 4 is a flowchart of an edge aggregator EA transmitting ciphertext statistical analysis reports to a control center CC, according to an embodiment of the present disclosure;

fig. 5 is a flowchart of a control center CC transmitting a ciphertext statistical analysis report to a supervisory authority SV according to an embodiment of the present disclosure.

Detailed Description

The disclosure is further described below with reference to the drawings and examples.

It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the present disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs.

It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments in accordance with the present disclosure. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.

Embodiments of the present disclosure and features of embodiments may be combined with each other without conflict.

Embodiment one:

the aim of the embodiment is to provide a ciphertext data statistical analysis system supporting privacy protection.

A ciphertext data statistical analysis system that supports privacy protection, comprising:

a trusted authority for generating independent public and private keys for the sensor device, the edge aggregator, the control center, and the regulatory agency;

the sensor equipment is used for carrying out basic preprocessing on the acquired data, encrypting the data through a homomorphic encryption algorithm, generating a digital signature of the sensor equipment by utilizing a digital signature algorithm based on the ID of the sensor equipment, forming a ciphertext data report, and sending the ciphertext data report to the edge aggregator;

the edge aggregator is used for receiving the ciphertext data report of the sensor equipment in the preset area and carrying out preset operation processing on the encrypted data in the ciphertext data report; meanwhile, carrying out blinding processing on the equipment number of the current area based on blinding numbers from a supervision mechanism, forming a ciphertext data report based on data subjected to preset operation processing and a digital signature of an edge aggregator, and sending the ciphertext data report to a control center;

the control center is used for receiving the ciphertext data report from the edge aggregator and carrying out preset operation processing on the encrypted data in the ciphertext data report; forming a ciphertext data report based on the processed encrypted data and the digital signature of the control center, and sending the ciphertext data report to a supervision organization;

and the supervisory mechanism is used for receiving the ciphertext data report from the control center, decrypting the ciphertext data and performing blind removing processing on the ciphertext data to obtain a statistical analysis result.

Further, the edge aggregator receives the ciphertext data report of the sensor device in the preset area, and then specifically executes the following operations: verifying the signature validity of the ciphertext data report; carrying out preset operation on ciphertext data for the ciphertext data report passing verification; generating a digital signature of the edge aggregator based on the edge aggregator ID; forming a ciphertext data report based on the data and the digital signature after the aggregation operation, and sending the ciphertext data report to a control center;

further, the trusted authority is further configured to: and generating an encryption public key and a decryption private key of the homomorphic encryption algorithm, and a signature public key and a signature private key of the digital signature algorithm according to preset safety parameters, and distributing the keys based on preset rules.

Further, the device number of the current area is subjected to blinding processing based on the blinding number from the supervision mechanism, and the device number is processed by adopting the following formula:

m′ _k ＝αm _k +β _k

wherein m' _k For the number of blind devices, m _k Alpha and beta are the actual equipment number _k Together forming the blinding number pairs.

Further, the distribution of the key is specifically: the trusted authority center encrypts the public key pk through a preset secure channel _AHE And a signature private key sk _DS,i Distributing to the sensor device; will encrypt public key pk _AHE Signature private key sk _DS,EA Public key pk for signature _DS,i Sending to an edge aggregator; will encrypt public key pk _AHE Signature private key sk _DS,CC Public key pk for signature _DS,EA Sending the data to a control center; will decrypt the private key sk _AHE = (p, q, λ) and public key pk for signing _DS,CC And sent to the regulatory agency.

Further, the generation of the digital signature specifically includes: based on the device ID identification, a digital signature corresponding to the device is generated through a digital signature algorithm.

Further, the homomorphic encryption algorithm includes, but is not limited to, the Paillier homomorphic encryption algorithm, and the digital signature algorithm includes, but is not limited to, the ECDSA digital signature algorithm.

Further, the preset operation includes a summation operation, an arithmetic average, a quadratic average, a weighted average, a variance, a number of data anomalies, and a data anomaly duty ratio.

Further, the basic preprocessing includes representing the acquired data as a data vector, a square perception data vector, a weighted perception data vector, and determining whether the data is abnormal.

In particular, for easy understanding, the following detailed description of the embodiments will be given with reference to the accompanying drawings:

in order to solve the problems in the prior art, the present embodiment provides a ciphertext data statistical analysis system supporting privacy protection, the system includes the following five entities: a trusted authority TA; a sensor device SD; an edge aggregator EA; a control center CC; and (5) a supervisory agency SV. As shown in fig. 1, a data transmission flow chart of the system is shown, and the following details of the scheme of this embodiment are described in terms of the roles of different entities and interactions between the entities:

trusted authority TA

As shown in fig. 2, the following steps are specifically performed:

step A: the TA generates a public-private key pair of the Paillier homomorphic encryption algorithm according to a given security parameter. Two large primes p, q are randomly generated, let n=pq, λ=lcm (p-1, q-1). Selection ofThe order of g is a multiple of N.

And (B) step (B): the trusted authority TA generates a public-private key pair of the ECDSA digital signature algorithm according to a given security parameter. Let G be the finite fieldThe base point of the upper elliptic curve with the order q ₁ TA for each SD _i TA selection finite fieldRandom number in (a) as its private key +.>And calculate its public key pk _DS,i ＝sk _Ds,i ·G，SD _i The public-private key pair of (1) is (pk _DS,i ,sk _DS,i ) The method comprises the steps of carrying out a first treatment on the surface of the Similarly, TA generates corresponding public-private key pairs (pk) for EA, CC, SV _DS,EA ,sk _DS,EA )、(pk _DS,CC ,sk _DS,CC )、(pk _DS,SV ,sk _DS,SV ) The method comprises the steps of carrying out a first treatment on the surface of the The system selects a secure hash function +.>

Step C: the trusted authority TA encrypts the public key pair pk through a secure channel _AHE = (N, g) and signature private key sk _DS,i Distributed to sensor devices SD _i The method comprises the steps of carrying out a first treatment on the surface of the Will encrypt public key pk _AHE Signature private key sk _DS,EA Public key pk for signature _DS,i Send to edgeAn edge aggregator EA; will encrypt public key pk _AHE Signature private key sk _DS,CC Public key pk for signature _DS,EA Sending to a control center CC; will decrypt the private key sk _AHE = (p, q, λ) and public key pk for signing _DS,CC To the supervisory authority SV.

Step D: the supervisory mechanism SV randomly selects a group of random numbers alpha, beta ₁ ,β ₂ ,…β _n Where n is the number of edge gateways and satisfies β ₁ +β ₂ +…+β _n =0, the number pair (α, β _k ) Sent to the corresponding edge aggregator EA via a secure channel _k 。

(two) sensor device SD

When the sensor group generates the perceptual data, the multidimensional data is combined into a vector. At the same time, square data vectors and weighted data vectors are generated simultaneously in order to enable a diversified statistical function. As shown in fig. 3, the sensor device SD specifically performs the following steps:

step A: arbitrary sensor SD _i First, a l-dimensional perception data vector d is generated _i ＝(d _i,1 ,d _i,2 ,...,d _i,j ,...d _i,l ) The method comprises the steps of carrying out a first treatment on the surface of the Then, by calculating the squareGenerating square perceptual data vectorsAccording to the position weight w of the present sensor _i Through d _i,j,wei ＝d _i,j w _i Calculating to obtain a weighted perception data vector d _i,wei ＝(d _i,1,wei ,d _i,2,wei ,...,d _i,j,wei ,...,d _i,l,wei )。

And (B) step (B): for each sensor, there is a range of normal values, if the value of any dimension of the sensing data exceeds the normal range of values, it is determined that the value is abnormal, and the SD is determined _i Anomaly counter d of (2) _i,cnt Set to 1, otherwise set to 0.

Step C:at SD (secure digital) _i Generating d _i ,d _i,wei And d _cnt,i Then, the sensor uses Paillier homomorphic encryption algorithm to encrypt each dimension data to obtain corresponding ciphertext vector ++>c _i,wei ＝(c _i,1,wei ,…,c _i,l,wei ) And c _i,cnt 。

Step D: given the current timestamp TS, SD _i Identification name ID of (1) _i The sensor generates a digital signature using the ECDSA algorithm. SD (secure digital memory card) _i Selecting a random numberCalculation (r) _x,i ,r _y,i )＝k _i G and-> Then obtain signature value sigma _i ＝(sig _i mod q ₁ ,r _x,i mod q ₁ )。

Step E: sensor SD _i Selectively sending ciphertext data report to edge aggregator EA (c _i ,c _i,wei ,c _i,cnt ,σ _i ,TS,ID _i )。

(III) edge aggregator EA

Edge aggregator EA receives sensor SD _i And after the data report is sent, performing aggregation operation. If the aggregation operation is performed on plaintext, the private data will be exposed to an untrusted edge aggregator. Therefore, we do these statistical analysis operations on the basis of ciphertext. Perceptual data aggregation under ciphertextThe additive homomorphism nature of the Paillier encryption algorithm generates a statistical analysis report under ciphertext, as shown in FIG. 4, specifically including:

step A: the EA first verifies the legitimacy of the signature received from the report. EA calculation EA passing verification r' _x,i mod q ₁ ＝r _x,i mod q ₁ Whether or not it is established, to determine the validity of the signature.

And (B) step (B): after the verification signature passes, the edge aggregator EA performs a ciphertext aggregation operation. Using the homomorphism of the Paillier algorithm Dec (Enc (d ₁ )Enc(d ₂ )mod N ² )＝d ₁ +d ₂ mod N, EA calculation c _i ＝(c _i,1 ,…,c _i,l )， c _i,wei ＝(c _i,1,wei ,…,c _i,l,wei ) Summation c in each dimension of _j,sum ,c _j,qsum ,c _j,wsum (1. Ltoreq.j.ltoreq.l). C is set forth in _i For example, in dimension j->

Step C: the edge aggregator EA aggregates the counter ciphertext to obtain the total number ciphertext of the abnormal devices in the range of the EA, namely

Step D: the edge aggregator EA performs a blinding process on the number m of sensing devices in the region using the pair of blinding numbers (α, β) transmitted by SV, to obtain m' =αm+β.

Step E: given a givenIdentification name ID of current timestamp TS, EA _EA The EA generates a digital signature. EA selects a random numberCalculation (r) _x,EA ,r _y,EA )＝k _EA G and sig _EA ＝(H(c _1,sum ||…||c _l,sum ||c _1,qsum ||…||c _l,qsum ||c _1,wsum ||…||c _l,wsum ||c _i,cnt ||TS||ID _i )+sk _DS,EA r _x,EA )/k _EA Then obtain signature value sigma _EA ＝(sig _EA mod q ₁ ,r _x,EA mod q ₁ )。

Step E: the edge aggregator EA sends the ciphertext data report (c _j,sum ,c _j,qsum ,c _j,wsum ,c _cnt ,m′,σ _EA ,TS,ID _EA ),(1≤j≤l)。

(IV) control center CC

After receiving the statistical analysis report sent by the edge aggregator EA, the control center CC performs ciphertext average calculation. Because the total number of devices is blindly hidden by the EA, the control center CC cannot learn each EA _k The number of specific devices administered and the total number of devices. Therefore, the average value obtained by CC is a blinded average value. As shown in fig. 5, the control center CC specifically performs the following steps:

step A: the CC verifies the validity of the statistical report signature. Calculation (r' _x,EA ,r′ _y,EA )＝G/(sig _EA ·H(c _1,sum ||…||c _l,sum ||c _1,qsum ||…||c _l,qsum ||c _1,wsum ||…||c _l,wsum ||c _cnt ||m′||TS||ID _EA )+pk _EA /sig _EA r _x,EA EA passing verification r' _x,EA mod q ₁ ＝r _x,i mod q ₁ Whether or not it is established, to determine the validity of the signature.

And (B) step (B): after the signature verification is passed, the control center CC transmits the blinded device number m 'for each EA' _k And (1) adding k is less than or equal to n. Due to the nature of the blinding parameters, the summationAs a result of (2) being m' _sum ＝m′ ₁ +m′ ₂ +…+m′ _n ＝α(m ₁ +m ₁ +…+m _n )+β ₁ +β ₂ +…+β _n ＝α(m ₁ +m ₁ +…+m _n )。

Step C: utilizing homomorphism properties of Paillier homomorphism encryption algorithmTotal number of blinded devices m' _sum CC calculation c _i ,/>c _i,wei Blind mean c for each dimension in (a) _j,mean ,c _j,qmean ,c _j,wmean . Taking the j-th dimension as an example,CC calculation of the abnormal Equipment count proportion after blinding +.>

Step D: given the current timestamp TS, the identification name ID of the CC _CC The EA generates a digital signature. CC selects a random numberCalculation (r) _x,CC ,r _y,CC )＝k _CC G and sig _CC ＝(H(c _1,mean ||…||c _l,mean ||c _1,qmean ||…||c _l,qmean ||c _1,wmean ||…||c _l,wmean ||c _rat,cnt ||TS||ID _CC )+sk _DS,CC r _x,CC )/k _CC Then obtain signature value sigma _CC ＝(sig _CC mod q ₁ ,r _x,CC mod q ₁ )。

Step E: the control center CC sends the ciphertext number to the supervisory mechanism SVReport (c) _j,mean ,c _j,qmean ,c _j,wmean ,c _rat,cnt ,σ _CC ,TS,ID _CC ),(1≤j≤l)。

(V) regulatory body SV

After receiving the statistical analysis report sent by the control center CC, the supervisory mechanism SV performs decryption and post-processing. The administrative SV visualizes the decrypted mean (scale). If the statistics (e.g., mean) are themselves decimal, then a meaningless decimal will result after decryption. Thus, in post-processing, the modified extended Euclidean algorithm is introduced to perform a reduction to obtain an approximation of the decimal. The supervision authority SV specifically performs the following steps:

step A: the control center CC first verifies the validity of the signature received the statistical report. SV calculation (r' _x,CC ,r′ _y,CC )＝G/(sig _CC ·H(c _1,mean ||…||c _l,mean ||c _1,qmean ||…||c _l,qmean ||c _1,wmean ||…||c _l,wmean ||c _rat,cnt ||TS||ID _CC )+pk _CC /sig _CC ·r _x,CC SV passes verification of r' _x,CC mod q ₁ ＝r _x,i mod q ₁ Whether or not it is established, to determine the validity of the signature.

And (B) step (B): after the signature verification is passed, the supervision authority SV performs the Paillier decryption operation. SV calculation d=l (c ^λ mod n ² ) Mu mod n, hereμ＝(L(g ^λ mod n ² )) ^-1 mod N. After decryption, the average value of each dimension and the proportion of abnormal equipment are still in a blinded hidden state and are expressed as (d' _1,mean ,…,d′ _l,mean ,d′ _1,qmean ,…,d′ _l,qmean ,d′ _1,wmean ,…,d′ _l,wmean ,d′ _rat,cnt )。

Step C: after decryption, the supervisory authority SV performs the blinding operation. By d' _j,mean For example, the SV calculation d _j,mean ＝αd′ _j,mean . After blind removalThe mean value of each dimension and the abnormal equipment ratio are expressed as (d) _1,mean ,…,d _l,mean ,d _1,qmean ,…,d _l,qmean ,d _1,wmean ,…,d _l,wmean ,d _rat,cnt )。

Step D: the decrypted mean value is reduced by extending Euclidean reduction and converted into the correct floating point number. The reduction algorithm described in table 1 is performed:

the reduced mean is denoted as (D _1,mean ,…,D _l,mean ,D _1,qmean ,…,D _l,qmean ,D _1,wmean ,…,D _l,wmean ,D _rat,cnt )。

Step D: and calculating a secondary mean value and variance. CC calculates the secondary mean value in different dimensionsCalculating variance D in different dimensions _j,var ＝D _j,qmean -(D _j,mean ) ² 。

Embodiment two:

the purpose of this embodiment is to provide a ciphertext data statistical analysis method supporting privacy protection.

A ciphertext data statistical analysis method supporting privacy protection is based on the ciphertext data statistical analysis system supporting privacy protection, which comprises the following steps:

the trusted authority center generates independent public keys and private keys for the sensor equipment, the edge aggregator, the control center and the supervision mechanism;

the sensor equipment performs basic preprocessing on the acquired data, encrypts the data through a homomorphic encryption algorithm, generates a digital signature of the sensor equipment by utilizing a digital signature algorithm based on the ID of the sensor equipment, forms a ciphertext data report, and sends the ciphertext data report to an edge aggregator;

the edge aggregator receives a sensor equipment ciphertext data report in a preset area and performs preset operation processing on encrypted data in the ciphertext data report; meanwhile, carrying out blinding processing on the equipment number of the current area based on blinding numbers from a supervision mechanism, forming a ciphertext data report based on data subjected to preset operation processing and a digital signature of an edge aggregator, and sending the ciphertext data report to a control center;

the control center receives the ciphertext data report from the edge aggregator and performs preset operation processing on the encrypted data in the ciphertext data report; forming a ciphertext data report based on the processed encrypted data and the digital signature of the control center, and sending the ciphertext data report to a supervision organization;

and the supervision mechanism receives the ciphertext data report from the control center, and performs decryption processing and blind removing processing on the ciphertext data to obtain a statistical analysis result.

Further, the method according to the present embodiment is based on the system according to the first embodiment, and the technical details thereof are described in detail in the first embodiment, so that the description thereof is omitted here.

The ciphertext data statistical analysis system and the method supporting privacy protection can be realized, and have wide application prospects.

The foregoing description of the preferred embodiments of the present disclosure is provided only and not intended to limit the disclosure so that various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (8)

1. A ciphertext data statistical analysis system supporting privacy protection, comprising:

a trusted authority for generating independent public and private keys for the sensor device, the edge aggregator, the control center, and the regulatory agency;

the sensor equipment is used for carrying out basic preprocessing on the acquired data, encrypting the data through a homomorphic encryption algorithm, generating a digital signature of the sensor equipment by utilizing a digital signature algorithm based on the ID of the sensor equipment, forming a ciphertext data report, and sending the ciphertext data report to the edge aggregator;

the edge aggregator is used for receiving the ciphertext data report of the sensor equipment in the preset area and carrying out preset operation processing on the encrypted data in the ciphertext data report; meanwhile, performing blinding processing on the equipment number of the current area based on blinding numbers from a supervision mechanism, forming a ciphertext data report based on the encrypted data after the preset operation processing and the digital signature of the edge aggregator and the blinding processed equipment number, and sending the ciphertext data report to a control center;

the control center is used for receiving the ciphertext data report from the edge aggregator and carrying out preset operation processing on the encrypted data in the ciphertext data report; forming a ciphertext data report based on the processed encrypted data and the digital signature of the control center, and sending the ciphertext data report to a supervision organization;

the supervisory mechanism is used for receiving the ciphertext data report from the control center, decrypting the ciphertext data and performing blind removing treatment to obtain a statistical analysis result;

the basic preprocessing comprises the steps of representing collected data as data vectors, generating square perception data vectors based on the data vectors, calculating weighted perception data vectors based on the data vectors, and judging whether the data are abnormal based on the data vectors; if the data is judged to be abnormal, setting the corresponding abnormal counter to be 1, otherwise, setting the corresponding abnormal counter to be 0;

the device number of the current area is subjected to blinding processing based on the blinding number from the supervision mechanism, and the device number of the current area is processed by adopting the following formula:

m′ _k ＝αm _k +β _k

wherein m' _k For the number of blind devices, m _k Alpha and beta are the actual equipment number _k Together forming the blinding number pairs.

2. The system for statistical analysis of ciphertext data supporting privacy protection of claim 1, wherein the edge aggregator, after receiving the ciphertext data report of the sensor device in the predetermined area, performs the following operations: verifying the signature validity of the ciphertext data report; carrying out preset operation on ciphertext data for the ciphertext data report passing verification; generating a digital signature of the edge aggregator based on the edge aggregator ID; and forming a ciphertext data report based on the encrypted data after the preset operation processing, the digital signature and the equipment number after the blinding processing, and sending the ciphertext data report to a control center.

3. The ciphertext data statistical analysis system supporting privacy protection of claim 1, wherein the trusted authority is further configured to: and generating an encryption public key and a decryption private key of the homomorphic encryption algorithm, and a signature public key and a signature private key of the digital signature algorithm according to preset safety parameters, and distributing the encryption public key, the decryption private key, the signature public key and the signature private key based on preset rules.

4. The ciphertext data statistical analysis system supporting privacy protection of claim 1, wherein the distribution of the encryption public key, the decryption private key, the signature public key, and the signature private key is specifically: the trusted authority center encrypts the public key pk through a preset secure channel _AHE And a signature private key sk _DS,i Distributing to the sensor device; will encrypt public key pk _AHE Signature private key sk _DS,EA Public key pk for signature _DS,i Sending to an edge aggregator; will encrypt public key pk _AHE Signature private key sk _DS,CC Public key pk for signature _DS,EA Sending the data to a control center; will decrypt the private key and verify and sign the public key pk _DS,CC And sent to the regulatory agency.

5. The ciphertext data statistical analysis system supporting privacy protection of claim 1, wherein the generation of the digital signature is specifically: based on the device ID identification, a digital signature corresponding to the device is generated through a digital signature algorithm.

6. A ciphertext data statistical analysis system supporting privacy protection as recited in claim 5, wherein the homomorphic encryption algorithm comprises, but is not limited to, a Paillier homomorphic encryption algorithm, and the digital signature algorithm comprises, but is not limited to, an ECDSA digital signature algorithm.

7. The system of claim 1, wherein the predetermined operations include a summation operation, an arithmetic average, a quadratic average, a weighted average, a variance, a number of anomalies, and a duty cycle of anomalies.

8. A method for supporting privacy preserving ciphertext data statistical analysis based on a privacy preserving ciphertext data statistical analysis system as claimed in any one of claims 1 to 7, comprising:

the trusted authority center generates independent public keys and private keys for the sensor equipment, the edge aggregator, the control center and the supervision mechanism;

the sensor equipment performs basic preprocessing on the acquired data, encrypts the data through a homomorphic encryption algorithm, generates a digital signature of the sensor equipment by utilizing a digital signature algorithm based on the ID of the sensor equipment, forms a ciphertext data report, and sends the ciphertext data report to an edge aggregator;

the edge aggregator receives a sensor equipment ciphertext data report in a preset area and performs preset operation processing on encrypted data in the ciphertext data report; meanwhile, carrying out blinding processing on the equipment number of the current area based on blinding numbers from a supervision mechanism, forming a ciphertext data report based on data subjected to preset operation processing and a digital signature of an edge aggregator, and sending the ciphertext data report to a control center;

the control center receives the ciphertext data report from the edge aggregator and performs preset operation processing on the encrypted data in the ciphertext data report; forming a ciphertext data report based on the processed encrypted data and the digital signature of the control center, and sending the ciphertext data report to a supervision organization;

and the supervision mechanism receives the ciphertext data report from the control center, and performs decryption processing and blind removing processing on the ciphertext data to obtain a statistical analysis result.