CN114969783A - Privacy-protecting crowd sensing data recovery method and system - Google Patents
Privacy-protecting crowd sensing data recovery method and system Download PDFInfo
- Publication number
- CN114969783A CN114969783A CN202210579674.6A CN202210579674A CN114969783A CN 114969783 A CN114969783 A CN 114969783A CN 202210579674 A CN202210579674 A CN 202210579674A CN 114969783 A CN114969783 A CN 114969783A
- Authority
- CN
- China
- Prior art keywords
- terminal
- matrix
- data
- computing terminal
- row
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011084 recovery Methods 0.000 title claims abstract description 127
- 238000000034 method Methods 0.000 title claims abstract description 99
- 239000011159 matrix material Substances 0.000 claims description 175
- 239000000654 additive Substances 0.000 claims description 121
- 230000000996 additive effect Effects 0.000 claims description 121
- 238000004364 calculation method Methods 0.000 claims description 79
- 230000008447 perception Effects 0.000 claims description 44
- 238000004422 calculation algorithm Methods 0.000 claims description 41
- 230000027455 binding Effects 0.000 claims description 39
- 238000009739 binding Methods 0.000 claims description 39
- 230000006870 function Effects 0.000 claims description 29
- 230000008569 process Effects 0.000 claims description 20
- 238000012358 sourcing Methods 0.000 claims description 16
- 230000001953 sensory effect Effects 0.000 claims description 9
- 125000004122 cyclic group Chemical group 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 230000009466 transformation Effects 0.000 description 9
- 238000011156 evaluation Methods 0.000 description 6
- 230000007613 environmental effect Effects 0.000 description 5
- 238000005457 optimization Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 238000013480 data collection Methods 0.000 description 3
- 238000000354 decomposition reaction Methods 0.000 description 3
- 238000000605 extraction Methods 0.000 description 3
- 238000011478 gradient descent method Methods 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- NAWXUBYGYWOOIX-SFHVURJKSA-N (2s)-2-[[4-[2-(2,4-diaminoquinazolin-6-yl)ethyl]benzoyl]amino]-4-methylidenepentanedioic acid Chemical compound C1=CC2=NC(N)=NC(N)=C2C=C1CCC1=CC=C(C(=O)N[C@@H](CC(=C)C(O)=O)C(O)=O)C=C1 NAWXUBYGYWOOIX-SFHVURJKSA-N 0.000 description 1
- 241001290864 Schoenoplectus Species 0.000 description 1
- 239000000956 alloy Substances 0.000 description 1
- 229910045601 alloy Inorganic materials 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a privacy-protecting crowd sensing data recovery method and system.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a privacy-protecting crowd sensing data recovery method and system.
Background
With the popularity of various mobile devices, such as smartphones, wearable devices, and smart vehicles, crowd-sourcing awareness (MCS) has rapidly become a widely popular data collection method to collect various awareness data. Among them, the location-based MCS is widely applied to various scenarios, such as road monitoring, intelligent traffic, and environmental monitoring. For example, the MCS may provide environmental data of a target area for various environmental monitoring tasks by collecting environmental information (e.g., air quality, temperature, and noise pollution) collected on a mobile device held by a participant. However, in actual use, some blank areas of missing perceptual data often appear in the target area when deploying location-based MCS applications. These blank areas occur in various ways, such as limited budget of MCS application demanders, too large target areas, scarce MCS participants, etc.
In order to solve the data missing problem in MCS application, it is a common practice to perform data recovery operation on the collected incomplete (sparse) sensing data. Data recovery typically uses the association between data to infer the perceptual data lost in the white space. To achieve data recovery, the participants of the MCS application need to submit their true locations in addition to the perception data. However, this operation greatly violates the privacy of the participant's individual location, and because the participant's true location is among the sensitive privacy data, the participant is often reluctant to expose the individual's true location. On the other hand, besides the participant's real location itself, the perception data submitted by the participant may also indirectly reveal its real location, causing personal privacy disclosure problems. However, in the prior art, there is no perceptual data recovery method that simultaneously protects the actual location of the participant and the perceptual data.
Thus, there is a need for improvements and enhancements in the art.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a privacy-protecting crowd sensing data recovery method and system, aiming at solving the problem that no perception data recovery method for simultaneously protecting the real position of a participant and sensing data exists in the prior art.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
in a first aspect of the present invention, a privacy-preserving crowd sensing data recovery method is provided, the method comprising:
the method comprises the steps that a position confusion terminal applies random replacement to line/column coordinates of a real position through a pseudo-random replacement function to generate confusion line/column coordinates, line/column coordinate tokens are generated based on the line/column coordinates of the real position and a preset private key, a line/column binding set is generated based on the line/column coordinate tokens, the line/column binding set comprises all confusion line/column coordinates and calculation results of corresponding line/column coordinate tokens, a preset public key is generated based on the preset private key, and the preset public key is sent to a data acquisition terminal;
the data acquisition terminal performs blinding processing on own row/column coordinates to obtain blinding information, sends the blinding information to the position confusion terminal, the position confusion terminal signs the blinding information by adopting the preset private key to obtain signature information, sends the signature information and the row/column binding set to the data acquisition terminal so that the data acquisition terminal calculates a local token according to the signature information, the preset public key and the row/column binding set, and generates confusion row/column coordinates corresponding to own row/column coordinates according to the local token, own true implementation/column coordinates and the row/column binding set;
the data acquisition terminal generates first encrypted sensory data and second encrypted sensory data based on additive secret sharing, the first encrypted sensing data and the second encrypted sensing data are secret shares of the sensing data of the data acquisition terminal respectively, the data acquisition terminal sends the first report to the first computing terminal, sends the second report to the second computing terminal, the first report includes obfuscated coordinates of the data acquisition terminal and the first encrypted sensory data, the second report comprises the confusion coordinate of the data acquisition terminal and the second encryption perception data, such that the first computing terminal constructs a first matrix of location-obfuscated perceptual data, the second computing terminal constructs a second matrix of location-obfuscated perceptual data, the sum of the first sensing data matrix and the second sensing data matrix is a location-obfuscated sensing data matrix;
the first computing terminal and the second computing terminal perform computation in a data recovery algorithm according to the first sensing data matrix and the second sensing data matrix based on additive secret sharing, recover sensing data in the position-confused sensing data matrix in a ciphertext domain, and respectively obtain additive secret sharing shares of the position-confused data recovery matrix, and the first computing terminal and the second computing terminal respectively send the additive secret sharing shares of the locally-held position-confused data recovery matrix to a data demand terminal;
and the data demand terminal recovers to obtain the data recovery matrix of the position confusion, acquires the replacement secret key of the pseudorandom replacement function from the position confusion terminal, and inversely transforms the data recovery matrix of the position confusion according to the replacement secret key to obtain the data recovery matrix of the real position.
The privacy-protected crowd-sourcing sensing data recovery method, wherein the location obfuscation terminal generates a row/column coordinate token based on row/column coordinates of a real location and a preset private key, and generates a row/column binding set based on the row/column coordinate token, includes:
the position confusion terminal generates a row binding set based on a first formula and generates a column binding set based on a second formula;
the first formula is:
the second formula is:
wherein ,
for the set of row bindings is a set of row bindings,
for the set of binding of the columns,
is the ith row coordinate, n is the total number of row coordinates,
is composed of
The corresponding coordinates of the obfuscated row are,
is the jth row coordinate, m is the total number of row coordinates,
is composed of
The corresponding coordinates of the obfuscated column are,
in order to act as a token for the row coordinate,
for column coordinate tokens, Γ represents a cyclic group of order p, H: {0,1} * → Γ denotes a hash function mapping information of an arbitrary length to Γ, g denotes a generator of Γ, s ∈ Z p The preset private key is used as the preset private key;
the preset public key generated by the position confusion terminal is as follows: g is s 。
The privacy-protecting crowd sensing data recovery method is characterized in that the data acquisition terminal performs blind processing on own row/column coordinates to obtain blind information, and comprises the following steps:
the data acquisition terminal calculates
And by multiplying by g r To the row/column coordinates
Carrying out blinding to obtain blinded row/column coordinates
As the blinding information, wherein r is Z p A random value of;
the data acquisition terminal calculates a local token according to the signature information, the preset public key and the row/column binding set, and generates confusion row/column coordinates corresponding to the row/column coordinates of the data acquisition terminal according to the local token, the real implementation/column coordinates of the data acquisition terminal and the row/column binding set, wherein the confusion row/column coordinates comprise:
the data acquisition terminal calculates the local token as follows:
wherein ,
is the signature information;
the data acquisition terminal calculates
Generating own row/column coordinates
Corresponding obfuscated row/column coordinates
The privacy-protecting crowd sensing data recovery method comprises the following steps that the plaintext calculation process of the data recovery algorithm executed by the first computing terminal and the second computing terminal is as follows:
the first computing terminal and the second computing terminal iteratively update a first iteration matrix and a second data iteration matrix based on a gradient descent algorithm to solve an objective function;
when the first iteration matrix and the second iteration matrix reach a convergence condition, the calculation terminal takes the product of the first iteration matrix and the second iteration matrix as the perception data matrix;
the objective function is:
wherein λ > 0 is the Lagrangian multiplier, | F Is a Frobenius norm;
in the t iteration, the updated formulas of the first iteration matrix and the second iteration matrix comprise a third formula, a fourth formula, a fifth formula, a sixth formula and a seventh formula;
the third formula is:
the fourth formula is:
the fifth formula is:
the sixth formula is:
the seventh formula is:
wherein ,
represents the ith row of the first iteration matrix U at the beginning of the t-th iteration,
denotes the t-th timeThe ith row of the first iteration matrix U updated in an iteration,
represents the jth row of the second iteration matrix V at the beginning of the tth iteration,
represents the jth row, U, of the second iteration matrix V after updating in the t iteration 1 and V1 Initialized to random values, gamma > 0 is a learning parameter,
representing the value of the matrix D position (I, j) in the t-th iteration, D being the approximate error between U.V and S, W being a vector consisting of all the non-zero element subscripts in I, S being the perceptual data matrix, S ij For the value at position (I, j) in S, I denotes an index matrix, each element in I is used to identify whether the element at the corresponding position in S is missing,
to represent
Missing, otherwise
To represent
Are not deleted.
The privacy-protected crowd sensing data recovery method, wherein the first computing terminal and the second computing terminal perform computation in a data recovery algorithm according to the first sensing data matrix and the second sensing data matrix based on additive secret sharing, and the computation comprises:
after the first computing terminal and the second computing terminal execute iterative operation in the data recovery algorithm based on additive secret sharing, the first computing terminal and the second computing terminal calculate iterative loss through the objective function based on additive secret sharing;
the first computing terminal and the second computing terminal determine whether an iteration loss satisfies a convergence condition based on additive secret sharing;
when matrix multiplication in the data recovery algorithm is executed based on additive secret sharing, the same encryption matrix is adopted for the same multiplier in the matrix multiplication to carry out hiding operation in the additive secret sharing multiplication operation.
The privacy-protected crowd-sourcing aware data recovery method, wherein the first computing terminal and the second computing terminal execute iterative operations in the data recovery algorithm based on additive secret sharing, comprises:
the first computing terminal and the second computing terminal first calculate the seventh formula based on additive secret sharing, and then multiplex intermediate results of multiplication operations based on additive secret sharing of the seventh formula for calculating the third formula, the fourth formula, the fifth formula, and the sixth formula.
The privacy-protected crowd sensing data recovery method, wherein the first computing terminal and the second computing terminal compute the iteration loss through the objective function based on additive secret sharing, includes:
the first computing terminal and the second computing terminal are used as a norm operation result of an additive secret sharing computing matrix based on the sum of squares of each value in the matrix;
when calculating the loss of the t-th iteration, the first calculation terminal and the second calculation terminal calculate the matrix D in the t + 1-th iteration based on the additive secret sharing, and the matrix D in the t + 1-th iteration is used as the calculation result of I [ (U · V) ] -S in the t-th iteration.
The privacy-protected crowd-sourcing aware data recovery method, wherein the determining, by the first computing terminal and the second computing terminal, whether the iteration loss satisfies a convergence condition based on additive secret sharing, comprises:
the first computing terminal and the second computing terminal compute an absolute value of a first difference based on additive secret sharing, such that the first computing terminal holds one additive secret sharing share of the absolute value and the second computing terminal holds another additive secret sharing share of the absolute value, the first difference being a difference between an iteration loss of a t-th iteration and an iteration loss of a t-1-th iteration;
the first computing terminal and the second computing terminal computing a second difference based on additive secret sharing such that the first computing terminal holds one additive secret shared share of the second difference and the second computing terminal holds another additive secret shared share of the second difference;
the first computing terminal and the second computing terminal convert the locally held additive secret share of the second difference value into bit data, and two additive secret shares of the most significant bits of the second difference value are computed through a parallel prefix addition circuit;
the first computing terminal and the second computing terminal exchange two additive secret shared shares of the locally held most significant bits of the second difference, reconstruct the most significant bits of the second difference, and determine whether a convergence condition is satisfied according to the most significant bits of the second difference.
The privacy-preserving crowd-sourcing aware data recovery method, wherein the first computing terminal and the second computing terminal compute an absolute value of a first difference based on additive secret sharing, such that the first computing terminal holds one additive secret share of the absolute value and the second computing terminal holds another additive secret share of the absolute value, comprises:
the first computing terminal and the second computing terminal computing the first difference based on additive secret sharing such that the first computing terminal holds one additive secret shared share of the first difference and the second computing terminal holds another additive secret shared share of the second difference;
the first computing terminal and the second computing terminal convert the additive secret share of the first difference value held locally into bit data, and compute two additive shared secret shares of the most significant bits of the difference value through a parallel prefix addition circuit;
the first computing terminal and the second computing terminal obtain an additive secret share of the absolute value based on two rounds of computations:
in the first round of calculation, the first calculation terminal serves as a sender, the second calculation terminal serves as a receiver, and in the second round of calculation, the first calculation terminal serves as a receiver and the second calculation terminal serves as a sender;
in each round of computation, the sender generates a random number r and computes a message
Then the sender saves the random number and stores m 0 ,m 1 Sending the data to a receiver;
the receiver determines whether the most significant bit of the difference value stored locally is equal to 1, and if so, stores m 0 If not, then m is saved 1 ;
After the two rounds of calculation are finished, the first calculation terminal/the second calculation terminal sums the random number generated by the first calculation terminal/the second calculation terminal and the stored message to obtain the additive secret sharing share of the absolute value.
The invention provides a privacy-protecting crowd sensing data recovery system, which comprises a data acquisition terminal, a position confusion terminal, a first computing terminal, a second computing terminal and a data demand terminal, wherein the position confusion terminal is used for acquiring data; the data acquisition terminal, the position confusion terminal, the first computing terminal, the second computing terminal and the data demand terminal cooperatively complete any one of the privacy-protecting crowd sensing data recovery method.
Compared with the prior art, the invention provides a privacy-protected crowd sensing data recovery method and a system thereof, in the privacy-protected crowd sensing data recovery method, a position confusion terminal performs permutation and confusion on line/column coordinates based on a random permutation function, the position confusion terminal and a data acquisition terminal adopt a blind signature mode to enable the data acquisition terminal to acquire a confusion position corresponding to the real position of the data acquisition terminal, only one-time interaction is needed in the process, the data acquisition terminal cannot leak the real position of the data acquisition terminal to the position confusion terminal and other data acquisition terminals, after acquiring the confusion position of the data acquisition terminal, the data acquisition terminal encrypts the perception data based on additive secret sharing and sends the encrypted perception data and the confusion position to a first computing terminal and a second computing terminal, and the first computing terminal and the second computing terminal send the encrypted perception data and the confusion position to the first computing terminal and the second computing terminal together based on the received data, the method comprises the steps of constructing a position-confused sensing data matrix, carrying out calculation in a data recovery algorithm based on additive secret sharing, obtaining two additive secret sharing shares of the position-confused data recovery matrix, sending the two additive secret sharing shares to a data demand terminal, reconstructing the position-confused data recovery matrix by the data demand terminal, and carrying out inverse transformation on the position-confused data recovery matrix according to a replacement secret key of a random replacement function of the position-confused terminal to obtain the data recovery matrix of a real position.
Drawings
FIG. 1 is a flow diagram of an embodiment of a privacy-preserving crowd-sourcing aware data recovery method provided by the present invention;
FIG. 2 is a schematic diagram of recovery of actual data in perceptual data;
FIG. 3 is a schematic diagram of an interaction framework of the participants of the privacy-preserving crowd sensing data recovery method provided by the present invention;
FIG. 4 is a schematic diagram of a location obfuscation method for protecting intrinsic association of awareness data in an embodiment of a privacy-preserving crowd-sourcing awareness data recovery method provided by the present invention;
FIG. 5 is a schematic diagram of an algorithm of a secure location obfuscation protocol in an embodiment of the privacy-preserving crowd-sourcing aware data recovery method provided by the present invention;
FIG. 6 is a schematic diagram of an algorithm for secure approximate error calculation in an embodiment of the privacy-preserving crowd sensing data recovery method provided by the present invention;
FIG. 7 is a schematic diagram of an algorithm for updating a security decomposition matrix in an embodiment of the privacy-preserving crowd sensing data recovery method provided by the present invention;
FIG. 8 is a schematic diagram of an algorithm for securely calculating an iterative loss in an embodiment of a privacy-preserving crowd sensing data recovery method provided by the present invention;
FIG. 9 is a schematic diagram of a parallel prefix addition circuit;
FIG. 10 is a schematic diagram of an algorithm for securely calculating an absolute value of a loss difference in an embodiment of the privacy-preserving crowd-sourcing aware data recovery method provided by the present invention;
fig. 11 is a general schematic diagram of a secure data recovery protocol in an embodiment of the privacy-preserving crowd-sourcing aware data recovery method provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Example one
The embodiment provides a privacy-protected crowd sensing data recovery method, and aims to realize sensing data recovery in a privacy protection mode.
Referring first to data recovery, as shown in fig. 2, in MCS, a target area is usually divided into a plurality of uniformly sized grids, which form a sensing data matrix S with n rows and m columns, and each grid can be based on its row coordinate l x ∈L x : 1, n and column coordinates l y ∈L y : is identified as { 1. Each data acquisition terminal collects and submits perception data marked with a real position for a specific grid, wherein the real position is represented by a row-column coordinate corresponding to the grid. Submitting each data acquisition terminalThe perception report is defined as a triplet<l x ,l y ,c>Wherein (l) x ,l y ) Indicating the location of the participant and c the perception data within the corresponding grid. All the collected perception reports will sequentially fill the perception data into the grids corresponding to the perception data matrix S according to the positions of the perception reports. Due to the factors of limited MCS task budget, overlarge target area, or rare participants, it is generally difficult to collect the sensing data covering the whole target area in practice, so the sensing matrix S is generally sparse and has some missing elements.
In order to obtain a complete sensing data matrix, data recovery is usually performed on the incomplete sensing data matrix by predicting missing data in S using a data recovery technique. Let X denote an ideal perceptual data matrix of size n × m, with each element in X representing perceptual data corresponding to that trellis. There is no missing data in X. Let S denote the actual collected perceptual data matrix, which is of size n × m, and there is missing data in S. Let I denote an index matrix of size n × m, where each element in I is used to identify whether an element at a corresponding position in S is missing, and specifically,
to represent
Missing, otherwise
To represent
Are not deleted. Therefore, S ═ X ≧ I. Order to
Representing a recovery matrix obtained by performing data recovery on S, i.e.
An approximate estimate of XThe size is n × m.
In the method provided in this embodiment, in order to enable the data recovery algorithm in the MCS to perform accurate data recovery operation and provide protection of location and sensing data for the data acquisition terminal, as shown in fig. 3, three entities participate in the operation: the system comprises a demand party, participants and an MCS service provider, wherein the participants acquire sensing data through a data acquisition terminal, and the demand party acquires a data recovery matrix of a real position through a data demand terminal.
The requesting party first initiates an MCS task that requires the collection of sensory data of interest to the requesting party in the target area (e.g., an environmental monitoring facility wants to collect air quality or temperature in different areas of a city). The demander would typically turn to an MCS service provider to complete the MCS task. After receiving the MCS task, the MCS service provider firstly collects perception reports from the participants of the task and further performs necessary data recovery operations to obtain complete perception data covering the whole target area. Participants are typically data collection end-holders (e.g., cell phone users) interested in the current MCS task, who are responsible for collecting the perception data and submitting a report identifying the true location perception to the MCS service provider. But on the other hand, due to privacy concerns, participants are often reluctant to expose the real location of themselves in the target area, and it is therefore necessary to protect the real location of the participant from other entities in the protocol. Furthermore, since the sensory data submitted by the participants may also indirectly expose their true location, protection of the sensory data submitted by the participants is also necessary.
In the method provided by the embodiment, the MCS service is provided by three independent (cloud-based) service providers together, and is respectively used
And (4) showing. Wherein
Is primarily responsible for providing location obfuscation services to participants as bitsA position confusion terminal, the position confusion operation needs to be executed before the participants submit the perception reports, in reality
May be undertaken by a cloud service provider that specifically provides cryptographic services. First computing terminal
And a second computing terminal
Is mainly responsible for collecting the participant's submission of the encrypted perception report (i.e. the participant shares the data in the perception report to it through the ASS
And
) And cooperatively performing CS data recovery on the perception data shared by the ASS to obtain complete perception data in a ciphertext domain. And finally, the shared complete sensing data is sent to the demand side, and the demand side reconstructs a final result, and in reality,
and
can be acted by two cloud service providers with competition relationship. In recent years, such distributed trust and multi-server models have been increasingly adopted in security design in different application domains.
The privacy-protecting crowd sensing data recovery method provided by the embodiment mainly comprises two parts:
1. privacy-preserving location obfuscation protocol: this stage corresponds to steps 0-1 in fig. 3, and each participant first interacts with the sensor after collecting the sensory data
Interacting to obtain the corresponding real position (l) x ,l y ) Of (c)' x ,l′ y ) The position confusion method does not influence the accuracy of data recovery in the next step. After obtaining the confusion position, each participant replaces the real position in the perception report with the confusion position to obtain the perception report<l′ x ,l′ y ,c>And share it to ASS
Here, only the perception data is shared, and the location is not shared, i.e.
Respectively hold<l′ x ,l′ y ,[[c]]i>,i∈{0,1}。
2. Secure data recovery protocol: this stage corresponds to steps 2-5 in figure 3,
after all perception reports are collected, a designed privacy calculation scheme is cooperatively executed, CS data recovery calculation of a ciphertext domain is carried out, and complete perception data which is recovered by the CS under the ciphertext domain is obtained. In the end, the flow rate of the gas is controlled,
the two parties send the sharing results held by the two parties to the demand party, and the final result is recovered at the demand party.
The operation in this embodiment is implemented based on Additive Secret Sharing (ASS), and for convenience of the following description, the additive secret sharing is described first:
additive Secret Sharing (ASS) is a lightweight encryption that protects data by splitting it into multiple shared values, with [ · to]]Representing a secret shared form of some data. In particular, given a secret data to be protected
(l represents the bit length of a). The data may be partitioned into two shared values [ [ a ]]] 0 R and [ [ a ]]] 1 A-r, thus in the ring
Wherein a [ [ a ]]] 0 +[[a]] 1 Wherein r is a ring
An inner random value, hereinafter, [ [ a ] for convenience of explanation]] 0 and [[a]]1 Two additive secrets called a share. The two shares are sent to two different computation participants, and the secret data a is protected safely because a single share cannot reveal any information of a.
Suppose there are two parties
And
and the two parties secret shares two numbers a and b, i.e.
Hold [ [ a ]]] 0 and [[b]]0 ,
Hold [ [ a ]]] 1 and [[b]]1 ASS allows
And
secure addition and multiplication operations are performed with shared values. Wherein the safe addition operation [ [ a + b ]]] i Can be done by both parties performing the add operation locally, i.e., [ a + b [ ]]] i =[[a]] i +[[b]] i I is equal to {0, 1 }. When the final addition needs to be recoveredWhen the method calculates the result, it can be calculated by
Will [ [ a + b ]]] i Is sent to
After that
Calculating a + b [ [ a + b ]]] i +[[a+b]] 1-i I ∈ {0, 1}, so that the participating parties get the additive result a + b without knowing the specific values of a and b. The recovery operation described above is defined as Rec (. cndot.) (e.g., Rec (. [ [ a + b ])]] 0 ,[[a+b]] 1 )。
For secure multiply operation [ [ c ]]]=[[a·b]]First, it is necessary for both parties to share a multiplication triple (u, v, z), where
In sharing to obtain [ [ u ]]] i ,[[v]] i ,[[z]] i After that time, the user can use the device,
calculating [ [ e ]]] i =[[a]] i -[[u]] i ,[[f]] i =[[b]] i -[[v]] i And perform Rec ([ [ e ]]] 0 ,[[e]] 1 ),Rec([[f]] 0 ,[[f]] 1 ) Plaintext results e and f are obtained. Finally, the
Calculating [ [ c ]]] i =i·e·f+e·[[v]] i +f·[[u]] i +[[z]] i A share of the multiplication result c is obtained, where i ∈ {0, 1 }. Rec ([ [ c ]) can be performed by both parties if it is necessary to recover the multiplication results]] 0 ,[c] 1 ). It is noted that the above addition and multiplication operations can be applied to the addition and multiplication in matrix form as well.
As shown in fig. 1, the privacy-protected crowd sensing data recovery method provided in this embodiment includes the steps of:
s100, a position obfuscation terminal applies random permutation to line/column coordinates of a real position through a pseudo-random permutation function to generate obfuscated line/column coordinates, generates line/column coordinate tokens based on the line/column coordinates of the real position and a preset private key, generates a line/column binding set based on the line/column coordinate tokens, wherein the line/column binding set comprises all obfuscated line/column coordinates and calculation results of corresponding line/column coordinate tokens, and generates a preset public key based on the preset private key;
s200, the data acquisition terminal performs blinding processing on own row/column coordinates to obtain blinded information, the blinded information is sent to the position confusion terminal, the position confusion terminal signs the blinded information by adopting the preset private key to obtain signature information, the preset public key and the row/column binding set are sent to the data acquisition terminal, so that the data acquisition terminal calculates a local token according to the signature information, the preset public key and the row/column binding set, and generates confusion row/column coordinates corresponding to the own row/column coordinates according to the local token, own true implementation/column coordinates and the row/column binding set.
In a privacy protection position confusion stage, a confusion position of a real position needs to be correspondingly generated for each data acquisition terminal, so that the real position is prevented from being exposed in the subsequent steps, the position of the data acquisition terminal is a subscript of the data acquisition terminal in a sensing data matrix, the actual position can be confused in a mode of confusing the subscript, but if no confusion position is arbitrarily generated by the data acquisition terminal, the internal relation among sensing data can be damaged, and the accuracy of subsequent data recovery is reduced. In order to implement location obfuscation without destroying the relation in the sensing data, the method provided by this embodiment performs location obfuscation based on the following principle: all non-0 elements (i.e., non-missing elements) in the same row (column) in the perceptual data matrix should remain in the same row (column) after obfuscation. As an example, FIG. 4 shows an original sensing data matrix S * For the obfuscated perceptual data matrix, the elements in Ss 11 And s 12 In the same row as s 31 In the same column, to preserve this association, at S * Middle S 11 And s 12 Should still be in the same row, s 11 And s 31 Should still be in the same column. This position confusion can be achieved by random row-column permutation of the sensing matrix, using the vector L x and Ly Respectively, row coordinates and ordinate in the perceptual data matrix. The random row-column coordinate transformation on the perceptual matrix may be equivalent to a pair L x and Ly Random permutations are applied. By using
And
representing the confused row-column coordinates by S * Express according to
And
and establishing a confusion perception data matrix. The existing methods have proven to be based on S * The result of data recovery can be equivalently converted into the result of data recovery according to S through inverse row-column transformation.
Fig. 4 shows an example of the above obfuscation method, assuming that there is a 3 × 3 perceptual data matrix S in which 4 elements are missing. At the beginning, there is L x : 1, 2, 3 and L y : 1, 2, 3, now for L x and Ly Random substitution is carried out to obtain
And
and further constructing corresponding row and column transformation matrixes R and C. Thus, the confusion matrix S * Calculated according to the following formula:
finally, by S * The resulting recovery matrix
By inverse transformation
Conversion to a recovery matrix obtained by S
If the data acquisition terminals share the own position to jointly negotiate a rank change meeting the method, the position privacy of the participants can be seriously invaded, because each participant can easily know the positions of other participants. In this embodiment, the terminal is obfuscated by selecting a specific location
A confusion plan is generated for all positions and all participants are provided with confusion positions corresponding to their true positions.
The true location of any one participant cannot be known in the process of location obfuscation. In particular, the present embodiment provides a method to achieve this goal by using blind signature techniques.
The position obfuscation terminal generates a row/column coordinate token based on a row/column coordinate of a real position and a preset private key, and generates a row/column binding set based on the row/column coordinate token, including:
the position confusion terminal generates a row binding set based on a first formula and generates a column binding set based on a second formula;
the first formula is:
the second formula is:
wherein ,
for the set of row bindings is a set of row bindings,
for the set of binding of the columns,
is the ith row coordinate, n is the total number of row coordinates,
is composed of
The corresponding coordinates of the obfuscated row or rows,
is the jth row coordinate, m is the total number of row coordinates,
is composed of
The corresponding coordinates of the obfuscated column are,
in order to act as a token for the row coordinate,
for column coordinate tokens, Γ represents a cyclic group of order p, H: {0,1} * → Γ denotes a hash function mapping information of an arbitrary length to Γ, g denotes a generator of Γ, s ∈ Z p The preset private key is used as the preset private key;
the preset public key generated by the position confusion terminal is:e=g s 。
The data acquisition terminal performs blind processing on the line/column coordinates of the data acquisition terminal to obtain blind information, and the blind information comprises the following steps:
the data acquisition terminal calculates
And by multiplying by g r To the row/column coordinates
Blinding to obtain the blinded row/column coordinates
As the blinding information, wherein r is Z p A random value of;
the data acquisition terminal calculates a local token according to the signature information, the preset public key and the row/column binding set, and generates confusion row/column coordinates corresponding to the row/column coordinates of the data acquisition terminal according to the local token, the real implementation/column coordinates of the data acquisition terminal and the row/column binding set, wherein the confusion row/column coordinates comprise:
the data acquisition terminal calculates the local token as follows:
wherein ,
is the signature information;
the data acquisition terminal calculates
Generating own row/column coordinates
Corresponding obfuscated row/column coordinates
Specifically, the position confusion protocol in the method provided by this embodiment is divided into two parts: initialization and secure location obfuscation, and how these two parts are accomplished will be described in detail below.
Initialization: let Γ denote a cyclic group of order p, H: {0,1} * → Γ denotes a hash function that maps information of an arbitrary length to Γ, and g denotes a generator of Γ.
Firstly, randomly selecting a number s belonging to Z p As its own private key (i.e. the preset private key), and calculates the corresponding public key e ═ g s The public key e is published to all participants. Subsequently, the process of the present invention,
construction of L by pseudo-random permutation functions (PRPs) x ,L y Random permutation of
At this time, each line coordinate
All have a corresponding obfuscated row coordinate
The column coordinates are the same. It should be noted that the PRPs key used in each MCS task is different, and this key is sent to the requesting party during the initialization phase for the requesting party to recover the final result through the inverse transformation.
After that time, the user can use the device,
for each obfuscated location, a corresponding bound token is calculated, which will provide access control to each participant at the online stage, so that it can only access the obfuscated location corresponding to its own real location. In particular, the present invention relates to a method for producing,
will first coordinate for each row
And column coordinates
Token corresponding to calculator:
followed by
These tokens are bound to the corresponding obfuscated locations by the following two equations:
in one implementation, the cyclic group Γ used is composed of an elliptic curve, and thus
Is a point on the elliptic curve, P 2 In the calculation of
Before, need to first
Also onto an elliptic curve, this mapping can be done by Koblitz's algorithm.
Safe location obfuscation: when the data acquisition terminal collects the perception data, the perception data is firstly combined with the perception data
Two-wheel interaction is carried out to obtain a mixture corresponding to the real position of the two wheelsConfusing position (one round of acquiring obfuscated row coordinates and the other round of acquiring obfuscated column coordinates). For simplicity of illustration, only one data acquisition terminal is described below
How to obtain the actual implementation coordinates of the user
Confused line coordinates of
The alias column coordinates may be obtained by the same process as that of (1).
As shown in fig. 5, the process of obtaining the obfuscated row coordinates is given in Algorithm 1. In particular, a data acquisition terminal
First of all, calculate
And by multiplying by g r H is blinded to obtain the blinded line coordinate
Wherein r is Z p A random value. Subsequently, blinding the message
Is sent to P 2 . When receiving
P 2 Randomly signing the signature with the preset private key s:
and sign the signed message
And advancing in the initialization phaseCalculated
Sending and returning reference data acquisition terminal
When a return message is received, the return message,
first, calculate its token:
wherein 
By means of this token it is possible to,
can be calculated by
To come from
And extracting the confusion row coordinate corresponding to the real row coordinate of the user. As can be seen, in this step
Only the confusion coordinate of the token can be extracted, and the confusion coordinate of other data acquisition terminals cannot be obtained.
As can be seen from the above description, the blind signature allows P 2 Providing tokens to participants without knowing their specific location
And
furthermore, the signature unforgeability feature of the blind signature protocol can ensure that in addition toP 2 No one else can provide a valid token for a participant, so each participant can only get a confusing location corresponding to his real location.
Referring to fig. 1 again, the method provided in this embodiment further includes the steps of:
s300, the data acquisition terminal generates first encrypted sensing data and second encrypted sensing data based on additive secret sharing, the first encrypted sensing data and the second encrypted sensing data are secret shares of the sensing data of the data acquisition terminal respectively, the data acquisition terminal sends the first report to the first computing terminal and the second report to the second computing terminal, the first report comprises the obfuscated coordinates of the data acquisition terminal and the first encrypted sensing data, the second report comprises the confusion coordinate of the data acquisition terminal and the second encryption perception data, such that the first computing terminal constructs a first matrix of location-obfuscated perceptual data, the second computing terminal constructs a second matrix of location-obfuscated perceptual data, the sum of the first sensing data matrix and the second sensing data matrix is a location-obfuscated sensing data matrix;
s400, the first computing terminal and the second computing terminal perform computation in a data recovery algorithm according to the first sensing data matrix and the second sensing data matrix based on additive secret sharing, recover sensing data in the position-confused sensing data matrix in a ciphertext domain, respectively obtain additive secret sharing shares of the position-confused data recovery matrix, and respectively send the additive secret sharing shares of the locally-held position-confused data recovery matrix to the data demand terminal.
Through the previous position confusion operation, each data acquisition terminal is arranged at present
All hold obfuscated perception reports:
thereafter, each data collection terminal is directed to
Submitting a perception report, and
and cooperatively performing data recovery operation, and finally reconstructing a recovery result at the demand side, which corresponds to steps 2-5 in fig. 2. Specifically, each data acquisition terminal firstly generates perception data c through ASS d And submit a perception report
To give
Where k is equal to 0, 1. After receiving the obfuscated sensing reports of all the data acquisition terminals,
a matrix of obfuscated perceptual data under secret sharing is constructed from these reports [ S ] * ]] k And the confusion index matrix I * . Subsequently, the process of the present invention,
will be paired with S * And performing data recovery.
Specifically, in this embodiment, the plaintext calculation process of the data recovery algorithm executed by the first computing terminal and the second computing terminal is as follows:
the first computing terminal and the second computing terminal iteratively update a first iteration matrix and a second data iteration matrix based on a gradient descent algorithm to solve an objective function;
when the first iteration matrix and the second iteration matrix reach a convergence condition, the calculation terminal takes the product of the first iteration matrix and the second iteration matrix as the perception data matrix;
the objective function is:
wherein λ > 0 is Lagrange multiplier, | ·| non-calculation F Is a Frobenius norm;
in particular, use is made of f cs Represents a CS data recovery operation, and therefore has
f cs It will be performed according to the following flow. Assuming an object matrix to be solved
Can be decomposed into the product of two matrices U and V, i.e. via Singular Value Decomposition (SVD) techniques
Wherein U is L & Lambda 1/2 ,V=Λ 1/2 ·N。f cs U and V can be approximated by solving the following regular least squares problem (1). This optimization problem can be solved by a widely used gradient descent method, in this embodiment, a first iteration matrix U and a second iteration matrix V are continuously updated iteratively by using the gradient descent method, and in the t-th iteration, the update formulas of the first iteration matrix and the second iteration matrix are:
wherein ,
represents the ith row of the first iteration matrix U at the beginning of the t-th iteration,
represents the ith row of the first iteration matrix U after being updated in the t iteration,
represents the jth row of the second iteration matrix V at the beginning of the tth iteration,
represents the jth row, U, of the second iteration matrix V after updating in the t iteration 1 and V1 Initialized to random values, gamma > 0 is a learning parameter,
representing the value of the matrix D position (I, j) in the t-th iteration, D being the approximate error between U.V and S, W being a vector consisting of all the non-zero element subscripts in I, S being the perceptual data matrix, S ij For the value at position (I, j) in S, I denotes an index matrix, each element in I is used to identify whether the element at the corresponding position in S is missing,
to represent
Missing, otherwise
To represent
Are not deleted.
The first computing terminal and the second computing terminal perform computations in a data recovery algorithm based on additive secret sharing according to the first perceptual data matrix and the second perceptual data matrix, including:
after the first computing terminal and the second computing terminal execute iterative operation in the data recovery algorithm based on additive secret sharing, the first computing terminal and the second computing terminal calculate iterative loss through the objective function based on additive secret sharing;
the first computing terminal and the second computing terminal determine whether an iteration loss satisfies a convergence condition based on additive secret sharing.
That is, in general, the secure data recovery protocol provided in the present embodiment may be divided into two parts: safety gradient descent and safety convergence assessment. These two steps are iteratively performed in sequence until convergence. Safe gradient descent update matrix U secured by equations (2) - (6) introduced above * and V* 。U * and V* Is the position-confused U and V, which are finally multiplied to obtain the complete data recovery matrix of the required position confusion
The method provided by the embodiment completes the safe gradient descent calculation under the secret sharing. In this section, unlike the existing safe gradient descent protocol, D will not be ij Exposed to third parties, the method provided by the present embodiment does not reveal any intermediate results. For the second part of the safety convergence evaluation, the method provided by the embodiment allows
And
a secure evaluation of the convergence of the data recovery iteration is carried out during this process
And
it is only known whether the iteration should be stopped. Fine-grained control over the data recovery process can be achieved through the safety convergence evaluation protocol, so that the scheme provided by the embodiment can not face the problems of over-fitting or under-fitting and the like.
The arithmetic operations to be performed in the matrix update according to equations (2) - (6) mainly include secret sharing addition/subtraction and multiplication on the matrix, and in the t-th iteration, according to the input matrix [ [ (U) t ) * ]]And [ [ (V) t ) * ]]Generating an updated matrix [ (U) t+1 )*]]And [ [ (V) t+1 )*]]. The matrix addition/subtraction under secret sharing can be implemented more directly through the ASS. It can be observed that three multiplications need to be computed in the t-th iteration: (1)
(2)
(3)
wherein 
In the basic multiplication implementation, three independent multiplication triplets are directly utilized in each iteration: ([ [ A ] t ]],[[B t ]],[[C t ]]),([[A′ t ]],[[M t ]],[[Q t ]]),([[B′ t ]],[[M′ t ]],[[Q′ t ]]) To respectivelyThree multiplication operations are completed. In practical applications, these multiplication triplets may be preceded by P 2 Generates and shares its secret to
The attributes of the above triples are as follows: a. the t and A′t Is a matrix of n x r, A t and A′t For hiding (mask) in the multiplication (1) and the multiplication (2), respectively
B t and B′t Is a matrix of r × m, B t and B′t For hiding (mask) in the multiplication (1) and the multiplication (3), respectively
M t and M′t Is a matrix of n × M, M t and M′t For each line in the hidden (mask) multiplication (2) and multiplication (3), respectively
C t Is an n x m matrix and has C t =A t ×B t 。Q t and Q′t For two particular n x m matrices, the elements of the two matrices are not single data, but a vector of size 1 x r, i.e. a
However, the above-described basic method is not efficient in communication. This method does not notice that there are duplicate multipliers in the three multiplications. When one multiplier in different secret sharing multiplications remains unchanged, the multiplier needs to be hidden (mask) and reconstructed only once, thereby saving communication cost. With this in mind, in this embodiment, the underlying multiplication implementation is optimized as follows: it is noted thatRepeatedly use in three multiplications
There is no need to generate separate multiplication triples for each of the three multiplications, but instead let A' t =A t ,B′ t =B t ,M′ t =M t . That is, when the first computing terminal and the second computing terminal execute matrix multiplication in the data recovery algorithm based on additive secret sharing, a hidden (mask) operation in an additive secret sharing multiplication operation is performed using the same encryption matrix for the same multiplier in the matrix multiplication.
By the optimization, the online communication overhead can be greatly reduced, because the optimization is carried out
And
requiring only communication and reconfiguration
Once, in this way, the communication overhead of the three multiplications is reduced from 4nr +4rm +4nm (1- α) in the basic method to 2nr +2rm +2nm (1- α), where α is the data loss rate in the perceptual data matrix, in each iteration.
By integrating the above optimization process, the safety gradient descent process is decomposed into two subroutines: safety approximation error calculation (Algorithm 2), safety decomposition matrix update (Algorithm 3). For simplicity of illustration, the following description will be used interchangeably
And
as shown in FIG. 6, in each iteration, Algorithm2 safe calculation formula (6) is first used, i.e., the approximation error D is calculated t . Is worthy of noteIt is intended that all the required Rec (·,) operations in equations (2) - (6) are completed in Algorithm2, thus reconstructing E t ,F t ,F′ t Can be used directly in the following sub-routine. That is, the first computing terminal and the second computing terminal perform iterative operations in the data recovery algorithm based on additive secret sharing, including:
the first computing terminal and the second computing terminal calculate formula (6) based on the additive secret sharing, and then multiplex intermediate results of multiplication operations in the formula (6) based on the additive secret sharing for calculating formulas (2) - (5).
Subsequently, as shown in FIG. 7, Algorithm 3 (corresponding to equations (2) - (5)) continues to be used for secure updates
And
specifically, in Algorithm 3, lines 1-10 correspond to equation (2) and equation (4), and lines 11-20 correspond to equation (3) and equation (5). Note that Algorithm 3 only involves local calculations throughout,
and
there is no communication overhead between them, because the E reconstructed in Algorithm2 is multiplexed t ,F t ,F′ t 。
Then, it is necessary to safely determine whether the gradient descent iteration converges, and in the t-th iteration,
and
firstly, calculating the loss value according to the function given by the formula (1) under secret sharing, and using the loss value
Representing and comparing it with the loss value calculated in the last iteration
Making a comparison when
Less than a certain disclosed threshold e, the iteration is deemed to have converged and ordered
The iteration is terminated. The process is divided into three steps in sequence: (1) computing
(2) Computing
(3) Calculating out
The specific process of each step is described in turn.
First, the first computing terminal and the second computing terminal compute an iteration loss through the objective function based on additive secret sharing, including:
the first computing terminal and the second computing terminal are used as a norm operation result of an additive secret sharing computing matrix based on the sum of squares of each value in the matrix;
when calculating the loss of the t-th iteration, the first calculation terminal and the second calculation terminal calculate the matrix D in the t + 1-th iteration based on the additive secret sharing, and the matrix D in the t + 1-th iteration is used as the calculation result of I [ (U · V) ] -S in the t-th iteration.
In particular, for secure computing
According to the formula (1), in the calculation
The operation needed at any time comprises ASS addition and ASS multiplication, and in the step, a way of letting the ASS addition and the ASS multiplication be carried out is designed in the method provided by the embodiment
And
a configuration for accomplishing the above operation without communication. First consider how to calculate what is in equation (1)
To be provided with
For example, it was found that it can be further expressed as
Thus, the electric current can be passed through the pair [ [ U ] * ]]Each element in (a) is subjected to a safe squaring operation and added together to obtain a calculation result. For the secure computation of the square of a single number, it is necessary to use a random binary ([ [ a ] under a secret share]],[[b]]) Wherein b is a 2 . As with the triplets used in the preceding multiplication, the doublet may be composed of
Is generated and shared to
How to safely calculate the single number [ [ x ] is described next]]Square of [ [ x ] 2 ]]First, the
Calculating [ [ r ]]] k =[[x]] k -[[a]] k After that
Performing Rec ([ [ r ]]] 0 ,[[r]] 1 ) And (5) reconstructing r. Finally, the step of
Calculate [ [ x ] 2 ]] k =kr 2 +2r[[a]] k +[[b]] k To share x 2 。
Next, considering how safe I ≧ V) -S in the calculation formula (1), it was observed that this formula is the same as the formula used for the calculation D in formula (6), so the calculation result in Algorithm2 can be reused to reduce the calculation overhead. However, it should be noted that at the t-th iteration, the calculation is performed
Required I [ (. U.V) -S ] not equal to D t But is equal to D t+1 This is because the updated (U) is used when calculating the loss in the t-th iteration t+1 ) * and (Vt+1 ) * . In order to reuse the calculation results to reduce the calculation overhead, pair D in the t +1 th iteration t+1 Moves to the t-th iteration, so that it can be used in the t-th iteration
Instead of the former
The specific integration of this mechanism will be given later in Algorithm 6.
Finally, the method provided by the embodiment also optimizes each iteration
And
and (4) calculating. As previously described, for safe computation of these three squares, three random numbers need to be utilizedMachine binary ([ [ A "")]],[[RA]]),([[B″]],[[RB]]),([[M″]],[[RM]]) Wherein A ', B ', M ' are used to hide (mask) U, respectively * ,V * ,D t+1 Further, RA ═ A ", RB ═ B" ", RM ═ M" ", as M". It is clear that the same optimization techniques as in the safety gradient descent protocol can be used to reduce the communication overhead, i.e. a ″, B ″, and M ″, M may be made, however, it should be noted that in the t-th iteration, a in the triplet generated for the t + 1-th iteration should be used t+1 Alternative A ″) t ,B t+1 Substitute B ″) t ,M t+1 Alternative M ″) t The reason is the same.
With the above, the present embodiment provides an apparatus for providing a user with a desired service
And
secure computing without communication
The specific flow of the Algorithm of (1) is given in Algorithm 4, as shown in FIG. 8.
The first computing terminal and the second computing terminal determining whether an iteration loss satisfies a convergence condition based on additive secret sharing, including:
the first computing terminal and the second computing terminal compute an absolute value of a first difference based on additive secret sharing, such that the first computing terminal holds one additive secret sharing share of the absolute value and the second computing terminal holds another additive secret sharing share of the absolute value, the first difference being a difference between an iteration loss of a t-th iteration and an iteration loss of a t-1-th iteration;
the first computing terminal and the second computing terminal computing a second difference based on additive secret sharing such that the first computing terminal holds one additive secret shared share of the second difference and the second computing terminal holds another additive secret shared share of the second difference;
the first computing terminal and the second computing terminal convert the locally held additive secret share of the second difference value into bit data, and two additive secret shares of the most significant bits of the second difference value are computed through a parallel prefix addition circuit;
the first computing terminal and the second computing terminal exchange two additive secret shared shares of the locally held most significant bits of the second difference, reconstruct the most significant bits of the second difference, and determine whether a convergence condition is satisfied according to the most significant bits of the second difference.
The first computing terminal and the second computing terminal computing an absolute value of a first difference based on additive secret sharing such that the first computing terminal holds one additive secret shared share of the absolute value and the second computing terminal holds another additive secret shared share of the absolute value, comprising:
the first computing terminal and the second computing terminal computing the first difference based on additive secret sharing such that the first computing terminal holds one additive secret shared share of the first difference and the second computing terminal holds another additive secret shared share of the second difference;
the first computing terminal and the second computing terminal convert the additive secret share of the first difference value held locally into bit data, and compute two additive shared secret shares of the most significant bits of the difference value through a parallel prefix addition circuit;
the first computing terminal and the second computing terminal obtain an additive secret share of the absolute value based on two rounds of computations:
in the first round of calculation, the first calculation terminal serves as a sender, the second calculation terminal serves as a receiver, and in the second round of calculation, the first calculation terminal serves as a receiver and the second calculation terminal serves as a sender;
in each round of computation, the sender generatesA random number r, and calculates a message
Then the sender saves the random number and sends m 0 ,m 1 Sending the data to a receiver;
the receiver determines whether the most significant bit of the difference value stored locally is equal to 1, and if so, stores m 0 If not, then m is saved 1 ;
After the two rounds of calculation are finished, the first calculation terminal/the second calculation terminal sums the random number generated by the first calculation terminal/the second calculation terminal and the stored message to obtain the additive secret sharing share of the absolute value.
In particular, for secure computing
After the calculation of the iteration loss has been performed,
and
under the condition of holding secret sharing
And
and need to calculate
The main difficulty of this step is how to calculate the absolute value thereof.
In the method provided in this embodiment, the calculation is performed
Is converted into a safe maximumThe bit-significant (MSB) extraction problem. Is represented by beta
MSB of (i.e. a)
When beta is 0, it represents
Conversely, when β is 1, it represents
This gives the following formula:
thus, the calculation of the absolute value is converted into a safe solution β. The secure MSB extraction function is denoted by ExtB,<β>=ExtB([[x]]) Wherein<·>Represents Z 2 The following secret sharing. ExtB may be safely computed by a custom parallel prefix addition circuit, as shown in fig. 9 for a custom 8-bit parallel prefix addition circuit. For a number under some secret sharing [ [ x ]]],
And
firstly, will [ [ x ] locally]] 0 ,[[x]] 1 Decomposing the data into bit strings with length of l, inputting the bit string to customized parallel prefix adding circuit, and safely executing' XOR gate
AND gate
"compute," XOR
And
"is natively supported in boolean secret sharing. Therefore, it is not only easy to use
And
the most significant bit of one ciphertext data may be securely computed.
Based on ExtB, the following formula can be obtained:
it should be noted that it is preferable that,<β>and
in different secret-shared domains, so the above equations are not easily computed directly. In order to calculate the formula (10), a customized protocol is designed to obtain in this embodiment
The specific process is as follows:
i.
generating a random number
And calculates the message
After that
Storing r and adding m 0 ,m 1 Is sent to
ii when<β> 1 When the number is equal to 1, the alloy is put into a container,
preservation of m 0 On the contrary
Preservation of m 1
iii.
And
steps i and ii are performed again, but this time
The role of the impersonation recipient is,
and (4) performing deduction on the sender.
Finally, the process is carried out in a batch,
m to store itself 0 Or m 1 And r generated by itself are added up,
m to store itself 0 Or m 1 And r generated by itself. As shown in fig. 10, is complete
The calculation flow is given in Algorithm 5. Wherein the communication overhead is mainly focused on the second row of the secure MCS extraction operation. To obtain a secretThe MSB of the next 1-bit long number is shared,
and
data of 12l-12-4log l bits length need to be exchanged in log l rounds. In addition to this, in the 3 rd and 5 th rows,
and
four elements are also exchanged, thus an additional 4l bits long communication overhead. In summary, Algorithm 5 has a total communication overhead of 16l-12-4log l bits.
Secure computing
Is obtained by
After that time, the user can use the device,
both sides continue to calculate the iterative convergence condition
Where e is a disclosed threshold value that may be specified by the participant in actual use. Both parties will terminate the iteration when the above condition is 1, otherwise continue. The above equation can also be converted to an MSB solving problem, as follows:
therefore, the use of ExtB can be continued to safely obtain the iterative convergence evaluation result
This result will be later derived from
Reconstructed to indicate whether to terminate the iteration. Lines 12-14 of Algorithm6 as shown in FIG. 11 illustrate the process of secure iteration termination evaluation.
Combining all the sub-procedures and techniques described earlier results in an overall flow for secure data recovery, shown in Algorithm6 as shown in FIG. 11. The calculation of [ D ] is required before the iteration starts 1 ]](line 3) because of the calculation of [ [ (U) 2 ) * ]]And [ [ (V) 2 ) * ]]Need to use [ [ D ] 1 ]]. Furthermore, as introduced above, the convergence evaluation needs to be performed in the tth iteration before [ [ D ] t+1 ]]。
Through steps S300 and S400, after convergence, the additive secret share of the location-obfuscated data recovery matrix held by the first computing terminal and the second computing terminal is the matrix U * and V* Is shared with the share.
Turning to fig. 1, the method provided in this embodiment further includes the steps of:
and S500, the data demand terminal recovers to obtain the data recovery matrix of the position confusion, the data demand terminal obtains the permutation key of the pseudorandom permutation function from the position confusion terminal, and the data recovery matrix of the position confusion is inversely transformed according to the permutation key to obtain the data recovery matrix of the real position.
When in use
After stopping the iteration, the matrix U * and V* In the form of secret sharing in
To the data demand terminal
Get U * and V* And locally completing the obfuscated recovery matrix
Constructing a calculation formula as follows:
then, the data demand terminal continues to pass through the system initialization phase
Transmitted pair of replacement keys
Inverse transformation is carried out to obtain an original recovery matrix
Specifically, the data requiring terminal firstly generates the confusion coordinate by replacing the secret key
Further constructing a travel transformation matrix R and a column transformation matrix C, and finally calculating
Obtaining a recovered complete perceptual data matrix
As the data recovery matrix.
In summary, this embodiment provides a privacy-preserving crowd sensing data recovery method, in which a position obfuscating terminal performs permutation obfuscation on row/column coordinates based on a random permutation function, the position obfuscating terminal and a data acquisition terminal adopt a blind signature manner to enable the data acquisition terminal to obtain an obfuscated position corresponding to a self real position, and only one interaction is required in the process, the data acquisition terminal does not leak the self real position to the position obfuscating terminal and other data acquisition terminals, after obtaining the self obfuscated position, the data acquisition terminal encrypts self sensing data based on additive secret sharing and then sends the encrypted sensing data and the obfuscated position to a first computing terminal and a second computing terminal, and the first computing terminal and the second computing terminal construct a sensing data matrix of position obfuscation based on received data, and performing calculation in a data recovery algorithm based on additive secret sharing, sending two additive secret sharing shares of the obtained position-confused data recovery matrix to the data demand terminal, reconstructing the position-confused data recovery matrix by the data demand terminal, and performing inverse transformation on the position-confused data recovery matrix according to a replacement secret key of a random replacement function of the position-confused terminal to obtain the data recovery matrix of the real position.
It should be understood that, although the steps in the flowcharts shown in the figures of the present specification are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in the flowchart may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, databases, or other media used in embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
Example two
Based on the embodiment, the invention also correspondingly provides a privacy-protecting crowd sensing data recovery system, which comprises a data acquisition terminal, a position confusion terminal, a first computing terminal, a second computing terminal and a data demand terminal; the data acquisition terminal, the position confusion terminal, the first computing terminal, the second computing terminal and the data demand terminal are used for cooperatively executing relevant steps in the crowd sensing data recovery method for privacy protection in the first embodiment.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A privacy preserving crowd sensing data recovery method, the method comprising:
the method comprises the steps that a position confusion terminal applies random replacement to line/column coordinates of a real position through a pseudo-random replacement function to generate confusion line/column coordinates, line/column coordinate tokens are generated based on the line/column coordinates of the real position and a preset private key, a line/column binding set is generated based on the line/column coordinate tokens, the line/column binding set comprises all confusion line/column coordinates and calculation results of corresponding line/column coordinate tokens, a preset public key is generated based on the preset private key, and the preset public key is sent to a data acquisition terminal;
the data acquisition terminal performs blinding processing on own row/column coordinates to obtain blinding information, sends the blinding information to the position confusion terminal, the position confusion terminal signs the blinding information by adopting the preset private key to obtain signature information, sends the signature information and the row/column binding set to the data acquisition terminal so that the data acquisition terminal calculates a local token according to the signature information, the preset public key and the row/column binding set, and generates confusion row/column coordinates corresponding to own row/column coordinates according to the local token, own true implementation/column coordinates and the row/column binding set;
the data acquisition terminal generates first encrypted sensory data and second encrypted sensory data based on additive secret sharing, the first encrypted sensing data and the second encrypted sensing data are secret shares of the sensing data of the data acquisition terminal respectively, the data acquisition terminal sends the first report to the first computing terminal, sends the second report to the second computing terminal, the first report comprises the obfuscated coordinates of the data acquisition terminal and the first encrypted sensing data, the second report comprises the confusion coordinate of the data acquisition terminal and the second encryption perception data, such that the first computing terminal constructs a first matrix of location-obfuscated perceptual data, the second computing terminal constructs a second matrix of location-obfuscated perceptual data, the sum of the first sensing data matrix and the second sensing data matrix is a location-obfuscated sensing data matrix;
the first computing terminal and the second computing terminal perform computation in a data recovery algorithm according to the first sensing data matrix and the second sensing data matrix based on additive secret sharing, recover sensing data in the position-confused sensing data matrix in a ciphertext domain, and respectively obtain additive secret sharing shares of the position-confused data recovery matrix, and the first computing terminal and the second computing terminal respectively send the additive secret sharing shares of the locally-held position-confused data recovery matrix to a data demand terminal;
and the data demand terminal recovers to obtain the data recovery matrix of the position confusion, acquires the replacement secret key of the pseudorandom replacement function from the position confusion terminal, and inversely transforms the data recovery matrix of the position confusion according to the replacement secret key to obtain the data recovery matrix of the real position.
2. The privacy-preserving crowd-sourcing aware data recovery method according to claim 1, wherein the location obfuscation terminal generates a row/column coordinate token based on row/column coordinates of a real location and a preset private key, generates a row/column binding set based on the row/column coordinate token, and comprises:
the position confusion terminal generates a row binding set based on a first formula and a column binding set based on a second formula;
the first formula is:
the second formula is:
wherein ,
for the set of row bindings is a set of row bindings,
for the set of binding of the columns,
is the ith row coordinate, n is the total number of row coordinates,
is composed of
The corresponding coordinates of the obfuscated row are,
is the jth row coordinate, m is the total number of row coordinates,
is composed of
The corresponding coordinates of the obfuscated column are,
in order to act as a token for the row coordinate,
for column coordinate tokens, Γ represents a cyclic group of order p, H: {0,1} * → Γ denotes a hash function mapping information of an arbitrary length to Γ, g denotes a generator of Γ, s ∈ Z p The preset private key is used;
the preset public key generated by the position confusion terminal is as follows: g is s 。
3. The privacy-preserving crowd sensing data recovery method according to claim 2, wherein the data acquisition terminal blindly processes its own row/column coordinates to obtain blinded information, including:
the data acquisition terminal calculates
And by multiplying by g r To the row/column coordinates
Blinding to obtain the blinded row/column coordinates
As the blinding information, wherein r is Z p A random value of;
the data acquisition terminal calculates a local token according to the signature information, the preset public key and the row/column binding set, and generates confusion row/column coordinates corresponding to the row/column coordinates of the data acquisition terminal according to the local token, the real implementation/column coordinates of the data acquisition terminal and the row/column binding set, wherein the confusion row/column coordinates comprise:
the data acquisition terminal calculates the local token as follows:
wherein ,
is the signature information;
the data acquisition terminal calculates
Generating own row/column coordinates
Corresponding obfuscated row/column coordinates
4. The privacy-preserving crowd sensing data recovery method according to claim 1, wherein the plaintext calculation process of the data recovery algorithm executed by the first computing terminal and the second computing terminal is as follows:
the first computing terminal and the second computing terminal iteratively update a first iteration matrix and a second data iteration matrix based on a gradient descent algorithm to solve an objective function;
when the first iteration matrix and the second iteration matrix reach a convergence condition, the calculation terminal takes the product of the first iteration matrix and the second iteration matrix as the perception data matrix;
the objective function is:
wherein λ > 0 is Lagrange multiplier, | ·| non-calculation F Is a Frobenius norm;
in the t iteration, the updated formulas of the first iteration matrix and the second iteration matrix comprise a third formula, a fourth formula, a fifth formula, a sixth formula and a seventh formula;
the third formula is:
the fourth formula is:
the fifth formula is:
the sixth formula is:
the seventh publicationThe formula is as follows:
wherein ,
represents the ith row of the first iteration matrix U at the beginning of the t-th iteration,
represents the ith row of the first iteration matrix U after being updated in the t iteration,
represents the jth row of the second iteration matrix V at the beginning of the tth iteration,
represents the jth row, U, of the second iteration matrix V after updating in the t iteration 1 and V1 Initialized to random values, gamma > 0 is a learning parameter,
representing the matrix D position in the t iteration as the value of (I, j), D is the approximate error between U.V and S, W is a vector formed by all non-zero element subscripts in I, S is the perception data matrix, S ij For the value at position (I, j) in S, I denotes an index matrix, each element in I is used to identify whether the element at the corresponding position in S is missing,
to represent
Missing, otherwise
To represent
Are not deleted.
5. The privacy-preserving crowd-sourcing aware data recovery method of claim 4, wherein the first computing terminal and the second computing terminal perform computations in a data recovery algorithm based on the first matrix of awareness data and the second matrix of awareness data based on additive secret sharing, comprising:
after the first computing terminal and the second computing terminal execute iterative operation in the data recovery algorithm based on additive secret sharing, the first computing terminal and the second computing terminal calculate iterative loss through the objective function based on additive secret sharing;
the first computing terminal and the second computing terminal determine whether an iteration loss satisfies a convergence condition based on additive secret sharing;
when matrix multiplication in the data recovery algorithm is executed based on additive secret sharing, the same encryption matrix is adopted for the same multiplier in the matrix multiplication to carry out hiding operation in the additive secret sharing multiplication operation.
6. The privacy-preserving crowd-sourcing aware data recovery method of claim 5, wherein the first computing terminal and the second computing terminal perform iterative operations in the data recovery algorithm based on additive secret sharing, comprising:
the first computing terminal and the second computing terminal calculate the seventh formula based on additive secret sharing, and then multiplex intermediate results of multiplication operations in the seventh formula based on additive secret sharing for calculating the third formula, the fourth formula, the fifth formula, and the sixth formula.
7. The privacy-preserving crowd-sourcing aware data recovery method of claim 5, wherein the first computing terminal and the second computing terminal compute iterative losses through the objective function based on additive secret sharing, comprising:
the first computing terminal and the second computing terminal are used as a norm operation result of an additive secret sharing computing matrix based on the sum of squares of each value in the matrix;
when calculating the loss of the t-th iteration, the first calculation terminal and the second calculation terminal calculate the matrix D in the t + 1-th iteration based on the additive secret sharing, and the matrix D in the t + 1-th iteration is used as the calculation result of I [ (U · V) ] -S in the t-th iteration.
8. The privacy-preserving crowd-sourcing aware data recovery method of claim 6, wherein the first computing terminal and the second computing terminal determine whether an iteration loss satisfies a convergence condition based on additive secret sharing, comprising:
the first computing terminal and the second computing terminal compute an absolute value of a first difference based on additive secret sharing, such that the first computing terminal holds one additive secret share of the absolute value and the second computing terminal holds another additive secret share of the absolute value, the first difference being a difference between an iteration loss of a t-th iteration and an iteration loss of a t-1-th iteration;
the first computing terminal and the second computing terminal computing a second difference based on additive secret sharing such that the first computing terminal holds one additive secret share of the second difference and the second computing terminal holds another additive secret share of the second difference;
the first computing terminal and the second computing terminal convert the locally held additive secret share of the second difference value into bit data, and two additive secret shares of the most significant bits of the second difference value are computed through a parallel prefix addition circuit;
the first computing terminal and the second computing terminal exchange two additive secret shared shares of the locally held most significant bits of the second difference, reconstruct the most significant bits of the second difference, and determine whether a convergence condition is satisfied according to the most significant bits of the second difference.
9. The privacy-preserving crowd-sourcing perception data recovery method according to claim 8, wherein the first computing terminal and the second computing terminal compute an absolute value of a first difference based on additive secret sharing, such that the first computing terminal holds one additive secret sharing share of the absolute value and the second computing terminal holds another additive secret sharing share of the absolute value, comprising:
the first computing terminal and the second computing terminal computing the first difference based on additive secret sharing such that the first computing terminal holds one additive secret shared share of the first difference and the second computing terminal holds another additive secret shared share of the second difference;
the first computing terminal and the second computing terminal convert the additive secret share of the first difference value held locally into bit data, and compute two additive shared secret shares of the most significant bits of the difference value through a parallel prefix addition circuit;
the first computing terminal and the second computing terminal obtain an additive secret share of the absolute value based on two rounds of computations:
in the first round of calculation, the first calculation terminal serves as a sender, the second calculation terminal serves as a receiver, and in the second round of calculation, the first calculation terminal serves as a receiver and the second calculation terminal serves as a sender;
in each round of computation, the sender generates a random number r and computes a message
Then said sendingStoring the random number and dividing m 0 ,m 1 Sending the data to a receiver;
the receiver determines whether the most significant bit of the difference value stored locally is equal to 1, and if so, stores m 0 If not, then m is saved 1 ;
After the two rounds of calculation are finished, the first calculation terminal/the second calculation terminal sums the random number generated by the first calculation terminal/the second calculation terminal and the stored message to obtain the additive secret sharing share of the absolute value.
10. A group intelligence perception data recovery system with privacy protection is characterized by comprising a data acquisition terminal, a position confusion terminal, a first computing terminal, a second computing terminal and a data demand terminal; the data acquisition terminal, the position confusion terminal, the first computing terminal, the second computing terminal and the data demand terminal cooperatively complete the privacy-protecting crowd sensing data recovery method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210579674.6A CN114969783B (en) | 2022-05-26 | 2022-05-26 | Method and system for recovering crowd sensing data with privacy protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210579674.6A CN114969783B (en) | 2022-05-26 | 2022-05-26 | Method and system for recovering crowd sensing data with privacy protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114969783A true CN114969783A (en) | 2022-08-30 |
| CN114969783B CN114969783B (en) | 2023-08-29 |
Family
ID=82955201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210579674.6A Active CN114969783B (en) | 2022-05-26 | 2022-05-26 | Method and system for recovering crowd sensing data with privacy protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114969783B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109543842A (en) * | 2018-11-02 | 2019-03-29 | 西安交通大学 | The Distribution estimation method of higher-dimension intelligent perception data with local secret protection |
| US20200019865A1 (en) * | 2018-07-10 | 2020-01-16 | City University Of Hong Kong | System and method for processing data and managing information |
| CN111737737A (en) * | 2020-06-10 | 2020-10-02 | 西北工业大学 | Privacy protection method for fine-grained position fuzzy measurement facing mobile crowd sensing |
| CN114362917A (en) * | 2021-12-28 | 2022-04-15 | 安徽师范大学 | Method for discovering safe verifiable data truth value in mobile crowd sensing |
| CN114491629A (en) * | 2022-01-25 | 2022-05-13 | 哈尔滨工业大学(深圳) | Privacy-protecting graph neural network training method and system |
-
2022
- 2022-05-26 CN CN202210579674.6A patent/CN114969783B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200019865A1 (en) * | 2018-07-10 | 2020-01-16 | City University Of Hong Kong | System and method for processing data and managing information |
| CN109543842A (en) * | 2018-11-02 | 2019-03-29 | 西安交通大学 | The Distribution estimation method of higher-dimension intelligent perception data with local secret protection |
| CN111737737A (en) * | 2020-06-10 | 2020-10-02 | 西北工业大学 | Privacy protection method for fine-grained position fuzzy measurement facing mobile crowd sensing |
| CN114362917A (en) * | 2021-12-28 | 2022-04-15 | 安徽师范大学 | Method for discovering safe verifiable data truth value in mobile crowd sensing |
| CN114491629A (en) * | 2022-01-25 | 2022-05-13 | 哈尔滨工业大学(深圳) | Privacy-protecting graph neural network training method and system |
Non-Patent Citations (2)
| Title |
|---|
| XINGFU YAN ET AL: "Privacy-Preserving and Customization-Supported Data Aggregation in Mobile Crowdsensing", pages 19868 - 19880 * |
| 周桐庆: "群智感知数据的安全性与选择传输机制研究", no. 01, pages 138 - 13 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114969783B (en) | 2023-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112183730B (en) | Neural network model training method based on shared learning | |
| Avudaiappan et al. | Medical image security using dual encryption with oppositional based optimization algorithm | |
| CN112989368B (en) | Method and device for processing private data by combining multiple parties | |
| Xiong et al. | Toward lightweight, privacy-preserving cooperative object classification for connected autonomous vehicles | |
| CN112182649A (en) | Data privacy protection system based on safe two-party calculation linear regression algorithm | |
| EP3566389B1 (en) | Distributed privacy-preserving verifiable computation | |
| CN112347500B (en) | Machine learning method, device, system, equipment and storage medium of distributed system | |
| CN113221105B (en) | Robustness federated learning algorithm based on partial parameter aggregation | |
| CN111832074B (en) | Safety verification collaborative learning method and system based on SPDZ safety multi-party calculation | |
| CN113065145B (en) | Privacy protection linear regression method based on secret sharing and random disturbance | |
| CN114817958B (en) | Model training method, device, equipment and medium based on federal learning | |
| CN112862001A (en) | Decentralized data modeling method under privacy protection | |
| CN113158239B (en) | Selection problem processing method for protecting data privacy | |
| CN112464155B (en) | Data processing method, multiparty secure computing system and electronic equipment | |
| CN112818369A (en) | Combined modeling method and device | |
| CN115842627A (en) | Decision tree evaluation method, device, equipment and medium based on secure multi-party computation | |
| CN116708009A (en) | Network intrusion detection method based on federal learning | |
| CN115905633A (en) | Image similarity retrieval method and system with privacy protection function | |
| CN113935050A (en) | Feature extraction method and device based on federal learning, electronic device and medium | |
| CN113221153A (en) | Graph neural network training method and device, computing equipment and storage medium | |
| CN112860800A (en) | Trusted network application method and device based on block chain and federal learning | |
| CN113033823A (en) | Model training method, system and device | |
| Zheng et al. | SecDR: Enabling secure, efficient, and accurate data recovery for mobile crowdsensing | |
| CN114969783A (en) | Privacy-protecting crowd sensing data recovery method and system | |
| CN115130568A (en) | Longitudinal federated Softmax regression method and system supporting multiple parties |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |