KR102010644B1 - METHOD AND SYSTEM FOR k-NN CLASSIFICATION PROCESSING BASED ON GARBLED CIRCUIT - Google Patents

Abstract

The present invention relates to a k-NN classification processing algorithm on a cryptographic database outsourced to the cloud. In the GARBLED CIRCUIT-based k-NN classification processing method according to an embodiment of the present invention, as the result data for the k Nearest Neighbor (kNN) query from the user terminal is derived, the result data is derived. Calculating a frequency between the kNN query and past result data derived by the kNN query by performing a secure frequency (SF) between the first cloud and the second cloud, wherein the frequent Through calculation of the figure, selecting a search category, and if the search category matches the category of the derived result data, it may comprise the step of providing the derived result data to the user terminal.

Description

K-NN classification processing method based on garbled circuit and k-NN classification processing system based on garbled circuit {METHOD AND SYSTEM FOR k-NN CLASSIFICATION PROCESSING BASED ON GARBLED CIRCUIT}

The present invention relates to a k-NN classification processing algorithm on an encrypted database outsourced to the cloud, to protect data access patterns and to support data classification that may be exposed in processing a user query against an encrypted database. .

Recently, as research on cloud computing has been activated, interest in database outsourcing, which entrusts external operators to database management and operation, is increasing.

However, the outsourced database in the prior art can be exploited by extracting meaningful information from the cloud and attacker, and inferring personal information such as user's disposition and preference through queries sent to the cloud. there is a problem.

In order to solve this problem, researches for distributing and storing the database in multiple clouds, converting the contents of the database, and outsourcing have been developed. However, there are still disadvantages in that data and queries cannot be completely protected.

In addition, the data mining technique has been typically used as the kNN classification technique in the prior art. The data mining technique extracts the most frequent category after extracting k nearest data from a given query, which provides high information protection but has a disadvantage of high query processing cost.

Therefore, there is a need for a system and method that can support data protection, user query protection, and data access pattern protection in a database environment outsourced to the cloud while providing efficient query processing and data classification performance.

The present invention has been made to solve the above problems, the object of the present invention is to classify and analyze the result data of the k-NN query processing algorithm, it can be analyzed to extract the grade for the corresponding result data without information leakage.

In addition, the present invention has another object to provide an efficient query processing performance by reducing the number of operations by providing an encryption operation protocol based on the garbled circuit and data packing technique.

In addition, the present invention provides a k-NN query processing algorithm that supports encryption index search and data access pattern protection on an encrypted database based on an improved encryption operation protocol, thereby preventing data from being exposed and protecting data and user queries. In addition to protection, it has another purpose to support both data access pattern protection during query processing.

In the GARBLED CIRCUIT based k-NN query classification method according to an embodiment of the present invention, as the result data for the k Nearest Neighbor (kNN) query from the user terminal is derived, the result data is derived. Calculating a frequency between the kNN query and past result data derived by the kNN query by performing a secure frequency (SF) between the first cloud and the second cloud, wherein the frequent Through calculation of the figure, selecting a search category, and if the search category matches the category of the derived result data, it may comprise the step of providing the derived result data to the user terminal.

In addition, the garbled circuit-based k-NN classification processing system according to an embodiment of the present invention, as the result data for the kNN query from the user terminal is derived, and the first cloud involved in the derivation of the result data; Perform a multi-party frequency (SF) between a second cloud to calculate a frequency between the kNN query and past result data derived by the kNN query, and select a search category through the calculation of the frequency When the search category matches the category of the derived result data, the derived result data may be provided to the user terminal.

According to an embodiment of the present invention, by classifying and analyzing the result data of the k-NN query processing algorithm, an analysis may be performed to extract a grade of the result data without information leakage.

In addition, according to an embodiment of the present invention, by performing at least one cryptographic operation protocol of the ESSED protocol, the GSCMP protocol, and the GSPE protocol based on the garbled circuit and the data packing scheme, the number of operations is reduced, thereby improving efficient query processing performance. Can provide.

In addition, according to an embodiment of the present invention, by providing a k-NN query processing algorithm that supports encryption index search and data access pattern protection on the encryption database based on the improved encryption operation protocol, to prevent exposure of additional information It can support not only data protection and user query protection but also data access pattern protection during query processing.

1 is a diagram illustrating a garbled circuit-based k-NN classification processing system according to an embodiment of the present invention.
2 is a diagram illustrating data held in a first cloud according to an embodiment of the present invention.
3 is a diagram illustrating an encryption database according to an embodiment of the present invention.
4 is a diagram illustrating a kNN classification process according to an embodiment of the present invention.
5B and 6B illustrate a kNN classification processing algorithm according to an embodiment of the present invention.
FIG. 7 illustrates a point-region relationship in one-dimensional space according to an embodiment of the present invention.
8A to 9C are diagrams for describing a kNN classification processing algorithm according to an embodiment of the present invention.
10 is a flowchart illustrating a procedure of a garbled circuit based k-NN classification processing method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, the present invention is not limited or limited by the embodiments. Like reference numerals in the drawings denote like elements.

In the present invention, a "k-NN query" may refer to a query for searching k data existing in the closest distance from the query. The garbled circuit-based k-NN classification processing method and the garbled circuit-based k-NN classification processing system described herein use the efficient encryption algorithm based on the garbled circuit and data packing scheme to calculate Euclidean distance between two points. By comparing the two data, and determining whether the encryption point is included in the encryption area, the k-NN query can be processed on the encryption database, and the data can be classified by analyzing the k-NN query processing result through the classification system. .

1 is a diagram illustrating a garbled circuit-based k-NN classification processing system according to an embodiment of the present invention.

The garbled circuit based k-NN classification processing system 100 of the present invention (hereinafter, referred to as a k-NN classification processing system) includes a database (T) 110, a kd tree 120, an encryption public key (pk) ( 130, decryption secret key (sk) 140, first cloud (C _A ) 150, encryption database 160, encryption kd tree 170, and second cloud (C _B ) 180 It may include.

The k-NN classification processing system 100 divides the data stored in the database 110 by a predetermined number (for example, F) units, and includes a kd tree having a plurality of terminal nodes including the divided data. 120).

For example, the k-NN classification processing system 100 may build a kd tree 120 from the database 110 having a level h and having a total of 2 ^h-1 terminal nodes from the database 110, and each terminal node may have a maximum F. (FanOut) data can be saved.

Each terminal node of the kd tree 120 may store, in plain text form, region information regarding a node region in charge thereof and data IDs for data included in the node region. Here, the region information may include a lower limit (lb _{z, m} ) and an upper limit (ub _{z, m} ) (1 ≦ _z ≦ num _node , 1 ≦ j ≦ _m ) for a node region for each attribute m. have.

For example, referring to FIG. 2, the k-NN classification processing system 100 may store eight two-dimensional (eg, x and y dimensions) data. At this time, the k-NN classification processing system 100 may divide the corresponding data based on the kd tree. The constructed kd tree may include a total of four terminal nodes, and each terminal node has lower limit ( lb _x and lb _y ) information, upper limit ( ub _x and ub _y ) information, and ID of data included in the node. Can be stored. That is, the terminal node 'node 1' of the kd tree 120 has a lower limit '(lb _{1 , 0} , lb _{1 , 1} )' and an upper limit '(ub ₁ ) for the node area associated with the terminal node' node 1 '. _{, 0} , ub _{1 , 1} ) 'and data IDs' t ₁ ' and 't ₂ ' for data included in the node area.

To clarify the inclusion relationship between data and nodes herein, it is assumed that no data exists at each node boundary of the kd tree, but is not limited thereto.

The k-NN classification processing system 100 encrypts the kd tree 120 constructed from the database 110 to generate an encrypted kd tree 170.

In detail, the k-NN classification processing system 100 may generate the encrypted kd tree 170 by further encrypting data IDs of data included in the node area associated with each terminal node for each attribute.

For example, the k-NN classification processing system 100 encrypts data IDs 't ₁ ' and 't ₂ ' included in the terminal node 'node 1' of the kd tree 120 for each attribute m, and the remaining terminals By encrypting the data ID included in the node for each property m, an encrypted kd tree 170 may be generated. For example, the encrypted kd tree 170 includes four terminal nodes (node 1, node 2, node 3, node 4), and each terminal node 210, 220, 230, 240 is composed of a lower limit and an upper limit. It can have a node area.

In this case, the k-NN classification processing system 100 encrypts each terminal node included in the kd tree 120 with the same encryption public key 130 used when the encryption database 160 is generated. Can be generated.

For example, the k-NN classification processing system 100 may generate an encryption database as shown in FIG. 3. The k-NN classification processing system 100 may perform encryption on a dimensional basis and transmit the same to the first cloud 150. That is, the k-NN classification processing system 100 may encrypt area information of each terminal node included in the kd tree 120 for each property. As shown in FIG. 3, the public key of the encryption database 160 is encrypted. You can encrypt using.

The k-NN classification processing system 100 may provide a first cloud 150 and a second cloud 180 that are non-colluding.

In the present invention, each cloud (150, 180) when performing an encryption protocol to process the user query, based on the information obtained during the query processing, to collaborate with other clouds to obtain additional information to collect data and information You can avoid giving and receiving.

The k-NN classification processing system 100 stores the encrypted kd tree 170 in the first cloud 150 which holds the encryption database 160 and the encryption public key 130 (step 101).

In addition, the k-NN classification processing system 100 stores the decryption secret key 140 corresponding to the encryption public key 130 in a second cloud 180 different from the first cloud 150 (step 102). ).

In other words, the k-NN classification processing system 100 stores the encrypted kd tree 170 together with the encryption database 160 and the encryption public key 130 in the first cloud 150, and decrypts the generated secret key. The secret key 140 may be stored in another second cloud 180.

In addition, the k-NN classification processing system 100 may provide the same encryption public key 130 used for encryption of the database 110 to an authorized user (AU) 190 (step 103). When requesting a query to the first cloud 150 to acquire data, the terminal 190 may encrypt the user query using the provided encryption public key 130 (step 104).

For example, the terminal 190 may request a user query by encrypting the query point with the encryption public key 130, for example, 'E (q _j ) (1 ≦ _j ≦ m)'.

As such, the k-NN classification processing system 100 may provide a service based on an encrypted query to support data protection and user query protection.

When a user query is received from the user terminal 190, the k-NN classification processing system 100 may perform multi-party calculation between the first cloud 150 and the second cloud 180 based on the selected encryption operation protocol (SMC, Secure Multiparty Computation) may be performed to process the kNN query (step 105).

In addition, the k-NN classification processing system 100 may transmit a result of processing a user query together with the first cloud 150 and the second cloud 180 to the terminal 190 (step 106).

Here, the multilateral calculation may refer to safely performing protocols and operations through other entities (the first cloud 150 and the second cloud 180) without exposing the original data held by the data owner. have.

To this end, the k-NN classification processing system 100 may be configured in a second cloud 180 different from the first cloud 150 that stores the encrypted kd tree 170, the encryption database 160, and the encryption public key 130. The decryption secret key 140 may be stored, and based on this, the kNN query may be processed through multilateral calculation between the first cloud 150 and the second cloud 180.

Through this, the k-NN classification processing system 100 may securely process user queries on the encryption database 160 based on the encryption kd tree 170 while supporting data protection. In addition, the k-NN classification processing system 100 may have an advantage that no information related to data privacy, query privacy, and data access pattern is exposed in processing a query through a kNN query processing algorithm on an encryption database. A detailed description of the kNN query processing algorithm will be described with reference to FIGS. 4 to 9C to be described later. Before describing the kNN query processing algorithm, the protocol used herein will be described.

The k-NN classification processing system 100 selects at least one of an Enhanced Secure Squared Euclidean Distance (ESSED) protocol, a Garbled Circuit based Secure Compare (GSCMP) protocol, and a Garbled Circuit based Secure Point Enclosure (GSPE) protocol as an encryption operation protocol. can do.

For example, the k-NN classification processing system 100 may calculate the square E (| X - Y | ² ) of the distance between the vectors E ( X ) and E ( Y ) using the ESSED protocol. In this case, X and Y may be an m- dimensional vector.

First, the k-NN classification processing system 100 may generate random numbers in the first cloud 150 and then perform data packing through Equation 1 to calculate R.

Here, σ may be a bit length representing one data. Also, the k-NN classification processing system 100 may generate R (E) by encrypting R in the first cloud 150.

Next, the k-NN classification processing system 100 calculates the encryption distance E ( x _j - y _j ) (1 ≦ _j ≦ m ) of X and Y in each dimension in the first cloud 150, E ( v ) may be calculated by performing data packing through Equation 2.

를 통해 언패킹(unpacking)을 수행하여 x _j -y _j +r _j (1≤j≤m)을 획득한 후, 차원별 (x _j -y _j +r _j )²(1≤j≤m)을 합산하여, d에 저장할 수 있다(단, d의 초기값은 0으로 설정할 수 있으나, 이에 한정된 것은 아니다). Next, the k-NN classification processing system 100 calculates E ( v ) = E ( v ) × E ( R ) in the first cloud 150, and then converts E ( v ) to the second cloud 180. Can be sent to. Then, the k-NN classification processing system 100 decodes the received E ( v ) in the second cloud 180 and [ x ₁ - y ₁ + r ₁ |. | x _m - y _m + r _m ] can be obtained. In addition, the k-NN classification processing system 100 in the second cloud 180, v

Unpacking through to obtain x _j - y _j + r _j (1≤ j ≤ m ), then by dimension ( x _j - y _j + r _j ) ² (1≤ j ≤ m ) May be added and stored in d (however, the initial value of d may be set to 0, but is not limited thereto).

Through this, the k-NN classification processing system 100 can reduce the number of operations based on encrypted data compared to the DPSSED protocol of the prior art by performing the sum of the distances for each dimension in plain text.

Next, the k-NN classification processing system 100 may encrypt d in the second cloud 180 and then transmit E ( d ) to the first cloud 150. Through this process, the k-NN classification processing system 100 may reduce the m data encryption required in the second cloud 180 of the DPSSED protocol to one time.

Finally, the k-NN classification processing system 100 removes the value added by random number insertion in the first cloud 150 for each dimension by using Equation 3, so that the square E of the distance between two vectors X and Y is removed. (| X - Y | ² ) can be calculated.

According to an embodiment, the k-NN classification processing system 100 may process a kNN query using the GSCMP protocol.

When the k-NN classification processing system 100 is given E ( u ) and E ( v ) to the first cloud 150 using the GSCMP protocol, the k-NN classification processing system 100 returns E (1) when u < v is satisfied. If u > v , E (0) can be returned. Like the conventional CMP-S, the k-NN classification processing system 100 may perform the GSCMP protocol through a garbled circuit composed of two ADD gates and one CMP gate. However, the k-NN classification processing system 100 may be different from the CMP-S in that the k-NN classification processing system 100 may exchange data including random numbers between the first cloud 150 and the second cloud 180 while performing the GSCMP protocol. have.

In the following, it is intended to disclose the overall performance algorithm of the GSCMP protocol. First, the k-NN classification processing system 100 may generate two random numbers r _u and r _v in the first cloud 150. Second, the k-NN classification processing system 100 encrypts r _u and r _v in the first cloud 150, and then E ( m ₁ ) = E ( u ) × E ( r _u ) ² and E ( m ₂ ) = E ( v ) ² × E (1) × E ( r _v ) can be calculated. Third, the k-NN classification processing system 100 may select one of two Fs ( F ₀ : u > v , F ₁ : v > u ) in the first cloud 150. In this case, the k-NN classification processing system 100 may not disclose to the second cloud 180 which is selected from F ₀ and F ₁ . In addition, the k-NN classification processing system 100 may perform the following according to the selected F in the first cloud 150.

If F ₀ : u > v is selected in the first cloud 150, the k-NN classification processing system 100 may select <E ( m ₂ ), E ( m ₁ )> in the first cloud 150. The encrypted data may be transmitted to the second cloud 180 in the order of.

If F ₁ : u <v is selected in the first cloud 150, the k-NN classification processing system 100 may select <E ( m ₁ ), E ( m ₂ )> in the first cloud 150. The encrypted data may be transmitted to the second cloud 180 in the order of.

Fourth, the k-NN classification processing system 100 may decode the received data in the second cloud 180. When F ₀ : u> v is selected in the first cloud 150, the k-NN classification processing system 100 may obtain < m ₂ , m ₁ > in the second cloud 180, and the first cloud When F ₁ : u <v is selected at 150, the k-NN classification processing system 100 may obtain < m ₁ , m ₂ > from the second cloud 180.

Fifth, the k-NN classification processing system 100 may enable the first cloud 150 to generate a garbled circuit composed of two ADD gates and one CMP gate. If F ₀ is selected, the k-NN classification processing system 100 may transmit- r _v and- r _u to the first ADD gate and the second ADD gate, respectively, in the first cloud 150, and F _1. If the selected and _u -r - r _v may carry in each of the 1 ADD gate and the second gate 2 ADD.

Sixth, the k-NN classification processing system 100 may allow the second cloud 180 to transmit the first data, among the received data, to the first ADD gate, and transmit the second data to the second ADD gate. Can be delivered to Accordingly, the k-NN classification processing system 100 may allow the second cloud 180 to deliver m ₂ and m ₁ to the first ADD gate and the second ADD gate, respectively, when F ₀ is selected, and F ₁ is When selected, m ₁ and m ₂ may be delivered to the first ADD gate and the second ADD gate, respectively.

Seventh, the k-NN classification processing system 100 sums- r _v and m ₂ = v + r _v when F ₀ is selected and, when F ₁ is selected- r _u and m , in the first ADD gate. ₁ = u + r _u can be added to pass the result " result ₁ " to the CMP gate.

Eighthly, the k-NN classification processing system 100 sums- r _u and m ₁ = u + r _u when F ₀ is selected and, when F ₁ is selected- r _v and m , in the second ADD gate. _You can add ₂ = v + r _v so that the result " result ₂ " is passed to the CMP gate. At this time, since the result value of the ADD gate is encoded and transmitted by the characteristic of the garbled circuit, information exposure may not occur.

Ninth, the k-NN classification processing system 100 may return α = 1 in the CMP gate if result ₁ < result ₂ , and otherwise return α = 0.

Finally, the result α of the garbled circuit can be confirmed in the second cloud 180, and the k-NN classification processing system 100 encrypts it in the second cloud 180 and transmits it to the first cloud 150. Can be. However, since the second cloud 180 of the k-NN classification processing system 100 does not know F selected by the first cloud 150, the result of u < v cannot be determined. The k-NN classification processing system 100 may terminate the GSCMP protocol by changing the value of E ( α ) through the SBN protocol and returning E ( α ) when F ₀ is selected in the first cloud 150. have. In this case, when E ( α ) = E (1), it means that u < v , but the first cloud 150 and the second cloud 180 of the k-NN classification processing system 100 are E ( α ). The actual value of is unknown.

According to an embodiment, the k-NN classification processing system 100 may use the GSPE protocol. When the first cloud 150 to the m-dimensional point E (p) and the lower limit point E _(j lb) and the upper limit point E (ub _j) (1≤ j ≤ m) been encrypted information area range is given by the expression, The k-NN classification processing system 100 may return E (1) when the point p is included in the area range using the GSPE protocol. In addition, the k-NN classification processing system 100 may return E (0) when the point p does not overlap the area range using the GSPE protocol. The overall execution algorithm using the GSPE protocol may be as follows.

First, the k-NN classification processing system 100 generates two random number arrays ra _j , rb _j (1 ≦ j ≦ 2 m ) in the first cloud 150, and then through Equations 4 and 5 Data packing may be performed to calculate RA and RB , respectively.

Here, σ may mean a bit length for representing one data. In addition, the k-NN classification processing system 100 may generate E ( RA ) and E ( RB ) by encrypting RA and RB in the first cloud 150.

Next, the k-NN classification processing system 100 multiplies the lower limit value of each dimension of the point and the area in the first cloud 150 by 2, and then E ( μ _j ) and E ( μ _j ) ( 1 ≦ j ≦ m ). At this time, the k-NN classification processing system 100 may be performed through E ( μ _j ) ← E ( range _1.1 lb _j ) ² and E ( ξ _j ) ← E ( range _2.0 lb _j ) ² . In addition, the k-NN classification processing system 100 multiplies the upper limit value of each dimension of the point and the area in the first cloud 150 by 2 and adds 1, and then E ( δ _j ) and E ( φ _j ), respectively. (1 ≦ j ≦ m ). At this time, k-NN classification processing system 100 is E ( δ _j ) ← E ( range _1. Ub _j ) ² × E (1) and E ( ρ _j ) ← E ( range _2. Ub _j ) ² × E This can be done through (1). Through this, the k-NN classification processing system 100 may determine whether the two numbers to be compared are included in the same case.

Next, the k-NN classification processing system 100 may select any one of two F ( F ₀ : u > v , F ₁ : v > u ) in the first cloud 150. In this case, the k-NN classification processing system 100 may not disclose to the second cloud 180 which of F ₀ and F ₁ is selected. In addition, the k-NN classification processing system 100 may perform data packing for each dimension on the upper limit of the value of p and the upper limit of range ₂ according to the selected F in the first cloud 150 as follows.

이고,

일 수 있다. F ₁ : v > u 가 선택된 경우,

이고,

일 수 있다. If F ₀ : u > v is selected,

ego,

Can be. If F ₁ : v > u is selected,

ego,

Can be.

That is, when F ₀ is selected, the k-NN classification processing system 100 may pack a value of each dimension of p with E ( RB ) and pack an upper limit value of each dimension of range with E ( RA ). have. On the other hand, when F ₁ is selected, the k-NN classification processing system 100 may pack a value of each dimension of p with E ( RA ) and pack an upper limit value of each dimension of the range with E ( RB ). have. In addition, the k-NN classification processing system 100 may perform data packing on a dimension-by-dimensional basis for the lower limit of the value of p and the range of p according to the selected F in the first cloud 150 as follows.

이고,

일 수 있다. F ₁ : v>u 가 선택된 경우,

이고,

일 수 있다. If F ₀ : u > v is selected,

ego,

Can be. If F ₁ : v > u is selected,

ego,

Can be.

That is, when F ₀ is selected, the k-NN classification processing system 100 packs the lower limit value of each dimension of the range with E ( RB ), and packs the upper limit value of each dimension of p with the E ( RA ). can do. On the other hand, when F ₁ is selected, the k-NN classification processing system 100 packs the lower limit value of each dimension of the range with E ( RA ), and packs the upper limit value of each dimension of p with the E ( RB ). can do. Next, the k-NN classification processing system 100 may transmit E ( RA ) and E ( RB ) to the second cloud 180 in the first cloud 150.

를 통해 RA를 언패킹하여 ra _j +u _j (1≤j≤2m)를 획득할 수 있다. 또한, k-NN 분류 처리 시스템(100)은 제2 클라우드(180)에서 RB

를 통해 RA를 언패킹하여 rb _j +v _j (1≤j≤2m)를 획득할 수 있다. 여기서, u _j 및 v _j 는 p의 값 및 range의 하한점 및 상한점 값을 의미할 수 있다. 한편, 해당 값에는 난수가 포함되어 있으며, k-NN 분류 처리 시스템(100)은 제2 클라우드(180)에서는 제1 클라우드(150)에서 선택된 F를 알지 못하기 때문에 추가적인 정보 노출이 발생하지 않을 수 있다. Next, the k-NN classification processing system 100 may obtain RA and RB by decoding E ( RA ) and E ( RB ) in the second cloud 180. In addition, k-NN classification processing system 100 is RA in the second cloud (180)

By unpacking RA , ra _j + u _j (1 ≦ j ≦ 2 m ) can be obtained. In addition, k-NN classification processing system 100 is RB in the second cloud (180)

By unpacking RA , rb _j + v _j (1 ≦ j ≦ 2 m ) can be obtained. Here, u _j and v _j may mean a value of p and a lower limit and an upper limit of the range . On the other hand, the value includes a random number, and since the k-NN classification processing system 100 does not know the F selected in the first cloud 150 in the second cloud 180, no additional information exposure may occur. have.

Next, the k-NN classification processing system 100 may generate a CMP-S circuit in the first cloud 150. After generating the CMP-S circuit, the k-NN classification processing system 100 is based on ra _j , rb _j (1≤ j ≤ 2 m ) held by the first cloud 150- ra _j ,- After generating rb _j (1 ≦ j ≦ 2 m ), the first cloud 150 may be transmitted to the input value of the CMP-S in turn. Meanwhile, the k-NN classification processing system 100 sequentially inputs ra _j + u _j and rb _j + v _j (1 ≦ j ≦ 2 m ) of the CMP-S in the second cloud 180. You can pass it by value. The k-NN classification processing system 100 may check the result of performing CMP-S in the second cloud 180, α ′ _j (1 ≦ j ≦ 2 m ), and encrypts it in the second cloud 180 to thereby encrypt the first. May be sent to the cloud 150.

Next, the k-NN classification processing system 100 may convert E ( α ′ _j ) (1 ≦ j ≦ 2 m ) values through SBN only when F ₀ is selected in the first cloud 150. . In addition, k-NN classification processing system 100 may be carried out between a product E (α) and E (α _'j) using the (Secure Multiplication) SM protocol. At this time, the k-NN classification processing system 100 may set the value of the first E ( α ) to E (1).

Finally, the k-NN classification processing system 100 may terminate the GSPE protocol by returning E ( α ) in the first cloud 150. In this case, when E ( α ) = E (1), the point p may be included in the area range . However, since the k-NN classification processing system 100 does not know the actual value of E ( α ) in the first cloud 150 and the second cloud 180, it may not know whether the k-NN classification processing system 100 is included in the area of the point.

4 is a diagram illustrating a kNN classification process according to an embodiment of the present invention.

The k-NN classification processing system 100 is a kNN classification processing algorithm and includes a k-NN query through an encryption index search step 410, a kNN step 420, a query result verification step 430, and a category check step 440. Can be processed and classified. Detailed description of each step will be described with reference to FIGS. 5A to 9C. That is, FIGS. 5A to 6B and 8A to 9C are diagrams for describing a kNN classification processing algorithm according to an embodiment of the present invention.

First, the k-NN classification processing system 100 may search for an encryption index through the following process (410).

Referring to FIGS. 5A and 5B, in step 510, the k-NN classification processing system 100, in the first cloud 150, E ( q ) and E ( node _z ) (1 ≦ z ≦). By performing the GSPE protocol based on num _node ), it is possible to search for a node including a query point. In this case, the node whose value of E ( α _z ) returned as a result of performing GSPE may be a node including a query point. However, the first cloud 150 and the second cloud 180 may not know which node overlaps the query area. The k-NN classification processing system 100 may encrypt the encryption database based on the Paillier encryption system, because the paler encryption system supports semantic security.

In step 520, the k-NN classification processing system 100 generates, in the first cloud 150, the reordering function π to change the order of E ( α ) and transmits it to the second cloud 180. Can be.

In step 530, the k-NN classification processing system 100, after decoding E ( α ) in the second cloud 180, checks the number c of 1, and generates c node group Groups . can do. In this case, the k-NN classification processing system 100 may allocate one _node having an α value of 1 and a node having a α value of 0 ( num _node / c ) -1 to each node group in the second cloud 180. Can be. In addition, the k-NN classification processing system 100 may randomly convert the order of the nodes assigned to each node group, and then transmit them to the first cloud 150.

In operation 540, the k-NN classification processing system 100 may reverse change identification numbers of nodes belonging to each node group in the first cloud 150 using the inverse change function π ⁻¹ .

In step 550, the k-NN classification processing system 100 performs the SM protocol in the first cloud 150 using E ( α ) of each node returned through the GSPE protocol and data stored in each node group node. By using the quasi-homogenous encryption feature, data existing in the node related to the query can be stored in E ( cand ).

In step 560, the k-NN classification processing system 100 may terminate the encryption index search by returning E ( cand ).

According to an embodiment, the step of searching the encryption index described in FIG. 5A may be implemented by an algorithm as shown in FIG. 5B.

Referring back to FIG. 4, the k-NN classification processing system 100 may perform a k-NN search step through the following process (420). k-NN classification processing system 100 in the k- NN search step, the distance between the query and based on the data extracted from the encrypted index search step 410 may search for the k nearest data. The k-NN classification processing system 100 may be performed by partially utilizing the SkNN _m algorithm. The k-NN classification processing system 100 may perform cnt pieces of data returned by performing the encryption index search step 410. K NN search can be performed based on this. In addition, the k-NN classification processing system 100 may utilize an efficient protocol (ie, ESSED, SMS _n ) based on data packing and a garbled circuit, instead of the SBD, SMIN, and SMIN _n protocols, which are expensive in operation.

Referring to FIG. 6A, in step 610, the k-NN classification processing system 100 may return a cnt returned through query E ( q ) and an encryption index search through the ESSED protocol in the first cloud 150. It is possible to calculate the Euclidean distance squared E ( d _i ) (1 ≦ i ≦ cnt ) between two encrypted data E ( cand _i ).

In step 620, the k-NN classification processing system 100 performs, in the first cloud 150, the minimum value E ( d _min ) of the encryption distance E ( d _i ) | 1 ≦ i ≦ cnt through SMS _n . Can be found. In addition, the k-NN classification processing system 100 may determine a difference between E ( d _min ) and E ( d _i ) in the first cloud 150 by E ( d _min ) × E ( d _i ) ^{N −1} (1). ≤ i ≤ cnt ), and store the result in E ( τ _i ). Also, k-NN classification processing system 100 may generate E (τ _i) by multiplying the encrypted random number to the first cloud _{(150), E (τ i} ). In addition, the k-NN classification processing system 100 generates an E ( β ) by applying a random order change function π to E ( τ ) in the first cloud 150 and converts it to the second cloud 180. Can transmit

In step 630, the k-NN classification processing system 100 decodes each element of the received E ( β ) in the second cloud 180, and E if the value of D ( β _i ) is 0. ( U _i ) = E (1). If not 0, E ( U _i ) = E (0). Thereafter, the k-NN classification processing system 100 may transmit E ( U ) from the second cloud 180 to the first cloud 150.

In step 640, the k-NN classification processing system 100 reversely changes E ( U ) received from the second cloud 180 through π ⁻¹ in the first cloud 150 to E ( V ). Can be stored in In addition, the k-NN classification processing system 100 further includes E ( V _i ) (1 ≦ i ≦ cnt ) and E ( cand _{i, j} ) (1 ≦ i ≦ cnt , 1 ≦ j ≦) returned through the encryption index search. m ) can be performed based on the SM protocol, and the result can be stored in E ( V _{i, j} ). Next, in the first cloud 150, the k-NN classification processing system 100 may sum the values of E ( V _{i, j} ) for each dimension through Equation 6 based on the quasi-dynamic encryption characteristic. .

In step 650, if the k-NN classification processing system 100 has not yet found the k query results requested by the user, the k-NN classification processing system 100 should prevent the E ( t _s ) selected as the k NN result from being duplicated in the next execution process. do. To this end, the k-NN classification processing system 100 may update the value of each E ( d _i ) (1 ≦ i ≦ cnt ) by performing Equation 7 in the first cloud 150.

Here, E ( max ) may mean the maximum value of the data domain. Since the data selected as a result of k NN has a value of E ( V _i ) = E (1), the k-NN classification processing system 100 can change E ( d _i ) = E (max) through Equation 7. have. Since the k-NN classification processing system 100 has a value of E ( V _i ) = E (0) for the remaining data, the k-NN classification processing system 100 can maintain the value of E ( d _i ) as it is. Through this, the k-NN classification processing system 100 may prevent the encrypted data selected as a result of k NN from being duplicated.

The k-NN classification processing system 100 may repeat the above process until k data are searched. In step 660, the k-NN classification processing system 100 may perform the first cloud 150. In, the algorithm can be terminated by returning the searched k query results.

According to an embodiment, the k-NN discovery step described in FIG. 6A may be implemented with an algorithm as illustrated in FIG. 6B.

Referring back to FIG. 4, the k-NN classification processing system 100 may perform a query result verification step through node extension discovery through the following process (430).

The result of the kNN query search may be a search based on data of some nodes partitioned through the kd tree. Therefore, a process of verifying that data closer to the query exists in an adjacent kd tree node may be required. To solve this problem, nodes k-NN classification processing system 100 may present a short distance away from the result E (t) the distance query point than dist _k of up to k-th result returned by the k-NN search phase 420 To explore them. That is, the k-NN classification processing system 100 may perform a search process for finding a node whose shortest distance from the query point is smaller than dist _k . To this end, the k-NN classification processing system 100 may utilize the shortest distance point of the first definition.

The shortest distance point sp (shortest point) of the first definition may be a point having the shortest distance to p among all points existing in the area, given a point p and an area.

7, the characteristics of the shortest distance point will be described. FIG. 7 illustrates a point-region relationship in one-dimensional space according to an embodiment of the present invention.

As shown in FIG. 7, when the k-NN classification processing system 100 is given a point p = 3 and three regions ( range ₁ , range ₂ , range ₃ ) on one dimension, the positional relationship between the point and the region is given. Can be divided into three.

i) If both the lower limit value (e.g. 0) and the upper limit value (e.g. 2) of the region are less than the value of point p (e.g. 3), such as range ₁ , then k-NN classification processing system 100 is p The shortest distance point in range ₁ for can be the upper limit of the area. ii) a lower limit point value of the range, such as range ₂ (e. g., 4) and the case upper limit value (e.g., 6) were greater than the value of the point p (e.g., 3), k-NN classification processing system 100 includes a p The shortest distance point in range ₂ for can be the lower limit of the region. iii) If the value of point p (eg 3) exists between the lower limit value (eg 2) and the upper limit value (eg 4) of the region, such as range ₃ , then k-NN classification processing system 100 It can be the minimum distance point of the range ₃ to p with a value of p. In the present application, such a characteristic may be extended and utilized in a multidimensional space.

Based on these characteristics, the k-NN classification processing system 100 may search the shortest distance point of the node for the query on the encrypted data and verify the query result based on the paler encryption system as follows. have.

Referring to FIG. 8A, at step 810, the k-NN classification processing system 100 may, in the first cloud 150, query queries E ( q ) and E ( t _k ) using the ESSED protocol. The distance E ( dist _k ) can be calculated.

In step (820), k-NN classification processing system 100 is a lower limit point of the node in the first cloud _{(150), (q j)} E E (node z. Lb j) (1≤ z ≤ num node, GSCMP protocol between 1 ≦ j ≦ m ) may be performed, and the result may be stored in E ( ψ ₁ ). Also, k-NN classification processing system 100 performs GSCMP protocol between the E (q _j), and the upper limit _{E (node z. Ub j)} (1≤ z ≤ num node, 1≤ j ≤ m) of the node, and The result can be stored in E ( ψ ₂ ). In addition, the k-NN classification processing system 100 may allow the corresponding E ( ψ ) to have an E (1) value when E ( q _j ) is less than or equal to the lower or upper limit of the node.

In step 830, the k-NN classification processing system 100 performs a Secure Bit-XOR (SBXOR) protocol using E ( ψ ₁ ) and E ( ψ ₂ ), and outputs the result to E ( ψ ₃ ). Can be stored.

In operation 840, the k-NN classification processing system 100 may perform Equations 8 and 9 to calculate the shortest distance point E ( sp _{z, j} ) in each dimension.

In step 850, after searching for the shortest distance point E ( sp _z ) (1 ≦ z ≦ num _node ) of each node with respect to E ( q ), the k-NN classification processing system 100 performs a first cloud ( In 150, the square of the Euclidean distance between E ( q ) and each E ( sp _z ) may be calculated and stored in E ( spdist _z ) (1 ≦ z ≦ num _node ) through the ESSED protocol. In addition, the k-NN classification processing system 100 may safely change the distance from the first cloud 150 to the shortest distance point of the node whose search is completed through Equation 10 to E ( max ) which is the maximum value in the domain. Can be.

Where E ( α _z ) is the value returned via the GSPE protocol in step 810, where nodes have already been searched for E ( α _z ) = E (1), otherwise nodes E ( α _z ) = E It can have a value of (0).

Thereafter, the k-NN classification processing system 100 performs the GSCMP protocol based on E ( spdist _z ) and E ( dist _k ) in the first cloud 150, and transmits the result to E ( α _z ). Can be stored. If E ( spdist _z ) is a node smaller than E ( dist _k ), the node may be a node that needs further discovery, and the k-NN classification processing system 100 performs E ( α _z ) as a result of performing the GSCMP protocol. = E (1) can be returned. In this case, the k-NN classification processing system 100 may not select an extension node for query result verification because E ( spdist _z ) has a maximum value in a domain for a node that has already been searched.

In step 860, the k-NN classification processing system 100 re-runs the encryption index search step 410, thereby extracting all the data belonging to the nodes that exist within the dist _k distance from E ( q ) to E ( t ) Can be added. In addition, the k-NN classification processing system 100 may obtain E ( result _i ) (1 ≦ i ≦ k ) which is a final query result by performing the k-NN search step 420 based on E ( t ). Can be.

In operation 870, the k-NN classification processing system 100 may check a label of E ( result _i ) (1 ≦ i ≦ k ) in the first cloud 150. The process of category checking by the k-NN classification processing system 100 will be described with reference to FIGS. 9A and 9C.

According to an embodiment, the query result verifying step described in FIG. 8A may be implemented by an algorithm as shown in FIG. 8B.

Referring back to FIG. 4, the k-NN classification processing system 100 may perform a category identification step through the following process (440).

9A and 9C, the k-NN classification processing system 100 may include the entire category Label = { L ₁ , L ₂ ,. , L _n } and the category of the extracted data Label = { L ' ₁ , L ' ₂ ,… , L ' _k } can be compared. First, the k-NN classification processing system 100 may calculate the frequency in the first cloud 150 and the second cloud 180 through SF (Secure Frequency) (line 1). The k-NN classification processing system 100 may select the category with the highest value (line 2) through the comparison between the calculated frequencies. The k-NN classification processing system 100 may add an arbitrary integer r _q to the selected category in the first cloud 150 and then store it in E ( γ _q ) (930) (line 3). Next, the k-NN classification processing system 100 may transmit E ( γ _q ) to the second cloud 180 and any integer r _q to Bob (940) (line 4). The k-NN classification processing system 100 may decode the received E ( γ _q ) from the second cloud 180 to the user terminal AU after decoding (950) (line 5 to 6). Finally, the k-NN classification processing system 100 may combine the results of the first cloud 150 and the second cloud 180 in the user terminal AU to obtain a category to which the query belongs as the final result. (line 7-8).

According to an embodiment, as shown in FIG. 9C, the k-NN classification processing system 100 may classify data. That is, with respect to the insurance data shown in FIG. 9, an insurance company employee may input information of a new customer to determine which grade the customer information belongs to using the k-NN classification processing system 100. For example, assuming that a new customer's information is 33 years old, has A disease, and an annual salary of 45 million won, the k-NN classification processing system 100 forwards the query with k = 2. And number 2 can be extracted. The k-NN classification processing system 100 may confirm that the new customer information belongs to the A grade. Since the k-NN classification processing system 100 is all sensitive data of the customer, the k-NN classification processing system 100 may be performed based on an algorithm proposed in the encrypted state. That is, the k-NN classification processing system 100 may extract what grade the new customer's data corresponds to without leaking information.

10, the workflow of the k-NN classification processing system 100 according to the embodiments of the present invention will be described in detail.

10 is a flowchart illustrating a procedure of a garbled circuit based k-NN classification processing method according to an embodiment of the present invention.

The garbled circuit-based k-NN classification processing method according to the present embodiment may be performed by the k-NN classification processing system 100 described above.

First, as the result data for the k Nearest Neighbor (kNN) query from the user terminal is derived, the k-NN classification processing system 100 may determine whether the k-NN classification processing system 100 is involved in deriving the result data. By performing Secure Frequency (SF), a frequency between the kNN query and past result data derived by the kNN query is calculated (1010). That is, in step 1010, the k-NN classification processing system 100 performs a total Label = { L ₁ , L ₂ ,... , L _n } and the Label = { L ' ₁ , L ' ₂ ,... The frequency can be calculated by performing the multilateral frequency SF (Δ, Δ ′) for , L ′ _k }.

Next, the k-NN classification processing system 100 selects a search category through the calculation of the frequency (1020). That is, at step 1020, the k-NN classification processing system 100 may select the category with the highest value through a comparison between the calculated frequencies.

In addition, step 1020 is a first step, in the first cloud, an arbitrary code value is added to the category of the past result data of which the highest frequency is calculated, and encoded into an encryption category, and as the second step. In the first cloud, the encryption category may be provided to the second cloud, and the code value may be provided to the user terminal. That is, the k-NN classification processing system 100 may add an arbitrary integer r _q to the selected category in the first cloud and then store it in E ( γ _q ).

Further, step 1020 is a third step, in the second cloud, decrypts the encryption category to generate a decryption category, provides the decryption category to the user terminal, and as a fourth step, the user The terminal may include recovering the encryption category by using the provided code value and the decryption category. That is, the k-NN classification processing system 100 may transmit and decode E ( γ _q ) to the second cloud, and transmit an arbitrary integer r _q to Bob. The k-NN classification processing system 100 may transmit the received E ( γ _q ) to the user terminal AU after decoding in the second cloud.

In addition, if the restoration to the encryption category is possible, step 1020 may include selecting, as the search category, a category of the past result data having the highest frequency calculated. That is, the k-NN classification processing system 100 may select a category having the highest frequency for the nearest k data according to the query as the search category.

In operation 1020, the first to fourth steps may be repeated by sequentially using categories of past result data determined according to the magnitude of the frequency, and may be restored to the encryption category. It may include the step of stopping the repetition. That is, the k-NN classification processing system 100 may repeat the first to fourth steps until at least the search category is selected.

Next, if the search category matches the category of the derived result data, the k-NN classification processing system 100 provides the derived result data to the user terminal (1030). That is, the k-NN classification processing system 100 may provide the result data to the user terminal when the category is matched with the category of the result data for the category selected according to the frequency comparison.

According to an embodiment, the k-NN classification processing system 100 may build the first cloud and the second cloud that is independent of the first cloud. That is, the k-NN classification processing system 100 is based on the information obtained during the query processing process, when each cloud performs an encryption protocol to process the user query, the data concatenated with other clouds to obtain additional information And send and receive information.

Also, the k-NN classification processing system 100 may maintain an encryption database that encrypts data stored in an original database, and an encryption public key generated in association with the encryption in the first cloud. That is, the k-NN classification processing system 100 may maintain an encryption database and an encryption public key associated with the encryption database in the first cloud.

Also, the k-NN classification processing system 100 may maintain a decryption secret key corresponding to the encryption public key in the second cloud. That is, the k-NN classification processing system 100 may maintain a decryption secret key corresponding to the encryption public key in the second cloud.

In addition, the k-NN classification processing system 100 is based on the encryption public key and the decryption secret key when the kNN (k Nearest Neighbor) query is generated in the user terminal that has received the encryption public key. The result data of the kNN query may be derived from the encryption database by performing a multilateral calculation between the first cloud and the second cloud. That is, the k-NN classification processing system 100 may determine whether an encrypted kNN query is received from the user terminal by using the encryption public key used when encrypting the database. For example, the terminal may request a user query by encrypting the query point with the encryption public key 130, for example, 'E (q _j ) (1 ≦ _j ≦ m)'. In addition, when a user query is received from a user terminal, the k-NN classification processing system 100 may perform secure multiparty computing (SMC) between the first cloud and the second cloud based on a selected encryption algorithm. It can process kNN queries.

Here, the multilateral calculation may refer to safely performing protocols and operations through other entities (the first cloud and the second cloud) without exposing the original data held by the data owner.

According to an embodiment, the k-NN classification processing system 100 divides the data stored in the original database into a plurality of attributes and columns to form a kd tree and encrypts the kd tree. The kd tree can be maintained in the first cloud. That is, the k-NN classification processing system 100 divides the data stored in the database by a predetermined number (for example, F) units, and constructs a kd tree having a plurality of terminal nodes including the divided data. can do. Also, the k-NN classification processing system 100 may maintain an encrypted kd tree in the first cloud.

For example, the k-NN classification processing system 100 may configure a kd tree having a level h and having a total of 2 ^h-1 terminal nodes from a database, and each terminal node may store a maximum of F (FanOut) data. Can be stored.

Each terminal node of the kd tree may store, in plain text form, region information about a node region in charge thereof and data IDs for data included in the node region. Here, the region information may include a lower limit (lb _{z, m} ) and an upper limit (ub _{z, m} ) (1 ≦ _z ≦ num _node , 1 ≦ j ≦ _m ) for a node region for each attribute m. have.

At this time, in the step of deriving the result data, the k-NN classification processing system 100 processes the kNN query on the encryption database based on the encryption kd tree based on the selected encryption operation protocol. Data can be derived. That is, the k-NN classification processing system 100 may search for an encryption index based on an encrypted kd tree and search for an adjacent kd tree node to process a kNN query.

In the deriving of the result data, the k-NN classification processing system 100 may include an Enhanced Secure Squared Euclidean Distance (ESSED) protocol, a Garbled Circuit based Secure Compare (GSCMP) protocol, and a GSB (Garbled Circuit based Secure Point Enclosure). ) Can be selected as the encryption operation protocol. For example, the k-NN classification processing system 100 may calculate the square E (| X - Y | ² ) of the distance between the vectors E ( X ) and E ( Y ) using the ESSED protocol. In addition, the k-NN classification processing system 100 receives E (1) when u < v is satisfied when E ( u ) and E ( v ) are given to the first cloud 150 using the GSCMP protocol. If u > v , E (0) can be returned. In addition, the k-NN classification processing system 100 uses the GSPE protocol, and the m- dimensional point E ( p ) and the lower limit E ( lb _j ) and the upper limit E ( ub _j ) ( Given the encrypted range information ' range ' expressed as 1 ≦ j ≦ m ), E (1) may be returned when the point p is included in the range .

According to an embodiment, when the ESSED protocol is selected as the encryption operation protocol, in the step of deriving the result data, the k-NN classification processing system 100 may determine a dimension-by-dimensional distance with respect to any data pair in the encryption kd tree. May be performed in two dimensions to reduce the number of operations based on encrypted data for deriving the result data. That is, the k-NN classification processing system 100 squares the Euclidean distance E ( d _i ) between the query E ( q ) and the cnt encrypted data E ( cand _i ) returned through the search of the encryption index through the ESSED protocol. 1 ≦ i ≦ cnt ) can be calculated. The k-NN classification processing system 100 may use the ESSED protocol to verify kNN search and query results.

According to an embodiment, when a GSCMP protocol is selected as the encryption operation protocol, in the step of deriving the result data, the k-NN classification processing system 100 exchanges random numbers between the first cloud and the second cloud. The value of the returned data may be determined according to the size comparison for any data pair in the encrypted kd tree. For example, the k-NN classification processing system 100 may determine between E ( q _j ) and the lower limit E ( node _z . Lb _j ) and the upper limit E ( node _z . Ub _j ) of the node in the query result verification process . In the GSCMP protocol, respectively, and the results can be stored in E ( ψ ₁ ) and E ( ψ ₂ ), respectively. In this case, the k-NN classification processing system 100 may return E (1) when ψ ₁ < ψ ₂ and E (0) when ψ ₁ > ψ ₂ . In this case, the k-NN classification processing system 100 may exchange data including a random number.

According to an embodiment, when a GSPE protocol is selected as the encryption operation protocol, the k-NN classification processing system 100 may determine that m-dimensional data E (p) in the encryption kd tree is obtained in the step of deriving the result data. If included in the query region associated with the kNN query, returns 'E (1)' as a result of execution by the GSPE protocol, and if the data E (p) is not included in the query region, As a result of execution, 'E (0)' can be returned. For example, the k-NN classification processing system 100 performs a GSPE protocol based on E ( q ) and E ( node _z ) (1 ≦ z ≦ num _node ) in the process of searching the encryption index. You can search for nodes that contain points. In this case, the node whose value of E ( α _z ) returned as a result of performing GSPE may be a node including a query point. In this case, the k-NN classification processing system 100 may make it impossible for the first cloud and the second cloud to know which node overlaps the query area.

According to an embodiment, in the step of deriving the result data, the k-NN classification processing system 100 may generate a plurality of data E (a) regarding a point of the kNN query, based on a GSPE protocol, in the first cloud. Search in the encryption database, transmit to the second cloud, and decrypt each of the plurality of data E (a) into a plurality of data E '(a) through the decryption secret key in the second cloud. And generate a node group each including the plurality of data E '(a), receive the node group from the second cloud in a predetermined order in the first cloud, and store the data E' stored in the node group. Based on the (a) and the SM protocol using the data E (a), multilateral calculation between the first cloud and the second cloud may be performed.

That is, the k-NN classification processing system 100 may search for node E (a) including a query point by performing the GSPE protocol in the first cloud to search for an encryption index. Also, k-NN and then classification processing system 100 by changing the order of E (α), and transferred to a second cloud 180, decoded by the second cloud, it is possible to produce a c-node group Group. In addition, the k-NN classification processing system 100 may randomly convert the order of the nodes assigned to each node group, and then transmit them to the first cloud 150. In the first cloud, the k-NN classification processing system 100 reversely changes an identification number of a node belonging to each node group, and performs an SM protocol using data stored in nodes of each node group and E ( α ) of each node. can do. In addition, the k-NN classification processing system 100 may terminate the encryption index search by returning E ( cand ).

In the garbled circuit-based k-NN classification processing method, the result data of the k-NN query processing algorithm is classified and analyzed, and thus, the analysis may be performed to extract a grade of the corresponding result data without information leakage.

In addition, the garbled circuit-based k-NN classification processing method performs an encryption query protocol at least one of the ESSED protocol, the GSCMP protocol, and the GSPE protocol based on the garbled circuit and the data packing scheme, thereby reducing the number of operations and efficiently processing the query. Can provide performance.

In addition, the garbled circuit-based k-NN classification processing method exposes additional information by providing a k-NN query processing algorithm that supports encryption index search and data access pattern protection on an encryption database based on an improved encryption algorithm. It can protect not only data protection and user query, but also data access pattern protection during query processing.

The method according to an embodiment of the present invention can be implemented in the form of program instructions that can be executed by various computer means and recorded in a computer readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. The program instructions recorded on the media may be those specially designed and constructed for the purposes of the embodiments, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks. Magneto-optical media, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like. The hardware device described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

Although the embodiments have been described by the limited embodiments and the drawings as described above, various modifications and variations are possible to those skilled in the art from the above description. For example, the described techniques may be performed in a different order than the described method, and / or components of the described systems, structures, devices, circuits, etc. may be combined or combined in a different form than the described method, or other components. Or even if replaced or substituted by equivalents, an appropriate result can be achieved.

Therefore, other implementations, other embodiments, and equivalents to the claims are within the scope of the claims that follow.

100: garbled circuit based k-NN classification processing system
110: database 120: kd tree
130: encryption public key 140: decryption secret key
150: first cloud 160: encryption database
170: encrypted kd tree 180: second cloud
190: user terminal

Claims (10)

Building a first cloud and a second cloud that is non-colluded with the first cloud;
Maintaining an encrypted database encrypted with data stored in an original database and an encrypted public key generated in association with the encryption in the first cloud;
Maintaining a decryption secret key corresponding to the encryption public key in the second cloud;
In the user terminal distributed with the encryption public key, when a kNN (k Nearest Neighbor) query is generated, multilateral calculation between the first cloud and the second cloud based on the encryption public key and the decryption secret key (SMC) Performing Secure Multiparty Computation to derive result data of the kNN query from the encryption database;
As the result data is derived, a frequent frequency between the kNN query and the past result data derived by the kNN query is performed by performing Secure Frequency (SF) between the first cloud and the second cloud. Calculating;
Selecting a search category through the calculation of the frequency; And
Providing the derived result data to a user terminal if the search category matches the category of the derived result data
Including,
Deriving the result data,
In the first cloud, based on a GSPE protocol, retrieving a plurality of data E (a) relating to a point of the kNN query from the cryptographic database and transmitting to the second cloud;
In the second cloud, each of the plurality of data E (a) is decrypted into a plurality of data E '(a) through the decryption secret key, and each node includes the plurality of data E' (a). Creating a group; And
Receiving a node group from the second cloud in a predetermined order in the first cloud, based on the SM protocol using the data E '(a) and the data E (a) stored in the node group, the first Performing a multiparty calculation between a cloud and the second cloud
A garbled circuit (GARBLED CIRCUIT) based k-NN classification processing method comprising a. The method of claim 1,
Selecting the search category,
A first step of adding an arbitrary code value to the category of the past result data having the highest frequency calculated in the first cloud and encoding the same into an encryption category;
Providing, in the first cloud, the encryption category to the second cloud and providing the code value to the user terminal;
In the second cloud, decrypting the encryption category to generate a decryption category, and providing the decryption category to the user terminal;
A fourth step of recovering, at the user terminal, to the encryption category by using the provided code value and the decryption category; And
If restoring to the encryption category is possible, selecting, as the search category, a category of the past result data whose highest frequency is calculated;
Garbled circuit-based k-NN classification processing method comprising a. The method of claim 2,
Selecting the search category,
Repeating the first step to the fourth step by sequentially using a category of the past result data determined according to the magnitude of the frequency, and stopping the repetition if it is possible to restore the encryption category.
The garbled circuit-based k-NN classification processing method further comprising. delete The method of claim 1,
The garbled circuit-based k-NN classification processing method,
Dividing the data stored in the original database into a plurality of attributes and columns to construct a kd tree; And
Maintaining an encrypted kd tree encrypted with the kd tree in the first cloud;
More,
Deriving the result data,
Deriving the result data by processing the kNN query on the encrypted database based on the encrypted kd tree based on the selected encryption operation protocol.
The garbled circuit-based k-NN classification processing method further comprising. The method of claim 5,
Deriving the result data,
Selecting any one of an Enhanced Secure Squared Euclidean Distance (ESSED) protocol, a Garbled Circuit based Secure Compare (GSCMP) protocol, and a Garbled Circuit based Secure Point Enclosure (GSPE) protocol as the encryption algorithm.
The garbled circuit-based k-NN classification processing method further comprising. The method of claim 5,
If the ESSED protocol is selected as the encryption operation protocol,
Deriving the result data,
Summing the dimension-specific distances for any pair of data in the encrypted kd tree in two dimensions to reduce the number of operations based on encrypted data for deriving the result data.
The garbled circuit-based k-NN classification processing method further comprising. The method of claim 5,
If the GSCMP protocol is selected as the encryption operation protocol,
Deriving the result data,
Exchanging random numbers between the first cloud and the second cloud to determine a value of the data returned according to a size comparison for any data pair in the encrypted kd tree
The garbled circuit-based k-NN classification processing method further comprising. The method of claim 5,
If the GSPE protocol is selected as the encryption operation protocol,
Deriving the result data,
If the m-dimensional data E (p) in the encrypted kd tree is included in the query region associated with the kNN query, returning 'E (1)' as a result of execution by the GSPE protocol; And
If the data E (p) is not included in the query region, returning 'E (0)' as a result of execution by the GSPE protocol.
The garbled circuit-based k-NN classification processing method further comprising. delete

Images