WO2019006966A1

WO2019006966A1 - Task allocation system model of privacy protected spatial crowdsourcing, and implementation method

Info

Publication number: WO2019006966A1
Application number: PCT/CN2017/113454
Authority: WO
Inventors: 毛睿; 李荣华; 陆敏华; 王毅; 罗秋明; 商烁
Original assignee: 深圳大学
Priority date: 2017-07-03
Filing date: 2017-11-29
Publication date: 2019-01-10
Also published as: CN107257381B; CN107257381A

Abstract

Disclosed is a task allocation system model of privacy protected spatial crowdsourcing, comprising a spatial crowdsourcing server, a cryptographic service provider unit, a spatial task request unit and a worker mobile terminal, wherein the spatial task request unit is used for creating spatial tasks and transmitting task information to the spatial crowdsourcing server; the spatial crowdsourcing server allocates the tasks to the worker mobile terminal; and the cryptographic service provider unit provides privacy protection task allocation management for the spatial task request unit, the spatial crowdsourcing server and the worker mobile terminal. Furthermore, also disclosed is an implementation method of the system model. The present invention firstly realizes dual-party privacy protection in spatial crowdsourcing, not only protecting the privacy of the worker, but also protecting task privacy. Efficient task allocation is performed in spatial crowdsourcing, and the privacy protection is provided to both the worker and the task.

Description

Task distribution system model and implementation method for privacy protection space crowdsourcing

Technical field

The invention belongs to the field of computers, and particularly relates to a task distribution system model of space crowdsourcing, in particular to a task distribution system model of privacy protection space crowdsourcing; in addition, the invention also relates to a task distribution system of the privacy protection space crowdsourcing The implementation of the model.

Background technique

Crowdsourcing has revolutionized the way solutions are solved by outsourcing a task (usually performed by a designated agent) to the public through open recruitment. Crowdsourcing can provide talent capacity and expert services on demand, far less than the cost of hiring professionals, and has been successfully applied to transcription books, protein folding, galaxies classification and traffic monitoring. Recently, crowdsourcing has also been widely used for emergency management because it collects critical information efficiently and at low cost in emergencies and disasters, such as affected areas, at-risk populations, and potential areas where search and rescue operations may be required. For example, on April 25, 2015, Nepal was hit by a magnitude 7.8 earthquake. To provide detailed damage assessment, DigitalGlobe collects high-resolution satellite images from the affected areas before and after the earthquake. These images are divided into small segments and provided to online populations to identify damaged buildings and roads. Thanks to the help of crowdsourcing, more than 21,000 damaged buildings and roads were identified and marked within a month, providing valuable data for rescue and reconstruction.

Due to the rapid development of ubiquitous wireless networks and smart mobile devices, crowdsourcing can play a more proactive role in emergency management. A new type of crowdsourcing, Space Crowdsourcing (SC) outsources a spatial task (ie, location-related tasks) to multiple workers holding mobile devices that need to reach a designated location and complete a task. We continue the above examples of emergency management in the earthquake. The SC server sends a space task for survivors in a particular collapsed building to all available workers, including volunteers and professionals equipped with life testing instruments. Workers willing to perform the task arrive at the building for inspection and send the results back to the SC server. Based on a rescue plan that can be subsequently performed, for example, if someone is identified as being trapped in the rubble, professional heavy rescue equipment will be deployed on site.

Regardless of the application area, the success of crowdsourcing depends on the active participation of the crowd. For space crowdsourcing, location privacy issues are a major factor hindering workers from engaging in space missions. In order to achieve efficient task assignment (where effectiveness means that space tasks can be quickly completed by assigning them to nearby workers), the SC server needs to continuously collect their location through the workers' mobile devices. However, it is very difficult for workers to control the use of their location data by an untrusted third party, the SC server. In fact, the collected location data is likely to be shared, rented or sold, which has a serious impact on personal privacy. Based on these location data, intruders can conduct a wide range of attacks on individuals, such as physical surveillance and tracking, identity theft, and the destruction of sensitive information such as home addresses and lifestyle habits. Therefore, location privacy protection, or more generally, worker privacy protection is an important aspect of space crowdsourcing because it can motivate workers to actively participate in space missions. This is especially important for emergency management because more active workers usually mean that tasks can be completed faster.

Tasks on existing crowdsourcing platforms, such as Amazon Mechanical Turk, are open to all workers. This mode may not be suitable for space crowdsourcing in an emergency. Once the position of the mission is made public, the over-workers motivated by altruism can go there to perform the task, even if they are not required to do so. This may lead to more other mixed discussions, such as traffic jams. Therefore, the location of the task should not be mastered by the staff, except for the person to whom the task is assigned. Sometimes, from the perspective of the task requester, task location protection is also welcome. For example, people with health problems at home can seek help through crowdsourcing, but publicizing their health issues and home addresses clearly violates personal privacy. Therefore, task location privacy should also be protected in space crowdsourcing.

In the location-based service-based scenario, although there have been many efforts for location privacy policies, there is less research work in space crowdsourcing applications. In [To, H., Ghinita, G. and Shahabi, C.: A framework for protecting worker location privacy in spatial crowdsourcing. PVLDB, 7(10), 919-930 (2014)], the position of the staff member is trusted. Party collection and interference, injecting calibration noise into raw data based on privacy differential [See Dwork, C., 2008, April. Differential privacy: A survey of results. In International Conference on Theory and Applications of Models of Computation (pp. 1-19). Springer Berlin Heidelberg.]. Upon receiving the spatial task, the SC server queries the interfered location data to determine an area that may contain sufficient workers near the mission location. Workers located in the area will be notified of the task and have the right to decide whether or not to proceed. The solution proposed in this groundbreaking work has several drawbacks. First, it only considers the location privacy of the worker, regardless of the privacy of the task location. Second, it performs task assignment based mainly on the distance traveled by the worker, without taking into account other important factors, such as the speed of the worker's travel, which makes the distribution result sometimes unsatisfactory. In addition, its work is based on a very strong assumption that there is a trusted party with access to all workers.

Therefore, there is an urgent need to develop a space crowdsourcing task distribution system that can protect the privacy of workers' locations and protect the privacy of mission locations.

Summary of the invention

The technical problem to be solved by the present invention is to provide a task distribution system model for privacy protection space crowdsourcing. During the task assignment, not only the privacy of the worker but also the privacy of the task should be protected, and the present invention implements private data for both parties. Encryption for strong mutual security. To this end, the present invention also provides a method for implementing the task allocation system model of the privacy protection space crowdsourcing.

To solve the above technical problem, the present invention provides a task allocation system model for privacy protection space crowdsourcing, including a space crowdsourcing server, an encryption service providing unit, a space task requesting unit, and a worker mobile terminal;

The spatial task requesting unit is configured to create a spatial task, and transmit task information to the spatial crowdsourcing server;

The space crowdsourcing server assigns a task to the worker mobile terminal;

The encryption service providing unit provides privacy protection task assignment management to the spatial task request unit, the space crowdsourcing server, and the worker mobile terminal.

As a preferred technical solution of the present invention, the space task s refers to a task to be executed at the position l _s and associated with the expiration date e _s ; the worker w of the worker mobile is a person who is willing to perform a spatial task, each The worker is associated with the ID id _w specified by the space crowdsourcing server, the speed v _w and its current location l _w . The space crowdsourcing server assigns the task to the worker w _i by the task assignment algorithm according to the worker set W={w ₁ , w ₂ , . . . , w _n } and the position l _{s of the} spatial task _s and the expiration date e _s . _*, w _{i *} worker must satisfy two conditions: first, w _{i *} l _s can be reached before the deadline e _s; second, no other workers l _s can be reached before w _{i *.}

As a preferred technical solution of the present invention, the encryption service providing unit provides a privacy protection function, which provides a key service to the space crowdsourcing server and the worker mobile terminal, and the privacy protection function encrypts the transmission data and makes the space crowdsourcing server The encrypted data can be calculated to ensure that the space crowdsourcing server, the encryption service providing unit and all other workers cannot obtain the ID information of the w _i* except for the selected worker w _i* in the communication process.

As a preferred technical solution of the present invention, the encryption service providing unit adopts a Paillier cryptosystem and an ElGamal cryptosystem, and the cryptographic service providing unit generates a domain parameter of ElGamal and a key pair of Paillier and ElGamal, and the private key is kept secret. And send the public key to the space crowdsourcing server and all workers.

In addition, the present invention also provides a method for implementing a task allocation system model for privacy protection space crowdsourcing, comprising the following steps:

Step 1: The space task request unit creates and publishes a space task;

Step 2: The spatial task is released to the space crowdsourcing server, and the space crowdsourcing server assigns the task to the worker through the task allocation algorithm;

In step three, the encryption service providing unit provides a privacy protection function, which provides a key service to the space crowdsourcing server and the worker mobile terminal.

As a preferred technical solution of the present invention, the task allocation algorithm described in step 2 specifically includes the following stages:

In the first stage, the distance between the task position and the worker position is calculated: the space crowdsourcing server uses the Paillier public key to encrypt the task. After the position ls=(x _s , y _s ), three ciphertexts are sent to all workers: E(x _s ² +y _s ² ), E(x _s ) and E(y _s ), after receiving the encrypted information from the space crowdsourcing server, each worker w _i calculates the square of the distance between l _s and its current position l _i and encrypts ,which is:

In the second stage, each worker travels time calculation: Let W={w ₁ , w ₂ ,..., w _n } be the set of n workers, and V is the product of the speeds of all workers, ie

And v _k '=V/v _k , where 1 ≤ k ≤ n; for any two workers w _i , w _j ∈ W, if and only if d(l _i , l _s )v _i '<d(l _j , l _s )v _j ' is d(l _i ,l _s )/v _i <d(l _j ,l _s )/v _j ; for each worker, the virtual travel time t _i '=d(l _i , l _s )v _i ', which is equivalent to the exact travel time t _i =d(l _i ,l _s )/v _i , ie the worker with the shortest virtual travel time must have the shortest exact travel time;

In the third stage, the winning worker calculates: the space crowdsourcing server has a list of 2-tuple <i, E(t _i ' ² )>, where i is the ID of the person w _i , 1 ≤ i ≤ n; Is the identity of the winner, which encrypts each worker's ID by a PRF f _k function and sends <f _k (i), E(t _fk(i) ' ² )> to the cryptographic service provider to find which worker The travel time is the shortest and whether it can reach the mission location before the deadline e _s ;

The fourth stage, task location broadcast: Once E' _C (f _k (i ^* )) is received, the space crowdsourcing server encrypts the task location l _s and broadcasts to all workers

Encrypt l _s as follows:

Where h is a length matching hash function for mapping a longer bit string to a shorter bit string; a method of constructing h that proves to be semantically secure is to truncate a longer bit string into multiple Fixed-length shorter bit strings, and XOR calculations and outputs on these shorter bit strings; only workers who obtain E' _C (f _k (i ^* )) information can pass the calculation

Get the task location information.

As a preferred technical solution of the present invention, in the first stage, all workers are required to send encryption to the space crowdsourcing server in the form of E(x _i ² +y _i ² ), E(x _i ) and E(y _i ). Location, and ask the space crowdsourcing server to calculate E(d ² (l _i , l _s )).

As a preferred technical solution of the present invention, in the second phase, each worker encrypts its speed through the ElGamal cryptosystem and sends E'(v _i ) to the space crowdsourcing server, and the space crowdsourcing server passes all The encrypted speed is multiplied to obtain E'(V); then, the space crowdsourcing server asks the cryptographic service providing unit to decrypt E'(V) and send V to all workers' mobile terminals; by dividing V by its speed v _i , each Worker w _i obtains the value of v _i ' and calculates E(d ² (l _i , l _s )) ^vi'2 = E(d ² (l _i , l _s )v _i ' ² )=E(t _i ' ² The encrypted virtual travel time is sent to the space crowdsourcing server for further processing; during this process, the cryptographic service providing unit and all workers know the exact value of V, which does not violate the personal privacy of any worker.

As a preferred technical solution of the present invention, in the third stage, since the encryption service providing unit has the private key of Paillier, it is possible to obtain t _i ' ^{2 by} decrypting E(t _i ' ² ) and calculate the actual travel time.

Then, the cryptographic service providing unit can easily find the worker with the shortest travel time and judge whether it can meet the deadline limit; if not, the cryptographic service providing unit notifies the space crowdsourcing server that there is no winner, otherwise it wins with ElGamal encryption. The ID f _k (i ^* ) and E' _C (f _k (i ^* )) are sent to the space crowdsourcing server.

As a preferred technical solution of the present invention, in the fourth stage, the following steps ensure that only the winner can obtain the E' _C (f _k (i ^* )) information:

First, each worker w _i obtains the encrypted ID f _k (i) from the space crowdsourcing server and encrypts it with ElGamal using its own public key, and then encrypts the information E' _wi (f _k (i)) Sent to the encryption service providing unit, after receiving the information, the encryption service providing unit encrypts again through ElGamal using its public key and the same random number r for encrypting E' _C (f _k (i ^* )); the encryption service provides Unit will then result

Sent to each worker who can be decrypted by their private key to obtain E' _C (f _k (i)); the public key should be kept secret to protect privacy.

Compared with the prior art, the present invention has the following beneficial effects:

1. Privacy protection of both parties. During the assignment of tasks, not only the privacy of workers should be protected, but also the privacy of tasks should be protected. The invention uses a well-known cryptosystem to encrypt private data of both parties, thereby realizing strong mutual security.

2. Efficient task assignment. During task assignment, travel time is more important than travel distance, especially for missions with deadlines, so worker speed is considered an important indicator in recent space crowdsourcing applications. The present invention unifies worker speed and worker position to achieve more efficient task assignment.

3. The overhead that can be received. The strength of privacy protection comes at the expense of additional computing or communication costs. During task assignment, the present invention combines a partially homomorphic encryption scheme to efficiently implement the complex operations required on encrypting data, thereby avoiding significant performance penalties.

4. The invention can realize efficient task assignment in space crowdsourcing and provide privacy protection for both workers and tasks. This is the first time in the space crowdsourcing to achieve mutual privacy protection, creative.

5. The present invention can implement some complicated operations that the existing practical cryptosystem cannot support. Through this strategy, the protocol of the present invention can implement privacy protection of both parties with acceptable overhead.

DRAWINGS

The invention will now be further described with reference to the drawings and embodiments.

1 is a schematic diagram of a system model of space crowdsourcing; wherein FIG. 1(a) is a schematic diagram of a system model of a non-private space crowdsourcing; FIG. 1(b) is a schematic diagram of a task allocation system model of the privacy protection space crowdsourcing of the present invention.

2 is a flow chart of a method for implementing a task allocation system model of privacy protection space crowdsourcing according to the present invention.

3 is an overview of the privacy protection task assignment protocol of the present invention.

4 is a schematic diagram showing the efficiency of the number of workers in the protocol of the present invention with respect to travel time; wherein FIG. 4(a) represents a key length of 1024, and FIG. 4(b) represents a key length of 2048.

5 is a schematic diagram of the number of workers in the protocol of the present invention relative to the communication overhead of the parties; wherein FIG. 5(a) represents a key length of 1024, and FIG. 5(b) represents a key length of 2048.

Figure 6 is a schematic diagram showing the efficiency of the protocol of the present invention in terms of WTD (Worker Stroke Distance) by changing MAR; wherein Figure 6(a) represents a linear decreasing function of the travel time for the data set used by Gowalla, the worker acceptance rate, 6(b) represents that the data set used is Gowalla, the worker acceptance rate obeys the Zipf distribution, Figure 6(c) represents that the data set used is Yelp, the worker acceptance rate is a linear decreasing function of the travel time, and Figure 6(d) represents the Using the data set for Yelp, the worker acceptance rate is subject to the Zipf distribution.

Figure 7 is a schematic diagram showing the efficiency of the protocol of the present invention in WTD (Worker Stroke Distance) by changing α; wherein Figure 7(a) represents a linear decreasing function of the travel time of the data set used by Gowalla, the worker acceptance rate, 7(b) represents that the data set used is Gowalla, the worker acceptance rate obeys the Zipf distribution, and Figure 7(c) represents that the data set used is Yelp, the worker acceptance rate is a linear decreasing function of the travel time, and Figure 7(d) represents the Using the data set for Yelp, the worker acceptance rate is subject to the Zipf distribution.

Figure 8 is a schematic diagram showing the efficiency of the protocol of the present invention in WTD (Worker Stroke Distance) by changing ε; wherein Figure 8(a) represents a linear decreasing function of the travel time of the data set used by Gowalla, the worker acceptance rate, 8(b) represents that the data set used is Gowalla, the worker acceptance rate obeys the Zipf distribution, and Figure 8(c) represents that the data set used is Yelp, the worker acceptance rate is a linear decreasing function of the travel time, and Figure 8(d) represents the Using the data set for Yelp, the worker acceptance rate is subject to the Zipf distribution.

Figure 9 is a schematic diagram showing the efficiency of the protocol of the present invention in terms of NNW (number of notifications) by changing the MAR; wherein, Figure 9(a) represents the linear decreasing function of the travel time for the data set used by Gowalla, Figure 9(a), Figure 9 (b) The representative data set is Gowalla, the worker acceptance rate obeys the Zipf distribution, Figure 9(c) represents that the data set used is Yelp, the worker acceptance rate is a linear decreasing function of the travel time, and Figure 9(d) represents the data set used. Yelp, the worker acceptance rate is subject to the Zipf distribution.

Figure 10 is a schematic diagram showing the efficiency of the protocol of the present invention in terms of NNW (notification of the number of people) by changing α; wherein, Figure 10(a) represents a linear decreasing function of the travel time for the data set used by Gowalla, Figure 10(a), Figure 10 (b) represents the data set used for Gowalla, the worker acceptance rate obeys the Zipf distribution, Figure 10(c) represents that the data set used is Yelp, the worker acceptance rate is a linear decreasing function of the travel time, and Figure 10(d) represents the used The data set is Yelp and the worker acceptance rate is subject to the Zipf distribution.

Figure 11 is a schematic diagram showing the efficiency of the protocol of the present invention in terms of NNW (notification of number of people) by changing ε; wherein, Figure 11(a) represents a linear decreasing function of the travel time for the data set used by Gowalla, Figure 11 (a), Figure 11 (b) represents the data set used for Gowalla, the worker acceptance rate obeys the Zipf distribution, Figure 11(c) represents the data set used for Yelp, the worker acceptance rate is a linear decreasing function of travel time, and Figure 11(d) represents the used The data set is Yelp and the worker acceptance rate is subject to the Zipf distribution.

Detailed ways

The invention will now be described in further detail with reference to the drawings. These drawings are simplified schematic diagrams, and only the basic structure of the present invention is illustrated in a schematic manner, and thus only the configurations related to the present invention are shown.

First, the system model and problem definition

Figure 1 depicts the system model for space crowdsourcing. For non-private space crowdsourcing (see Figure 1(a)), there are three components, the SC server (SC-server), the workers holding the mobile device and the task requester. The SC server is responsible for assigning the appropriate staff to the space tasks created by the task requester. Workers need to report their private information (such as location location and speed velocity) to the SC server through their mobile device. Based on this framework, we give the following definitions.

Definition 1 (space task) The space task s is the task to be executed at position l _s and associated with the expiration date e _s .

Definition 2 (worker) worker w is the person who is willing to perform a space mission. Each worker is associated with an ID id _w specified by the SC server, a speed v _w and its current location l _w .

With space crowdsourcing, the task requester creates a spatial task s and specifies its location l _s and expiration date e _s . To perform this task, the worker must reach the position of the deadline l _s e _s. Upon receiving a spatial task, the SC server assigns it to the appropriate worker based on some predefined policy. In the present invention, we assume that the SC server preferentially selects workers who may arrive at the first _s . We also assume that each worker accepts the assigned task with a certain probability, expressed as an acceptance rate (AR). Assuming each worker's AR is 100%, we first define a simple task assignment problem as follows:

Definition 3 (task assignment problem) Let W = {w ₁ , w ₂ , ..., w _n } be a collection of n workers. Given a space task s, the task assignment problem P _TA (W, s) assigns the task s to the worker w _i* such that:

1, w _{i *} l _s can be reached before the deadline e _s;

2. No other worker can reach l _s before w _i* .

In definition 3, the first requirement means t _c +d(l _i* , l _s )/v _i* ≤ e _s , where t _c is the current time, l _i* is the current position of w _i* , v _i* is the speed of w _i* , and d(l _i* , l _s ) is the Euclidean distance between the positions l _i* and l _s . The second requirement means that there is no w _j such that d(l _j* , l _s )/v _j <d(l _i* , l _s )/v _i* . For the sake of future discussion, we call the winner of this problem w _i* and i* as its ID. Note that such a winner does not exist when all workers cannot reach l _s before the deadline. In this case, the SC server notifies the task requester that there is no competent person.

However, in practice, workers do not necessarily accept the tasks assigned to them. In order to ensure that the task is accepted with high probability, multiple workers can be required to perform tasks. Assume that the AR of the worker w _i is a _i . Use η(W,s) to indicate the probability that at least one worker in W accepts the task s. Obviously,

Therefore, we define another problem assigned by the following task:

Definition 4 (with a task assignment problem with acceptance guarantee) Let W = {w ₁ , w ₂ , ..., w _n } be a collection of n workers. Given a space task s, the task assignment problem with acceptance assurance P _TAG (W, s) assigns the task s to a group of workers W ^* (called the winner set), such that:

1, each worker w _{i ^*} ∈W _* l _s position can be reached before the deadline e _s;

2, no other workers w _j ∈W \ W ^* may be any worker l _s _i ∈W before reaching the position w _{^* *;}

3, η(W ^* , s) ≥ α, where α is the expected probability that at least one worker in W ^* accepts the task s.

Opponent model. Figure 1(b) is a system model of privacy protection space crowdsourcing. It introduces a new cryptographic service provider (CSP, Crypto Service Provider), and key services such as SC server and worker key generation. For the opponent model, we assume that all parties are semi-honest. That is to say, they fully follow a prescribed agreement, but may learn as much as possible from the privacy input of other parties when the agreement is executed according to the attempts they see. In particular, the SC server is interested in the location and speed of each worker and the ID of each winner. The CSP is also interested in this and the location of the task. And each worker is willing to know the location and speed of other staff, the ID of each winner, and the location of the mission. As a special worker, each winner has the right to know his ID and the location of the task, but he also wants to know the location and speed of other staff, as well as the IDs of other winners. Based on the opponent model, we have the following definitions:

Definition 5 (Privacy Protection Task Assignment Question) Let W = {w ₁ , w ₂ , ..., w _n } be a collection of n workers. Given a spatial task s, the privacy protection task assignment problem P _PTA (W, s) is to find the winner w _{i* of} P _TA (W, s) as follows:

1, for each worker w _i ∈ W, its position l _i and speed v _i information can not be obtained by the SC server, CSP and any other workers w _j ∈ W, w _j <> w _j ;

2. The task location information l _s cannot be obtained by the CSP and all workers except w _i* ;

3. Except for w _i* , SC server, CSP and all other workers cannot obtain the ID information of w _i* .

Although its non-private version (ie P _TA) is very simple, but very challenging P _PTA at the same time trying to protect the privacy of workers and tasks privacy. In particular, the winner is determined not only by the position of the worker, but also by its speed, both of which should be kept secret during the calculation process. At first glance, this requirement means that we need to divide the ciphertext. However, effective homomorphic splitting is still an open question. In addition, the task location l _s needs to be kept secret for all workers except the winner, which makes the calculation of d(l _i , l _s ) more difficult than through plaintext. Note that the winner must know the task location l _s because it needs to reach that location to perform the task, so the person is not considered a privacy leak. The last requirement of P _PTA indicates that the SC server is not allowed to know the identity of the winner. If the SC server knows who the winner is, it may be based on some background knowledge (such as task location and due date) to infer the approximate location of the winner. Obviously, SC P _TA server to determine the winner. However, in P _PTA , the SC server is not allowed to know who is the winner. This contradiction is another problem with P _PTA .

Similarly, we define the issue of privacy-protected task assignments with acceptance guarantees as follows:

Definition 6 (with privacy protection task assignment problem with acceptance guarantee) Let W = {w ₁ , w ₂ , ..., w _n } be a collection of n workers. Given a space task s, with a guaranteed privacy protection task assignment problem P _PTAG (W, s) is to find the winner set W ^{* of} P _TAG (W, s) as follows:

2. The task location information l _s cannot be obtained by all workers except the CSP and the winner other than W ^* ;

As shown in FIG. 2, a privacy distribution space crowdsourcing task distribution system model includes a space crowdsourcing server (SC server), a cryptographic service providing unit (CSP), a space task requesting unit, and a worker mobile terminal;

The space crowdsourcing server assigns a task to the worker mobile terminal;

As shown in FIG. 2, the method for implementing the task allocation system model of the privacy protection space crowdsourcing of the present invention comprises the following steps:

1) The spatial task requester creates and publishes a spatial task. The space task s refers to the task to be executed at the position l _s and associated with the expiration date e _s .

2) The space task is released to the SC server. The SC server passes the task assignment algorithm according to the worker set W={w ₁ , w ₂ , . . . , w _n } and the position l _{s of the} task _s and the expiration date e _s (the task assignment algorithm is as follows) 4. The privacy protection task assignment The algorithm of the protocol 1") assigns the task to the worker w _i* . W _{i *} worker must satisfy two conditions: first, w _{i *} l _s can be reached before the deadline e _s; second, no other workers l _s can be reached before w _{i *.}

3) The Cryptographic Service Provider (CSP) provides privacy protection functions that provide key services to SC servers and workers. The privacy protection function encrypts the transmitted data and allows the SC server to perform addition, multiplication, and the like on the encrypted data to ensure that the SC server, the CSP, and all other workers are in addition to the selected worker w _i* in the communication process. Unable to get the ID information of w _i* .

Second, the definition of privacy standards

The present invention uses the ideal paradigm to define the security of the protocol. Intuitively, in the process of protocol implementation, if each party involved does not receive more information than it has access to, the agreement is secure or privacy-protected. This can be defined by the ideal paradigm as follows: For all opponents, there is a probability-based polynomial time simulator that makes the viewpoints of the opponents in the real world and the viewpoints of the simulators in the ideal world computationally indistinguishable.

Let P _-1 be CSP, P ₀ be SC server, P ₁ ,..., P _n be n workers. Let view _i , x _i and K _i (-1 ≤ _i ≤ n) be the views of P _i , their privacy input and additional information that can be obtained during the execution of protocol P. The standard definition of the privacy requirements of Protocol P is as follows:

Definition 7 If there is a probability-based polynomial time simulator S _i , such that:

Since protocol P does not leak more information than the final output of P _i , we believe that protocol P is completely privately protected against P _i . Where for all possible inputs (x _-1 , x ₀ ,...,x _n ),

≡ indicates that it is not possible to distinguish between calculations. in case

P believes that there is agreement on privacy leak K _i P _i, because it does not leak and the final output more information than the K _i for P _i.

Obviously, full privacy protection is a very strong privacy guarantee. However, such a strong guarantee is sometimes difficult to achieve through an effective protocol. In fact, as long as the privacy is not broken, the disclosure of the additional knowledge K _i can be allowed during the execution of the protocol P. That is to say, even based on the knowledge K _i , the probability that an opponent can obtain privacy input from either party is negligible.

Third, the password building block

To solve the P _PTA and P _PTAG problems defined above, the present invention employs several encryption tools: a pseudo-random function, a Paillier cryptosystem and an ElGamal cryptosystem, which are briefly described below.

The pseudo-random function (PRF) observes the result in a black box manner, and the random characteristics cannot be distinguished from the real random function. In general, the PRF is represented by f _k , which belongs to the PRF function family F _λ ={f _k :{0,1} ^λ →{0,1} ^λ }k∈{0,1} ^λ , indexed by k. Our work assumes that a keyed one-way hash function (such as HMAC) can be modeled as a pseudo-random function. Therefore, the f _k function can be implemented by typing a hash function with k and applying it to x.

Paillier is a public key cryptosystem whose security is based on the assumption that it is related to the decomposition hardness (whether it is equivalent or not). It consists of the following three algorithms:

– Key generation: Select two different random large prime numbers p and q and calculate N=pq. Select the element g∈Z ^* _N ² . The public key pk is (N, g), and the private key sk is (p, q).

– Encrypt E: Let m be a message in Z _N . It is encrypted by selecting a random number in Z ^* _N and is calculated

c=E(m)=g ^m r ^N mod N, (1)

Where N and g are obtained from the public key pk, and c is the ciphertext of m.

– Decrypt D: The ciphertext c is decrypted by the following calculation:

Where λ=lcm(p-1, q-1) can be calculated by the private key sk.

One of the most important features of the Paillier cryptosystem is the homomorphic addition. Specifically, multiplying the ciphertext of m _{1 and} the ciphertext of m ₂ yields a ciphertext of m ₁ + m ₂ ; the k-th power of the ciphertext of m, that is, the ciphertext of km. which is:

E(m ₁ )E(m ₂ )=E(m ₁ +m ₂ ), (3)

E(m) ^k =E(km). (4)

In addition, Paillier is semantically secure, meaning that an attacker cannot obtain any information about the plaintext from the ciphertext. At the same time, it is also a probabilistic encryption scheme, which means that different ciphertexts are generated when the same message is encrypted multiple times. It can be clearly seen from equation (1) that the random number r participates in the encryption process.

ElGamal is a public key cryptosystem whose security is based on the intractability of the discrete logarithm problem. It consists of several public domain parameters and three algorithms that can be shared by multiple users:

– domain parameters. Let p be a large prime number and q be a medium prime number such that q|p–1. Let g=r ^(p–1/q) mod p<>1, where r∈F _p ^* . These public parameters use the public finite Abelian group G that creates the prime order q with the generation parameter g.

– Key generation. Select an integer x such that 0 ≤ x ≤ q - 1 and calculate h = g ^x mod p. The public key pk is h and the key sk is x.

– Encrypt E’. Let m be the message in G. Encrypt by selecting the random number r, where 0 ≤ r ≤ q – 1, and calculate:

c ₁ =g ^r ,c ₂ =mh ^r . (5)

The ciphertext c of m is E'(m)=(c ₁ , c ₂ ).

– Decrypt D’. The ciphertext c is decrypted by the following calculation:

m=D'(c)=c ₂ (c ₁ ^x ) ^-1 (6)

ElGamal is also a probabilistic encryption scheme because each message is encrypted by a different random number r, as shown in equation (5). An interesting property of the ElGamal cryptosystem is homomorphic multiplication. Specifically, multiplying the ciphertext of m _{1 and} the ciphertext of m ₂ to obtain a ciphertext of m ₁ m ₂ , namely:

E'(m ₁ )E'(m ₂ )=E'(m ₁ m ₂ ), (7)

Switched encryption satisfies two encryption-independent attributes. ElGamal can be extended to support switched encryption. In particular, the two new algorithms are defined as follows:

– secondary encryption

With the public key h _a given ciphertext encrypted _{E 'ha (m) = (} g ra, mh a ra), which can be selected by the random number r _b, where 0≤r _b ≤q-1, and c ₁ is calculated =g ^ra , c ₂ =g ^rb and c ₃ =mh _a ^ra h _b ^rb , where h _b is the public key for secondary encryption. The ciphertext of E' _ha (m) is

– secondary decryption

The ciphertext (c1, c2, c3) can be decrypted by using the private keys x _a and x _b in _a different order, and the decryption result is the same. If we use the private key x _a first, we have

It can be decrypted again by x _b to obtain m. It's easy to verify that if x _{b is} used first and then x _{a is used} , the decryption result is the same.

Fourth, privacy protection task assignment agreement

According to Definition 5, our goal is to find the winner of the _PTA without revealing the location information of the worker. While some existing privacy protection tools, such as k-anonymity and differential privacy, can be used to protect personal privacy, they usually assume that trusted third parties have access to the entire raw data (such as the location information of all workers), which is in practice difficult to realize. In addition, they are lower utilization data at the expense of the protection of personal privacy, which means that P _TA may not find the winner based on their accurate. Therefore, we decided to use the encryption tool to accurately solve the P _PTA problem. To prevent privacy breaches, each worker's dead data is encrypted before being sent to the SC server. From definition 3, the key to the P _PTA problem is to determine which worker first arrives at position l _s . In order to solve this problem, we need to compare the travel time of two workers w _i and w _j , that is, calculate the following inequality:

Obviously, the calculation involves several basic operations: addition and multiplication (for distance calculation), division and comparison. It should be noted that these operations should be performed in ciphertext because, for example, for privacy protection, l _i and v _i are now encrypted. In theory, we can design a scheme based on Complete Homomorphic Encryption (FHE) to achieve the above calculations, but this will result in high computational cost, making the method have limited practical significance. Therefore, we consider using a partially homomorphic encryption scheme. Although they are more efficient than FHE, they do not support all the operations required to calculate inequality (8). We will show how to solve this problem in the next section.

4.1 Protocol Overview

Algorithm 1 Privacy Protection Task Assignment Protocol

Input: a collection of n workers, each worker w _{i has} an ID of i, the location information is l _i , the speed information is v _i ; a spatial task s (created by the task requester), the task position is l _s , the due date For e _s ; an SC server and a CSP.

Output: Winner w ^* gets the task position l _s .

1: Phase 0 - Key Generation

2: The CSP generates a Paillier key pair (pk, sk) and an ElGamal key pair (pk', sk'). The SC server and all workers get the public keys pk and pk'. The private key sk and sk' information is only known by the CSP.

3: The CSP generates another set of ElGamal domain parameters and exposes them. Based on these parameters, the CSP generates a public key pk'' again but keeps it secret. Each worker w _i also generates a key pair (pki", ski") and keeps it secret.

4: Phase 1 - Privacy Protection Distance Calculation

5: SC server uses public key pk encryption

x _s and y _s and send the results to all workers.

6: for each worker w _i (1 ≤ _i ≤ n) do

7:w _i uses pk encryption

To get

8: w _i calculation

9:end for

10: Stage 2 - Privacy Protection Travel Time Calculation

11: for each worker w _i (1 ≤ _i ≤ n) do

12: w _i using pk 'and v _i encrypted E' (v _i) is sent to the SC server.

13:end for

14: SC server calculation

And sent to the CSP.

15: The CSP decrypts E'(V) and sends it back to the SC server.

16: The SC server broadcasts V to all workers.

17: for each worker w _i (1 ≤ _i ≤ n) do

18: w _i calculation

And send E(t' _i ² ) to the SC server.

19:end for

20: Stage 3 - Privacy Protection Winner Calculation

21: The SC server sends f _k (i) to worker w _i , where f _k is a PRF.

22: SC server will

Where 1 ≤ i ≤ n.

23: CSP decryption

And calculate

Where 1 ≤ i ≤ n.

24: CSP calculates the winner with the least travel time

, its travel time is

25: The CSP encrypts f _k (i ^* ) using k' and sends E' _C (f _k (i ^* )) to the SC server.

26: Stage 4 - Privacy Protection Winner Statement

27: by calculation

, the SC server will encrypt l _s and

Broadcast to all workers. Where h is the length matching hash function

28: for each worker w _i (1 ≤ _i ≤ n) do

29:w _i encrypts f _k (i) with pk′′ _i and

Send to CSP.

30: CSP uses pk′′ _i will

Encrypt and send

To w _i .

31: w _i using the private key sk _"i decrypting

To get E' _C (f _k (i)).

32:w _i try to calculate

Decrypt

33:end for

Figure 3 shows an overview of the privacy protection task assignment protocol. Based on the above discussion, we use two partial homomorphic encryption schemes, Paillier and ElGamal, to construct our solution, which consists of the five phases depicted in Figure 3. In phase 0, according to security requirements, the CSP generates the domain parameters of ElGamal and the key pairs of Paillier and ElGamal. It keeps the private key secret and sends the public key to the SC server and all workers. Task requester creates space task trigger stage At the beginning of segment 1, during this phase, the SC server and all workers run the privacy protection distance calculation protocol based on the encrypted location information and output the encrypted distance information. In the second phase, each worker's speed is encrypted and sent to the SC server in collaboration with the CSP to calculate the travel time of each worker. Based on the encrypted travel time obtained in the second stage, the SC server calculates the winner by means of CSP in the third stage, but the result is still in encrypted form. In phase 4, the location information of the encrypted task is broadcast to all workers, but only the winner can retrieve the location of the task. After that, the winner arrives at the designated location to perform the corresponding task.

4.2 Detailed construction

Algorithm 1 is a concrete implementation of a privacy protection task assignment protocol. We explain in detail as follows.

Phase 1. Since the key code of the Paillier and ElGamal cryptosystems required for phase 0 has been introduced in "Three, Password Building Blocks", we will introduce the detailed construction of the protocol from the first stage. After the SC server encrypts the task location ls=(x _s , y _s ) with the Paillier public key, it sends three ciphertexts to all workers: E(x _s ² +y _s ² ), E(x _s ) and E(y _s ). After receiving the encrypted information from the SC server, each worker w _i calculates the square of the distance between l _s and its current location l _i and encrypts it, namely:

Its correctness is easily verified according to equations (3) and (4). Note that we can also ask all staff to send encrypted locations (in the form of E(x _i ² +y _i ² ), E(x _i ) and E(y _i )) to the SC server and ask the SC server to calculate E ( d ² (l _i , l _s )). Although this process is similar to what we did in the non-privacy case, it will bring more computing costs to the SC server. In other words, our current design has the advantage of sharing the cost of calculation for all workers.

Phase 2. As mentioned earlier, the privacy protection travel time calculation requires division of the ciphertext. However, the efficient implementation of homomorphic splitting remains an open question. Therefore, our goal is not to design an effective homomorphic splitting scheme, but to technically exclude division operations in the calculation of travel time. To do this, we use an interesting attribute to compare the travel time, which means that the exact travel time calculation is unnecessary. This property is guaranteed by the following lemma:

Lemma 1 makes W = {w ₁ , w ₂ , ..., w _n } is a collection of n workers, and V is the product of the speed of all workers, ie

And v _k '=V/v _k , where 1≤k≤n. For any two workers w _i , w _j ∈W, if and only if d(l _i ,l _s )v _i '<d(l _j ,l _s )v _j ', there is d(l _i ,l _s ) /v _i <d(l _j ,l _s )/v _j .

Based on this lemma, we calculate the virtual travel time t _i '=d(l _i ,l _s )v _i ' for each worker, which is equivalent to the exact

The travel time t _i =d(l _i ,l _s )/v _i , ie the worker with the shortest virtual travel time must have the shortest exact travel time. Specifically, each worker encrypts its speed through the ElGamal cryptosystem and sends E'(v _i ) to the SC server. The SC server can obtain E'(V) by multiplying all the encrypted speeds. The SC server then asks the CSP to decrypt E'(V) and send V to all workers. By dividing V by its velocity v _i , each worker w _i can get the value of v _i ' and calculate E(d ² (l _i , l _s )) ^vi'2 =E(d ² (l _i ,l _s ) v _i ' ² )=E(t _i ' ² ). The encrypted virtual travel time is sent to the SC server for further processing. Please note that the CSP and all staff in the above process know the exact value of V. However, this does not violate the personal privacy of any worker, as will be demonstrated in the next section.

Phase 3. Now, the SC server has a list of 2-tuple <i, E(t _i ' ² )>, where i is the ID of the person w _i , 1 ≤ i ≤ n. In order to protect the identity of the worker, especially the winner, it encrypts each worker's ID by a PRF f _k function and sends <f _k (i), E(t _fk(i) ' ² )> to the CSP to find Which worker has the shortest travel time and whether he can reach the mission location before the deadline e _s . Since the CSP has Paillier's private key, it is possible to obtain t _i ' ² by decrypting E(t _i ' ² ) and calculate the actual travel time.

Then, the CSP can easily find the worker with the shortest travel time and determine if it can meet the deadline limit. If not, the CSP notifies the SC server that there is no winner. Otherwise, it uses ElGamal to encrypt the winner's ID f _k (i ^* ) and sends E' _C (f _k (i ^* )) to the SC server. Encryption here is necessary because the SC server can infer who is the winner after getting f _k (i ^* ). On the other hand, due to the pseudo-randomness of the PRF, the winner's privacy is still protected.

Phase 4. Upon receiving E' _C (f _k (i ^* )), the SC server encrypts the task location l _s and broadcasts to all workers

(l _s ). Specifically, _ls is encrypted in the following manner:

Where h is a length matching hash function for mapping a longer bit string to a shorter bit string. A method of constructing semantically secure h is to truncate a longer bit string into a plurality of fixed-length shorter bit strings, and perform an exclusive-OR calculation on these shorter bit strings and output. Obviously, only workers who get E' _C (f _k (i ^* )) information can pass the calculation.

Get the task location information. The following process ensures that only the winner can get E' _C (f _k (i ^* )) information.

First, each worker w _i obtains the encrypted ID f _k (i) from the SC server and encrypts it with ElGamal using its own public key, and then sends the encrypted information E' _wi (f _k (i)) to CSP. After receiving the information, the CSP encrypts it again via ElGamal using its public key and the same random number r used to encrypt E' _C (f _k (i ^* )). CSP will then result

Sent to each worker who can be decrypted by his private key to obtain E' _C (f _k (i)). Obviously, only the winner w _fk(i*) can get E' _C (f _k (i ^* )). It should be noted that the public key used here should be kept confidential to protect privacy.

Remarks. When calculating E'(V), the appropriate key length should be set to avoid overflow of all workers' speed products. For example, we used a 2048-bit key to process 1,000 workers in the experiment. If the number of workers is large, the likely method is to use the least common multiple (LCM) instead of multiplication. However, privacy-protected LCM calculations (that is, calculating the least common multiple of multiple encrypted numbers) is a very challenging problem, and we use it as one of our future research directions.

4.3 Performance Analysis

Calculate the cost. Table 1 summarizes the computational cost of our protocol. We assume that all workers can perform calculations (such as encryption and decryption) in parallel, and can interact with the SC server and CSP in parallel, so we only need to consider the computational cost of a user. In addition, we ignore low-cost operations such as large integer multiplication and bit-wise XOR operations. The detailed analysis is as follows. In Algorithm 1, the SC server performs three Paillier encryptions (line 5), and the worker w _i performs a Paillier encryption and two modular exponentiation operations (lines 7, 8) for privacy calculation of the travel distance. In the second phase, the worker performs an ElGamal encryption to protect its speed (line 12). The product of the encrypted speed is decrypted by the CSP (line 15) to achieve the calculation of the subsequent travel time. This requires the worker w _{i to} perform a modular exponentiation (line 18). In phase 3, the SC server uses n PRF functions to protect the worker's ID (line 21), the CSP performs n times of ElGamal decryption (line 23) and an ElGamal encryption (line 25) to find the winner and protect it. ID. In the fourth stage, in order to exchange the decryption key, the worker w _i will perform one ElGamal encryption (line 29) and one ElGamal secondary decryption (line 31), and the CSP will perform n times of ElGamal secondary encryption (line 30). ).

The calculation cost of the protocol presented in Table 1. E, D, E', D',

e, PRF denotes Paillier encryption, Paillier decryption, ElGamal encryption, ElGamal decryption, ElGamal secondary encryption, ElGamal secondary decryption, modular power and pseudo-random function, respectively.

Table 2 shows the communication overhead of the proposed protocol. L and L' are the key lengths of the Paillier and ElGamal encryption systems, respectively.

Communication overhead. Table 2 summarizes the communication overhead of our protocol. Since the size of the ciphertext is usually larger than the plaintext size, we only consider the ciphertext sent and received by each party. It should be noted that the ciphertext lengths of ElGamal encryption and secondary encryption are twice and three times the length of the key, respectively. We have omitted the detailed analysis. Please refer to Table 2 for the analysis results.

4.4 Security Analysis

The following analysis analyzes the security of the proposed protocol.

Theorem 1 Our task assignment protocol (Algorithm 1) has K ₀ =V, K _-1 ={V,t _fk(1) ,...,t _fk(n) } and K for the SC server, CSP and all workers respectively. _i = V (1 ≤ i ≤ n) leaked privacy protection.

Proof: We first prove that there is a polynomial time probability simulator S _{0 that} can simulate the SC server's view under K ₀ =V. Suppose the perspective of the SC server is view ₀ = {E'(v ₁ ),..., E'(v _n ), E(t' ₁ ² ),...,E(t' _n ² ), E' _C (f _k (i ^* )), V}, S ₀ generates a view ₀ '={E'(x ₁ ),..., E'(x _n ), E(y ₁ ),..., E(y _n ), E'(x _n+1 ), V}, where x _i (1≤i≤n+1) is a random element subject to uniform distribution in G, y _i (1≤i≤n) is Z _N obeys evenly distributed random elements. Since both Paillier and ElGamal are semantically secure, we can easily prove view ₀ ≡view ₀ '.

Then, we prove that the probability simulator S _{i with} a polynomial time can simulate the view of the worker w _i under the condition of K _i =V. If w _i is not the winner, then

When simulating it, S _{i is} generated

Where x _i (i = 1, 2, 3) is a random element subject to uniform distribution in Z _N , y is randomly sampled from G, and k is a random element uniformly distributed over {0, 1} ^λ . For the winner

, its perspective

and so

generate

for

. In both cases, we can get view _i ≡view _i ' based on the semantic security of Paillier and ElGamal and the pseudo-randomness of PRF.

Finally, we prove that there is a polynomial time probability simulator S _-1 can be

Simulate the view of the CSP under the conditions. In the agreement, the perspective of CSP is

When simulating it, S _-1 generates view _-1 '={E'(x ₁ ),...,E'(x _n )}∪K _-1 , where x _i (1≤i≤n) is G obeys evenly distributed random elements. Because of the semantic security of ElGamal, view _-1 ≡view _-1 'is clearly established.

The above theorem proves that our protocol is K leak safe. Before explaining the impact of Leakage K on personal privacy, we give the following lemma.

Lemma 2 continuous product

By a random integer ranging from 1 to d (d>n)

generate. When d→∞, right

equation

The number of solutions is at least n! The probability is 1.

prove:

The probability that each element is not equal is

sequence

Any arrangement is a legal solution. Therefore, the equation

At least n! The probability of a solution is η(d,n), and we have lim _d→∞ η(d,n)=1.

The lemma 3 product π and the positive rational number set {b ₁ ,...,b _n } are random positive integers ranging from 1 to d (d>n)

Generated and satisfies the following equation:

Where (σ(1),···, σ(n)) is the full permutation of (1,...,n), then when d→∞, the equation has at least n! The probability of a solution is 1.

Proof: The proof process is similar to the proof of Lemma 2. When d→∞,

The probability of unequal unequal is 1, and the sequence

Any arrangement of the ones produces a different solution.

Lemma 4 selects the random number a from 1, ..., d, and when d → ,, the probability that a is a prime number is 1/log d.

This lemma can be obtained directly from the prime number theorem [24], which states that when d→∞, the number of prime numbers before the number d converges to d/log d.

Remarks. By Lemma 4, it can be seen that the probability that x _i is prime or is 1 can be approximated as (1/log d+1/d). Therefore, the probability that all x _i have at least two prime factors is

(1–1/log d–1/d) ⁿ (11)

This value converges to 1 when d→∞. This means that as long as d is chosen to be large enough, the probability that the product π has at least 2n prime factors is one. In practice, the equation

The number of solutions is much larger than the stated n! .

Theorem 2 is based on the information K _i (-1 ≤ _i ≤ n), and the probability that the intruder P _i can obtain private information of either party during the execution of the task assignment protocol (Algorithm 1) is negligible.

Proof: First consider the case of P ₀ , SC server, which has the information K ₀ =V. SC server can build equations

Suppose _{_{1≤v i ≤d, η (v i}} ) is the probability P ₀ can obtain the v _{_{_i, η (v i | K 0}} ) is the probability P ₀ v _i can be acquired in the case of K _0. By Lemma 2, we have

In general, this is obviously negligible.

The proof of P _i is similar to P ₀ , and we now consider the case of P _-1 (ie CSP). because

Then CSP can construct a nonlinear system with n+1 equations:

By Lemma 3, we also have

In general, this is negligible. Moreover, even if the CSP obtains the exact value of d(l _s , l _i ), the probability that it cannot acquire l _s and l _i information is much higher than the random guess. The certificate is completed.

Remarks. It should be noted that Theorem 2 indicates that the privacy protection task assignment protocol is generally safe. In some extreme cases, for example, V=1, an intruder can immediately know that each worker has a speed of one. But as the number of workers increases, the likelihood of this happening will drop dramatically.

V. Performance evaluation

5.1 experiment settings

We evaluate the performance of our protocol (Algorithm 1) based on two types of metrics: efficiency related and effectiveness related. The former includes run time and communication overhead, worker travel distance (WTD), worker travel time (WTT), and number of notifications (NNW). Often, workers tend to have shorter WTDs, as do task requesters, because if workers have the same speed, tasks can be executed earlier. However, if the speed of the workers is different, then the WTD will not necessarily be better. In this case, both the staff and the task requester are more inclined to have a short WTT. NNW should be kept at a low level to reduce computing costs and communication overhead.

For the effectiveness evaluation, we take To[To, H., Ghinita, G. and Shahabi, C.: A framework for protecting worker location privacy in spatial crowdsourcing. PVLDB, 7 (10), 919-930 (2014)] The human method is the benchmark. Since their method did not take into account the effects of speed, the speed of each worker was set to 1 in the experiment. In this case, WTT is equal to WTD. In addition, the deadline for each task is set to a large value so that all workers can arrive before the deadline. Since our agreement does not consider worker acceptance and always returns a worker (ie NNW is always equal to 1), we randomly generate 1000 tasks and report the average result.

For efficiency evaluation, we note that differential privacy is significantly less expensive than public key cryptosystems, but it does not protect data during the calculation process (for example, allowing trusted third parties to view the location of all workers). Therefore, it is pointless to compare our protocol (based on public key cryptosystem) with the method of To et al. (based on differential privacy) in terms of runtime. Therefore, we only pay attention to the efficiency of our agreement and test whether its overhead can be accepted in practice. We run our agreement 10 times and report their average results.

We used two real-world datasets, Gowalla and Yelp to evaluate performance. Gowalla contains the login history of users in a location-based social network. We chose a region of California with a latitude of 33.720183 to 34.149932 and a longitude of -118.399999 to -117.900516. There are 5,830 user logins in this area, and these users are considered to be workers in the space crowdsourcing system. We take the location where the user is logged in as their current location, and assume that a space task can be created anywhere that has a login record. For Yelp, we chose a region of Phoenix with a latitude from 33.205308 to 33.924407 and a longitude from -112.400283 to -111.218100. The region has approximately 67,000 users and 11,200 companies. A company location is considered a task, and the user's location is randomly selected from the companies it has viewed.

We set the number of workers #W∈{100,400,700,1000}, the maximum acceptance rate is MAR∈{0.4,0.6,0.8,1}, and the expected task acceptance probability is α∈{0.7,0.8,0.9,0.99}. Since the performance benchmark relies on differential privacy based on the privacy budget ε, we also set ε∈{0.1,0.4,0.7,1.0}. For the safety parameters of Paillier and ElGamal, we refer to the NIST Recommendation (2016) and set the key length KL∈{1024,2048}, where the key length of 1024 is suitable for the current application and will be in the next 15 years (2016) -2030) It is recommended to use a key with a length of 2048. The default value for each parameter is shown in bold.

In our experiments, the SC server and CSP were running on machines with four Intel Xeon E7-8860 2.2GHz CPUs (16 cores per CPU) and 1TB of RAM. Each worker was simulated by a Mi 2 phone with an APQ 8064 1.5 GHz CPU and 2 GB RAM. We implemented our agreement using the Bouncy Castle Crypto package. The code is written in Java and executed in JDK 1.8. As can be seen from Table 1, the performance bottleneck of our protocol is a series of Paillier decryption processes. Fortunately, these expensive operations are easy to calculate in parallel because they are executed independently. In our experiments, we used 64 threads to perform these decryptions.

4.2 Experimental results

4.2.1 Efficiency

Figure 4(a) shows that the number of workers #W is increased from 100 to 1000, and the step size is 300 is the running time of the protocol. As expected, when the #W increases, the CPU time of the SC server and the CSP also increases linearly, because their computational cost mainly comes from the cryptographic operation proportional to the number of workers. On the other hand, despite the large number of workers, the computational cost of workers using medium-sized mobile phones is almost constant, for example about 0.1 second. Therefore, our agreement has good scalability in practice. In terms of total uptime, our protocol requires less than 2 seconds to achieve a privacy protection task assignment of more than 1,000 workers. A similar performance trend can be seen in Figure 4(b), where the 2048-bit key used provides a more robust security guarantee (this key length is recommended for the next 15 years). Even in this case, the total running time of our agreement is still less than 7 seconds.

In Figure 5, we measured the communication overhead of the parties in the protocol. As can be seen from Figure 5(b), when task assignment is performed using a 2048-bit key, the SC server, CSP, and worker need to send or receive 2.7 MB, 2.1 MB, and 0.008 MB of data, respectively. We believe that these costs are not a burden on current mobile applications. By changing the number of workers from 100 to 1000, we observe the linear growth trend of SC server and CSP in Figure 5, because the transmitted data is mainly passwords, and the total traffic is proportional to the number of workers.

4.2.2 Effectiveness

Figures 6, 7 and 8 show the performance of our protocol in WTD (Worker Stroke Distance) by changing MAR, α and ε, respectively. In all charts, our protocol outperforms the benchmark in all combinations of datasets (Gowalla, Yelp) and acceptance rate functions (Linear, Zipf). Specifically, in Figure 6, we observe an increase in the difference between our protocol and the benchmark as the MAR declines. To explain this, we first noticed that the benchmark needs to access more grid cells to achieve the desired acceptance rate. Each unit usually contains some workers. Some of them may be far from the mission location, but they can accept the mission. However, our agreement always selects workers based on their travel time (or travel distance in this case). That's why when the MAR is small, our agreement is much better than the benchmark. Figure 8 shows that the benchmark has a larger WTD when stronger privacy protection is provided (e.g., ε = 0.1). However, even if only weak privacy protection is provided (eg, ε=1), our agreement is still superior to the benchmark.

We further evaluate the performance of our agreement on NNW (number of notifications) by changing MAR, α and ε, and report the results in Figures 9, 10 and 11, respectively. Again, our protocol outperforms benchmarks in all combinations of datasets (Gowalla, Yelp) and acceptance rate functions (Linear, Zipf). In most cases, the number of workers notified is no more than 5. In some extreme cases, for example, α = 0.99, our agreement selects fewer than 15 workers to perform the task. This explains why our protocol can be extended to P _PTAG with very low overhead. On the other hand, the benchmark needs to notify many workers because it works on the grid unit.

In view of the above-described embodiments of the present invention, various changes and modifications may be made by those skilled in the art without departing from the scope of the invention. The technical scope of the present invention is not limited to the contents of the specification, and the technical scope thereof must be determined according to the scope of the claims.

Claims

A task distribution system model for privacy protection space crowdsourcing, comprising: a space crowdsourcing server, an encryption service providing unit, a space task requesting unit, and a worker mobile terminal;

The spatial task requesting unit is configured to create a spatial task, and transmit task information to the spatial crowdsourcing server;

The space crowdsourcing server assigns a task to the worker mobile terminal;

The encryption service providing unit provides privacy protection task assignment management to the spatial task request unit, the space crowdsourcing server, and the worker mobile terminal.
The system model according to claim 1, wherein said spatial task s refers to a task to be executed at position l s and associated with an expiration date e s ; said worker w of said worker mobile is willing to execute space The person of the task, each worker is associated with an ID id w specified by the space crowdsourcing server, the speed v w and its current location l w ; the space crowdsourcing server according to the worker set W={w 1 ,w 2 ,...,w n } and the position l s of the space task s and the expiration date e s , the task is assigned to the worker w i* by the task assignment algorithm, and the worker w i* needs to satisfy two conditions: first, w i * l s can be reached before the deadline e s; second, no other workers l s can be reached before w i *.
The system model according to claim 2, wherein said encryption service providing unit provides a privacy protection function for providing a key service to the space crowdsourcing server and the worker mobile terminal, and the privacy protection function encrypts the transmission data by And the space crowdsourcing server can calculate the encrypted data to ensure that the space crowdsourcing server, the encryption service providing unit and all other workers cannot obtain the ID of the w i* except the selected worker w i* in the communication process. information.
The system model according to claim 1, wherein said encryption service providing unit employs a Paillier cryptosystem and an ElGamal cryptosystem, said cryptographic service providing unit generating a domain parameter of ElGamal and a key pair of Paillier and ElGamal, The private key is kept secret and the public key is sent to the space crowdsourcing server and all workers.
A method for implementing a system model according to any one of claims 1 to 4, comprising the steps of:

Step 1: The space task request unit creates and publishes a space task;

Step 2: The spatial task is released to the space crowdsourcing server, and the space crowdsourcing server assigns the task to the worker through the task allocation algorithm;

In step three, the encryption service providing unit provides a privacy protection function, which provides a key service to the space crowdsourcing server and the worker mobile terminal.
The method according to claim 5, wherein the task assignment algorithm described in step 2 specifically comprises the following phases:

In the first stage, the distance between the task position and the worker position is calculated: the space crowdsourcing server encrypts the task position ls=(x s , y s ) with the Paillier public key, and sends three ciphertexts to all workers: E(x s 2 +y s 2 ), E(x s ) and E(y s ), after receiving the encrypted information from the space crowdsourcing server, each worker w i calculates the square of the distance between l s and its current position l i and encrypts ,which is:

In the second stage, each worker travels time calculation: Let W={w 1 , w 2 ,..., w n } be the set of n workers, and V is the product of the speeds of all workers, ie
And v k '=V/v k , where 1 ≤ k ≤ n; for any two workers w i , w j ∈ W, if and only if d(l i , l s )v i '<d(l j , l s )v j ' is d(l i ,l s )/v i <d(l j ,l s )/v j ; for each worker, the virtual travel time t i '=d(l i , l s )v i ', which is equivalent to the exact travel time t i =d(l i ,l s )/v i , ie the worker with the shortest virtual travel time must have the shortest exact travel time;

In the third stage, the winning worker calculates: the space crowdsourcing server has a list of 2-tuple <i, E(t i ' 2 )>, where i is the ID of the person w i , 1 ≤ i ≤ n; Is the identity of the winner, which encrypts each worker's ID by a PRF f k function and sends <f k (i), E(t fk(i) ' 2 )> to the cryptographic service provider to find which worker The travel time is the shortest and whether it can reach the mission location before the deadline e s ;

The fourth stage, task location broadcast: Once E' C (f k (i * )) is received, the space crowdsourcing server encrypts the task location l s and broadcasts to all workers
Encrypt l s as follows:

Where h is a length matching hash function for mapping a longer bit string to a shorter bit string; a method of constructing h that proves to be semantically secure is to truncate a longer bit string into multiple Fixed-length shorter bit strings, and XOR calculations and outputs on these shorter bit strings; only workers who obtain E' C (f k (i * )) information can pass the calculation

Get the task location information.
The method of claim 6 wherein in the first phase, all workers are required to present space in the form of E(x i 2 +y i 2 ), E(x i ) and E(y i ) The crowdsourcing server sends the encrypted location and asks the space crowdsourcing server to calculate E(d 2 (l i , l s )).
The method of claim 6 wherein in the second phase, each worker encrypts its speed via an ElGamal cryptosystem and sends E'(v i ) to the space crowdsourcing server, the space The packet server obtains E'(V) by multiplying all encryption speeds; then, the space crowdsourcing server asks the encryption service providing unit to decrypt E'(V) and sends V to all workers' mobile terminals; by using its speed v i In addition to V, each worker w i obtains the value of v i ' and calculates E(d 2 (l i , l s )) vi'2 = E(d 2 (l i , l s )v i ' 2 )=E (t i ' 2 ); The encrypted virtual travel time is sent to the space crowdsourcing server for further processing; in the process, the encrypted service providing unit and all workers know the exact value of V, which does not violate the personal privacy of any worker.
The method according to claim 6, wherein in said third stage, since the encryption service providing unit has a private key of Paillier, it is possible to obtain t i ' 2 by decrypting E(t i ' 2 ) and calculate Actual travel time

Then, the cryptographic service providing unit can easily find the worker with the shortest travel time and judge whether it can meet the deadline limit; if not, the cryptographic service providing unit notifies the space crowdsourcing server that there is no winner, otherwise it wins with ElGamal encryption. The ID f k (i * ) and E' C (f k (i * )) are sent to the space crowdsourcing server.
The method of claim 6 wherein in the fourth phase, the following steps ensure that only the winner can obtain E' C (f k (i * )) information:

First, each worker w i obtains the encrypted ID f k (i) from the space crowdsourcing server and encrypts it with ElGamal using its own public key, and then encrypts the information E' wi (f k (i)) Sent to the encryption service providing unit, after receiving the information, the encryption service providing unit encrypts again through ElGamal using its public key and the same random number r for encrypting E' C (f k (i * )); the encryption service provides Unit will then result
Sent to each worker who can be decrypted by their private key to obtain E' C (f k (i)); the public key should be kept secret to protect privacy.