[go: up one dir, main page]

CN115391803A - Encrypted hybrid index tree generation and privacy protection space-time contact query method - Google Patents

Encrypted hybrid index tree generation and privacy protection space-time contact query method Download PDF

Info

Publication number
CN115391803A
CN115391803A CN202210999099.5A CN202210999099A CN115391803A CN 115391803 A CN115391803 A CN 115391803A CN 202210999099 A CN202210999099 A CN 202210999099A CN 115391803 A CN115391803 A CN 115391803A
Authority
CN
China
Prior art keywords
code
prefix
data
node
query
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210999099.5A
Other languages
Chinese (zh)
Other versions
CN115391803B (en
Inventor
王祥宇
叶子恺
韩沛霖
龚晨
马建峰
苗银宾
马鑫迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202210999099.5A priority Critical patent/CN115391803B/en
Publication of CN115391803A publication Critical patent/CN115391803A/en
Application granted granted Critical
Publication of CN115391803B publication Critical patent/CN115391803B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)

Abstract

The invention discloses a space-time contact query method for generating an encrypted mixed index tree and protecting privacy, which comprises the following steps: acquiring a plurality of groups of original space-time data, wherein each group of original space-time data comprises original space position data and original time data; encoding the original spatial position data by using a Hilbert curve to obtain a plurality of groups of space-time processing data including spatial encoding data and original time data; generating a prefix code family of the space coding data of each group of the space-time processing data; taking each group of space-time processing data and a prefix coding family of each group of space-time processing data as leaf nodes of the mixed index tree; combining different prefix coding families, and generating non-leaf nodes layer by layer from bottom to top; each parent node contains the prefix code family or the merged code family of all the child nodes; respectively generating a bloom filter of each leaf node and each non-leaf node to obtain a mixed index tree; and encrypting the bloom filter to obtain an encrypted mixed index tree.

Description

一种加密的混合索引树的生成及隐私保护的时空接触查询 方法Generation of an encrypted hybrid index tree and privacy-preserving spatio-temporal contact query method

技术领域technical field

本发明属于通信技术领域,具体涉及一种加密的混合索引树的生成及隐私保护的时空接触查询方法。The invention belongs to the technical field of communication, and in particular relates to an encrypted hybrid index tree generation and privacy-protected space-time contact query method.

背景技术Background technique

由于现在对于云服务器的攻击手段逐渐系统化,体系化,攻击门槛也逐渐降低,对于云服务器中的数据隐私泄露的担忧日益加剧,而进行时空接触查询,更是容易造成用户行程的泄露。但在面对如此大的时空数据量的情况下,如何安全高效完成上述任务便成了重中之重,而目前并没有一个能够进行时空接触查询并且兼顾效率与安全的方案出现。Now that the means of attacking cloud servers are becoming more and more systematic, and the attack threshold is gradually lowering, the concern about data privacy leakage in cloud servers is increasing, and the time-space contact query is more likely to cause the leakage of user itinerary. However, in the face of such a large amount of spatio-temporal data, how to safely and efficiently complete the above tasks has become the top priority, and currently there is no solution that can perform spatio-temporal contact queries and take into account both efficiency and safety.

现有与本发明最接近的方案是针对隐私保护的空间文本关键词搜索问题,Wang等人提出的一种基于灰度图和位图编码的解决方案,称为PBRQ。然而PBRQ具有如下缺点:The existing scheme closest to the present invention is to search for privacy-preserving spatial text keywords. A solution based on grayscale and bitmap coding proposed by Wang et al. is called PBRQ. However, PBRQ has the following disadvantages:

1)无法支持隐私保护的时空交集查询:只是进行空间关键词搜索工作,当数据集中含有时间和空间信息时无能为力。1) Unable to support privacy-protected spatio-temporal intersection query: only for spatial keyword search, when the data set contains time and space information, it can’t do anything.

2)面对大规模数据效率低下:PBRQ面对海量数据请求响应缓慢,无法达到流调工作的使用效率。具体来说,PBRQ需要花费3.14秒从1*10^5 个密文对象中得到查询结果,这对于大量的数据集不合适,效率过低。2) Low efficiency in the face of large-scale data: PBRQ responds slowly to massive data requests, and cannot achieve the efficiency of flow adjustment work. Specifically, PBRQ takes 3.14 seconds to obtain query results from 1*10^5 ciphertext objects, which is not suitable for a large number of data sets and is too inefficient.

发明内容Contents of the invention

为了解决相关技术中存在的上述问题,本发明提供了一种加密的混合索引树的生成及隐私保护的时空接触查询方法。本发明要解决的技术问题通过以下技术方案实现:In order to solve the above-mentioned problems in the related technologies, the present invention provides an encrypted hybrid index tree generation and privacy-protected spatio-temporal contact query method. The technical problem to be solved in the present invention is realized through the following technical solutions:

本发明提供一种加密的混合索引树的生成方法,包括:The present invention provides a method for generating an encrypted hybrid index tree, including:

获取多个对象的多组原始时空数据;每组原始时空数据包括原始空间位置数据,以及与所述原始空间位置数据对应的原始时间数据;Acquiring multiple sets of original spatio-temporal data of multiple objects; each set of original spatio-temporal data includes original spatial position data, and original time data corresponding to the original spatial position data;

采用希尔伯特曲线,对所述原始空间位置数据进行编码处理,得到包含空间编码数据和所述原始时间数据的多组时空处理数据;Encoding the original spatial position data by using a Hilbert curve to obtain multiple sets of spatiotemporal processing data including spatial encoding data and the original time data;

对每组时空处理数据中的空间编码数据进行前缀编码,生成所述每组时空处理数据的前缀编码族;Prefix encoding is performed on the spatial encoding data in each set of spatiotemporal processing data to generate a prefix encoding family of each set of spatiotemporal processing data;

通过将所述每组时空处理数据,以及所述每组时空处理数据的前缀编码族,作为混合索引树的一个叶子节点,得到多个叶子节点;By using each set of spatio-temporal processing data and the prefix encoding family of each set of spatio-temporal processing data as a leaf node of the hybrid index tree, multiple leaf nodes are obtained;

通过对不同的前缀编码族进行合并,自底向上逐层生成非叶子节点;其中,每个非叶子节点对应一个合并编码族,每个非叶子节点为至少一个叶子节点或至少一个非叶子节点的父节点,每个父节点对应的合并编码族包含该父节点的所有孩子节点的前缀编码族或合并编码族;By merging different prefix coding families, non-leaf nodes are generated layer by layer from bottom to top; wherein, each non-leaf node corresponds to a merged coding family, and each non-leaf node is at least one leaf node or at least one non-leaf node The parent node, the merged code family corresponding to each parent node contains the prefix code family or merged code family of all child nodes of the parent node;

根据每个叶子节点对应的前缀编码族,生成所述每个叶子节点的布隆过滤器,以及根据每个非叶子节点对应的合并编码族,生成每个非叶子节点的布隆过滤器,得到混合索引树;其中,不同叶子节点的布隆过滤器的长度相同,不同层的非叶子节点的布隆过滤器的长度不同;According to the prefix encoding family corresponding to each leaf node, generate the Bloom filter of each leaf node, and generate the Bloom filter of each non-leaf node according to the combined encoding family corresponding to each non-leaf node, and obtain Hybrid index tree; where the Bloom filters of different leaf nodes have the same length, and the Bloom filters of non-leaf nodes in different layers have different lengths;

对每个布隆过滤器进行对称加密,得到加密的混合索引树。Symmetric encryption is performed on each Bloom filter to obtain an encrypted hybrid index tree.

本发明还提供一种隐私保护的时空接触查询方法,包括:The present invention also provides a privacy-protected space-time contact query method, including:

获取包含查询数据的查询请求;所述查询数据包括:查询空间位置数据、与所述查询空间位置数据对应的查询时间数据;Obtaining a query request containing query data; the query data includes: query spatial position data, query time data corresponding to the query spatial position data;

采用希尔伯特曲线,对所述查询数据中的所述查询空间位置数据进行编码处理,得到包含查询编码数据和所述查询时间数据的查询处理数据;performing encoding processing on the query spatial position data in the query data by using a Hilbert curve to obtain query processing data including query encoding data and the query time data;

对所述查询编码数据进行前缀编码,生成所述查询编码数据的前缀编码族;performing prefix encoding on the query encoding data to generate a prefix encoding family of the query encoding data;

根据所述前缀编码族,得到与加密的混合索引树的每一层对应的前缀编码,以及所述每一层对应的前缀编码中不包含通配符的前缀编码;According to the prefix coding family, a prefix code corresponding to each layer of the encrypted hybrid index tree is obtained, and a prefix code corresponding to each layer does not contain a wildcard;

根据预设安全参数、所述每一层对应的前缀编码,以及所述每一层对应的前缀编码中不包含通配符的前缀编码,生成所述每一层的解密密钥;generating a decryption key for each layer according to preset security parameters, the prefix code corresponding to each layer, and the prefix code corresponding to each layer that does not contain wildcards;

根据所述每一层的解密密钥,生成对应的布隆过滤器,并对生成的布隆过滤器进行加密,得到与所述加密的混合索引树的多个层一一对应的多个查询布隆过滤器;Generate a corresponding Bloom filter according to the decryption key of each layer, and encrypt the generated Bloom filter to obtain multiple queries corresponding to multiple layers of the encrypted hybrid index tree one-to-one. Bloom filter;

将所述多个查询布隆过滤器作为查询令牌,采用所述查询令牌从所述加密的混合索引树中进行数据查询,得到查询结果。The plurality of query Bloom filters are used as query tokens, and data query is performed from the encrypted hybrid index tree by using the query tokens to obtain query results.

本发明具有如下有益技术效果:The present invention has the following beneficial technical effects:

本发明生成的混合索引树中,非叶子节点包含经过对空间位置数据进行希尔伯特曲线处理与前缀编码处理后得到的数据,叶子节点中则不仅包含经过对空间位置数据进行希尔伯特曲线处理与前缀编码处理后得到的数据,还包含空间位置数据对应的原始时间数据,并且,每个叶子节点或非叶子节点都对应有布隆过滤器,以树状结构组织了各个布隆过滤器。因而,一方面,当待查的数据为含有时间数据和空间数据的时空数据(例如,包含时间,及该时间对应的一个地点)时,能够实现对于时空数据的查询,更适用于流调工作;另一方面,可以满足时间复杂度为亚线性的查询过程,并在进行数据查询时,能够得到动态修剪的搜索空间,从而可以提高线性数据结构搜索的效率,大大减少了数据检索的时间损耗。In the hybrid index tree generated by the present invention, the non-leaf nodes include the data obtained after Hilbert curve processing and prefix encoding processing on the spatial position data, and the leaf nodes not only include the data obtained after Hilbert curve processing and prefix encoding on the spatial position data. The data obtained after curve processing and prefix encoding processing also includes the original time data corresponding to the spatial position data, and each leaf node or non-leaf node corresponds to a Bloom filter, and each Bloom filter is organized in a tree structure device. Therefore, on the one hand, when the data to be checked is spatio-temporal data containing time data and spatial data (for example, including time and a place corresponding to the time), the query of spatio-temporal data can be realized, which is more suitable for flow adjustment work ; On the other hand, it can satisfy the query process with sub-linear time complexity, and can get a dynamically pruned search space when performing data query, which can improve the efficiency of linear data structure search and greatly reduce the time consumption of data retrieval .

以下将结合附图及实施例对本发明做进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

附图说明Description of drawings

图1为本发明实施例提供的加密的混合索引树的生成方法的一个可选的流程图;FIG. 1 is an optional flow chart of a method for generating an encrypted hybrid index tree provided by an embodiment of the present invention;

图2为本发明实施例提供的示例性的采用希尔伯特曲线对多组原始时空数据进行编码处理的示意图;FIG. 2 is a schematic diagram of an exemplary encoding process of multiple sets of original spatio-temporal data by using a Hilbert curve provided by an embodiment of the present invention;

图3A为本发明实施例提供的示例性的生成的一颗混合索引树的立体示意图;FIG. 3A is a three-dimensional schematic diagram of an exemplary generated hybrid index tree provided by an embodiment of the present invention;

图3B为本发明实施例提供的示例性的生成的一颗混合索引树的平面示意图;FIG. 3B is a schematic plan view of an exemplary generated hybrid index tree provided by an embodiment of the present invention;

图4为本发明实施例提供的隐私保护的时空接触查询方法的一个可选的流程图;FIG. 4 is an optional flow chart of a privacy-protected spatio-temporal contact query method provided by an embodiment of the present invention;

图5为本发明实施例提供的示例性的根据查询令牌进行数据查询的过程示意图;FIG. 5 is a schematic diagram of an exemplary data query process according to a query token provided by an embodiment of the present invention;

图6为本发明实施例提供的示例性的加密的混合索引树的生成方法,以及隐私保护的时空接触查询方法的流程框图;FIG. 6 is a flowchart of an exemplary encrypted hybrid index tree generation method and a privacy-protected spatio-temporal contact query method provided by an embodiment of the present invention;

图7为本发明实施例提供的示例性的隐私保护的时空接触查询系统的一个应用场景图;FIG. 7 is an application scenario diagram of an exemplary privacy-protected space-time contact query system provided by an embodiment of the present invention;

图8A为本发明实施例提供的示例性的采用本发明的方法生成查询令牌所需的时间随数据量的变化情况的示意图;FIG. 8A is a schematic diagram of an exemplary time required to generate a query token by using the method of the present invention according to an embodiment of the present invention and a change in data volume;

图8B为本发明实施例提供的示例性的采用本发明的方法进行时空数据查询,以及采用PBRQ方案进行时空数据查询时的查询时间对比图。FIG. 8B is an exemplary query time comparison diagram when the method of the present invention is used for spatio-temporal data query and the PBRQ scheme is used for spatio-temporal data query provided by the embodiment of the present invention.

具体实施方式Detailed ways

下面结合具体实施例对本发明做进一步详细的描述,但本发明的实施方式不限于此。The present invention will be described in further detail below in conjunction with specific examples, but the embodiments of the present invention are not limited thereto.

在本发明的描述中,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。在本发明的描述中,“多个”的含义是两个或两个以上,除非另有明确具体的限定。In the description of the present invention, the terms "first" and "second" are only used for descriptive purposes, and cannot be understood as indicating or implying relative importance or implicitly specifying the quantity of indicated technical features. Thus, a feature defined as "first" and "second" may explicitly or implicitly include one or more of these features. In the description of the present invention, "plurality" means two or more, unless otherwise specifically defined.

在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。此外,本领域的技术人员可以将本说明书中描述的不同实施例或示例进行接合和组合。In the description of this specification, descriptions referring to the terms "one embodiment", "some embodiments", "example", "specific examples", or "some examples" mean that specific features described in connection with the embodiment or example , structure, material or characteristic is included in at least one embodiment or example of the present invention. In this specification, the schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. In addition, those skilled in the art can combine and combine different embodiments or examples described in this specification.

尽管在此结合各实施例对本发明进行了描述,然而,在实施所要求保护的本发明过程中,本领域技术人员通过查看所述附图、公开内容、以及所附权利要求书,可理解并实现所述公开实施例的其他变化。在权利要求中,“包括”(comprising)一词不排除其他组成部分或步骤,“一”或“一个”不排除多个的情况。单个处理器或其他单元可以实现权利要求中列举的若干项功能。相互不同的从属权利要求中记载了某些措施,但这并不表示这些措施不能组合起来产生良好的效果。Although the present invention has been described in conjunction with various embodiments herein, in the process of implementing the claimed invention, those skilled in the art can understand and Other variations of the disclosed embodiments are implemented. In the claims, the word "comprising" does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that these measures cannot be combined to advantage.

图1是本发明实施例提供的加密的混合索引树的生成方法的一个可选的流程图,如图1所示,所述方法包括以下步骤:Fig. 1 is an optional flowchart of a method for generating an encrypted hybrid index tree provided by an embodiment of the present invention. As shown in Fig. 1, the method includes the following steps:

S101、获取多个对象的多组原始时空数据;每组原始时空数据包括原始空间位置数据,以及与原始空间位置数据对应的原始时间数据。S101. Acquire multiple sets of original spatio-temporal data of multiple objects; each set of original spatio-temporal data includes original spatial position data and original time data corresponding to the original spatial position data.

本发明实施例中,多个对象可以是多个不同的人。每组原始时空数据可以是某个对象的一个时间数据(例如,时间16:30等)和一个对应的位置数据(例如,经、纬度信息或地点名称信息等),以表征该对象何时在何地。In the embodiment of the present invention, multiple objects may be multiple different people. Each set of original spatio-temporal data can be a time data (for example, time 16:30, etc.) and a corresponding location data (for example, longitude, latitude information or place name information, etc.) where.

S102、采用希尔伯特曲线,对原始空间位置数据进行编码处理,得到包含空间编码数据和原始时间数据的多组时空处理数据。S102. Using the Hilbert curve, encode the original spatial position data to obtain multiple sets of spatio-temporal processing data including the spatial encoding data and the original time data.

本发明实施例中,采用希尔伯特曲线,对每组原始时空数据中的原始空间位置数据进行编码,得到每组原始时空数据中的原始空间位置数据对应的空间编码数据,从而该组原始时空数据中的原始空间位置数据对应的空间编码数据,以及该组原始时空数据中的原始时间数据,便组成了一组时空处理数据。In the embodiment of the present invention, the Hilbert curve is used to encode the original spatial position data in each group of original space-time data, and the spatial encoding data corresponding to the original spatial position data in each group of original space-time data is obtained, so that the group of original space-time data The spatial encoding data corresponding to the original spatial position data in the spatio-temporal data, and the original time data in the set of original spatio-temporal data constitute a set of spatio-temporal processed data.

这里,希尔伯特曲线具有聚类特性。Here, the Hilbert curve has a clustering property.

示例性的,图2为采用希尔伯特曲线对多组原始时空数据O1~O6进行编码处理的示意图,表1为采用希尔伯特曲线对多组原始时空数据O1~O6 中的原始空间位置数据进行编码后对应得到的多组时空处理数据。Exemplarily, FIG. 2 is a schematic diagram of encoding processing of multiple sets of original spatio-temporal data O 1 -O6 using Hilbert curves, and Table 1 shows the coding process of multiple sets of original spatio-temporal data O 1 -O6 using Hilbert curves. Multiple sets of spatio-temporal processing data obtained after encoding the original spatial position data.

对象object 希尔伯特编码Hilbert coding 原始时间数据raw time data O<sub>1</sub>O<sub>1</sub> 99 t1t1 O<sub>2</sub>O<sub>2</sub> 1111 t2t2 O<sub>3</sub>O<sub>3</sub> 3434 t3t3 O<sub>4</sub>O<sub>4</sub> 3535 t4t4 O<sub>5</sub>O<sub>5</sub> 5252 t5t5 O<sub>6</sub>O<sub>6</sub> 5555 t6 t6

表1Table 1

如表1所示,多组原始时空数据O1~O6称为多组对象,“9”为对O1中的原始空间位置数据编码后得到的空间编码数据,“t1”为O1中的原始时间数据,即,“9”和“t1”为一组时空处理数据;同样的,“11”为对O2中的原始空间位置数据编码后得到的空间编码数据,“t2”为O2中的原始时间数据,等等,其他数据同理。As shown in Table 1, multiple sets of original space-time data O 1 ~ O6 are called multiple sets of objects, "9" is the spatial encoding data obtained after encoding the original spatial position data in O 1 , and "t1" is the data in O 1 The original time data, that is, "9" and "t1" are a set of spatio-temporal processing data; similarly, "11" is the spatial encoding data obtained after encoding the original spatial position data in O2 , and "t2" is O2 The original time data in , and so on, other data in the same way.

S103、对每组时空处理数据中的空间编码数据进行前缀编码,生成每组时空处理数据的前缀编码族。S103. Perform prefix encoding on the spatial encoding data in each set of spatiotemporal processing data, and generate a prefix encoding family of each set of spatiotemporal processing data.

本发明实施例中,在任意一组时空处理数据中的一个空间编码数据为ω位的数据时,可以对该任意一组时空处理数据中的一个空间编码数据进行前缀编码,生成ω+1个前缀编码,将ω+1个前缀编码,作为该任意一组时空处理数据中的一个空间编码数据的前缀编码族。In the embodiment of the present invention, when one space-encoded data in any set of spatio-temporal processing data is ω-bit data, prefix encoding can be performed on one space-encoded data in any set of spatio-temporal processed data to generate ω+1 Prefix encoding, encoding ω+1 prefixes as a prefix encoding family of a space-encoded data in the arbitrary group of spatio-temporal processing data.

假设一个ω位的数据项Y=b1b2...bω,它的前缀编码族为一个长度为ω+1的集合Y={b1b2...bω-1*,...,*...*},其中,集合中第i个前缀编码为b1b2...bω+1-i*...*。例如,000111的前缀编码族为******、0*****、00****、000***、0001**、 00011*、000111。Suppose a ω-bit data item Y=b 1 b 2 ...b ω , its prefix coding family is a set Y={b 1 b 2 ...b ω-1 *,. .., *...*}, where the i-th prefix in the set is coded as b 1 b 2 ...b ω+1-i *...*. For example, the prefix code family of 000111 is *********, 0*****, 00****, 000***, 0001**, 00011*, 000111.

这里,前缀编码匹配规则为:给定一个范围[ymin,ymax],查询S[ymin,ymax]是覆盖范围[ymin,ymax]的前缀编码的最小集合。对于任何数据项Y和查询范围 [ymin,ymax],当且仅当F(Y)∩S[ymin,ymax]时,Y∈[ymin,ymax]。Here, the prefix code matching rule is: Given a range [y min , y max ], the query S[y min , y max ] is the minimum set of prefix codes covering the range [y min , y max ]. For any data item Y and query range [y min , y max ], if and only if F(Y)∩S[y min , y max ], Y∈[y min ,y max ].

S104、通过将每组时空处理数据,以及每组时空处理数据的前缀编码族,作为混合索引树的一个叶子节点,得到多个叶子节点。S104. Using each set of spatio-temporal processing data and the prefix encoding family of each set of spatio-temporal processing data as a leaf node of the hybrid index tree to obtain multiple leaf nodes.

S105、通过对不同的前缀编码族进行合并,自底向上逐层生成非叶子节点;其中,每个非叶子节点对应一个合并编码族,每个非叶子节点为至少一个叶子节点或至少一个非叶子节点的父节点,每个父节点对应的合并编码族包含该父节点的所有孩子节点的前缀编码族或合并编码族。S105. By merging different prefix coding families, non-leaf nodes are generated layer by layer from bottom to top; wherein, each non-leaf node corresponds to a merged coding family, and each non-leaf node is at least one leaf node or at least one non-leaf node The parent node of the node, the merged code family corresponding to each parent node includes the prefix code family or merged code family of all child nodes of the parent node.

S106、根据每个叶子节点对应的前缀编码族,生成每个叶子节点的布隆过滤器,以及根据每个非叶子节点对应的合并编码族,生成每个非叶子节点的布隆过滤器,得到混合索引树;其中,不同叶子节点的布隆过滤器的长度相同,不同层的非叶子节点的布隆过滤器的长度不同。S106. Generate a Bloom filter for each leaf node according to the prefix encoding family corresponding to each leaf node, and generate a Bloom filter for each non-leaf node according to the combined encoding family corresponding to each non-leaf node, and obtain Hybrid index tree; where the Bloom filters of different leaf nodes have the same length, and the Bloom filters of non-leaf nodes in different layers have different lengths.

本发明实施例中,同一层的节点对应的布隆过滤器的长度相同,不同层中的节点对应的布隆过滤器的长度不同。In the embodiment of the present invention, the lengths of Bloom filters corresponding to nodes in the same layer are the same, and the lengths of Bloom filters corresponding to nodes in different layers are different.

本发明实施例中,把BH-Tree上的所有节点的前缀编码族或合并编码族都对应存储至一个布隆过滤器中,借助于布隆过滤器,可以很容易地确定一个数据范围中是否包含所有的查询目的空间信息,即判断单个树上节点是否属于某个范围。In the embodiment of the present invention, the prefix coding family or the combined coding family of all nodes on the BH-Tree are stored in a Bloom filter, and by means of the Bloom filter, it can be easily determined whether a data range Contains all query purpose space information, that is, to determine whether a node on a single tree belongs to a certain range.

在一实施例中,为每个叶子节点V=(s1,s2,...,sn)生成布隆过滤器的原理如下:In an embodiment, the principle of generating a Bloom filter for each leaf node V=(s 1 , s 2 ,...,s n ) is as follows:

1)布隆过滤器被初始化为一个P位的二进制向量B;P为预设值,可以根据实际需要设定,例如,可以为6或8等等;1) The Bloom filter is initialized as a P-bit binary vector B; P is a preset value, which can be set according to actual needs, for example, it can be 6 or 8, etc.;

2)选择t个独立哈希函数{Hi}1≤i≤t,每个哈希函数的取值范围为[1,P],并采用这t个独立哈希函数对每个数据s∈V进行哈希计算,得到每个数据的所有索引{Hi(s)}1≤i≤t;t为预设值,也可以根据实际需要设定;s1,s2,...,sn为叶子节点中的n个数据;2) Select t independent hash functions {H i } 1≤i≤t , the value range of each hash function is [1,P], and use these t independent hash functions to process each data s∈ V performs hash calculation to obtain all indexes {H i (s)} 1≤i≤t of each data; t is a preset value, and can also be set according to actual needs; s 1 , s 2 ,..., s n is the n data in the leaf node;

3)对于每个数据,将该数据所有索引为{Hi(s)}1≤i≤t的位设置为1。3) For each piece of data, set all the bits of the piece of data whose indices are {H i (s)} 1≤i≤t to 1.

示例性的,图3A为根据对多组原始时空数据O1~O6进行希尔伯特处理与前缀编码处理后的数据,生成的一颗混合索引树(BH-Tree)的立体示意图;图3B为根据对多组原始时空数据O1~O6进行希尔伯特处理与前缀编码处理后的数据,生成的一颗混合索引树(BH-Tree)的平面示意图。如图3B所示,N0为N1、N2和N3的父节点(即N1、N2和N3为N0的孩子节点),N1为N4的父节点(即N4为N1的孩子节点),N2为N5的父节点(即 N5为N2的孩子节点),N3为N6的父节点(即N6为N3的孩子节点),N4为O1和O2的父节点(即O1和O2为N4的孩子节点),N5为O3和O4的父节点(即O3和O4为N5的孩子节点),N6为O5和O6的父节点(即O5和 O6为N6的孩子节点)。N0处于BH-Tree的第一层,N1、N2和N3处于BH-Tree 的第二层、N4、N5和N6处于BH-Tree的第三层,O1、O2、O3、O4、O5和 O6处于BH-Tree的第四层;并且,O1、O2、O3、O4、O5和O6分别为BH-Tree 的6个不同的叶子节点,N0、N1、N2、N3、N4、N5和N6分别为BH-Tree 的7个不同的非叶子节点。Exemplarily, FIG. 3A is a three-dimensional schematic diagram of a hybrid index tree (BH-Tree) generated based on the Hilbert processing and prefix encoding processing of multiple sets of original spatio-temporal data O 1 to O 6 ; 3B is a schematic plan view of a hybrid index tree (BH-Tree) generated according to the Hilbert processing and prefix coding processing of multiple sets of original spatio-temporal data O 1 -O 6 . As shown in Figure 3B, N 0 is the parent node of N 1 , N 2 and N 3 (that is, N 1 , N 2 and N 3 are the child nodes of N 0 ), and N 1 is the parent node of N 4 (that is, N 4 is the child node of N 1 ), N 2 is the parent node of N 5 (that is, N 5 is the child node of N 2 ), N 3 is the parent node of N 6 (that is, N 6 is the child node of N 3 ), N 4 is the parent node of O 1 and O 2 (that is, O 1 and O 2 are the child nodes of N 4 ), N 5 is the parent node of O 3 and O 4 (that is, O 3 and O 4 are the child nodes of N 5 ), N 6 is the parent node of O 5 and O 6 (that is, O 5 and O 6 are the child nodes of N 6 ). N 0 is in the first layer of BH-Tree, N 1 , N 2 and N 3 are in the second layer of BH-Tree, N 4 , N 5 and N 6 are in the third layer of BH-Tree, O 1 , O 2 , O 3 , O 4 , O 5 and O 6 are in the fourth layer of BH-Tree; and, O 1 , O 2 , O 3 , O 4 , O 5 and O 6 are 6 different Leaf nodes, N 0 , N 1 , N 2 , N 3 , N 4 , N 5 and N 6 are 7 different non-leaf nodes of the BH-Tree respectively.

S107、对每个布隆过滤器进行对称加密,得到加密的混合索引树。S107. Perform symmetric encryption on each Bloom filter to obtain an encrypted hybrid index tree.

本发明实施例中,可以先获取安全参数,根据安全参数,生成第一密钥,之后,采用第一密钥对每个布隆过滤器进行对称密钥隐向量加密,得到加密的混合索引树。In the embodiment of the present invention, the security parameters can be obtained first, and the first key is generated according to the security parameters, and then, the first key is used to perform symmetric key hidden vector encryption on each Bloom filter to obtain an encrypted hybrid index tree .

在一些实施例中,可以获取安全参数λ,定义有效负载消息空间M={' True'},并通过公式

Figure BDA0003806832450000091
计算出第一密钥msk,其中,M表示消息空间范围,用于表示对范围不超过M的数据采用msk进行加密。In some embodiments, the security parameter λ can be obtained, the payload message space M={'True'} can be defined, and the formula
Figure BDA0003806832450000091
The first key msk is calculated, where M represents the range of the message space, and is used to indicate that the data whose range does not exceed M is encrypted with msk.

在一些实施例中,加密过程可以采用公式cl=F(msk,"true",xl||l)和 c=({cl}l∈[m])实现,其中,l表示任意一个布隆过滤器,xl表示任意一个布隆过滤器内存储的数据,cl表示任意一个加密的布隆过滤器,c表示加密的布隆过滤器的集合(即加密的混合索引树),即c=(c1,c2,...,cn);m表示混合索引树中的所有节点对应的布隆过滤器的集合,m=(l1,l2,...,ln),例如,l1表示第一层的第一个节点对应的布隆过滤器,其他同理;x表示所有布隆过滤器内存储的数据的集合,x=(x1,x2,...,xn),例如,x1表示第一层的第一个节点对应的布隆过滤器内存储的数据。In some embodiments, the encryption process can be implemented using the formula c l =F(msk,"true",x l ||l) and c=({c l } l∈[m] ), where l represents any Bloom filter, x l represents the data stored in any Bloom filter, c l represents any encrypted Bloom filter, c represents the set of encrypted Bloom filters (that is, encrypted hybrid index tree), That is, c=(c 1 ,c 2 ,...,c n ); m represents the set of Bloom filters corresponding to all nodes in the hybrid index tree, m=(l 1 ,l 2 ,...,l n ), for example, l 1 represents the Bloom filter corresponding to the first node of the first layer, and the same applies to others; x represents the set of data stored in all Bloom filters, x=(x 1 ,x 2 , ..., x n ), for example, x 1 represents the data stored in the Bloom filter corresponding to the first node of the first layer.

本发明生成的混合索引树中,非叶子节点包含经过希尔伯特曲线处理与前缀编码处理的空间位置数据,叶子节点中则不仅包含经过希尔伯特曲线处理与前缀编码处理的空间位置数据,还包含空间位置数据对应的原始时间信息,并且,每个叶子节点或非叶子节点都对应有布隆过滤器,以树状结构组织了各个布隆过滤器。因而,一方面,当待查的数据为含有时间信息和空间信息的时空信息(例如,包含时间,及该时间对应的一个地点) 时,能够实现对于时空信息的查询,更适用于流调工作;另一方面,可以满足时间复杂度为亚线性的查询过程,并在进行数据查询时,能够得到动态修剪的搜索空间,从而可以提高线性数据结构搜索的效率,大大减少了数据检索的时间损耗。In the hybrid index tree generated by the present invention, the non-leaf nodes contain the spatial position data processed by the Hilbert curve and the prefix encoding, and the leaf nodes not only contain the spatial position data processed by the Hilbert curve and the prefix encoding , also contains the original time information corresponding to the spatial position data, and each leaf node or non-leaf node corresponds to a Bloom filter, and each Bloom filter is organized in a tree structure. Therefore, on the one hand, when the data to be checked is spatiotemporal information containing time information and spatial information (for example, including time and a place corresponding to the time), the query of spatiotemporal information can be realized, which is more suitable for flow adjustment work ; On the other hand, it can satisfy the query process with sub-linear time complexity, and can get a dynamically pruned search space when performing data query, which can improve the efficiency of linear data structure search and greatly reduce the time consumption of data retrieval .

在一些实施例中,上述S105可以通过S1051~S1056实现:In some embodiments, the above S105 can be realized through S1051-S1056:

S1051、通过对多个叶子节点对应的不同的前缀编码族进行合并,得到每个叶子节点对应的第一合并编码族,将第一合并编码族,作为对应的叶子节点的第一父节点;其中,每个叶子节点为对应的第一父节点的孩子节点。S1051. By merging different prefix coding families corresponding to multiple leaf nodes, the first combined coding family corresponding to each leaf node is obtained, and the first combined coding family is used as the first parent node of the corresponding leaf node; wherein , each leaf node is a child node of the corresponding first parent node.

S1052、将叶子节点作为混合索引树的第ω层,将第一父节点作为混合索引树的第ω-1层。S1052. Use the leaf node as the ωth layer of the hybrid index tree, and use the first parent node as the ω-1th layer of the hybrid index tree.

S1053、通过对多个第一父节点对应的第一合并编码族进行合并,得到每个第一父节点对应的第二合并编码族,将第二合并编码族,作为对应的第一父节点的第二父节点;其中,每个第一父节点为对应的第二父节点的孩子节点。S1053. By merging the first merged code families corresponding to multiple first parent nodes, the second merged code family corresponding to each first parent node is obtained, and the second merged code family is used as the corresponding first parent node A second parent node; wherein, each first parent node is a child node of the corresponding second parent node.

S1054、将第二父节点作为混合索引树的第ω-2层。S1054. Use the second parent node as layer ω-2 of the hybrid index tree.

S1055、通过对多个第二父节点对应的第二合并编码族进行合并,得到每个第二父节点对应的第三合并编码族,将第三合并编码族,作为对应的第二父节点的第三父节点;其中,每个第二父节点为对应的第三父节点的孩子节点。S1055. Merge the second merged code families corresponding to multiple second parent nodes to obtain a third merged code family corresponding to each second parent node, and use the third merged code family as the corresponding second parent node A third parent node; wherein, each second parent node is a child node of the corresponding third parent node.

S1056、将第三父节点作为混合索引树的第ω-3层,直至得到混合索引树的第ω-w层的节点;其中,w为ω-1。S1056. Use the third parent node as the ω-3th layer of the hybrid index tree until a node of the ω-wth layer of the hybrid index tree is obtained; wherein, w is ω-1.

例如,当ω为6时,构建的混合索引树为6层。For example, when ω is 6, the constructed hybrid index tree has 6 layers.

在一些实施例中,第一合并编码族包括:第一原编码和第一子编码;基于此,上述S1051可以通过如下方式实现:In some embodiments, the first combined coding family includes: the first original coding and the first sub-coding; based on this, the above S1051 can be implemented in the following manner:

将多个叶子节点对应的不同的前缀编码族内的前缀编码逐位进行比对,确定前ω-1位码值相同、且第ω位码值不同的至少两个第一前缀编码族,当存在至少两个第一前缀编码族时,将至少两个第一前缀编码族中不包含通配符的前缀编码的第ω位码值设置为通配符,得到第一原编码;将第一原编码的第ω-1位的码值设置为通配符,对应得到第一子编码,将第一原编码的第ω-2位的码值设置为通配符,对应得到第一子编码,直至将第一原编码的第ω-w位的码值设置为通配符时,对应得到至少一个第一子编码;w为ω-1;将第一原编码和至少一个第一子编码,作为至少两个第一前缀编码族对应的叶子节点的第一父节点。Compare the prefix codes in different prefix code families corresponding to multiple leaf nodes bit by bit, and determine at least two first prefix code families with the same code value of the first ω-1 bit and different code values of the ω-th bit, when When there are at least two first prefix encoding families, the ω-th code value of the prefix encoding that does not contain wildcards in at least two first prefix encoding families is set as a wildcard to obtain the first original encoding; the first original encoding of the first The code value of ω-1 bit is set as a wild card, and the first sub-code is correspondingly obtained, and the code value of the ω-2th bit of the first original code is set as a wild card, and the corresponding first sub-code is obtained, until the first original code When the code value of the ω-wth bit is set as a wildcard, at least one first sub-code is correspondingly obtained; w is ω-1; the first original code and at least one first sub-code are used as at least two first prefix code families The first parent node of the corresponding leaf node.

这里,通配符为“*”,表示“1”或“0”。Here, the wildcard is "*", which means "1" or "0".

这里,当不存在至少两个第一前缀编码族时,将多个叶子节点对应的不同的前缀编码族内的前缀编码逐位进行比对,确定前ω-2位码值相同、且第ω-1位码值不同的至少两个第二前缀编码族,当存在至少两个第二前缀编码族时,将至少两个第二前缀编码族中不包含通配符的前缀编码的第ω-1 位和第ω位码值均设置为通配符,得到第三原编码;将第三原编码的第ω-2 位的码值设置为通配符,对应得到第三子编码,将第三原编码的第ω-3位的码值设置为通配符,对应得到第三子编码,直至将第三原编码的第ω-w位的码值设置为通配符时,对应得到至少一个第三子编码;w为ω-1;将第三原编码和至少一个第三子编码,作为至少两个第二前缀编码族对应的叶子节点的第一父节点。Here, when there are no at least two first prefix coding families, the prefix codes in different prefix coding families corresponding to multiple leaf nodes are compared bit by bit, and it is determined that the first ω-2 bit code values are the same, and the ω-th -At least two second prefix encoding families with different code values of 1 bit, when there are at least two second prefix encoding families, the ω-1th bit of the prefix encoding that does not contain wildcards in the at least two second prefix encoding families and the ω-th code value are both set as wildcards to obtain the third original code; the code value of the ω-2th bit of the third original code is set as a wildcard to obtain the third sub-code correspondingly, and the third original code ω-2 The code value of -3 bits is set as a wild card, and the third sub-code is obtained correspondingly, until the code value of the ω-w bit of the third original code is set as a wild card, at least one third sub-code is correspondingly obtained; w is ω- 1: Use the third original code and at least one third child code as the first parent node of the leaf nodes corresponding to at least two second prefix code families.

示例性的,如上述图3B所示,ω为6,由于O1、O2、O3、O4、O5和O6这6个叶子节点的前缀编码族中不存在前5位码值相同、且第6位码值不同的两个或两个以上的前缀编码族,所以,继续从O1、O2、O3、O4、O5、O6这6 个叶子节点的前缀编码族中,确定哪些叶子节点的前缀编码族内的前缀编码均为前4位码值相同、且第5位码值不同的前缀编码,并得到O1与O2之间的前缀编码族内的前缀编码为前4位码值相同(即为“0010”)、且第5位码值不同的前缀编码,O3与O4之间的前缀编码族内的前缀编码均为前4位码值相同(即为“1000”)、、且第5位码值不同的前缀编码,O5与O6之间的前缀编码族内的前缀编码均为前4位码值相同(即为“1101”)、且第5位码值不同的前缀编码,从而,对于O1与O2而言,可以将不包含通配符的“001001”的第5位和第6位码值均设置为通配符“*”,得到“0010**”(即第一原编码),从而根据“0010**”依次可以得到“001***”、“00****”、“0*****”、“******”;将“0010**、001***、00****、0*****、******”即N4,作为O1与O2的第一父节点,对于O3与O4,以及O5与O6,采用同样原理可以的得到第一父节点N5和第一父节点N6Exemplarily, as shown in FIG. 3B above, ω is 6, because there is no first 5-bit code value in the prefix coding family of the six leaf nodes O 1 , O 2 , O 3 , O 4 , O 5 and O 6 Two or more prefix coding families that are the same and have different 6th code values, so continue coding from the prefixes of the six leaf nodes O 1 , O 2 , O 3 , O 4 , O 5 , and O 6 In the family, determine which prefix codes of the leaf nodes in the prefix code family are all prefix codes with the same first 4 code values and different 5th code values, and obtain the prefix codes in the prefix code family between O 1 and O 2 The prefix codes are prefix codes with the same code value of the first 4 digits (that is, "0010") and different code values of the 5th digit, and the prefix codes in the prefix code family between O 3 and O 4 are all code values of the first 4 digits The same (that is, "1000"), and the prefix codes with different code values in the 5th digit, the prefix codes in the prefix code family between O 5 and O 6 are all the same in the first 4 code values (that is, "1101" ), and the code value of the 5th digit is different, so, for O 1 and O 2 , the 5th and 6th code values of "001001" that do not contain wildcards can be set as the wildcard "*" , to get "0010**" (i.e. the first original code), so that "001***", "00****", "0*****", "****"; take "0010**, 001***, 00****, 0******, ****" or N 4 as the connection between O 1 and O 2 For the first parent node, for O 3 and O 4 , and O 5 and O 6 , the same principle can be used to obtain the first parent node N 5 and the first parent node N 6 .

在一些实施例中,第二合并编码族包括:第二原编码和第二子编码,并且,当存在至少两个第一前缀编码族时,上述S1053可以通过下述方式实现:In some embodiments, the second combined coding family includes: a second original code and a second sub-coding, and when there are at least two first prefix coding families, the above S1053 can be implemented in the following manner:

将不同的第一合并编码族内的编码进行逐位比对,确定前ω-2位码值相同、且第ω-1位码值不同的至少两个合并编码族,当存在至少两个合并编码族时,将至少两个合并编码族中,包含通配符最少的编码的第ω-1位至第ω位码值均设置为通配符,得到第二原编码;将第二原编码的第ω-2位的码值设置为通配符,对应得到第二子编码,将第二原编码的第ω-3位的码值设置为通配符,对应得到第二子编码,直至将第二原编码的第ω-w位的码值设置为通配符时,对应得到至少一个第二子编码;w为ω-1;将第二原编码和至少一个第二子编码,作为至少两个合并编码族对应的第一父节点的第二父节点。Comparing the codes in different first merged code families bit by bit, and determining at least two merged code families with the same code value of the first ω-2 bits and different code values of the ω-1th bit, when there are at least two merged code families When encoding the family, in at least two merged encoding families, the ω-1 to ω-th code values of the code that contains the least wildcard are all set as wildcards to obtain the second original code; the second original code ω- The 2-bit code value is set as a wildcard, corresponding to the second sub-code, and the code value of the ω-3 bit of the second original code is set as a wildcard, corresponding to the second sub-code, until the second original code ω When the code value of the -w bit is set as a wildcard, at least one second sub-code is correspondingly obtained; w is ω-1; the second original code and at least one second sub-code are used as the first corresponding to at least two merged code families The second parent of the parent node.

在一些实施例中,当不存在至少两个第一前缀编码族,且存在至少两个第二前缀编码时,上述S1053可以通过下述方式实现:In some embodiments, when there are no at least two first prefix code families and there are at least two second prefix codes, the above S1053 can be implemented in the following manner:

将不同的第一合并编码族内的编码进行逐位比对,确定前ω-3位码值相同、且第ω-2位码值不同的至少两个合并编码族,当存在至少两个合并编码族时,将至少两个合并编码族中,包含通配符最少的编码的第ω-2位至第ω位码值均设置为通配符,得到第二原编码;将第二原编码的第ω-3位的码值设置为通配符,对应得到第二子编码,将第二原编码的第ω-4位的码值设置为通配符,对应得到第二子编码,直至将第二原编码的第ω-w位的码值设置为通配符时,对应得到至少一个第二子编码;w为ω-1;将第二原编码和至少一个第二子编码,作为至少两个合并编码族对应的第一父节点的第二父节点。Comparing the codes in different first merged code families bit by bit, and determining at least two merged code families with the same first ω-3 code value and different ω-2 code values, when there are at least two merged When encoding the family, in at least two merged encoding families, the ω-2 to ω-th code values of the code that contains the least wildcard are all set as wildcards to obtain the second original code; the second original code ω- The 3-bit code value is set as a wildcard, corresponding to the second subcode, and the code value of the ω-4th bit of the second original code is set as a wildcard, corresponding to the second subcode, until the second original code ω When the code value of the -w bit is set as a wildcard, at least one second sub-code is correspondingly obtained; w is ω-1; the second original code and at least one second sub-code are used as the first corresponding to at least two merged code families The second parent of the parent node.

本发明实施例中,S1055的实现原理与上述S1053的实现原理相同,直至通过S1053所述的原理得到混合索引树的第1层节点时,完成混合索引树的构建。In the embodiment of the present invention, the implementation principle of S1055 is the same as that of S1053 above, until the first layer node of the hybrid index tree is obtained through the principle described in S1053, the construction of the hybrid index tree is completed.

本发明实施例中,在构建混合索引树时,通过合并不同叶子节点(混合索引树的第ω层)的前缀编码族,得到每个叶子节点的第一父节点(混合索引树的第ω-1层),以及每个第一父节点对应的第一合并编码族,紧接着,通过合并不同第一父节点对应的第一合并编码族,得到每个第一父节点的第二父节点(混合索引树的第ω-2层),以及每个第二父节点对应的第二合并编码族,紧接着,通过合并不同第二父节点对应的第二合并编码族,得到每个第二父节点的第三父节点(混合索引树的第ω-3层),以及每个第三父节点对应的第三合并编码族,直至得到第w父节点(混合索引树的第1层),并且,第w父节点对应的第w合并编码族为一个由ω个通配符组成的前缀编码时,结束;其中,在构建第N层的节点时,在第N+1层节点对应的编码上继续向前合并一位码值,从而得到第N层的节点对应的合并编码,而当在第 N+1层节点对应的编码上继续向前合并一位码值,无法得到第N层的父节点时,在第N+1层节点对应的编码上向前合并两位码值,直至能得到第N层的父节点。In the embodiment of the present invention, when constructing the hybrid index tree, the first parent node of each leaf node (the ω- 1 layer), and the first combined coding family corresponding to each first parent node, and then, by merging the first combined coding families corresponding to different first parent nodes, the second parent node of each first parent node ( layer ω-2 of the mixed index tree), and the second merged code family corresponding to each second parent node, and then, by merging the second merged code families corresponding to different second parent nodes, each second parent node is obtained The third parent node of the node (the ω-3 layer of the hybrid index tree), and the third merged coding family corresponding to each third parent node, until the wth parent node (the first layer of the hybrid index tree) is obtained, and , when the w-th merged code family corresponding to the w-th parent node is a prefix code composed of ω wildcards, it ends; wherein, when constructing the N-th layer node, the code corresponding to the N+1-th layer node continues to Merge one-bit code value before, so as to obtain the merged code corresponding to the node on the Nth layer, and continue to merge one-bit code value forward on the code corresponding to the node on the N+1 layer, and the parent node on the Nth layer cannot be obtained , merge the two-bit code value forward on the code corresponding to the N+1 layer node until the parent node of the N layer can be obtained.

通过上述方式建立的混合索引树,从混合索引树的第1层至第ω层,每个节点对应的数据的范围逐渐减小,如此,有利于减小数据查询时的数据搜索量,从而提高数据查询效率。The hybrid index tree established in the above way, from the first layer to the ω layer of the hybrid index tree, the range of data corresponding to each node gradually decreases, so that it is beneficial to reduce the amount of data search during data query, thereby improving Data query efficiency.

本发明实施例还提供一种隐私保护的时空接触查询方法,如图4所示,所述方法包括:The embodiment of the present invention also provides a privacy-protected space-time contact query method, as shown in Figure 4, the method includes:

S201、获取包含查询数据的查询请求;查询数据包括:查询空间位置数据、与查询空间位置数据对应的查询时间数据。S201. Obtain a query request including query data; the query data includes: query spatial location data, and query time data corresponding to the query spatial location data.

S202、采用希尔伯特曲线,对查询数据中的查询空间位置数据进行编码处理,得到包含查询编码数据和查询时间数据的查询处理数据。S202. Using the Hilbert curve, encode the query spatial position data in the query data to obtain query processing data including query code data and query time data.

S203、对查询编码数据进行前缀编码,生成查询编码数据的前缀编码族。S203. Perform prefix encoding on the query encoding data to generate a prefix encoding family of the query encoding data.

S204、根据前缀编码族,得到与加密的混合索引树的每一层对应的前缀编码,以及每一层对应的前缀编码中不包含通配符的前缀编码。S204. According to the prefix code family, obtain the prefix code corresponding to each layer of the encrypted hybrid index tree, and the prefix code corresponding to each layer that does not contain wildcards.

在一些实施例中,可以采用用于生成混合索引树的每一层节点的原理,得到与加密的混合索引树的每一层对应的前缀编码;即采用与上述S S1051~S1056相同的原理,得到与加密的混合索引树的每一层对应的前缀编码。In some embodiments, the principle used to generate nodes at each layer of the hybrid index tree can be used to obtain the prefix code corresponding to each layer of the encrypted hybrid index tree; A prefix code corresponding to each level of the encrypted hybrid index tree is obtained.

S205、根据预设安全参数、每一层对应的前缀编码,以及每一层对应的前缀编码中不包含通配符的前缀编码,生成每一层的解密密钥。S205. Generate a decryption key for each layer according to the preset security parameters, the prefix codes corresponding to each layer, and the prefix codes corresponding to each layer that do not contain wildcards.

在一些实施例中,可以获取安全参数,根据安全参数,生成第二密钥,根据安全参数,生成采样值;根据安全参数、第二密钥、采样值、每一层对应的前缀编码,以及每一层对应的前缀编码中不包含通配符的前缀编码,生成每一层的解密密钥。In some embodiments, the security parameter can be obtained, the second key is generated according to the security parameter, and the sampling value is generated according to the security parameter; according to the security parameter, the second key, the sampling value, the prefix encoding corresponding to each layer, and The prefix encoding corresponding to each layer does not contain the prefix encoding of wildcards, and the decryption key of each layer is generated.

示例性的,安全参数为λ,第二密钥可以为第一密钥msk,可以通过以下公式计算任意一层的解密密钥J:Exemplarily, the security parameter is λ, the second key can be the first key msk, and the decryption key J of any layer can be calculated by the following formula:

Figure BDA0003806832450000141
Figure BDA0003806832450000141

d1=Sym.Enc(K,0λ+logλ);d 1 =Sym.Enc(K,0 λ+logλ );

J=(d0,d1,S);J=(d 0 ,d 1 ,S);

其中,J表示任意一层的解密密钥,d0为该任意一层的第一中间值,d1为该任意一层的第二中间值;K为该任意一层的采样值,且每一层的采样值相同,

Figure BDA0003806832450000142
为与混合索引树的第l层对应的前缀编码中的第j个前缀编码,lj和j∈[|S|]均为与混合索引树的第l层对应的前缀编码中,完全不包含通配符的前缀编码对应的查询编码数据,并且,当与混合索引树的第l层对应的前缀编码中,没有完全不包含通配符的前缀编码时lj与 j∈[|S|]为0;F0(.)表示前缀编码函数,
Figure BDA0003806832450000151
表示或运算;S表示与混合索引树的所有层对应的前缀编码中不包含通配符“*”的前缀编码的对应的查询编码数据的集合;Sym.Enc表示IND-CPA安全对称加密方案的加密过程。Among them, J represents the decryption key of any layer, d 0 is the first intermediate value of this arbitrary layer, d 1 is the second intermediate value of this arbitrary layer; K is the sampling value of this arbitrary layer, and each The sampling values of one layer are the same,
Figure BDA0003806832450000142
It is the j-th prefix code in the prefix code corresponding to the l-th layer of the mixed index tree, l j and j∈[|S|] are both in the prefix code corresponding to the l-th layer of the mixed index tree, which does not contain The query code data corresponding to the wildcard prefix code, and when there is no prefix code that does not contain wildcards in the prefix code corresponding to the l-th layer of the mixed index tree, l j and j∈[|S|] are 0; F 0 (.) indicates the prefix encoding function,
Figure BDA0003806832450000151
Represents an OR operation; S represents the set of query code data corresponding to prefix codes that do not contain the wildcard "*" in the prefix codes corresponding to all layers of the hybrid index tree; Sym.Enc represents the encryption process of the IND-CPA secure symmetric encryption scheme .

S206、根据每一层的解密密钥,生成对应的布隆过滤器,并对生成的布隆过滤器进行加密,得到与加密的混合索引树的多个层一一对应的多个查询布隆过滤器。S206. Generate a corresponding Bloom filter according to the decryption key of each layer, and encrypt the generated Bloom filter to obtain multiple query Blooms corresponding to multiple layers of the encrypted hybrid index tree one-to-one. filter.

S207、将多个查询布隆过滤器作为查询令牌,采用查询令牌从加密的混合索引树中进行数据查询,得到查询结果。S207. Use multiple query Bloom filters as query tokens, and use the query tokens to query data from the encrypted hybrid index tree to obtain query results.

本发明实施例中,可以将得到的每个查询布隆过滤器均放入TQ中,从而得到查询令牌TQIn the embodiment of the present invention, each obtained query Bloom filter can be put into T Q to obtain the query token T Q .

在一些实施例中,加密的混合索引树包括ω层,每层包括至少一个节点,每个节点对应一个加密的布隆过滤器;查询令牌包括:与ω层一一对应的ω个查询布隆过滤器;ω为大于1的整数;基于此,上述S207中的采用查询令牌从加密的混合索引树中进行数据查询,得到查询结果,可以通过S1~S4 实现:In some embodiments, the encrypted hybrid index tree includes ω layers, each layer includes at least one node, and each node corresponds to an encrypted Bloom filter; the query token includes: ω query cloths one-to-one corresponding to the ω layer Long filter; ω is an integer greater than 1; based on this, using the query token in the above S207 to perform data query from the encrypted mixed index tree to obtain the query result can be realized through S1~S4:

S1、采用与第j层对应的第j个查询布隆过滤器,对第j层中的每个节点对应的加密的布隆过滤器分别进行解密计算,得到每个节点对应的第一解密结果;j为1。S1. Using the j-th query Bloom filter corresponding to the j-th layer, decrypt and calculate the encrypted Bloom filter corresponding to each node in the j-th layer, and obtain the first decryption result corresponding to each node ;j is 1.

S2、在第j层中的第i个节点对应的第一解密结果表征解密成功、且第i 个节点具有第一孩子节点时,采用与第j+1层对应的第j+1个查询布隆过滤器,对第一孩子节点对应的加密的布隆过滤器进行解密计算,得到第二解密结果。S2. When the first decryption result corresponding to the i-th node in the j-th layer indicates that the decryption is successful, and the i-th node has the first child node, use the j+1-th query layout corresponding to the j+1-th layer The Bloom filter performs decryption calculation on the encrypted Bloom filter corresponding to the first child node to obtain a second decryption result.

示例性的,采用与第j层对应的第j个查询布隆过滤器,对第j层中的每个节点N对应的加密的布隆过滤器进行解密计算的过程如下:Exemplarily, using the jth query Bloom filter corresponding to the jth layer, the process of decrypting and calculating the encrypted Bloom filter corresponding to each node N in the jth layer is as follows:

Figure BDA0003806832450000161
Figure BDA0003806832450000161

μ'=Sym.Dec(K',d1);μ'=Sym.Dec(K',d 1 );

其中,d0和d1为第j个查询布隆过滤器中的第一中间值和第二中间值;K' 为中间解密值,cjN表示加密的混合索引树中第j层的第N个节点对应的布隆过滤器;N∈[|S|]表示第j层的第N个节点对应的布隆过滤器中,不包含通配符的前缀编码对应的空间编码数据;μ'表示得到的第一解密结果;Sym.Dec表示IND-CPA安全对称解密方案的解密过程。Among them, d 0 and d 1 are the first intermediate value and the second intermediate value in the jth query Bloom filter; K' is the intermediate decryption value, and c jN represents the Nth value of the jth layer in the encrypted hybrid index tree Bloom filter corresponding to nodes; N∈[|S|] means that in the Bloom filter corresponding to the Nth node in the jth layer, the space coded data corresponding to the prefix code that does not contain wildcards; μ' means the obtained The first decryption result; Sym.Dec represents the decryption process of the IND-CPA secure symmetric decryption scheme.

示例性的,当μ'=0λ+logλ时,第一解密结果表征解密成功。Exemplarily, when μ'=0 λ+logλ , the first decryption result indicates that the decryption is successful.

S3、当确定第一孩子节点对应的第二解密结果表征解密成功、且第一孩子节点具有孩子节点时,采用与第j+2层对应的第j+2个查询布隆过滤器,对第一孩子节点的孩子节点对应的加密的布隆过滤器进行解密计算,直至在得到的解密结果表征解密成功、且表征解密成功的解密结果对应的目标节点没有孩子节点时,采用第ω个查询布隆过滤器对应的查询时间数据,与目标节点对应的原始时间数据进行匹配对比。S3. When it is determined that the second decryption result corresponding to the first child node indicates that the decryption is successful, and the first child node has a child node, use the j+2th query Bloom filter corresponding to the j+2th layer to query the first child node The encrypted Bloom filter corresponding to the child node of a child node performs decryption calculation until the obtained decryption result indicates that the decryption is successful, and when the target node corresponding to the decryption result indicating that the decryption is successful does not have a child node, the ωth query cloth is used The query time data corresponding to the long filter is matched and compared with the original time data corresponding to the target node.

S4、当与目标节点对应的原始时间数据中,存在与查询时间数据匹配成功的数据时,将与查询时间数据匹配成功的数据,作为查询结果。S4. When there is data that successfully matches the query time data in the original time data corresponding to the target node, use the data that successfully matches the query time data as the query result.

本发明实施例中,当某个节点对应的解密结果表征成功时,将该节点加入搜索路径,继续对该节点的孩子节点进行解密计算,而当某个节点对应的解密结果表征失败时,不作处理(即剪枝);对于已加入搜索路径中的叶子结点,可以用查询令牌中的查询时间数据去匹配该叶子节点中的原始时间数据,如果匹配成功,则加入结果队列,否则不作处理,结果队列即为最终返回结果。In the embodiment of the present invention, when the decryption result characterization corresponding to a certain node is successful, the node is added to the search path, and the child nodes of the node are continued to be decrypted and calculated, and when the decryption result characterization corresponding to a certain node fails, no Processing (that is, pruning); for the leaf nodes that have been added to the search path, the query time data in the query token can be used to match the original time data in the leaf node, if the match is successful, then add the result queue, otherwise do not processing, the result queue is the final return result.

示例性的,图5为根据查询令牌进行数据查询的过程示意图。对查询数据中的空间位置数据,采用希尔伯特曲线进行编码后,得到的查询编码数据为[32,33]和[52,57],查询数据中的查询时间数据为t5;对这四个查询编码数据32、33、52和57分别进行前缀编码,生成每个查询编码数据的前缀编码族,并根据前缀编码族得到的与加密的混合索引树的第1层对应的前缀编码为“******”,与加密的混合索引树的第2层对应的前缀编码为“1*****”,与加密的混合索引树的第3层对应的前缀编码为“1101**、1110**、1000**”,与加密的混合索引树的第4层对应的前缀编码为“1101**、11100*、10000*”;之后,采用每一层对应的前缀编码,对应生成每一层的解密密钥J;之后,如图5所示,在采用第一层的解密密钥J对节点N0进行解密计算(即在N1对应的布隆过滤器中匹配到了前缀编码“******”),当解密成功时,采用第二层的解密密钥J依次对节点N1、N2和N3分别进行解密,并在对N1解密失败时剪枝,而在对N2和N3均解密成功时(即在N2和N3对应的布隆过滤器中分别匹配到了前缀编码“1*****”),采用第3层的解密密钥J对N5和N6分别进行解密,并在对N5解密失败时剪枝,而在对N6解密成功(即在N6对应的布隆过滤器中匹配到了前缀编码“1101**”)时,采用查询时间数据t5与叶子节点O5中的原始时间数据t5,以及与O6中的原始时间数据t6分别进行匹配,从而确定出叶子节点O5中的原始时间数据t5与查询时间数据t5匹配,从而可以将原始时间数据t5,以及将叶子节点O5的布隆过滤器中与原始时间数据t5对应的“1101**”对应的原始空间位置数据,作为查询结果。Exemplarily, FIG. 5 is a schematic diagram of a data query process based on a query token. For the spatial position data in the query data, after using the Hilbert curve to encode, the obtained query encoding data are [32,33] and [52,57], and the query time data in the query data is t5; Each query encoding data 32, 33, 52 and 57 are respectively prefix-encoded to generate a prefix encoding family of each query encoding data, and the prefix encoding corresponding to the first layer of the encrypted hybrid index tree obtained according to the prefix encoding family is "*****", the prefix code corresponding to the second layer of the encrypted hybrid index tree is "1*****", the prefix code corresponding to the third layer of the encrypted hybrid index tree is "1101* *, 1110**, 1000**", the prefix code corresponding to the fourth layer of the encrypted hybrid index tree is "1101**, 11100*, 10000*"; after that, use the prefix code corresponding to each layer, corresponding Generate the decryption key J of each layer; then, as shown in Figure 5, use the decryption key J of the first layer to decrypt and calculate the node N 0 (that is, match the prefix in the Bloom filter corresponding to N 1 code "******"), when the decryption is successful, the decryption key J of the second layer is used to decrypt the nodes N 1 , N 2 and N 3 respectively, and when the decryption of N 1 fails, pruning , and when both N 2 and N 3 are successfully decrypted (that is, the prefix code "1*****" is matched in the Bloom filters corresponding to N 2 and N 3 respectively), the decryption encryption of the third layer is used Key J decrypts N 5 and N 6 respectively, and prunes when N 5 fails to decrypt, and N 6 succeeds in decrypting (that is, the prefix code "1101** is matched in the Bloom filter corresponding to N 6 ”), use the query time data t5 to match the original time data t5 in the leaf node O5 and the original time data t6 in O6 respectively, so as to determine the original time data t5 in the leaf node O5 and the query The time data t5 is matched, so that the original time data t5 and the original spatial position data corresponding to "1101**" corresponding to the original time data t5 in the Bloom filter of the leaf node O5 can be used as query results.

图6为本发明实施例提供的加密的混合索引树的生成方法,以及隐私保护的时空接触查询方法的流程框图。如图6所示,对个人时空信息建立 BH-tree,根据BH-tree生成变长密钥,得到密钥集合,之后通过密钥集合对BH-tree进行加密,可以得到加密数据库(加密的BH-tree),在从加密数据库中进行时空数据查询时,先根据时空溯源请求(查询请求),生成溯源密钥(Token,即查询令牌),采用溯源密钥进行查询,并得到加密的查询结果,从而得到溯源结果。FIG. 6 is a flowchart of a method for generating an encrypted hybrid index tree and a privacy-protected spatio-temporal contact query method provided by an embodiment of the present invention. As shown in Figure 6, a BH-tree is established for personal spatiotemporal information, a variable-length key is generated according to the BH-tree, and a key set is obtained, and then the BH-tree is encrypted through the key set to obtain an encrypted database (encrypted BH -tree), when querying spatiotemporal data from an encrypted database, first generate a traceability key (Token, that is, a query token) according to the spatiotemporal traceability request (query request), use the traceability key to query, and obtain an encrypted query As a result, the traceability result is obtained.

图7本发明实施例提供的隐私保护的时空接触查询系统的一个应用场景图。如图7所示,相关单位(例如,防疫单位)通过合法途径收集市民行程数据、提取关键行程数据,并对行程数据进行加密,得到个人时空数据,并将个人时空数据上传至云平台存储,云平台采用生成加密的混合索引树的方法,将个人时空数据进行安全存储,用于为隐私保护的时空接触查询查询提供密文数据;当在某个地区出现病例,且相关机构需要查询相关的接触人群时,相关机构向云平台发送查询请求,云平台采用上述的隐私保护的时空接触查询方法进行时空数据查询,并查询到相关的加密数据,并将相关的加密数据返回至相关机构,相关机构采用相关机构与相关单位之间的共享密钥,对得到的加密数据进行解密,得到所需查询的明文数据。Fig. 7 is an application scenario diagram of the privacy-protected spatio-temporal contact query system provided by the embodiment of the present invention. As shown in Figure 7, relevant units (for example, epidemic prevention units) collect citizens’ itinerary data through legal means, extract key itinerary data, and encrypt the itinerary data to obtain personal spatio-temporal data, and upload the personal spatio-temporal data to the cloud platform for storage. The cloud platform adopts the method of generating an encrypted hybrid index tree to securely store personal spatiotemporal data, which is used to provide ciphertext data for privacy-protected spatiotemporal contact queries; when a case occurs in a certain area, and relevant institutions need to query relevant When contacting people, relevant agencies send query requests to the cloud platform, and the cloud platform uses the above-mentioned privacy-protected spatio-temporal contact query method to query spatio-temporal data, find relevant encrypted data, and return the relevant encrypted data to relevant agencies. The organization uses the shared key between the relevant organization and the relevant unit to decrypt the obtained encrypted data and obtain the plaintext data required for query.

为了进一步说明本发明的技术效果,以下通过仿真得到的对比图进行说明。In order to further illustrate the technical effect of the present invention, the comparison diagram obtained by simulation is described below.

图8A为采用本发明的方法生成查询令牌所需的时间随数据量的变化情况的示意图;从图8A可以得知,本发明生成查询令牌的时间在万级数据中为毫秒级。图8B为采用本发明的方法进行时空数据查询,以及采用PBRQ 方案进行时空数据查询时的查询时间对比图。根据图8B可知,本发明与 PBRQ查询时间对比明显,在万级查询的时间远低于PBRQ查询所需要的时间;并且,其随时间沿亚线性变化,具有非常明显的响应时间优势。特别是对于15万数据量的数据集,只需291.3ms即可完成查询令牌的生成, 38.22ms即可完成数据查询,运行效率较高,可以在实际场景中广泛使用。Fig. 8A is a schematic diagram of the change of the time required to generate query tokens with the amount of data by using the method of the present invention; it can be known from Fig. 8A that the time for generating query tokens in the present invention is at the millisecond level in tens of thousands of data. FIG. 8B is a comparison chart of query time when the method of the present invention is used to query spatio-temporal data and when the PBRQ scheme is used to query spatio-temporal data. According to Fig. 8B, it can be seen that the query time of the present invention is significantly lower than that of PBRQ, and the query time at 10,000 levels is far lower than the time required for PBRQ query; and, it changes sublinearly with time, and has a very obvious response time advantage. Especially for a data set with a data volume of 150,000, it only takes 291.3ms to complete the generation of the query token, and 38.22ms to complete the data query. The operation efficiency is high, and it can be widely used in actual scenarios.

以上内容是结合具体的优选实施方式对本发明所作的进一步详细说明,不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be assumed that the specific implementation of the present invention is limited to these descriptions. For those of ordinary skill in the technical field of the present invention, without departing from the concept of the present invention, some simple deduction or replacement can be made, which should be regarded as belonging to the protection scope of the present invention.

Claims (10)

1. A method for generating an encrypted hybrid index tree, comprising:
acquiring multiple groups of original space-time data of multiple objects; each group of original space-time data comprises original space position data and original time data corresponding to the original space position data;
coding the original spatial position data by using a Hilbert curve to obtain a plurality of groups of space-time processing data including spatial coding data and the original time data;
carrying out prefix coding on the space coding data in each group of space-time processing data to generate a prefix coding family of each group of space-time processing data;
obtaining a plurality of leaf nodes by using each group of space-time processing data and the prefix coding family of each group of space-time processing data as one leaf node of a mixed index tree;
combining different prefix coding families to generate non-leaf nodes layer by layer from bottom to top; each non-leaf node corresponds to one merged coding family, each non-leaf node is at least one leaf node or a father node of at least one non-leaf node, and the merged coding family corresponding to each father node comprises prefix coding families or merged coding families of all child nodes of the father node;
generating a bloom filter of each leaf node according to the prefix coding family corresponding to each leaf node, and generating a bloom filter of each non-leaf node according to the combined coding family corresponding to each non-leaf node to obtain a mixed index tree; wherein, the lengths of the bloom filters of different leaf nodes are the same, and the lengths of the bloom filters of non-leaf nodes of different layers are different;
and symmetrically encrypting each bloom filter to obtain an encrypted mixed index tree.
2. The method of generating an encrypted hybrid index tree according to claim 1, wherein the merged code family comprises: a first merged coding family, a second merged coding family and a third merged coding family; each prefix code comprises a code value of omega bits; the merging of different prefix coding families to generate non-leaf nodes layer by layer from bottom to top comprises the following steps:
combining different prefix coding families corresponding to the leaf nodes to obtain a first combined coding family corresponding to each leaf node, and taking the first combined coding family as a first father node of the corresponding leaf node; each leaf node is a child node of the corresponding first father node;
taking the leaf node as the omega-1 layer of the mixed index tree and the first father node as the omega-1 layer of the mixed index tree;
the second merged coding family corresponding to each first father node is obtained by merging the first merged coding families corresponding to the plurality of first father nodes, and the second merged coding family is used as the second father node of the corresponding first father node; each first father node is a child node of the corresponding second father node;
taking the second parent node as the omega-2 layer of the mixed index tree;
merging second merged coding families corresponding to a plurality of second father nodes to obtain a third merged coding family corresponding to each second father node, and taking the third merged coding family as a third father node of the corresponding second father node; each second father node is a child node of the corresponding third father node;
taking the third father node as the omega-3 layer of the mixed index tree until obtaining the node of the omega-w layer of the mixed index tree; wherein w is ω -1.
3. The method of generating an encrypted hybrid index tree according to claim 2, wherein the first merged encoding family includes: a first original code and a first sub code;
the merging different prefix code families corresponding to the leaf nodes to obtain the first merged code family corresponding to each leaf node, and using the first merged code family as a first father node of the corresponding leaf node includes:
comparing prefix codes in different prefix code families corresponding to the leaf nodes bit by bit, determining at least two first prefix code families with the same front omega-1 bit code value and different omega bits, and setting the omega bit code value of the prefix code not containing wildcards in the at least two first prefix code families as wildcards to obtain the first original code when the at least two first prefix code families exist;
setting the code value of the omega-1 bit of the first original code as a wildcard character to correspondingly obtain a first sub-code, setting the code value of the omega-2 bit of the first original code as a wildcard character to correspondingly obtain a first sub-code, and correspondingly obtaining at least one first sub-code until the code value of the omega-w bit of the first original code is set as a wildcard character; w is omega-1;
and taking the first original code and the at least one first child code as the first parent node of the leaf nodes corresponding to the at least two first prefix code families.
4. The method of generating an encrypted hybrid index tree according to claim 3, further comprising:
when the at least two first prefix coding families do not exist, comparing prefix codes in different prefix coding families corresponding to the leaf nodes bit by bit, determining at least two second prefix coding families with the same front omega-2 bit code value and different omega-1 bit code values, and when the at least two second prefix coding families exist, setting the omega-1 bit code value and the omega bit code value of the prefix code which does not contain the wildcard in the at least two second prefix coding families as wildcards to obtain a third original code;
setting the code value of the omega-2 bit of the third original code as a wildcard character to correspondingly obtain a third sub-code, setting the code value of the omega-3 bit of the third original code as a wildcard character to correspondingly obtain a third sub-code, and correspondingly obtaining at least one third sub-code until the code value of the omega-w bit of the third original code is set as a wildcard character; w is omega-1;
and taking the third original code and the at least one third child code as the first father node of the leaf nodes corresponding to the at least two second prefix code families.
5. The method of generating an encrypted hybrid index tree according to claim 3, wherein the second merged coding family comprises: a second primary code and a second secondary code;
when the at least two first prefix coding families exist, the second merged coding family corresponding to each first parent node is obtained by merging the first merged coding families corresponding to the multiple first parent nodes, and the second merged coding family is used as the second parent node of the corresponding first parent node, including:
carrying out bit-by-bit comparison on codes in different first merging code families, determining at least two merging code families with the same front omega-2 bit code value and different omega-1 bit code values, and setting the code values from the omega-1 bit to the omega-1 bit containing the code with the least wildcard characters in the at least two merging code families as wildcard characters to obtain a second original code when the at least two merging code families exist;
setting the code value of the omega-2 bit of the second original code as a wildcard character to correspondingly obtain a second sub code, setting the code value of the omega-3 bit of the second original code as a wildcard character to correspondingly obtain a second sub code, and correspondingly obtaining at least one second sub code until the code value of the omega-w bit of the second original code is set as a wildcard character; w is omega-1;
and using the second original code and the at least one second child code as the second parent node of the first parent node corresponding to the at least two merged code families.
6. The method for generating an encrypted mixed index tree according to claim 1, wherein when one spatial encoding data in any one set of spatio-temporal processing data is ω -bit data, the prefix encoding is performed on the spatial encoding data in each set of spatio-temporal processing data to generate a prefix encoding family of each set of spatio-temporal processing data, comprising:
prefix coding is carried out on one space coding data in any group of space-time processing data to generate omega +1 prefix codes;
and encoding the omega +1 prefixes to serve as a prefix encoding family of the space-time encoding data in the arbitrary group of space-time processing data.
7. The method of claim 1, wherein the symmetrically encrypting each bloom filter to obtain the encrypted hybrid index tree comprises:
acquiring a safety parameter;
generating a first secret key according to the security parameters;
and symmetrically encrypting each bloom filter by adopting the first key to obtain the encrypted mixed index tree.
8. A privacy-preserving spatio-temporal contact query method is characterized by comprising the following steps:
acquiring a query request containing query data; the query data includes: inquiring spatial position data and inquiring time data corresponding to the inquiring spatial position data;
using a Hilbert curve to encode the query spatial position data in the query data to obtain query processing data including query encoded data and the query time data;
prefix coding is carried out on the inquiry coded data, and a prefix coding family of the inquiry coded data is generated;
according to the prefix code family, obtaining a prefix code corresponding to each layer of the encrypted mixed index tree, and the prefix code corresponding to each layer does not contain a prefix code of a wildcard;
generating a decryption key of each layer according to preset security parameters, the prefix code corresponding to each layer and the prefix code which does not contain wildcard characters in the prefix code corresponding to each layer;
generating a corresponding bloom filter according to the decryption key of each layer, and encrypting the generated bloom filter to obtain a plurality of query bloom filters which are in one-to-one correspondence with the layers of the encrypted mixed index tree;
and taking the plurality of query bloom filters as query tokens, and performing data query from the encrypted mixed index tree by using the query tokens to obtain a query result.
9. The method of claim 8, wherein the encrypted hybrid index tree is composed of parent nodes and child nodes, and wherein the encrypted hybrid index tree comprises omega layers, each layer comprising at least one node, each node corresponding to an encrypted bloom filter; the query token includes: omega query bloom filters in one-to-one correspondence with the omega layers; omega is an integer greater than 1;
the data query from the encrypted mixed index tree by using the query token to obtain a query result includes:
respectively carrying out decryption calculation on the encrypted bloom filters corresponding to each node in the jth layer by adopting the jth query bloom filter corresponding to the jth layer to obtain a first decryption result corresponding to each node; j is 1;
when a first decryption result corresponding to the ith node in the jth layer represents that decryption is successful and the ith node has a first child node, performing decryption calculation on an encrypted bloom filter corresponding to the first child node by adopting a jth +1 query bloom filter corresponding to a jth +1 layer to obtain a second decryption result;
when the second decryption result corresponding to the first child node is determined to represent that decryption is successful and the first child node has a child node, performing decryption calculation on the encrypted bloom filter corresponding to the child node of the first child node by adopting a j +2 th query bloom filter corresponding to a j +2 th layer until the obtained decryption result represents that decryption is successful and the target node corresponding to the decryption result which represents that decryption is successful does not have a child node, and performing matching comparison on the query time data corresponding to the omega-th query bloom filter and the original time data corresponding to the target node by adopting the omega-th query bloom filter;
and when data successfully matched with the query time data exists in the original time data corresponding to the target node, using the data successfully matched with the query time data as the query result.
10. The privacy-preserving spatio-temporal contact query method according to claim 8, wherein the generating of the decryption key of each layer according to preset security parameters, the prefix code corresponding to each layer, and the prefix code not including wildcard in the prefix code corresponding to each layer comprises:
acquiring a safety parameter;
generating a second key according to the security parameter;
generating a sampling value according to the safety parameter;
and generating a decryption key of each layer according to the security parameter, the second key, the sampling value, the prefix code corresponding to each layer and the prefix code which does not contain wildcards in the prefix code corresponding to each layer.
CN202210999099.5A 2022-08-19 2022-08-19 A method for generating encrypted hybrid index trees and privacy-preserving spatiotemporal contact queries Active CN115391803B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210999099.5A CN115391803B (en) 2022-08-19 2022-08-19 A method for generating encrypted hybrid index trees and privacy-preserving spatiotemporal contact queries

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210999099.5A CN115391803B (en) 2022-08-19 2022-08-19 A method for generating encrypted hybrid index trees and privacy-preserving spatiotemporal contact queries

Publications (2)

Publication Number Publication Date
CN115391803A true CN115391803A (en) 2022-11-25
CN115391803B CN115391803B (en) 2025-08-08

Family

ID=84120739

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210999099.5A Active CN115391803B (en) 2022-08-19 2022-08-19 A method for generating encrypted hybrid index trees and privacy-preserving spatiotemporal contact queries

Country Status (1)

Country Link
CN (1) CN115391803B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116775657A (en) * 2023-06-20 2023-09-19 上海电力大学 Privacy protection multidimensional range query method, device and storage medium
CN118316589A (en) * 2024-04-07 2024-07-09 中国石油大学(华东) A Hash Supertree Structure for Optimizing Sponge

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100944655B1 (en) * 2008-12-26 2010-03-04 고려대학교 산학협력단 Apparatus and method for constructing data and apparatus and method for retrieving data including non-spatial information
US20130262485A1 (en) * 2010-12-14 2013-10-03 The Regents Of The University Of California High Efficiency Prefix Search Algorithm Supporting Interactive, Fuzzy Search on Geographical Structured Data
CN113158087A (en) * 2021-04-09 2021-07-23 深圳前海微众银行股份有限公司 Query method and device for space text
CN114416720A (en) * 2021-12-08 2022-04-29 西安电子科技大学 Efficient, flexible and verifiable multi-attribute range retrieval method and system in cloud environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100944655B1 (en) * 2008-12-26 2010-03-04 고려대학교 산학협력단 Apparatus and method for constructing data and apparatus and method for retrieving data including non-spatial information
US20130262485A1 (en) * 2010-12-14 2013-10-03 The Regents Of The University Of California High Efficiency Prefix Search Algorithm Supporting Interactive, Fuzzy Search on Geographical Structured Data
CN113158087A (en) * 2021-04-09 2021-07-23 深圳前海微众银行股份有限公司 Query method and device for space text
CN114416720A (en) * 2021-12-08 2022-04-29 西安电子科技大学 Efficient, flexible and verifiable multi-attribute range retrieval method and system in cloud environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈保平;焦小炜;: "基于P2P分布式多维平衡树的数据索引结构的复杂查询", 河北省科学院学报, no. 03, 15 September 2008 (2008-09-15) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116775657A (en) * 2023-06-20 2023-09-19 上海电力大学 Privacy protection multidimensional range query method, device and storage medium
CN118316589A (en) * 2024-04-07 2024-07-09 中国石油大学(华东) A Hash Supertree Structure for Optimizing Sponge

Also Published As

Publication number Publication date
CN115391803B (en) 2025-08-08

Similar Documents

Publication Publication Date Title
US11023477B2 (en) Method and system for fuzzy keyword search over encrypted data
Feng et al. EViT: Privacy-preserving image retrieval via encrypted vision transformer in cloud computing
CN104615692B (en) A Searchable Encryption Method Supporting Dynamic Update and Multi-keyword Secure Sorting
CN115309928B (en) Image encryption retrieval method, device and medium capable of hidden data access
CN111026788A (en) A multi-keyword ciphertext ranking retrieval method based on homomorphic encryption in hybrid cloud
Persiano et al. Lower bounds for differentially private RAMs
CN106980796B (en) Multi-domain connection keyword search method based on MDB+ tree in cloud environment
CN108197491B (en) A ciphertext-based subgraph retrieval method
CN106934301A (en) A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation
CN114416720B (en) Efficient, flexible and verifiable multi-attribute range retrieval method and system in cloud environment
CN108256031A (en) A kind of multi-source encrypted image search method for supporting secret protection
CN115391803A (en) Encrypted hybrid index tree generation and privacy protection space-time contact query method
CN118643055B (en) Privacy-preserving dynamic spatial keyword query method, device, electronic device, and storage medium under multi-attribute cost constraints
CN107908779A (en) The searching method of dynamic multi-attribute connection keyword based on MAT trees under cloud environment
Wang et al. An efficient and privacy-preserving range query over encrypted cloud data
CN109495446B (en) Order-preserving encryption algorithm based on balanced sorting tree storage structure
CN118535759A (en) A privacy-preserving cross-modal semantic retrieval method based on tree structure
Liang et al. Efficient and privacy-preserving encode-based range query over encrypted cloud data
CN116775657B (en) A privacy-preserving multi-dimensional range query method, device, and storage medium
CN117520647A (en) Cross-modal data retrieval method based on robust Hamming coding
Liang et al. Secure and efficient image retrieval over encrypted cloud data
CN108337085B (en) Approximate neighbor search construction method supporting dynamic update
Kamble et al. A study on fuzzy keywords search techniques and incorporating certificateless cryptography
CN108471417A (en) Keyword query method based on hierarchy attributes under a kind of cloud environment
Yao et al. Efficient and privacy-preserving search in multi-source personal health record clouds

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant