Homomorphic encryption-based distributed k-anonymous location privacy protection method for internet of vehicles

By introducing Paillier threshold encryption and k-anonymity technology into vehicle-to-everything (V2X) LBS, the problems of plaintext location transmission leakage and collusion attacks are solved, achieving secure encryption of user location and low-latency privacy protection, thus improving the security and reliability of the system.

CN122247582APending Publication Date: 2026-06-19NANTONG UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NANTONG UNIV
Filing Date
2026-02-25
Publication Date
2026-06-19

Smart Images

  • Figure CN122247582A_ABST
    Figure CN122247582A_ABST
Patent Text Reader

Abstract

This invention proposes a distributed k-anonymity location privacy protection method for vehicle-to-everything (V2X) networks based on homomorphic encryption, belonging to the field of V2X security technology. The technical solution includes the following steps: S1, system initialization; S2, bidirectional authentication between vehicles and Roadside Units (RSUs); S3, RSUs pre-compute and maintain the Paillier key pool; S4, RSUs assist in establishing a k-anonymity set and efficiently distributing Paillier threshold keys; S5, vehicles within the k-anonymity set encrypt their own locations and generate zero-knowledge proof credentials; S6, vehicles within the k-anonymity set collaboratively perform threshold decryption and generate anonymity center locations. This invention achieves vehicle location privacy protection and distributed key management, effectively resisting collusion attacks.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of vehicle network security technology, and in particular to a distributed k-anonymity location privacy protection method for vehicle networks based on homomorphic encryption. Background Technology

[0002] The Internet of Vehicles (IoV) is the core carrier of the Intelligent Transportation System (ITS). Based on a three-tiered architecture of "device-network-cloud," it achieves comprehensive interconnection and interoperability between vehicles (V2V) and between vehicles and infrastructure (V2I) through terminals such as on-board units (OBU) and roadside units (RSU), constructing a collaborative ecosystem of "vehicle-road-person-cloud." It collects vehicle status, driving parameters, and surrounding environmental data through multi-source sensors, GPS, and other devices, transmits this data at high speed using 5G and other communication technologies, and analyzes and makes decisions on a cloud platform to support intelligent navigation, autonomous driving, traffic management, and other scenarios, driving the transformation of transportation towards intelligence and efficiency. In the IoV system, Location-Based Services (LBS) are the foundation and core module for various intelligent applications of the IoV. LBS provides information and services based on the geographical location of users or devices through technologies such as Geographic Information Systems (GIS) and Global Positioning Systems (GPS). LBS in the IoV mainly includes functions such as positioning, navigation, route planning, and real-time traffic monitoring. By leveraging accurate geolocation data, Location-Based Services (LBS) not only provides drivers with precise navigation services but also supports real-time scheduling and optimization of intelligent traffic management systems, such as dynamic traffic signal control and emergency response. Furthermore, LBS provides strong support for intelligent driving and vehicle-road network collaborative control in vehicle-to-everything (V2X) systems, making it one of the key technologies for achieving autonomous driving and intelligent transportation.

[0003] However, with the widespread application of LBS technology in the Internet of Vehicles (IoV), massive amounts of high-precision vehicle location, trajectory, and user behavior data are continuously collected, transmitted, and processed. While improving traffic efficiency and safety, this also raises serious privacy risks. Location data is highly sensitive, directly reflecting users' behavioral habits, activity trajectories, and even social relationships. It can also be used to infer their identity, occupation, health status, and other private information. Once maliciously obtained or misused, attackers may use historical trajectory data to perform location tracking, identity association, or behavior prediction. Therefore, how to effectively protect users' location privacy while ensuring the quality of LBS services has become a critical issue that urgently needs to be addressed in the field of IoV security and privacy research.

[0004] To address the privacy breach issues in vehicle-to-everything (V2X) location-based services (LBS) applications, researchers have conducted extensive studies. Among these, k-anonymity technology has garnered significant attention due to its effectiveness in protecting the correlation between user identity and location, as well as its simplicity of implementation. This technology constructs an anonymity set containing k users, allowing individuals to maintain their location within a spatiotemporal region while maintaining anonymity with other users. This method makes individual users indistinguishable, thus hiding their true location and adapting to the high-speed mobility and dynamic topology changes inherent in vehicle-to-everything (V2X) networks. The paper "An anonymous entropy-based location privacy protection scheme in mobile social networks" by Lina Ni et al. addresses the user location privacy leakage problem in location-based services (LBS) on mobile social networks (MSN). It proposes an anonymous entropy-based location privacy protection invention, incorporating the K-DDCA algorithm for dense regions and the K-SDCA algorithm for sparse regions, combining the kd-tree algorithm with the anonymous entropy method to construct anonymous regions. However, this invention relies on historical data and empirical parameters, its adaptability to dynamic scenarios is not clearly defined, and the centralized k-anonymity architecture employed carries the risk of a single point of failure. The paper "A caching and spatial k-anonymity driven privacy enhancement scheme in continuous location-based services" by Shaobo Zhang et al. addresses the privacy leaks, low query result reuse rates, and frequent user interactions with LSPs caused by users transmitting query data to untrusted location service providers (LSPs) in continuous location-based services (LBSs). It proposes a privacy enhancement invention based on caching and spatial k-anonymity (CSKA), using a Markov model to predict user locations to improve cache hit rates and effectively resist LSP inference attacks and eavesdropping attacks. However, this invention does not consider the security of multi-user queries and information sharing between users and neighbors, and it also suffers from the single point of failure risk inherent in centralized k-anonymity architectures. As the above research shows, although such inventions reduce terminal computing overhead, they all adopt a centralized k-anonymity architecture. This architecture relies on a trusted third party (TP) to collect raw data, perform anonymization processing, and then publish the k-anonymity-compliant data to the service provider. This architecture has a single point of failure privacy risk. Once the third-party server is attacked or becomes untrustworthy, the original location and identity data of all vehicles will be at risk of being leaked.

[0005] To address the security issues arising from centralized k-anonymity architectures, distributed k-anonymity architectures have become a research hotspot in the field of vehicle-to-everything (V2X) privacy protection in recent years. Distributed k-anonymity architectures do not rely on trusted third parties; users collaboratively generate anonymous regions. The paper "Invention for Location Privacy Protection Based on Hybrid Blockchain" by He Yefeng et al. addresses the vulnerability of trusted third-party servers to attacks and privacy leaks in V2X location privacy services. It proposes an invention based on hybrid blockchain, combining optimized k-anonymity, a credit mechanism, and an information isolation mechanism to improve privacy protection levels and reduce time overhead. However, this invention relies on RSU collaboration, which increases computational complexity with increasing task load; furthermore, user locations are transmitted in plaintext during the anonymity set construction phase, posing a privacy leakage risk. The paper "A Deep Deterministic Policy Gradient Caching Method for V2X Privacy Protection" by Shen Zihao et al. addresses the low edge cache hit rate and difficulty in location privacy protection in V2X by proposing a deep deterministic policy gradient caching method. This invention uses taxis as secondary cache nodes, dynamically optimizes the cache replacement strategy through deep reinforcement learning, and combines k-anonymity and random response perturbation mechanisms to protect user location privacy. However, this method relies on the extensive coverage and coordination of taxis, which can affect service availability in low-density areas such as suburbs; when the workload increases or the number of connected service request vehicles increases, the request latency and computational complexity will increase significantly; and when constructing the anonymous set, the user's location is uploaded in plaintext, which poses a risk of privacy leakage.

[0006] In summary, while existing distributed anonymity inventions address the single point of failure problem of centralized architectures by constructing anonymous sets through autonomous collaboration among nodes, they still have security flaws. First, during the construction of anonymous sets, users must upload their real locations in plaintext, leading to the risk of sensitive information being eavesdropped on or attacked, and thus, leakage. Second, most inventions are designed only for attack models targeting a single attacker, without considering scenarios where multiple malicious nodes collude. In high-density vehicle-to-everything (V2X) environments, frequent interactions between vehicles and the possibility that some nodes may be controlled by the same attacker make collusive attacks a highly realistic possibility. Third, the computational and communication overhead of such inventions is typically high, and increases with the size of the anonymous set, making it difficult to meet the service requirements of low latency and high real-time performance in dynamic, highly mobile V2X environments. Summary of the Invention

[0007] This invention provides a distributed k-anonymity location privacy protection method for vehicle-to-everything (V2X) networks based on homomorphic encryption. Addressing the technical problems of traditional k-anonymity technology in V2X LBS, such as privacy leakage during plaintext location transmission, insufficient resistance to collusion attacks, single point of failure in centralized key management, and trust risks, this invention designs a collusion-resistant privacy protection method that integrates Paillier threshold encryption and k-anonymity. This achieves vehicle location privacy protection and distributed key management, effectively resisting collusion attacks and improving the security level of privacy protection in V2X LBS networks.

[0008] Based on a thorough investigation of current LBS privacy protection inventions in the vehicle-to-everything (V2X) network and an analysis of their shortcomings, this invention proposes a distributed k-anonymity location privacy protection method for V2X networks based on Paillier homomorphic encryption. This invention integrates Paillier threshold encryption and k-anonymity technology, applying them to the field of V2X LBS privacy protection, effectively solving the drawbacks of traditional inventions. Because this invention uses underlying cryptographic techniques, relevant cryptographic knowledge will be explained first to clearly illustrate the principles and steps of this invention:

[0009] 1. Paillier Threshold Cryptography System

[0010] The Paillier threshold cryptosystem is based on the Paillier public-key cryptography system and... This cryptographic invention combines threshold secret sharing technology. Its core feature is that it splits the Paillier private key into k shares and distributes them to different participants, requiring only t... The plaintext can be recovered by having t participants collaborate to complete part of the decryption and result aggregation. If there are fewer than t participants, no valid information can be obtained. At the same time, it inherits the homomorphic addition feature of the Paillier system, supports addition operations at the ciphertext level corresponding to plaintext addition, and is suitable for security scenarios that require multi-party collaborative decryption.

[0011] The core steps of the algorithm are as follows:

[0012] Key generation:

[0013] (1) Select distinct large prime numbers p and q, and calculate , ;

[0014] (2) Select (Commonly g=n+1), public key is ;

[0015] (3) Through Secret sharing will Split into k shares , and assign to k participants.

[0016] Encryption: encryption of plaintext Random selection Calculate the ciphertext: .

[0017] Partial decryption: Participant i uses its own private key share The decryption result of the calculation part: ,in (Require ).

[0018] Aggregate decryption: Collect t partial decryption results Aggregate by Lagrange interpolation Then calculate the plaintext: .

[0019] 2. Elliptic curves

[0020] Elliptic curves are defined as finite fields Equations on (p is a large prime number): ,in And it must satisfy the discriminant. .

[0021] Elliptic curve encryption

[0022] Elliptic Curve Cryptography (ECC) is based on asymmetric encryption, as detailed below:

[0023] (1) Key generation: The user selects a private key. Calculate the public key ;

[0024] (2) Encryption: The sender maps the plaintext to curve points. Select random numbers Then use the recipient's public key. Generate ciphertext pairs ;

[0025] (3) Decryption: The receiver uses the private key calculate To restore plaintext points .

[0026] Elliptic curve problems

[0027] (1) The problem of discrete logarithm

[0028] set up For a finite field Elliptic curve on, yes The order is a prime number cyclic subgroups yes The generator is randomly selected. ,calculate Given and Solve The problem is called the elliptic curve discrete logarithm problem. If solving the discrete logarithm problem is computationally infeasible, then the elliptic curve discrete logarithm problem hypothesis holds.

[0029] (2) Computational Diffie-Hellman (CDH) problems

[0030] set up , yes The generators. Given and ,calculate This is known as the CDH hard problem. If solving a CDH hard problem is computationally infeasible, then the CDH hard problem hypothesis is true.

[0031] For ease of understanding, the symbols and their meanings involved in this invention are first given in Table 1 below:

[0032] Table 1. Symbols and their meanings

[0033]

[0034] This invention is achieved through the following measures: a distributed k-anonymity location privacy protection method for vehicle-to-everything (V2X) networks based on Paillier homomorphic encryption, comprising the following steps:

[0035] S1, System initialization;

[0036] S2, vehicle and roadside unit (RSU) undergo two-way certification;

[0037] S3, Roadside Unit (RSU) pre-calculation and maintenance of Paillier key pool;

[0038] S4. Roadside Units (RSUs) assist in establishing k-anonymity sets and efficiently distributing Paillier threshold keys;

[0039] S5, vehicles in the k-anonymous set encrypt their own location and generate zero-knowledge proof credentials;

[0040] S6, vehicles in the k-anonymous set cooperate to perform threshold decryption and generate the anonymity center position.

[0041] Further, step S1 includes:

[0042] S11, Trusted Center (TA) initialization;

[0043] S111, The order of the Trust Center (TA) is defined as a large prime number. Elliptic curve group The generator is Select system master key Calculate the corresponding system public key ;

[0044] S112. The Trusted Center (TA) selects two one-way collision-resistant hash functions. , Public system parameters Secretly store the master key ;

[0045] S12, Vehicle Registration;

[0046] S121, Vehicle identification document submission The Trusted Center (TA) is given the key, and the Trusted Center (TA) calculates a portion of the private key. And send it to the vehicle, the vehicle selects the secret value. Generate a complete vehicle private key. The public key is And calculate the public key. Hash value ;

[0047] S122, Generating random numbers for vehicles And calculate the points of the elliptic curve. Cache temporary key pairs spare;

[0048] S123. The vehicle pre-generates multiple commitment tuples, each commitment containing a random number. and commitment value The generated commitment tuple Stored in a local secure area, used and unused commitments are marked to ensure the one-time use of commitments;

[0049] S13, Roadside Unit (RSU) Registration;

[0050] S131, Roadside Unit (RSU) submits identity The Trusted Center (TA) is given the key, and the Trusted Center (TA) calculates a portion of the private key. And send it to the Roadside Unit (RSU), which selects a secret value. Generate a complete private key as The public key is ;

[0051] S132, Roadside Unit (RSU) generates multiple random numbers And calculate the corresponding elliptic curve points. ,Will Stored in the cache pool.

[0052] Further, step S2 includes:

[0053] S21, Roadside Units (RSUs) retrieve a set from the buffer pool. Yes, calculate the hash value. and digital signatures Construct authentication information Send to the vehicle;

[0054] S22. The vehicle first calculates the hash value. Determine the signature verification formula If the condition is met, the Roadside Unit (RSU) is considered legitimate infrastructure. The vehicle then uses a pre-generated offline temporary key pair. Calculate the hash value and digital signatures Construct authentication information Send to the roadside unit (RSU);

[0055] S23, Roadside Unit (RSU) hash value calculation Determine the signature verification formula If the claim is valid, then the vehicle is a legally registered communication entity.

[0056] Further, step S3 includes:

[0057] S31. In order to reduce the computational latency of the LBS online service stage of vehicle-to-everything (V2X) location services and avoid the additional computational overhead caused by real-time generation of Paillier threshold encryption public and private key pairs, the Roadside Unit (RSU) needs to generate a pool of Paillier threshold encryption public and private key pairs and move the key pair generation process to the pre-computation stage to achieve rapid scheduling of encrypted resources.

[0058] S311, Paillier threshold public key generation: The roadside unit (RSU) first runs a secure prime number generation algorithm to generate prime numbers. and Calculate the modulus Then select the generator of the Paillier encryption algorithm. To meet encryption requirements, it is usually set Finally, set the public key. ;

[0059] S312. Paillier Threshold Private Key Generation: The Roadside Unit (RSU) first generates a Paillier algorithm master private key, based on the modulus of the already generated public key. Calculate the Paillier core private key (Right now and (the least common multiple); then select a value greater than large prime numbers As the computational modulus secretly shared by Shamir, a randomized one is generated. polynomial of degree And based on Shamir's secret shared invention, calculation The private key is fragmented using the following method: For integers... Private key fragmentation Obtain the private key fragment set ;

[0060] S32. Roadside Units (RSUs) need to monitor in real time whether the key pool capacity has reached a preset threshold. Since each execution of k-anonymous set location information encryption requires consuming one key pair from the key pool, when the key pool capacity falls below a preset threshold... When this happens, the Roadside Unit (RSU) will call the Paillier Threshold Key Generation Algorithm to automatically replenish the key until the pool capacity is restored to the preset threshold.

[0061] Further, step S4 includes:

[0062] S41. In order to enable the requesting vehicle to quickly and safely find k-1 neighboring vehicles, a temporary k-anonymous set U is formed, with the roadside unit (RSU) as the communication intermediary, so as to realize the rapid establishment of the anonymity set.

[0063] S411, Vehicles requesting LBS services Send a k-anonymous set generation request to the Roadside Units (RSUs) in the communication area. ,in, The identity of the requested vehicle is represented by k, and the size of the desired anonymous set is represented by k.

[0064] S412, Roadside Unit (RSU) Receive Request Then, it broadcasts a k-anonymous set recruitment message to vehicles within its communication domain. This includes the size k of the target anonymous set;

[0065] S413, Vehicles within the Domain Receiving Messages Subsequently, vehicles willing to assist in generating the k-anonymity set send an acknowledgment message to the Roadside Unit (RSU). ,in, Indicate the identity of the participating vehicles;

[0066] S414. After the roadside unit (RSU) collects confirmation messages from k-1 participating vehicles, it generates a k-anonymous set of vehicles. ;

[0067] S415. After the anonymous set is generated, the Roadside Unit (RSU) assigns a unique temporary identifier to each vehicle in the set. This identifier is only valid during this anonymization service period. Simultaneously, the Roadside Unit (RSU) selects one vehicle from the set as the leader vehicle of the anonymization set. and broadcast the identity of the lead vehicle. ;

[0068] S42. The Roadside Unit (RSU) distributes Paillier threshold-encrypted public and private keys to vehicle users within the k-anonymous set.

[0069] S421. The roadside unit (RSU) selects a set of Paillier public-private key pairs from the Paillier key pool, which consists of a Paillier threshold public key and k Paillier threshold private key fragments.

[0070] S422, the roadside unit (RSU) encapsulates and distributes the key;

[0071] S4221. The Roadside Unit (RSU) first distributes k private key fragments to k vehicle users in the anonymous set, with each user receiving one private key fragment.

[0072] S4222, Roadside Unit (RSU) uses the public key of each vehicle user. Encrypt its corresponding private key fragment Obtain the private key fragmented ciphertext ;

[0073] S4223, Roadside Unit (RSU) will provide a unique temporary identifier for vehicle users. and private key fragmented ciphertext Bind and obtain the private key package. ;

[0074] S4224. Based on this, the Roadside Unit (RSU) combines the private key packets of all users in the anonymous set to obtain a private key packet set. Furthermore, the roadside unit (RSU) will use the Paillier public key. and private key bundles Combine them to obtain the key distribution packet. and broadcast this key distribution packet. .

[0075] S423, vehicle users in the k-anonymous set receive key distribution packets Then, first extract the Paillier public key from it. Then, based on its own identifier... Mapped to the corresponding private key package and use its own private key Decrypt the private key fragment ciphertext In order to obtain their own private key fragments ;

[0076] Further, step S5 includes:

[0077] S51, in the k-anonymity set, vehicle users encrypt their own locations to obtain location ciphertext;

[0078] Vehicle users in the S511, k-anonymous set first use the Paillier threshold public key. Encrypt your location The location ciphertext was obtained: Where g is a generator, The number is a random number, and N is the modulus.

[0079] S512. To ensure that the location encryption provided by the vehicle user is valid and has not been tampered with, the vehicle uses the location encryption... Generate credentials for non-interactive zero-knowledge proofs;

[0080] S52, The edge server receives location ciphertext submitted by k users. With proof of credentials Then, data verification and location aggregation are performed;

[0081] S521, Edge Server for each zero-knowledge proof credential Calculate the challenge value: ;

[0082] S522, Edge Server Verification Formula for Judging Paillier Ciphertext Integrity If the condition is met, it means that the ciphertext is valid and has not been tampered with; otherwise, the ciphertext is discarded.

[0083] S523. The edge server calculates the sum of the ciphertext of all user locations within the anonymous set based on the homomorphic addition property of Paillier encryption: and broadcast the encrypted aggregation results. .

[0084] Further, step S6 includes:

[0085] S61. Threshold decryption: Vehicle users within the k-anonymous set restore the plaintext sum using Lagrange interpolation. At least ( Decryption typically requires the participation of multiple vehicle users, usually making... ;

[0086] S611, Partial Decryption: To avoid privacy leaks caused by directly providing private key fragments, each user participating in collaborative decryption decrypts the ciphertext. Calculate a partial decryption share using its own private key fragments: ,in, This is a normalization factor, its function is to convert the Lagrange coefficients into integer form, ensuring that the master private key reconstruction and subsequent decryption calculations are performed within the integer field. Then the vehicle will decrypt the share. Send to the lead vehicle ;

[0087] S612, ciphertext combination, lead vehicle collect Each ciphertext share forms a ciphertext share set. Using Lagrange interpolation, these shares are combined on the index to calculate the combined ciphertext: ,in, This represents the Lagrange coefficients. Based on the Lagrange interpolation principle using Shamir's secret sharing, it is known that if at least... Each private key fragment contains a complete private key. It can be done Refactoring;

[0088] S613, Plaintext Restoration: The lead vehicle will combine the ciphertext. Substitute into Paillier's decryption function ,get: According to this formula, the sum of the positions of the anonymous users can be obtained, that is: ;

[0089] S62. Anonymous center generation: The leading vehicle of the k-anonymous set calculates the anonymity center position, resulting in: This information is then broadcast to vehicle users in the anonymous pool. All vehicle users in the anonymous pool use this central location as their shared anonymous location to initiate LBS queries with the LBS service provider.

[0090] Compared with the prior art, the beneficial effects of the present invention are as follows:

[0091] (1) In view of the technical defects of traditional distributed k-anonymity inventions, which are prone to privacy leakage due to the plaintext transmission of user location, this invention introduces the Paillier threshold encryption algorithm to encrypt the user location, ensuring that the user location information is in the ciphertext state in all key operations of the invention, thus eliminating the security risk of plaintext leakage of user location from the source; at the same time, relying on the additive homomorphism of the Paillier encryption algorithm, the relevant operations at the ciphertext level can be completed directly without decryption, thus achieving a dual improvement in privacy protection and computational efficiency.

[0092] (2) In view of the technical shortcomings of traditional k-anonymity inventions in resisting collusion attacks, this invention combines threshold cryptography with secure multi-party computation technology. By setting a reasonable decryption threshold t, the decryption operation can only be completed when the number of nodes participating in the decryption reaches the preset threshold t. At the same time, even if there are t-1 or fewer nodes colluding with each other, they cannot crack the ciphertext, thus improving the invention's resistance to collusion attacks and privacy security.

[0093] (3) In view of the problem that centralized key management in existing inventions is prone to single point of failure and key leakage, the present invention adopts a distributed key management strategy, which divides the complete private key into multiple independent private key fragments. Each node holds only one of the private key fragments, and no single node can obtain the complete private key. This fundamentally avoids the single point of failure and key leakage risk brought about by centralized key management, and further enhances the security and reliability of the invention.

[0094] (4) In view of the problem of excessive computation and communication overhead in traditional inventions, this invention optimizes the encrypted operation process and node interaction logic without affecting the privacy protection effect and service quality, effectively reducing computation and communication overhead; at the same time, it introduces non-interactive zero-knowledge proof technology, which reduces the number of interactions between nodes and improves the real-time response capability of the invention, enabling it to better adapt to the high dynamic and low latency requirements of the Internet of Vehicles. Attached Figure Description

[0095] The accompanying drawings are provided to further illustrate the invention and form part of the specification. They are used together with the embodiments of the invention to explain the invention and do not constitute a limitation thereof.

[0096] Figure 1 The present invention provides an overall flowchart of a distributed k-anonymity location privacy protection method for vehicle-to-everything (V2X) networks based on Paillier homomorphic encryption.

[0097] Figure 2 This is a diagram of the vehicle-to-everything (V2X) LBS system architecture in this invention.

[0098] Figure 3 The invention process diagram provided for this invention.

[0099] Figure 4 The diagram illustrates the impact of different anonymity values ​​k on the computational cost of this invention.

[0100] Figure 5 A comparison chart of communication overhead for different inventions provided for this invention. Detailed Implementation

[0101] To make the objectives, technical features, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. Of course, the specific embodiments described herein are merely illustrative and not intended to limit the scope of the invention.

[0102] Example 1: To verify the security of the present invention, this Example 1 conducts a rigorous security verification of the proposed distributed k-anonymity location privacy protection method for vehicle networking based on homomorphic encryption.

[0103] like Figure 1 , Figure 3 As shown, the present invention includes the following steps:

[0104] S1, System initialization;

[0105] S2, vehicle and roadside unit (RSU) undergo two-way certification;

[0106] S3, Roadside Unit (RSU) pre-calculation and maintenance of Paillier key pool;

[0107] S4. Roadside Units (RSUs) assist in establishing k-anonymity sets and efficiently distributing Paillier threshold keys;

[0108] S5, vehicles in the k-anonymous set encrypt their own location and generate zero-knowledge proof credentials;

[0109] S6, vehicles in the k-anonymous set cooperate to perform threshold decryption and generate the anonymity center position.

[0110] like Figure 2 As shown, the vehicle-to-everything (V2X) system model based on Paillier homomorphic encryption and the distributed k-anonymity location privacy protection method includes: a Trusted Authority (TA), an On-Board Unit (OBU), a Roadside Unit (RSU), an Edge Environment Server (MEC Server), and an LBS server.

[0111] (1) Trusted Center (TA): As a trusted authority in the Internet of Vehicles, the TA provides system initialization and registration functions for entities such as vehicle OBU and roadside unit (RSU).

[0112] (2) On-board unit (OBU): The on-board unit (OBU) is a terminal device installed inside the vehicle. It integrates communication and computing functions and serves as a key interface for the vehicle to access the Internet of Vehicles. It receives identity credentials and keys distributed by the Trusted Center (TA), performs security authentication and data encryption operations, and is responsible for collecting and transmitting data such as vehicle location and driving status. It also completes information interaction with the Roadside Unit (RSU) and other vehicle OBUs.

[0113] (3) Roadside Unit (RSU): The Roadside Unit (RSU) is a fixed communication node deployed in the road infrastructure. It is the core hub of V2I interaction in the Internet of Vehicles (IoV) and has strong computing and storage capabilities. In this invention, the Roadside Unit (RSU) is responsible for cooperating with vehicles to complete two-way identity authentication, generating and maintaining Paillier threshold keys, and distributing keys to vehicle users in the k-anonymity set.

[0114] (4) Edge Server (MEC Server): The edge server is a processing device deployed at the edge of the vehicle network, close to the roadside unit (RSU). It is responsible for receiving the location ciphertext uploaded by the vehicle's OBU and verifying its validity. At the same time, it uses Paillier additive homomorphism to aggregate the location ciphertext and broadcasts the aggregation result to the k-anonymous set.

[0115] (5) LBS server: The LBS server is the core platform for providing location services in the Internet of Vehicles. It receives vehicle LBS requests forwarded by the Roadside Unit (RSU) and returns the corresponding location service query results.

[0116] 1. Safety Objectives

[0117] Based on the design logic of this invention and the core privacy protection requirements of the vehicle-to-everything (V2X) location service (LBS) scenario, and combined with the cryptographic characteristics of Paillier threshold encryption technology, this invention aims to achieve core security goals such as location privacy protection, key security, and resistance to collusion attacks.

[0118] 2. Definition of Opponent's Abilities

[0119] This invention constructs an adversary model targeting the attack behavior of a polynomial-time bounded adversary A, and its capabilities are defined as follows:

[0120] (1) The adversary can perform passive attacks to eavesdrop on the communication between vehicles, roadside units (RSUs), and edge servers;

[0121] (2) The adversary may launch an active attack, tamper with or forge messages in transit, and undermine the integrity of the data;

[0122] (3) The adversary can control up to t-1 user nodes, aiming to attempt to complete Paillier threshold decryption by obtaining their private key shares.

[0123] 3. Formal security proof

[0124] The invention is verified by using a game-based proof method, which defines a series of games between challenger C and adversary A, to determine whether the invention satisfies the above-mentioned security objectives.

[0125] (1) Location privacy protection certificate

[0126] The definition of a safe game is as follows:

[0127] Game 1 is a realistic scenario game, in which the interaction between challenger C and opponent A is as follows:

[0128] 1) Initialization: Challenger C simulates RSU and completes two-way authentication with the vehicles, constructs an anonymity set containing k vehicles, and generates a Paillier threshold encryption public key. With k private key fragments Generate a private key set according to the invention process. With key distribution package and broadcast .

[0129] 2) Query: Adversary A queries the encrypted locations and proofs of k vehicles; Challenger C generates the actual locations and uses... Encrypt the location ciphertext set to obtain the corresponding proof credentials.

[0130] 3) Challenge: Challenger C randomly selects a target vehicle. Two sets of location data are generated: the real location set and the actual location set. ( For vehicles (Actual location) and simulated location group ( and (Identical distribution and indistinguishable). Challenger C randomly selects... ,like Then choose Group; if Then choose The group encrypts the location data of the selected location group to obtain the challenge ciphertext set. The corresponding proof credentials are calculated, sent to the edge server, and after verification and aggregation, the aggregation result is sent to adversary A.

[0131] 4) Guess: Opponent A's output is... speculation ,like If opponent A wins Game 1, then A's winning advantage is denoted as . .

[0132] Game 2 is a simulation game where challenger C interacts with opponent A as follows:

[0133] Game 2 follows the same flow as Game 1, differing only in the challenge phase: In the simulated location group F generated by Challenger C, all vehicle positions are simulated positions that are distributed identically to their real-world locations. Challenge the collection of ciphertexts The result of encrypting the simulated location.

[0134] The security analysis is as follows:

[0135] If adversary A can distinguish between Game 1 and Game 2 with a non-negligible advantage, then adversary A can break the Paillier encryption invention. However, the Paillier encryption algorithm is an encryption invention that has been proven to be semantically secure under the IND-CPA model, meaning that for any two identically distributed plaintexts... and Its ciphertext and Computationally indistinguishable. Therefore, the real challenge ciphertext and the simulated challenge ciphertext in Game 1 are indistinguishable, and the output distributions of Game 1 and Game 2 are completely identical. In Game 2, opponent A cannot obtain any information about the real location, and their guesses... The probability is ,Right now Since Game 1 and Game 2 are indistinguishable, That is, if opponent A cannot win Game 1 with a significant advantage, the invention can protect location privacy.

[0136] (2) Proof of key security

[0137] The definition of a safe game is as follows:

[0138] Game 1 is a key distribution game, where the interaction between challenger C and opponent A is as follows:

[0139] 1) Initialization: Challenger C generates the Paillier threshold public key. and private key sharding For each private key fragment Use the public key of the corresponding vehicle Encryption obtained Binding Generate private key package Combined to obtain and And send it to A.

[0140] 2) Query: Adversary A submits an arbitrary random number r (simulating a private key fragment) and a vehicle identifier. Challenger C uses the corresponding public key Encrypt r to get Binding Generate private key package And send it to the enemy A.

[0141] 3) Challenge: Challenger C randomly selects a target private key fragment. Generate a real private key package With simulated private key packet , To and Random numbers with the same distribution. Challenger C randomly selects... ,like Then the real private key packet join in ;like Then a simulated private key packet will be generated. join in Generate challenge key distribution package And send it to A.

[0142] 4) Guess: Opponent A's output is... speculation ,like If opponent A wins Game 3, then A's winning advantage is denoted as . .

[0143] The security analysis is as follows:

[0144] Vehicle public key The corresponding encryption algorithm is elliptic curve cryptography, whose security is based on the elliptic curve discrete logarithm problem over a finite field. If adversary A can distinguish it with a non-negligible advantage... and This indicates that the adversary can solve the elliptic curve discrete logarithm problem, but this problem is currently considered an unsolvable difficult problem. Therefore, adversary A cannot distinguish it with a non-negligible advantage. and The invention possesses key security.

[0145] (3) Proof of resistance to collusion attack

[0146] The definition of a safe game is as follows:

[0147] Game 4 is a threshold collusion attack game, where the interaction between challenger C and adversary A is as follows:

[0148] 1) Initialization: Challenger C constructs an anonymous set containing k vehicles, where One vehicle was controlled by enemy A. Challenger C generates the Paillier threshold public key. and private key sharding Distribute t-1 private key fragments to the controlled vehicles and the remaining k-t+1 private key fragments to the honest, non-colluding vehicles.

[0149] 2) Query: In an encrypted query, adversary A submits location data. and a designated honest vehicle identification Challenger C simulates the honest vehicle using the Paillier threshold public key. and private key sharding Generate location ciphertext and corresponding zero-knowledge proof credentials This is sent to adversary A. During the decryption query, adversary A first generates a valid aggregate ciphertext. (This ciphertext can be constructed by adversary A, or it can be an aggregation of previously encrypted query results.) Then, the colluding vehicle controlled by adversary A partially decrypts the ciphertext, and the aggregated ciphertext is obtained. A portion of the decrypted data is submitted to Challenger C. Challenger C simulates a threshold decryption protocol, collects the partial decryption portions of the ciphertext from all honest vehicles, and combines this with the partial decryption portions provided by Adversary A to calculate the threshold decryption result. And return it to the opponent A.

[0150] 3) Challenge: Opponent A submits two sets containing k location data. and Among them, the set of locations of malicious vehicles controlled by the adversary must be and The same subset. The difference in the challenge exists only in the remaining k-t+1 positions contributed by honest vehicles. Challenger C randomly selects... ,encryption All positions in the dataset, and calculate their aggregated ciphertext. , and return it to opponent A.

[0151] 4) Opponent A's output is... speculation ,like If opponent A wins Game 4, then A's winning advantage is denoted as . .

[0152] The security analysis is as follows:

[0153] If adversary A can win this threshold-resistant collusion game with a non-negligible advantage, it means adversary A can break the semantic security of the underlying threshold Paillier cryptographic invention. However, in reality, under the DCR hard problem assumption, this threshold cryptographic primitive has been proven to resist at most... This model is IND-CPA secure against collusion attacks. Therefore, the initial assumption is invalid, and adversary A cannot win the game with a non-negligible advantage, thus proving that the invention meets the threshold-based security requirement against collusion attacks.

[0154] (3) Security Summary

[0155] In summary, this invention, through the combination of cryptographic difficulty assumptions and gamified proofs, completes the security verification of Games 1-4, demonstrating that the adversary's winning advantage in each game is negligible. This proves that the invention possesses security features such as location privacy, key security, and resistance to collusion attacks, providing a rigorous formal proof for the secure and stable operation of the system in the Internet of Vehicles.

[0156] 4. Proof of correctness

[0157] This section provides proof of the correctness of the relevant formulas in this invention.

[0158] (1) During the bidirectional authentication process between the vehicle and the roadside unit (RSU), the validity of the RSU is verified by deriving the following equation:

[0159]

[0160]

[0161]

[0162] Verify the legality of the vehicle by deriving the following equation:

[0163]

[0164]

[0165]

[0166]

[0167] (2) During the vehicle location ciphertext verification process, the following equation is used to derive and verify whether the ciphertext of the vehicle's submitted location is valid and has not been tampered with:

[0168]

[0169]

[0170]

[0171] (3) During the ciphertext combination process of threshold decryption, the correctness of the combined ciphertext is verified by deriving the following equation:

[0172]

[0173]

[0174]

[0175]

[0176]

[0177]

[0178] (4) In the plaintext restoration process of threshold decryption, the following equation is used to derive and verify whether the sum of the position plaintext obtained by threshold decryption is correct:

[0179]

[0180] (Based on Paillier's decryption function) get)

[0181]

[0182]

[0183] Depend on , can be obtained ,

[0184] therefore,

[0185] Derivation process:

[0186] Derivation process: In the Paillier encryption scheme, any Nth power The multiplicative order of y is divisible by N, and for any integer y, we have ,in It is an integer, and because of the modulus The element raised to the power of N, after being processed by the L function, has a modulus of N equal to 0, that is... , .

[0187] From the above derivation, we can conclude that: .

[0188] therefore,

[0189] Depend on , can be obtained

[0190] Depend on , can be obtained

[0191] therefore,

[0192]

[0193] In the invention of the Paillier threshold, it is usually guaranteed by selecting parameters. ,therefore It can be simplified to .

[0194] Example 2: To verify the performance of the present invention, Example 2 compares and analyzes it with three representative existing vehicle-to-everything (V2X) LBS privacy protection schemes, including Scheme 1 proposed by Fan Xinyue et al. in "Privacy Protection Protocol for Point of Interest Query Based on Homomorphic Encryption in V2X", Scheme 2 proposed by Zeng Congai et al. in "Invention for Multi-Type Road Network K-Nearest Neighbor Query to Protect the Privacy of Both Parties", and Scheme 3 proposed by Ashish Tomar et al. in "A Chebyshev polynomial-based authentication scheme using blockchain technology for fog-based vehicular network". Since the above schemes are highly consistent with the application background and security objectives of the present invention in V2X location services, they are highly comparable.

[0195] 1. Calculation cost analysis

[0196] The performance analysis of this invention references the experimental setup of the existing literature "Lightweight Authentication Key Negotiation Protocol for Vehicle Networking," and tests are conducted based on the cryptography library and the eCDSA library. The hardware platform uses a personal computer running Windows 11, configured with an Intel Core i9-13900H processor (2.60 GHz) and 32 GB of memory. The software development environment is PyCharm 2024.2.3. During testing, various cryptographic operations involved in this invention are simulated, with each operation repeated 100,000 times. The average computation time is used as the test result, as shown in Table 2. , , , , and The experimental data referenced the literature "Invention for Multi-Type Road Network K-Nearest Neighbor Query Protecting the Privacy of Both Parties." This data was obtained through a standardized experimental procedure, providing an objective basis for the performance evaluation of this invention. Details of the computational overhead of each participating entity at different stages of this invention are shown in Table 3.

[0197] Table 2 Average execution time of cryptographic operations

[0198]

[0199] Table 3. Computational overhead of each entity and total computational overhead at different stages of this invention.

[0200]

[0201] As shown in Table 3, in this invention, each entity performs k elliptic curve public key encryption operations and k elliptic curve private key decryption operations during the key distribution phase. The total computational cost of this phase is... 1.0962 k ms; During the location encryption and verification phase, a total of k Paillier encryption operations, 2k hash operations, 4k modular multiplication operations, 4k modular exponentiation operations, and k-1 Paillier homomorphic addition operations are performed. The total computational cost of this phase is 2.1736k - 0.002 ms; During the threshold decryption phase, a total of t-1 modular multiplication operations and 2t modular exponentiation operations are performed, with a total computational cost of . 0.722t - 0.002 ms. Therefore, the total computational cost of this invention is 3.2698k + 0.722t - 0.004 ms.

[0202] To analyze the impact of different anonymity values ​​k on the computational cost of this invention, k was set to values ​​of 10, 20, 30, 40, 50, and 60, combined with the decryption threshold t corresponding to each k value (usually set to...). ), calculate the present invention in each parameter combination respectively. The computational overhead is shown in Table 4, and the test results are as follows.

[0203] Table 4 Computational cost of the present invention under different parameter combinations

[0204]

[0205] The experimental results of this invention are compared with the data from Scheme 1, Scheme 2, and Scheme 3, such as... Figure 4 As shown.

[0206] Scheme 1 proposes a privacy protection protocol for point-of-interest (POI) queries in the Internet of Vehicles (IoV) based on homomorphic encryption. The computational overhead for a single vehicle participating in the scenario is as follows: each participating entity performs N-1 elliptic curve point addition operations, 2N+3 elliptic curve point multiplication operations, x symmetric encryption / decryption operations, and x modular exponentiation operations. The total computational overhead is... Where N represents the number of users on the ring, and x represents the number of points of interest information that meet the vehicle query requirements, setting N=10 and x=2, the invention computational cost is... 9.1601 ms. To analyze the impact of the number of participating vehicles on the invention calculation cost, the value of the number of participating vehicles k was set to 10, 20, 30, 40, 50, and 60, and the corresponding invention calculation costs were measured to be 91.601 ms, 183.202 ms, 274.803 ms, 366.404 ms, 458.005 ms, and 549.606 ms, respectively.

[0207] In the multi-type road network K-nearest neighbor query invention proposed in Scheme 2 to protect the privacy of both parties, when the value of the number of participating vehicles k is set to 10, the computational overhead of the invention is as follows: each participating entity performs the SM2 public key encryption algorithm 5 times, the SM2 public key decryption algorithm 5 times, the elliptic curve signature algorithm 4 times, and the elliptic curve signature verification algorithm 4 times. Dot product of elliptic curves. The invention involves two elliptic curve point addition operations, two encoding operations, and two decoding operations, with a total computational cost of 5. +5 +4 +4 + + +2 +2 .in, This represents the number of fixed point of interest types. Indicates the number of ring signature members, set , Therefore, when k=10, the invention computation cost is 5. +5 +4 +4 + + +2 +2 69.4775 ms. To analyze the impact of the number of participating vehicles on the invention calculation cost, the value of the number of participating vehicles k was set to 20, 30, 40, 50, and 60, and the corresponding invention calculation costs were measured to be 138.955 ms, 208.4325 ms, 277.91 ms, 347.3875 ms, and 416.865 ms, respectively.

[0208] In the fog computing-based vehicle-to-everything (V2X) authentication invention proposed in Scheme 3, based on Chebyshev polynomials and blockchain technology, the computational overhead in a single-vehicle scenario is as follows: each participating entity performs a total of 22 hash operations, 5 XOR operations, and 22 elliptic curve dot product operations. The total computational overhead of the invention is... 8.06 ms. To analyze the impact of the number of participating vehicles on the invention calculation cost, the value of the number of participating vehicles k was set to 10, 20, 30, 40, 50, and 60, and the corresponding invention calculation costs were measured to be 80.6 ms, 161.2 ms, 241.8 ms, 322.4 ms, 403.0 ms, and 483.6 ms, respectively.

[0209] Depend on Figure 4 It can be seen that the computational cost of all schemes monotonically increases with the increase of the anonymity value k. The core reason is that an increase in the value of k indicates an increase in the number of participating vehicles and an expansion of the anonymity set, resulting in a corresponding increase in the amount of computational tasks that the scheme needs to handle. Within the range of the k values ​​set in the experiment, the computational cost of this invention is consistently lower than that of other inventions. This is mainly due to the use of Paillier additive homomorphism, which allows the edge server to perform the operation only once on the location ciphertext uploaded by k users. Ciphertext aggregation can be completed with homomorphic addition operations at the first level, while threshold decryption enables distributed decryption, eliminating the need for any single entity to independently undertake the complete decryption task, thereby reducing computational overhead. The above results confirm that this invention possesses a more significant efficiency advantage in large-scale scenarios with high anonymity requirements.

[0210] 2. Communication Overhead Analysis

[0211] The communication overhead parameter settings of this invention are shown in Table 5.

[0212] Table 5. Byte size of various operations

[0213]

[0214] The communication overhead of this invention compared to solutions 1, 2, and 3 is as follows: Figure 5 As shown in the figure, compared with Scheme 1, Scheme 2, and Scheme 3, the present invention has a lower communication cost.

[0215] The invention is divided into four stages based on different functions. The communication overhead of each stage is calculated separately, and the overhead analysis of each stage is as follows: In the k-anonymous set establishment stage, the requesting vehicle initiates an anonymity set establishment request to the RSU. RSU broadcasts recruitment messages containing an anonymous set of size k. Participating vehicles receive feedback confirmation information. Subsequently, the RSU distributed temporary identification to each participating vehicle. The total communication overhead during this stage is During the key distribution phase, the RSU broadcasts key-related distribution information. The total communication overhead during this stage is During the location encryption and verification phase, each participating vehicle will transmit its encrypted location data. and proof of credentials Send to the edge server, the edge server broadcasts the total location ciphertext. The total communication overhead during this stage is During the anonymity center generation phase, the vehicle sends the decryption share. The lead vehicle broadcasts the location of the anonymous center. The total communication overhead during this stage is The total communication overhead of this invention is the sum of the overhead at each stage. Let the relevant parameters be specific values. Therefore, the total communication overhead of this invention is 23312 bits.

[0216] Scheme 1 proposes a privacy protection protocol for point-of-interest (POI) queries in the Internet of Vehicles (IoV) based on homomorphic encryption. The communication overhead in a single-vehicle scenario is as follows: each participating entity performs 2 elliptic curve operations, n+2 integer operations, and n symmetric encryption operations for information exchange. The total communication overhead is... Where n represents the number of points of interest information that satisfy the k-anonymous query, and n=5, then the communication overhead of the invention is... 3040 bits. When the number of participating vehicles k=10, the total communication overhead is 30400 bits.

[0217] In the multi-type road network k-nearest neighbor query invention proposed in Scheme 2 to protect the privacy of both parties, when the number of participating vehicles k is set to 10, the communication overhead of the invention is as follows: Each participating entity performs 2n+38.5 elliptic curve operations, 2n+3.5 integer operations, 9 hash operations, 4 elliptic curve signature operations, 5 identity verifications, 6 timestamp verifications, 11 varchar type data exchanges, 2 char type data exchanges, and 1 int type data exchange. The total communication overhead of the invention is... ,in, This indicates the number of ring signature members, and should be consistent with the parameter settings in the computational overhead section. Therefore, when k=10, the communication overhead of the invention is 26304 bits.

[0218] In the fog computing-based vehicle-to-everything (V2X) authentication invention proposed in Scheme 3, the communication overhead in a single-vehicle scenario is as follows: each participating entity performs 10 Chebyshev polynomial operations, 9 hash operations, 4 XOR operations, and 4 timestamp information exchanges. The total communication overhead of the invention is... =4768 bits; when the number of participating vehicles k=10, the total communication overhead is 47680 bits.

[0219] The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.

Claims

1. A distributed k-anonymity location privacy protection method for vehicle-to-everything (V2X) networks based on homomorphic encryption, characterized in that, Includes the following steps: S1, System initialization; S2, vehicle and roadside unit (RSU) undergo two-way certification; S3, Roadside Unit (RSU) pre-calculation and maintenance of Paillier key pool; S4. Roadside Units (RSUs) assist in establishing k-anonymity sets and efficiently distributing Paillier threshold keys; S5, vehicles in the k-anonymous set encrypt their own location and generate zero-knowledge proof credentials; S6, vehicles in the k-anonymous set cooperate to perform threshold decryption and generate the anonymity center position.

2. The method for protecting distributed k-anonymity location privacy in vehicle-to-everything (V2X) networks based on homomorphic encryption according to claim 1, characterized in that, S1 includes the following steps: S11, Trusted Center (TA) initialization; S12, Vehicle Registration; S13, Roadside Unit (RSU) Registration; In step S11, the Trusted Center (TA) initialization process includes the following steps: S111, The order of the Trust Center (TA) is defined as a large prime number. Elliptic curve group The generator is Select system master key Calculate the corresponding system public key ; S112. The Trusted Center (TA) selects two one-way collision-resistant hash functions. , Public system parameters Secretly store the master key ; In step S12, the vehicle submits registration information to the Trusted Center (TA) to complete the registration. This process includes the following steps: S121, Vehicle identification document submission The Trusted Center (TA) is given the key, and the Trusted Center (TA) calculates a portion of the private key. And send it to the vehicle, the vehicle selects the secret value. Generate a complete vehicle private key. The public key is And calculate the public key. Hash value ; S122, Generating random numbers for vehicles And calculate the points of the elliptic curve. Cache temporary key pairs spare; S123. The vehicle pre-generates multiple commitment tuples, each commitment containing a random number. and commitment value The generated commitment tuple Stored in a local secure area, used and unused commitments are marked to ensure the one-time use of commitments; In step S13, the Roadside Unit (RSU) submits registration information to the Trusted Center (TA) to complete the registration. This process includes the following steps: S131, Roadside Unit (RSU) submits identity The Trusted Center (TA) is given the key, and the Trusted Center (TA) calculates a portion of the private key. And send it to the Roadside Unit (RSU), which selects a secret value. Generate a complete private key as The public key is ; S132, Roadside Unit (RSU) generates multiple random numbers And calculate the corresponding elliptic curve points. ,Will Stored in the cache pool.

3. The method for protecting distributed k-anonymity location privacy in vehicle-to-everything (V2X) networks based on homomorphic encryption according to claim 1, characterized in that, S2 includes the following steps: S21, Roadside Units (RSUs) retrieve a set from the buffer pool. Yes, calculate the hash value. and digital signatures Construct authentication information Send to the vehicle; S22. The vehicle first calculates the hash value. Determine the signature verification formula If the condition is met, the Roadside Unit (RSU) is considered a legitimate infrastructure; then the vehicle uses the offline pre-generated temporary key pair. Calculate the hash value and digital signatures Construct authentication information Send to the roadside unit (RSU); S23, Roadside Unit (RSU) hash value calculation Determine the signature verification formula If the claim is valid, then the vehicle is a legally registered communication entity.

4. The method for protecting distributed k-anonymity location privacy in vehicle-to-everything (V2X) networks based on homomorphic encryption according to claim 1, characterized in that, S3 includes the following steps: S31. The roadside unit (RSU) is formed into a Paillier threshold encryption public-private key pair pool, and the key pair generation process is moved to the pre-computation stage. S32. Roadside Units (RSUs) need to monitor in real time whether the key pool capacity has reached a preset threshold. Since each k-anonymous set location information encryption operation consumes one key pair from the key pool, when the key pool capacity falls below a preset threshold... When this happens, the Roadside Unit (RSU) will call the Paillier Threshold Key Generation Algorithm to automatically replenish the key until the pool capacity is restored to the preset threshold. In step S31, the roadside unit (RSU) generates a Paillier threshold key pool through the following steps, including generating a Paillier threshold public key and a Paillier threshold private key: S311, Paillier threshold public key generation: The roadside unit (RSU) first runs a secure prime number generation algorithm to generate prime numbers. and Calculate the modulus Then select the generator of the Paillier encryption algorithm. To meet encryption requirements, set Finally, set the public key. ; S312. Paillier Threshold Private Key Generation: The Roadside Unit (RSU) first generates a Paillier algorithm master private key, based on the modulus of the already generated public key. Calculate the Paillier core private key ,Right now and The least common multiple; select a value greater than large prime numbers As the computational modulus secretly shared by Shamir, a randomized one is generated. polynomial of degree And based on Shamir's secret shared invention, calculation The private key is fragmented using the following method: For integers... Private key fragmentation Obtain the private key fragment set .

5. A method for protecting the distributed k-anonymity location privacy of a vehicle-to-everything (V2X) network based on homomorphic encryption as described in claim 1, characterized in that, S4 includes the following steps: S41. In order to enable the requesting vehicle to quickly and safely find k-1 neighboring vehicles, a temporary k-anonymous set U is formed, with the roadside unit (RSU) as the communication intermediary, so as to realize the rapid establishment of the anonymity set. S42. The Roadside Unit (RSU) distributes Paillier threshold-encrypted public and private keys to vehicle users within the k-anonymous set. In step S41, the process of establishing the k-anonymity set of roadside unit (RSU) assisted vehicles includes the following steps: S411, Vehicle requesting LBS service Send a k-anonymous set generation request to the Roadside Units (RSUs) in the communication area. ,in, The identity of the requested vehicle is represented by k, and the size of the desired anonymous set is represented by k. S412, Roadside Unit (RSU) Receive Request Then, it broadcasts a k-anonymous set recruitment message to vehicles within its communication domain. This includes the size k of the target anonymous set; S413, Vehicles within the Domain Receiving Messages Subsequently, vehicles willing to assist in generating the k-anonymity set send an acknowledgment message to the Roadside Unit (RSU). ,in, Indicate the identity of the participating vehicles; S414. After the roadside unit (RSU) collects confirmation messages from k-1 participating vehicles, it generates a k-anonymous set of vehicles. ; S415. After the anonymous set is generated, the Roadside Unit (RSU) assigns a unique temporary identifier to each vehicle in the set. The roadside unit (RSU) selects one vehicle from the set as the leader vehicle of the anonymous set. and broadcast the identity of the lead vehicle. ; In step S42, the process of the Roadside Unit (RSU) distributing Paillier threshold encryption public and private keys to vehicles in the k-anonymity set includes the following steps: S421. The roadside unit (RSU) selects a set of Paillier public-private key pairs from the Paillier key pool, which consists of a Paillier threshold public key and k Paillier threshold private key fragments. S422, the roadside unit (RSU) encapsulates and distributes the key; S423, vehicle users in the k-anonymous set receive key distribution packets Then, first extract the Paillier public key from it. Then, based on its own identifier... Mapped to the corresponding private key package and use its own private key Decrypt the private key fragment ciphertext In order to obtain their own private key fragments ; In step S422, the process of the roadside unit (RSU) encapsulating and distributing the key includes the following steps: S4221. The Roadside Unit (RSU) first distributes k private key fragments to k vehicle users in the anonymous set, with each user receiving one private key fragment. S4222, Roadside Unit (RSU) uses the public key of each vehicle user. Encrypt its corresponding private key fragment Obtain the private key fragmented ciphertext ; S4223, Roadside Unit (RSU) will provide a unique temporary identifier for vehicle users. and private key fragmented ciphertext Bind and obtain the private key package. ; S4224. Based on this, the Roadside Unit (RSU) combines the private key packets of all users in the anonymous set to obtain a private key packet set. The roadside unit (RSU) will use the Paillier public key. and private key bundles Combine them to obtain the key distribution packet. and broadcast this key distribution packet. .

6. The method for protecting distributed k-anonymity location privacy in vehicle-to-everything (V2X) networks based on homomorphic encryption according to claim 1, characterized in that, S5 includes the following steps: S51, in the k-anonymity set, vehicle users encrypt their own locations to obtain location ciphertext; S52, The edge server receives location ciphertext submitted by k users. With proof of credentials Then, data verification and location aggregation are performed; In S51, the process of encrypting the vehicle user location in the k-anonymity set includes the following steps: Vehicle users in the S511, k-anonymous set first use the Paillier threshold public key. Encrypt your location The location ciphertext was obtained: Where g is a generator, The number is a random number, and N is the modulus. S512. To ensure that the location encryption provided by the vehicle user is valid and has not been tampered with, the vehicle uses the location encryption... Generate credentials for non-interactive zero-knowledge proofs; In S52, the process of edge server verifying location ciphertext and aggregating it includes the following steps: S521, Edge Server for each zero-knowledge proof credential Calculate the challenge value: ; S522, Edge Server Verification Formula for Judging Paillier Ciphertext Integrity If the condition is met, it means that the ciphertext is valid and has not been tampered with; otherwise, the ciphertext is discarded. S523. The edge server calculates the sum of the ciphertext of all user locations within the anonymous set based on the homomorphic addition property of Paillier encryption: and broadcast the encrypted aggregation results. .

7. A method for protecting the distributed k-anonymity location privacy of a vehicle-to-everything (V2X) network based on homomorphic encryption as described in claim 1, characterized in that, S6 includes the following steps: S61. Threshold decryption: Vehicle users within the k-anonymous set restore the plaintext sum using Lagrange interpolation. At least Decryption requires the participation of a vehicle user, typically requiring... , ; S62. Anonymous center generation: The leading vehicle of the k-anonymous set calculates the anonymity center position, resulting in: This information is then broadcast to vehicle users in the anonymous central location. All vehicle users in the anonymous central location use this anonymous central location as a common anonymous location to initiate LBS queries to the LBS service provider. In step S61, vehicle users within the k-anonymous set perform threshold decryption through the following steps: S611, Partial Decryption: To avoid privacy leaks caused by directly providing private key fragments, each user participating in collaborative decryption decrypts the ciphertext. Calculate a partial decryption share using its own private key fragments: ,in, It is a normalization factor, whose function is to convert the Lagrange coefficients into integer form, ensuring that the master private key reconstruction and subsequent decryption calculations are performed within the integer field. Then the vehicle will decrypt the share. Send to the lead vehicle ; S612, ciphertext combination, lead vehicle collect Each ciphertext share forms a ciphertext share set. Using Lagrange interpolation, these shares are combined on the index to calculate the combined ciphertext: ,in, Representing the Lagrange coefficients, as can be seen from the Lagrange interpolation principle based on Shamir's secret sharing, if at least... Each private key fragment contains a complete private key. pass Refactoring; S613, Plaintext Restoration: The lead vehicle will combine the ciphertext. Substitute into Paillier's decryption function ,get: According to this formula, the sum of the positions of the anonymous set users is: .