Geo-obfuscation serves as a location privacy protection mechanism (LPPM), enabling mobile users to share obfuscated locations with servers, rather than their exact locations. This method can protect users' location privacy when data breaches occur on the server side since the obfuscation process is irreversible. To reduce the utility loss caused by data obfuscation, linear programming (LP) is widely employed, which, however, might suffer from a polynomial explosion of decision variables, rendering it impractical in largescale geo-obfuscation applications. In this paper, we propose a new LPPM, called Locally Relevant Geo-obfuscation (LR-Geo), to optimize geo-obfuscation using LP in a time-efficient manner. This is achieved by confining the geo-obfuscation calculation for each user exclusively to the locally relevant (LR) locations to the user's actual location. Given the potential risk of LR locations disclosing a user's actual whereabouts, we enable users to compute the LP coefficients locally and upload them only to the server, rather than the LR locations. The server then solves the LP problem based on the received coefficients. Furthermore, we refine the LP framework by incorporating an exponential obfuscation mechanism to guarantee the indistinguishability of obfuscation distribution across multiple users. Based on the constraint structure of the LP formulation, we apply Benders' decomposition to further enhance computational efficiency. Our theoretical analysis confirms that, despite the geo-obfuscation being calculated independently for each user, it still meets geo-indistinguishability constraints across multiple users with high probability. Finally, the experimental results based on a real-world dataset demonstrate that LR-Geo outperforms existing geo-obfuscation methods in computational time, data utility, and privacy preservation.

翻译：地理混淆作为一种位置隐私保护机制（LPPM），使移动用户能够向服务器共享混淆后的位置而非精确位置。当服务器端发生数据泄露时，由于混淆过程不可逆，该方法可有效保护用户的位置隐私。为减少数据混淆带来的效用损失，线性规划（LP）被广泛采用，但该方法可能面临决策变量的多项式爆炸问题，导致其在大规模地理混淆应用中难以实施。本文提出一种名为局部相关地理混淆（LR-Geo）的新型LPPM，通过线性规划以时间高效的方式优化地理混淆。该方法的实现途径是将每个用户的地理混淆计算严格限定于与其真实位置局部相关（LR）的位置集合。考虑到局部相关位置可能泄露用户实际行踪的风险，我们设计使用户能在本地计算LP系数并仅将系数上传至服务器，而非上传局部相关位置信息。服务器随后根据接收到的系数求解线性规划问题。此外，我们通过引入指数混淆机制改进LP框架，确保多用户间混淆分布的不可区分性。基于LP公式的约束结构，我们应用Benders分解法进一步提升计算效率。理论分析表明，尽管每个用户的地理混淆计算相互独立，其仍能以高概率满足多用户间的地理不可区分性约束。最后，基于真实数据集的实验结果表明，LR-Geo在计算时间、数据效用和隐私保护方面均优于现有地理混淆方法。