CN116975918A - Model training method and device based on privacy protection - Google Patents

Model training method and device based on privacy protection Download PDF

Info

Publication number
CN116975918A
CN116975918A CN202310956400.9A CN202310956400A CN116975918A CN 116975918 A CN116975918 A CN 116975918A CN 202310956400 A CN202310956400 A CN 202310956400A CN 116975918 A CN116975918 A CN 116975918A
Authority
CN
China
Prior art keywords
nodes
model
node
intermediate results
training
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310956400.9A
Other languages
Chinese (zh)
Inventor
盖珂珂
王烁
魏长征
吴行行
丁慧
徐蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202310956400.9A priority Critical patent/CN116975918A/en
Publication of CN116975918A publication Critical patent/CN116975918A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the specification provides a model training method and device based on privacy protection. The method may be performed by a plurality of first nodes, including: intermediate results respectively provided by a plurality of second nodes are obtained, and the second nodes execute forward propagation training on the local model corresponding to the target model based on the characteristic data of a plurality of local samples; determining scores which are respectively corresponding to the intermediate results and are used for representing the reliability based on the label data of the samples, and selecting a plurality of first intermediate results with the scores reaching a threshold value from the intermediate results; determining a first predicted loss value for the target model based on the aggregate result of the plurality of first intermediate results and the tag data; determining gradient values corresponding to the third nodes respectively based on the first predicted loss value and first model parameters of the current local model of the third nodes providing the first intermediate results in the second nodes in response to the first predicted loss value not meeting the model convergence condition; the gradient values are sent to a plurality of third nodes.

Description

Model training method and device based on privacy protection
Technical Field
The embodiment of the specification belongs to the technical field of computers, and particularly relates to a model training method and device based on privacy protection.
Background
With the rapid development of information technology, most enterprises have user data of a large number of users. If user data is shared among enterprises, the enterprise can be more perfectly supported to evaluate the user state and the requirements, so that more personalized service is provided for the users. However, some enterprises worry about data security and privacy disclosure, so that user data owned by each enterprise cannot be directly disclosed or shared.
Disclosure of Invention
The invention aims to provide a model training scheme based on privacy protection, which can enable a plurality of participants with the same sample space and different feature spaces to participate in executing the same model training task, ensure data safety and prevent privacy leakage as much as possible, and ensure the reliability of a trained target model.
A first aspect of the present specification provides a privacy protection-based model training method performed by a plurality of first nodes storing tag data corresponding to a plurality of samples of a target model, the method comprising: obtaining intermediate results respectively provided by a plurality of second nodes, wherein the intermediate results are obtained by performing forward propagation training on a local model corresponding to the target model by the second nodes based on the locally stored characteristic data of the plurality of samples, and the plurality of second nodes store the characteristic data of different dimensionalities of the plurality of samples; determining scores for representing reliability, which correspond to the intermediate results respectively, based on the tag data, and selecting a plurality of first intermediate results with scores reaching a threshold value from the intermediate results; determining a first predicted loss value for the target model based on the aggregate result for the plurality of first intermediate results and the tag data; determining gradient values corresponding to a plurality of third nodes respectively based on the first predicted loss value and first model parameters of the local model of each of the plurality of third nodes providing the plurality of first intermediate results in the plurality of second nodes in response to the first predicted loss value not meeting a model convergence condition; and respectively sending the corresponding gradient values to the plurality of third nodes.
A second aspect of the present specification provides a privacy-preserving-based model training apparatus applied to one of a plurality of first nodes storing tag data corresponding to a plurality of samples of a target model, the apparatus comprising: the acquisition unit is configured to acquire intermediate results respectively provided by a plurality of second nodes, wherein the intermediate results are obtained by performing forward propagation training on a local model corresponding to the target model by the second nodes based on the locally stored characteristic data of the plurality of samples, and the plurality of second nodes store the characteristic data of different dimensionalities of the plurality of samples; a selecting unit configured to determine scores for characterizing reliability, which correspond to the respective intermediate results, based on the tag data, and select a plurality of first intermediate results whose scores reach a threshold value from the respective intermediate results; a loss determination unit configured to determine a first predicted loss value of the target model based on an aggregation result of the plurality of first intermediate results and the tag data; a gradient determining unit configured to determine, in response to the first predicted loss value not satisfying a model convergence condition, gradient values respectively corresponding to a plurality of third nodes providing the plurality of first intermediate results based on the first predicted loss value and first model parameters of local models of the third nodes, respectively, of the plurality of second nodes; and a transmitting unit configured to transmit its corresponding gradient value to a third node of the plurality of third nodes.
A third aspect of the present description provides a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method as described in the first aspect.
A fourth aspect of the present description provides a computing device comprising a memory having executable code stored therein and a processor which, when executing the executable code, implements a method as described in the first aspect.
A fifth aspect of the present description provides a computer program product which, when executed in a computer, causes the computer to perform the method as described in the first aspect.
In the solution provided in the embodiment of the present disclosure, the plurality of second nodes have the same sample space and different feature spaces, that is, the plurality of second nodes store feature data of different dimensions of the plurality of samples (the same batch of samples). In the process of model training of the plurality of second nodes, the plurality of second nodes can execute forward propagation training on the local model corresponding to the target model based on the locally stored characteristic data of the plurality of samples to obtain an intermediate result, and the intermediate result is provided for the plurality of first nodes, so that the characteristic data can be ensured not to go out of the domain, thereby ensuring data safety and preventing privacy leakage. Then, the plurality of first nodes may determine scores for characterizing reliability corresponding to respective intermediate results based on the label data of the plurality of samples corresponding to the target model, select a plurality of first intermediate results for which the scores reach a threshold value from the respective intermediate results, and determine a first predicted loss value of the target model based on an aggregate result of the plurality of first intermediate results and the label data, and then, in response to the first predicted loss value not meeting a model convergence condition, determine gradient values corresponding to the respective plurality of third nodes based on the first predicted loss value and a first model parameter of a local model of each of a plurality of third nodes providing the plurality of first intermediate results, and transmit the gradient values corresponding to the respective plurality of third nodes, so that the plurality of third nodes update parameters of the local model based on the obtained gradient values. In addition, model aggregation is realized based on a plurality of first nodes instead of a single server, single-point attack and single-point fault resistance is high, and middle results and training process data leakage can be effectively prevented. Therefore, the scheme can enable a plurality of participants with the same sample space and different feature spaces to participate in executing the same model training task, ensure data security and privacy leakage as much as possible, and ensure the reliability of a trained target model.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a block chain architecture diagram in one embodiment;
FIG. 2 is a schematic diagram of one application scenario in which embodiments of the present description may be applied;
FIG. 3 is a schematic diagram of an initialization process for a block chain system in an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a model training initialization process in an embodiment of the present disclosure;
FIG. 5 is a timing diagram of a privacy preserving based model training method in an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of a federated chain-based model training method in an embodiment of the present specification;
FIG. 7 is a schematic diagram of a federated chain-based model training method in an embodiment of the present specification;
fig. 8 is a schematic structural diagram of a model training apparatus based on privacy protection in the embodiment of the present specification.
Detailed Description
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
As described above, with the rapid development of information technology, most enterprises have user data of a large number of users. If user data is shared among enterprises, the enterprise can be more perfectly supported to evaluate the user state and the requirements, so that more personalized service is provided for the users. However, some enterprises worry about data security and privacy disclosure, so that user data owned by each enterprise cannot be directly disclosed or shared. The traditional data centralized machine learning mode has certain problems of data security and privacy disclosure.
As distributed machine learning, federal learning provides a new idea for the joint training model of all parties of which the data cannot go out of the domain. In federal learning, parties are trained cooperatively through a shared model rather than shared data, protecting the parties' data security to some extent. Federal learning is largely classified into horizontal federal learning, vertical federal learning, and transfer learning. Longitudinal federal learning generally means that participants with the same sample space and different feature spaces cooperatively complete model training and ensure that data does not go out of domain; specifically, the participants of the vertical federal learning may have feature data of different dimensions of the same group of users, e.g., one party holds credit records of the same group of users, another party holds consumption records of the same group of users, etc. Longitudinal federal learning mainly expands feature data through sample alignment, thereby improving the effect of the model. In realistic application scenarios, longitudinal federal learning has received a lot of attention.
The traditional longitudinal federation learning method is realized based on centralized equipment, each participant communicates with a unique server, and the server is responsible for distributing federation learning tasks and forming a final model training result. However, in a collaborative environment of multiple enterprises and institutions, if the traditional centralization method is continuously adopted, single-point failure of the server is very easy to cause leakage of the data model, so that confidential data information of the enterprises is leaked. In addition, there is also a risk that the participants may poison the training results and even directly interfere with the server aggregation process. Therefore, the traditional longitudinal federal learning mode has some defects, and the architecture and execution flow of the traditional longitudinal federal learning mode need to be changed to ensure the safety and stability of the learning mode.
The embodiment of the specification provides a model training method based on privacy protection, which relates to a plurality of first nodes and a plurality of second nodes, wherein the plurality of first nodes store label data of a plurality of samples corresponding to a target model, and the plurality of second nodes store local models corresponding to the target model and characteristic data of different dimensions of the plurality of samples. The plurality of second nodes may perform forward propagation training on the local model based on the locally stored feature data of the plurality of samples to obtain intermediate results and provide the intermediate results to the plurality of first nodes. Then, the plurality of first nodes may determine scores for characterizing reliability corresponding to the respective intermediate results based on the tag data, select a plurality of first intermediate results whose scores reach a threshold from the respective intermediate results, determine a first predicted loss value of the target model based on an aggregate result of the plurality of first intermediate results and the tag data, and then determine gradient values corresponding to the plurality of third nodes based on the first predicted loss value and a first model parameter of a local model of each of a plurality of third nodes providing the plurality of first intermediate results among the plurality of second nodes, and transmit the gradient values corresponding to the plurality of third nodes, respectively, in response to the first predicted loss value not satisfying a model convergence condition. The plurality of third nodes may then update parameters of the local model based on the obtained gradient values.
The model training method provided by the embodiment of the present disclosure can enable multiple participants with the same sample space and different feature spaces to participate in executing the same model training task, and ensure data security and privacy leakage as much as possible, and ensure reliability of a trained target model.
In one embodiment, the plurality of first nodes may be a plurality of centralized nodes, for example, a plurality of centralized servers, and model aggregation is implemented based on the plurality of centralized servers instead of a single server, so that the capability of resisting single point attack and single point failure is strong, and intermediate results and training process data leakage can be effectively prevented.
In the case where the plurality of first nodes are a plurality of centralized nodes, in the solution provided in the embodiment of the present disclosure, the device of the model user may send a model training task and an initial model to the plurality of first nodes, and after determining to accept the model training task, the plurality of first nodes may take the obtained initial model as a target model, and send the initial model to a plurality of second nodes that participate in executing the task, so that the plurality of second nodes perform model training with the initial model as a local model. Specific implementation details may refer to the relevant descriptions below, such as those in the embodiments corresponding to fig. 4 and 5, respectively.
In practice, blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The data blocks are combined into a chained data structure in a time sequence in a block chain in a sequential connection mode, and the data blocks are guaranteed to be non-tamperable and non-counterfeitable in a cryptography mode. Because the blockchain has the characteristics of decentralization, non-tamperability of information, autonomy and the like, the blockchain is also receiving more and more attention and application.
FIG. 1 illustrates a block chain architecture diagram in one embodiment. In the blockchain architecture diagram shown in fig. 1, the blockchain 100 includes N nodes, and nodes 1-8 are schematically shown in fig. 1. The connections between nodes schematically represent P2P (Peer to Peer) connections, which may be TCP connections or the like, for example, for transmitting data between nodes. The nodes may store a full amount of ledgers, i.e., the state of all blocks and all accounts. Wherein each node in the blockchain may generate the same state in the blockchain by performing the same transaction, each node in the blockchain may store the same state database.
Transactions in the blockchain domain may refer to task units that execute in the blockchain and are recorded in the blockchain. The transaction typically includes a send field (From), a receive field (To), and a Data field (Data). Where the transaction is a transfer transaction, the From field indicates an account address From which the transaction was initiated (i.e., a transfer task To another account was initiated), the To field indicates an account address From which the transaction was received (i.e., a transfer was received), and the Data field includes the transfer amount.
The functionality of the smart contract may be provided in the blockchain. Intelligent contracts on blockchains are contracts on blockchain systems that can be executed by transaction triggers. The smart contracts may be defined in the form of codes. Invoking the smart contract in the blockchain initiates a transaction directed to the smart contract address such that each node in the blockchain runs the smart contract code in a distributed manner.
In the scenario of deploying contracts, for example, bob sends a transaction containing information to create an intelligent contract (i.e., deploying a contract) into a blockchain as shown in fig. 1, the data field of the transaction includes the code (e.g., bytecode or machine code) of the contract to be created, and the to field of the transaction is empty to indicate that the transaction is for deploying the contract. After agreement is reached between the nodes through a consensus mechanism, a contract address of '0 x6f8ae93 …' of the contract is determined, each node adds a contract account corresponding to the contract address of the intelligent contract in a state database, allocates a state storage corresponding to the contract account, stores a contract code, and stores a hash value of the contract code in the state storage of the contract, so that the contract creation is successful.
In the scenario of invoking a contract, for example, bob sends a transaction for invoking a smart contract into the blockchain as shown in fig. 1, the from field of the transaction is the address of the account of the transaction initiator (i.e., bob), the to field is the aforementioned "0x6f8ae93 …", i.e., the address of the invoked smart contract, and the data field of the transaction includes the method and parameters for invoking the smart contract. After the transaction is consensus in the blockchain, each node in the blockchain may execute the transaction separately, thereby executing the contract separately, updating the status database based on execution of the contract.
A federation chain may refer to a decentralized architecture with admission mechanisms, consisting essentially of a finite set of participants in a federation. Participants of a federation chain need to be authenticated to mutually authenticate and share data, and other nodes, except authorized nodes, cannot join the federation chain. The alliance chain is widely applied to the field of data sharing and collaboration among enterprises, is safer and more stable than a public blockchain, and has higher processing capacity.
As a decentralised architecture, the alliance chain provides a new idea for the inventor to solve the single point of failure problem existing in the traditional longitudinal federation learning.
In particular, in one embodiment, the plurality of first nodes and the plurality of second nodes may be included in a blockchain system (e.g., a federated chain system). As such, the present specification embodiments may provide a model training scheme based on a blockchain system. The scheme is based on a decentralised block chain system rather than a single server, has strong single point attack resistance and single point fault resistance, and can effectively prevent middle results and training process data leakage. In addition, the blockchain system can provide an effective admittance mechanism, and malicious nodes can be excluded from the blockchain system, so that the malicious nodes are prevented from interfering with the federal learning process and even stealing training data.
Next, in connection with fig. 2, one application scenario in which the embodiments of the present description may be applied is described. Fig. 2 is a schematic diagram of an application scenario to which the embodiments of the present disclosure may be applied.
In the application scenario shown in fig. 2, a device 201 of a model user may be included, and a blockchain system 202 formed by a limited set of nodes of participants (node 1-node 8 schematically shown in fig. 2), the blockchain system 202 including a plurality of first nodes (node 1, node 2, and node 8 are schematically shown as first nodes in fig. 2) and a plurality of second nodes (node 3-node 5 are schematically shown as second nodes in fig. 2). The first nodes store tag data of a plurality of samples corresponding to the target model, and the second nodes store local models corresponding to the target model and feature data of different dimensions of the samples. The initial target model is an initial model that the device 201 publishes to the blockchain system 202, the tag data is provided by the device 201 to the plurality of first nodes, and the initial local model of each of the plurality of second nodes is the initial model sent by the plurality of first nodes.
In one embodiment, the plurality of first nodes and the plurality of second nodes may be determined from the nodes of the blockchain system 202 based on model training tasks published by the device 201 to the blockchain system 202 for an initial model. It will be appreciated that in the schemes provided by the embodiments of the present description, the blockchain system may be initialized based on model training tasks.
Next, a process for initializing a blockchain system based on model training tasks is described in conjunction with fig. 3. Fig. 3 is a schematic diagram illustrating an initialization process of the block chain system in the embodiment of the present disclosure.
As shown in fig. 3, first, in step S301, the device 201 of the model consumer sends a transaction Tx1 to the blockchain system 202, the transaction Tx1 including a model training task T and an initial model IM.
The model consumer may be a participant in the blockchain system 202 and the device 201 may be a node in the blockchain system 202; alternatively, the model user may be a general user who has access to the blockchain system 202, in which case the device 201 may not be a node in the blockchain system 202.
The model training task T may describe, for example, information such as the use of the model required by the model user. The model consumer has tag data corresponding to a plurality of samples of the initial model IM. In one example, the plurality of samples are a plurality of users. The tag data may relate to a plurality of category tags and include training tags respectively corresponding to the plurality of samples, and the training tags may indicate category tags to which the corresponding samples belong in the plurality of category tags. Taking a model user as a bank as an example, the plurality of types of labels can comprise loans, no loans or risks, no risks and the like; the model training task T may describe, for example, information such as the identification of whether the user is at risk (has a loan) or not, by using a model required for the bank. Taking the model user as a commodity recommender, the plurality of category labels may include a plurality of commodity category labels, and the model training task T may describe information such as a model required by the commodity recommender for commodity recommendation.
In step S303, the blockchain system 202 stores the model training task T and the initial model IM into the blockchain system 202 based on the transaction Tx 1.
Specifically, the blockchain system 202 may determine whether to accept the model training task T based on the transaction Tx1 and, in the event that the model training task T is accepted, store the model training task T and the initial model IM into the blockchain system 202. In one embodiment, transaction Tx1 invokes a smart contract, and the nodes in blockchain system 202 store model training task T and initial model IM into the contract state of the smart contract when executing transaction Tx 1. Thereafter, the consensus node in the blockchain system 202 may send a transaction invoking the smart contract to the blockchain system 202 to record whether itself accepts the model training task T. Nodes in the blockchain system 202 record the number of accepted nodes in the contract state when each of the transactions is performed, and record the model training task T accepted in the contract state when the number of accepted nodes is greater than a preset number.
After the execution of the transaction Tx1 is completed, the participant of the blockchain system 202 may learn, based on the model training task T, for example, based on information such as the usage of the model required by the model user described by the model training task T, whether the feature data owned by the participant is suitable as training data for the current model training, and when it is determined that the feature data is suitable as training data for the current model training and is about to participate in executing the model training task T, may send a transaction Tx2 to the blockchain system 202, where the transaction Tx2 is used to request participation in executing the model training task T.
Taking node 3-node 5 in the blockchain system 202 as an example, when the participants to which the 3 nodes respectively belong determine that the own feature data is suitable as training data for the model training and want to participate in executing the model training task T, the 3 nodes may send the transaction Tx2 to the blockchain system 202.
In step S305, after the execution of the transaction Tx1 is completed, the blockchain system 202 receives a transaction Tx2 sent by a node of a plurality of participants of the blockchain system 202, where the transaction Tx2 is used to request participation in executing the model training task T.
In one embodiment, transaction Tx2 invokes a smart contract, and nodes in blockchain system 202 may record node identifications of respective nodes of the plurality of participants in a node queue in a contract state of the smart contract when executing transaction Tx2.
In step S307, the blockchain system 202 determines a plurality of first nodes from among the nodes of the blockchain system 202 other than the above-described nodes of the plurality of participants.
It should be noted that the first node may be referred to as a committee node. A committee node may refer to a delegate elected by a participant of a blockchain system that is responsible for operation and maintenance of the blockchain system. These representatives are typically nodes of institutions of superior nature, authoritative, senior, professional, etc., among the various parties, which may constitute the committee, which is the highest decision-making institution for the blockchain system autonomy. Among other things, committee responsibilities may include co-discussion and resolution. The committee can set various roles and distribute tasks according to scene requirements, maintain safe and stable operation of the blockchain system, ensure the correctness of a consensus mechanism, and coordinate tasks such as communication and cooperation among the participants. In the solution provided in the embodiment of the present disclosure, the committee is mainly responsible for consensus on the reliability of the intermediate results provided by the training nodes and aggregating the intermediate results with higher reliability.
Upon receiving the transaction Tx2 sent by the nodes of the plurality of participants, the blockchain system 202 may determine at least some nodes of the blockchain system 202 other than the nodes of the plurality of participants as first nodes, respectively, so that each first node is responsible for determining a plurality of second nodes that participate in performing the model training task T from the nodes of the plurality of participants.
In one embodiment, a node (e.g., master node) in the blockchain system 202 may select a plurality of first nodes from nodes in the blockchain system 202 other than the plurality of participant nodes, generating a transaction invoking the smart contract, the transaction including node identifications of the plurality of first nodes. The blockchain system 202, when executing the transaction, may store the node identifications of the plurality of first nodes in association with the model training task T into the contract state of the smart contract.
Taking the above example that the nodes of the multiple participants include node 3-node 5, the multiple first nodes may be selected from other nodes of the blockchain system 202, such as node 1, node 2, and node 6-node 8, based on a preset first node selection policy. The first node selection policy may be configured according to actual requirements, which is not specifically limited herein.
In step S309, the plurality of first nodes determine a plurality of second nodes from the plurality of nodes of the plurality of participants based on the model training task T and the transaction Tx2 transmitted from the plurality of nodes of the plurality of participants.
It should be noted that the second node may be referred to as a training node, and the transaction Tx2 may be specifically used to register as a training node participating in performing the model training task T.
As an example, the plurality of first nodes may acquire information determined as the first node by themselves from the contract state, and then perform an operation of determining the second node. When determining the second node, the plurality of first nodes may acquire respective node identifiers from the node queues in the contract state, learn that the nodes of the plurality of participants request to participate in executing the model training task T based on the respective node identifiers, and may obtain respective description information related to model training of the plurality of participants based on the transaction Tx2 sent by the nodes of the plurality of participants, where the description information may include, for example, service description information and/or data description information for feature data; for example, the descriptive information may be obtained from the blockchain system 202 based on the transmit account of the transaction Tx2 or from the transaction Tx 2. Then, the plurality of first nodes may determine whether the description information of each of the plurality of participants satisfies the model training task T, and determine a node of the participant as a second node when it is determined that the description information satisfies the model training task T.
In an embodiment, after determining a plurality of second nodes from the nodes of the plurality of participants, the plurality of first nodes may further configure a key pair for each determined second node by executing step S311, and send a private key in the key pair to the second node. In addition, the plurality of first nodes may retain the public key of the key pair. Therefore, in order to ensure the security of the transmission data and avoid privacy disclosure in the execution process of the model training task T, the second node may use the private key to encrypt and decrypt the transmission data, and the plurality of first nodes may use the public key to encrypt and decrypt the transmission data between the second node and the first node.
In one embodiment, after determining a plurality of second nodes from the plurality of participant nodes, the first node may send a transaction to the blockchain system 202 invoking the smart contract, the transaction including node identifications of the plurality of second nodes. The blockchain system 202, when executing the transaction, may store the node identifications of the plurality of second nodes in association with the model training task T into the contract state of the smart contract.
In one embodiment, to relieve computational pressure of the blockchain system 202, a plurality of second nodes may be determined from the plurality of participant nodes by a target node of the plurality of first nodes based on the model training task T and the transaction Tx2 sent by the plurality of participant nodes. The target node may be selected randomly from the plurality of first nodes, for example, one node (e.g., a master first node) of the plurality of first nodes is selected randomly from the plurality of first nodes. Further, after determining the plurality of second nodes, the target node may further configure key pairs for the plurality of second nodes, and send the node identifiers and the key pairs of the plurality of second nodes to other nodes in the plurality of first nodes.
The solution provided by the corresponding embodiment of fig. 3 may enable the blockchain system to determine a plurality of first nodes and a plurality of second nodes corresponding to a model training task after each time a model training task is received, so that the plurality of second nodes participate in executing the model training task, and the plurality of first nodes aggregate model training results provided by the plurality of second nodes. By re-determining the first node and the second node after each receiving a model training task, the safety and reliability of model training can be ensured.
After the initialization of the blockchain system 202 is completed through the initialization process described in the corresponding embodiment of fig. 3, and before the plurality of second nodes perform model training, for example, specifically before performing the model training initialization process as shown in fig. 4, the plurality of second nodes may determine a plurality of samples by performing sample alignment with the device 201 of the model user, where the plurality of second nodes store feature data of different dimensions of the plurality of samples, the device 201 stores tag data Y of the plurality of samples, so that the device 201 may send the tag data Y of the plurality of samples to the plurality of first nodes, and the plurality of second nodes may perform model training using the locally stored feature data of a portion of dimensions of the plurality of samples.
In one embodiment, the second nodes and the device 201 of the model user store sample sets, respectively, and when the samples are aligned, the second nodes may perform privacy set intersection (Private Set Intersection, PSI) on each sample set together with the device 201, and determine at least some samples in the obtained intersection set as the samples. The privacy set intersection is a cryptography technology in secure multiparty computation, which allows two parties participating in computation to compute the intersection of data of the two parties on the basis of not acquiring additional information (other information than the intersection) of the two parties. It should be noted that, the sample alignment technique is a well-known technique in the art, and other well-known techniques may be used in addition to the privacy set intersection technique to achieve sample alignment, which will not be repeated here.
After initialization of the blockchain system 202 is completed through the initialization process described by the corresponding embodiment of fig. 3, a model training initialization process as shown in fig. 4 may be performed. Wherein fig. 4 is a schematic diagram of a model training initialization process in the embodiment of the present disclosure.
As shown in fig. 4, first, in step S401, the device 201 of the model user provides tag data Y of a plurality of samples to the plurality of first nodes.
Wherein the plurality of samples may be determined by performing sample alignment with the device 201 of the model user at the plurality of second nodes. The tag data Y may relate to a plurality of category tags and include training tags respectively corresponding to the plurality of samples, and the training tags may indicate category tags to which the corresponding samples belong among the plurality of category tags.
In step S403, the plurality of first node acquisition devices 201 described above acquire the initial model IM provided as the target model.
In one example, the plurality of first nodes may query the initial model IM from the contract state, and take the queried initial model IM as the target model. The target model may also be referred to as a Global model (Global model), and the plurality of first nodes may be used to perform parameter updating on the Global model.
In step S405, the plurality of first nodes transmit the initial model IM to the plurality of second nodes.
In step S407, the plurality of second nodes determine the initial model IM as a local model.
In the scheme provided in the corresponding embodiment of fig. 4, the device 201 of the model user may provide the tag data Y of a plurality of samples to the plurality of first nodes, and then the plurality of first node obtaining devices 201 provide the initial model IM as the target model, and send the initial model IM to the plurality of second nodes, so that the plurality of second nodes perform model training with the received initial model IM as the Local model (Local model), so that model training initialization may be implemented.
After the model training initialization is completed, the plurality of second nodes may perform model training. Next, the model training process is described in conjunction with fig. 5. Fig. 5 is a timing diagram of a model training method based on privacy protection in the embodiment of the present disclosure.
As shown in fig. 5, first, in step S501, the plurality of second nodes perform forward propagation training on the local model based on the feature data of the plurality of samples stored locally to obtain intermediate results.
Wherein the plurality of samples may be determined by performing sample alignment with the device 201 of the model user at the plurality of second nodes.
As an example, each second node may input the locally stored feature data of the plurality of samples into the local model, obtain a prediction result output by the local model, and take the prediction result as an intermediate result. It should be noted that, as described above, the tag data Y may relate to a plurality of category tags, and the intermediate result may include sub-results corresponding to the plurality of samples, where the sub-results may indicate category tags to which the corresponding samples belong in the plurality of category tags.
In step S503, the plurality of second nodes provide intermediate results to the plurality of first nodes.
Specifically, the plurality of second nodes may provide intermediate results of plaintext to the plurality of first nodes; alternatively, to ensure security of the transmission data and avoid privacy disclosure, each second node may encrypt the obtained intermediate result into a ciphertext result using a private key (e.g., a private key in a key pair configured by the plurality of first nodes for the second node), and provide the ciphertext result to the plurality of first nodes.
In one embodiment, a smart contract may be deployed in the blockchain system 202, and the plurality of second nodes may invoke the smart contract to provide intermediate results to the plurality of first nodes. For example, the plurality of second nodes may send a transaction to the plurality of first nodes invoking the smart contract, the transaction including an intermediate result or a ciphertext result corresponding to the intermediate result.
Then, the plurality of first nodes may obtain intermediate results provided by the plurality of second nodes. In the case where the plurality of second nodes provide ciphertext results, the plurality of first nodes may decrypt the ciphertext results provided by the second nodes into plaintext intermediate results using a public key of each second node (e.g., a public key of a key pair configured by the plurality of first nodes for the second node).
After the plurality of first nodes obtain the intermediate results provided by the plurality of second nodes, the steps S505-S511 may be executed to implement verification and aggregation of the intermediate results, and in this process, the plurality of first nodes may ensure the reliability of the second nodes by determining the reliability of the intermediate results, and implement calculation of the global model loss function for the intermediate results that meet the conditions.
Specifically, in step S505, the plurality of first nodes determine scores for characterizing reliability, which correspond to the respective intermediate results, based on the tag data Y, and select, from the respective intermediate results, a plurality of first intermediate results whose scores reach a threshold value.
The plurality of first nodes can obtain scores of intermediate results provided by each second node by adopting an exclusive method. As an example, in the case that the above-mentioned plurality of first nodes are trusted, in order to effectively shorten the calculation time and improve the calculation efficiency, each intermediate result may be made to calculate a score by at least one first node. Specifically, one target node of the plurality of first nodes may determine a first node for scoring each intermediate result among the plurality of first nodes, and transmit the determination result to other nodes of the plurality of first nodes. Then, the plurality of first nodes may determine a predicted Loss value Loss1 based on the aggregate result and the tag data Y for each intermediate result, determine a predicted Loss value Loss2 based on the aggregate result and the tag data Y for intermediate results other than the second intermediate result responsible for scoring each intermediate result, and determine a difference between the predicted Loss value Loss2 and the predicted Loss value Loss1 as a score corresponding to the second intermediate result. The target node may then receive scores corresponding to other intermediate results sent by the other nodes. The target node may then select a number of first intermediate results from the respective intermediate results for which the score reaches a threshold. It should be appreciated that the first intermediate result may be understood as an intermediate result in which the score reaches a threshold value.
In one embodiment, aggregation may be achieved by summing the intermediate results to be aggregated. For example, in determining the predicted Loss value Loss1, the sum value of each intermediate result may be calculated and determined as the result of aggregation for each intermediate result, after which the difference between the result of aggregation and the tag data Y may be calculated, and then the square value of the difference may be calculated and determined as Loss1. Note that the calculation method of Loss2 is similar to Loss1. Including intermediate results RL with respective intermediate results A Intermediate results RL B And intermediate result RL c For example, for the intermediate result RL B A first node scoring that can calculate loss1= (RL) A +RL B +RL C -Y) 2 ,Loss2=(RL A +RL C -Y) 2 And uses Loss2-Loss1 to obtain intermediate result RL B A corresponding score.
In step S507, the plurality of first nodes determine a predicted Loss value Loss3 of the target model based on the result of aggregation of the plurality of first intermediate results and the tag data Y.
Wherein a method similar to the predictive Loss value calculating method described in the foregoing may be employed, the predictive Loss value Loss3 of the target model may be determined based on the result of aggregation of the above-described plurality of first intermediate results and the tag data Y. For example, a sum of the plurality of first intermediate results may be calculated and determined as an aggregate result for the plurality of first intermediate results, after which a difference between the aggregate result and the tag data Y may be calculated, and then a square value of the difference may be calculated and determined as the predicted Loss value Loss3.
In one embodiment, when there is an intermediate result whose score does not reach the threshold value in each intermediate result, that is, when there is an unreliable intermediate result, the plurality of first nodes may record the number of times of trust loss of the second node that provides the unreliable intermediate result, and determine that the second node is not trusted in response to the number of times of trust loss reaching the preset number of times, so that the unreliable intermediate result is not involved in final result aggregation, and further step S507 is performed. In addition, the plurality of first nodes may also record that the second node is an untrusted node, so that the second node is not allowed to perform a subsequent model training process.
In step S509, in response to the predicted Loss value Loss3 not meeting the model convergence condition, the plurality of first nodes determine gradient values corresponding to respective third nodes of the plurality of first intermediate results based on the predicted Loss value Loss3 and the first model parameters of the local model of the respective third nodes of the plurality of second nodes.
The model convergence condition may include, for example, the accuracy of the training model. The gradient values respectively corresponding to the plurality of third nodes may be determined according to a back propagation algorithm.
As an example, the plurality of first nodes may determine gradient values corresponding to the plurality of third nodes, respectively, according to a back propagation algorithm, based on a Loss function L3 of the object model for calculating Loss3, a predicted Loss value Loss3, and first model parameters of the local model of each of the plurality of third nodes. Assuming that the plurality of third nodes includes node A and node B, node A submits a first intermediate result RL A Node B submits a first intermediate result RL B Wherein RL is a A =F A (w A ,X A ),RL B =F B (w B ,X B ) The method comprises the steps of carrying out a first treatment on the surface of the In this case, l3= (F A (w A ,X A )+F B (w B ,X B )-Y) 2 . Wherein w is i First model parameters representing the current local model of node i, in particular a function F corresponding to the local model i () Model parameters of (2);X i characteristic data representing the plurality of samples stored locally at node i acts as F i () Is a data input to the computer; i is one of A and B. The gradient value corresponding to node i may be expressed asWherein (1)>Representing the sign of the partial derivative.
In one embodiment, to relieve the computational pressure of the blockchain system 202, after the target node selects a plurality of first intermediate results whose scores reach the threshold value from the respective intermediate results, the target node may then determine a predicted Loss value Loss3 of the target model by performing step S507, and when it is determined that the model convergence condition is not satisfied based on the predicted Loss value Loss3, determine gradient values corresponding to the plurality of third nodes, respectively, by performing step S509.
In step S511, the plurality of first nodes send corresponding gradient values to the plurality of third nodes, respectively.
Specifically, the plurality of first nodes may send gradient values of plaintext to the plurality of third nodes; or, in order to ensure the security of the transmission data and avoid privacy disclosure, the plurality of first nodes may encrypt the gradient value corresponding to each third node into a ciphertext gradient value by using the public key of each third node, and send the ciphertext gradient value to the third node.
Then, the plurality of third nodes may obtain respective corresponding gradient values. It should be noted that, when each third node receives the ciphertext gradient value, the third node may decrypt the ciphertext gradient value into a plaintext gradient value using the private key.
After the plurality of third nodes obtain the respective corresponding gradient values, the plurality of third nodes may perform back propagation training on the local model by performing step S513.
In step S513, the plurality of third nodes update parameters of the local model based on the gradient values.
Taking the node i as described above as an example, the node i can be represented by the formulaAnd updating the model parameters corresponding to the model parameters. Wherein w' i The second model parameter, which may represent a local model update of node i, η may represent a learning rate.
In step S515, the plurality of third nodes provide the second model parameters of the local model update to the plurality of first nodes.
Specifically, the plurality of third nodes may provide second model parameters of plaintext to the plurality of first nodes; alternatively, to ensure security of the transmission data and avoid privacy disclosure, each third node may encrypt the second model parameter into the ciphertext model parameter using a private key, and provide the ciphertext model parameter to the plurality of first nodes.
Then, the plurality of first nodes may obtain the second model parameters provided by the plurality of third nodes. In the case where the plurality of third nodes provide the ciphertext model parameters, the plurality of first nodes may decrypt the ciphertext model parameters provided by each third node into the second model parameters using the public key of the third node.
In step S517, the plurality of first nodes determine model performance of the target model based on the respective second model parameters.
The model performance may include any one of performance parameters such as accuracy, predictive loss, error rate, precision, and recall.
In one embodiment, the model performance of the target model includes a predictive loss. The first nodes may store characteristic data X of a plurality of test samples T T And tag data Y T Tag data Y T The same category labels as the label data Y described in the foregoing are referred to. Wherein the tag data Y T Including a training label corresponding to each test specimen of the plurality of test specimens T, the training label indicating that its corresponding test specimen is in label data Y T The category labels to which the category labels belong are related. In this case, the plurality of first nodes may be based on the respective second model parameters and the feature data X T Calculating intermediate result RL T Based on intermediate result RL T And tag data Y T And calculating a predicted Loss value Loss4 of the target model. Continuing with the example of the plurality of third nodes including node A and node B, assume that node A provides a second model parameter w' A Node B provides a second model parameter w' B The plurality of first nodes may calculate RL T =w′ A ×X T +w′ B ×X T ,Loss4=(RL T -Y T ) 2
In one embodiment, the model performance of the target model includes a predictive loss. In addition to determining the plurality of samples, the plurality of second nodes may determine a plurality of test samples T when they are aligned with the device 201 of the model user, for example, a portion of samples in the intersection set as described above may be determined as the plurality of samples, and the remaining samples may be determined as the plurality of test samples T. The device 201 may provide the tag data Y of the plurality of test samples T to the plurality of first nodes in addition to the tag data Y of the plurality of samples to the plurality of first nodes T . In this case, after the above-mentioned third nodes perform step S513, the updated local model may be forward-propagated using the locally stored feature data of the plurality of test samples T to obtain intermediate results, and the intermediate results may be provided to the above-mentioned first nodes. The plurality of first nodes may aggregate the intermediate results associated with the plurality of test samples T to obtain an aggregate result, and based on the aggregate result and the tag data Y T And determining a predicted Loss value Loss4 of the target model.
In one embodiment, in the case that the plurality of first nodes are trusted, in order to relieve the computational pressure of the blockchain system 202, the predicted Loss value Loss4 of the target model may be determined by one target node of the plurality of first nodes by performing step S517.
In step S519, the plurality of first nodes determine each second model parameter as an updated parameter of the target model in response to the model performance satisfying the model convergence condition.
Specifically, in the case where the model performance of the target model includes the predicted Loss value Loss4 as described above, the plurality of first nodes may determine each of the second model parameters as an updated parameter of the target model in response to the predicted Loss value Loss4 satisfying the model convergence condition.
In one embodiment, after step S519, the plurality of first nodes may store respective second model parameters in the blockchain system 202. Further, the plurality of first nodes may package the respective second model parameters into a chunk and store the chunk into the blockchain system 202.
In one embodiment, when the model performance of the target model does not meet the model convergence condition, the plurality of first nodes may further send feedback information to the plurality of third nodes, where the feedback information indicates that the local model is subjected to a next round of model training. Thus, the plurality of third nodes may perform a model training process as shown in FIG. 5 for the current local model.
According to the scheme provided by the corresponding embodiment of fig. 5, the second nodes execute forward propagation training on the local model based on the locally stored characteristic data of the samples to obtain intermediate results, and provide the intermediate results for the first nodes, so that the characteristic data is ensured not to go out of the domain, thereby ensuring data security and preventing privacy leakage. By determining the scores for characterizing the reliability corresponding to the respective intermediate results by the plurality of first nodes, selecting a plurality of first intermediate results with the scores reaching a threshold value from the respective intermediate results, determining a predicted Loss value Loss3 of the target model based on the aggregate result of the plurality of first intermediate results and the tag data Y, then determining the gradient values corresponding to the respective plurality of third nodes based on the predicted Loss value Loss3 and the current first model parameters of the local model of the respective plurality of third nodes providing the plurality of first intermediate results among the plurality of second nodes, and transmitting the gradient values corresponding to the respective plurality of third nodes, so that the plurality of third nodes update the parameters of the local model based on the obtained gradient values, the intermediate results with the scores not reaching the threshold value can be regarded as unreliable (invalid) intermediate results, the intermediate results are prevented from participating in the final aggregate process, and the second nodes providing the intermediate results are prevented from executing the subsequent model training process, thereby providing good reliability for the target model. Model aggregation is realized based on the plurality of first nodes instead of a single server, single-point attack and single-point fault resistance is high, and middle results and training process data leakage can be effectively prevented. Therefore, the scheme can enable a plurality of participants with the same sample space and different feature spaces to participate in executing the same model training task, ensure data security and privacy leakage as much as possible, and ensure the reliability of a trained target model.
The plurality of first nodes and the plurality of second nodes may be included in a blockchain system, such as a federated chain system, in accordance with the description above. The scheme provided by the embodiment of the specification can realize a coalition chain-based decentralization longitudinal federation learning model training method, and the method can achieve the following technical effects:
1. the method has good safety. The method comprises the following steps: the method is based on the decentralised alliance chain instead of a single server, has strong single point attack resistance and single point fault resistance, and can effectively prevent training results and training process data leakage. In addition, the alliance chain also provides an effective admittance mechanism, so that malicious nodes can be excluded from the alliance chain, and the malicious nodes are prevented from interfering with the federal learning process and even stealing training data.
2. The method has good reliability. The method comprises the following steps: the committee consensus mechanism in the method can exclude invalid data training results, does not participate in the final aggregation process, and provides good reliability for the global model.
In the following, taking the blockchain system as described above as a coalition chain as shown in fig. 6, nodes of a plurality of participants including a bank (a party), an online shopping platform (B party), a social platform (C party) and the like are taken as an example, and a scheme provided by the embodiment of the present specification is illustrated with reference to fig. 6 and 7. Fig. 6 and fig. 7 are schematic diagrams of a model training method based on a coalition chain in the embodiment of the present disclosure.
In this example, a multi-party collaboration in the sales industry is described to enable comprehensive analysis of consumer demand and purchasing power. The bank (A party), the online shopping platform (B party) and the social platform (C party) are in the presence information cooperation, and feature data held by each party can be stored in a local database of each node. As shown in fig. 7, the B-party may hold the characteristic data of the X3 dimension of the four samples A2, A3, A4, A5 and the tag data Y corresponding to the four samples, while the a-party and the C-party hold only the characteristic data and do not hold the tag data. Specifically, the a-party holds characteristic data of two dimensions of X1 and X2 of three samples A1, A2 and A4, and the C-party holds characteristic data of three dimensions of X4, X5 and X6 of three samples A1, A2 and A4. In one example, the dimensions in embodiments of the present description may be referred to as attributes. It should be appreciated that the six dimensions X1-X6 are different from each other, with the A, B and C parties having the same sample space, different feature spaces. In order to protect data security and prevent privacy disclosure, feature data of each party is not summarized to a certain party to complete related training. All parties perform model training based on the feature data held by each party through the model training method based on the alliance chains provided by the embodiment of the specification, and obtain a complete global model to analyze the demands of users so as to realize accurate commodity recommendation.
Specifically, when the online shopping platform (B party) has commodity recommendation requirements, the B party can be used as a model user to issue model training tasks and initial models for performing federal learning to the federation chain by using its nodes, for example, to send a transaction Tx1 including the tasks and the initial models to the federation chain. Thereafter, the federation chain can decide whether to accept the task. If the task is not accepted, the federation chain may return feedback information to the node of the B-party indicating refusal to execute the task and end processing of the task. If the task is accepted, parties A, B and C may request from the federation chain through their respective nodes that the training nodes are registered as participating in performing the task, e.g., to the federationThe chain transmits a transaction Tx2 for registering as a training node participating in performing the task. After the coalition chain receives the transaction Tx2 sent by the nodes of the a-party, the B-party and the C-party, as shown in fig. 6, a plurality of node composition committees except the nodes of the a-party, the B-party and the C-party in the coalition chain can be selected, that is, a plurality of committee nodes are determined from the nodes except the nodes of the a-party, the B-party and the C-party in the coalition chain and used for the processing of distinguishing, aggregating and the like of the model training results. It should be noted that the committee's responsibilities may include a common discussion and resolution (YES or NO resolution as schematically shown in fig. 7). After the committee is generated, each committee node can determine a plurality of training nodes from the nodes of the A side, the B side and the C side to participate in model training, for example, the nodes of the A side, the B side and the C side are all determined to be training nodes, and the A side training node, the B side training node and the C side training node can be generated. Each committee node may then configure a key pair (SK for the a-side training node A ,PK A ) Configuring a key pair (SK) for a B-party training node B ,PK B ) Configuring a key pair (SK) for a C-party training node C ,PK C ) And sending the private key in the corresponding key pair to each training node, and reserving the public key of each training node. Wherein SK is i Private key, PK, representing a training node of party i i Representing the public key of the training node of party i, i is one of A, B and C.
Next, as shown in fig. 7, the a-side training node, the B-side training node, and the C-side training node may determine a plurality of samples, such as two samples A2 and A4, by performing sample alignment, where the B-side training node locally stores feature data and tag data Y of the plurality of samples, and the a-side training node and the C-side training node locally store feature data of the plurality of samples.
The B-side training node may then provide label data Y for model training to the committee nodes. Each committee node may, in response to receiving the label data Y, obtain an initial model provided by the node of the B side as a Global model (Global model) and send the initial model to the training nodes of the a side, B side and C side, as shown in fig. 6, so that the 3 training nodes model-train the initial model as a Local model (Local model).
In the model training process, each training node can perform forward propagation training on the local model based on the characteristic data of the samples A2 and A4 stored locally to obtain an intermediate result. As shown in FIG. 7, the A-side training node may perform forward propagation training on the Local model (Local model A) based on the locally stored characteristic data of samples A2, A4, resulting in an intermediate result RL A . The training node B can perform forward propagation training on the Local model (Local model B) based on the characteristic data of the locally stored samples A2 and A4 to obtain an intermediate result RL B . The C-side training node can perform forward propagation training on the Local model (Local model C) based on the characteristic data of the locally stored samples A2 and A4 to obtain an intermediate result RL C . Wherein RL is a i =F i (w i ,X i ),w i Current model parameters of the local model of the i-side training node are represented, in particular, a function F corresponding to the local model i () Model parameters of (2); x is X i Characteristic data representing samples A2, A4 stored locally by the training nodes of the i-party, acting as F i () Is a data input to the computer; i is one of A, B and C.
Each training node may then encrypt the resulting intermediate result into a ciphertext result using the private key distributed by the committee node. Here, ciphertext results of the A-side training node, the B-side training node and the C-side training node are sequentially recorded as [ RL ] A ],[RL B ],[RL C ]. Each training node may then provide ciphertext results to each committee node. In one example, intelligent contracts may be deployed in a federation chain that each training node may provide ciphertext results to each committee node by invoking.
After receiving the ciphertext result, each committee node may decrypt the ciphertext result provided by each training node into an intermediate result using the public key of the key pair configured for the training node, thereby obtaining an intermediate result RL A ,RL B ,RL C
Then, each committee node can judge the reliability of the three intermediate results, and select the intermediate results with higher reliability to participate in aggregation. For example, the score of the intermediate results for each training node may be derived by an exclusive method, wherein it is ensured that each intermediate result is determined by at least one committee node.
As an example, one of the target nodes in each committee node may determine a committee node for scoring each intermediate result in each committee node and transmit the determined result to the other committee nodes. Thereafter, each committee node may determine a predicted Loss value Loss1 based on the aggregate result and the label data Y for each intermediate result, determine a predicted Loss value Loss2 based on the aggregate result and the label data Y for intermediate results other than the second intermediate result responsible for scoring itself among the respective intermediate results, and determine a difference between the predicted Loss value Loss2 and the predicted Loss value Loss1 as a score corresponding to the second intermediate result. Training intermediate results RL of nodes with the B-side B For example, the committee node responsible for scoring the intermediate result may calculate the predicted Loss value loss1= (RL A +RL B +RL C -Y) 2 Intermediate result RL responsible for scoring B Recalculating the predicted Loss value once, excluding, e.g. calculating the predicted Loss value los2= (RL) A +RL C -Y) 2 Intermediate results RL are then obtained using Loss2-Loss1 B A corresponding score. Wherein a higher score indicates that the intermediate result is more reliable. The target node may then receive scores corresponding to other intermediate results sent by the other committee and select a plurality of first intermediate results from the respective intermediate results for which the scores reach a threshold. In addition, the target node may send the selection result to the other committee node. It is noted that the plurality of first intermediate results include RL hereinafter A And RL(s) B Description is made for example.
Then, each committee node can be based on the first intermediate result RL A 、RL B And (3) determining the current predicted Loss value Loss3 of the global model according to the aggregation result and the label data Y. For example, the prediction Loss value loss3= (RL A +RL B -Y) 2 . Thereafter, each principalThe staff node may determine whether a model convergence condition is satisfied based on the predicted Loss value Loss3, which may include, for example, the accuracy of the training model. If the model parameters do not meet the preset threshold, the committee nodes can determine gradient values corresponding to the training nodes respectively according to a back propagation algorithm based on a Loss function L3 of the global model for calculating the Loss3, a predicted Loss value Loss3 and current model parameters of the local model of each training node. Specifically, l3= (F A (w A ,X A )+F B (w B ,X B )-Y) 2 . Here, the gradient values corresponding to the training nodes A and B are sequentially recorded as
Next, each committee node may encrypt the gradient value corresponding to the i-party training node into a ciphertext gradient value using a public key of a key pair configured for the i-party training node, where i is one of a and B. . Here, ciphertext gradient values respectively corresponding to the training nodes A and B are sequentially recorded asAfter that, each committee node can send ciphertext gradient value to the training node A>Sending ciphertext gradient value ++to B-side training node>/>
The a-side training node and the B-side training node may then decrypt the obtained ciphertext gradient values to plaintext gradient values using the private key distributed by the committee node. Thus, the A-side training node can obtain the clear-text gradient valueThe training node of the B side can obtain the gradient value +.>The a-side training node and the B-side training node may then update parameters of the local model based on the plaintext gradient values. Here, model parameters updated by local models of the a-side training node and the B-side training node are sequentially denoted as w A ′,w′ B . The a-side training node and the B-side training node may then provide updated model parameters to the committee nodes.
Each committee node may then be based on w A ′,w′ B And determining the current predicted Loss value Loss4 of the global model. The method for calculating the predicted Loss value Loss4 may refer to the previous related description, and will not be described herein. Thereafter, each committee node may determine whether a model convergence condition is satisfied based on the predicted Loss value Loss4. If so, each committee node may send w A ′,w′ B Determining updated parameters for the global model and writing the updated parameters for the global model to the federation chain as shown in fig. 6 and 7; wherein the Blockchain shown in fig. 7 may represent a coalition chain. If not, the committee nodes may send feedback information to the a-side training node and the B-side training node indicating a next round of model training for the local model. The a-side training node and the B-side training node may perform a next round of model training on the current local model in response to receiving the feedback information.
Fig. 8 is a schematic structural diagram of a model training apparatus based on privacy protection in the embodiment of the present specification. The apparatus may be applied to one of a plurality of first nodes storing tag data corresponding to a plurality of samples of the object model, and may perform the steps performed by the first node as in fig. 3 to 5. The device comprises: an obtaining unit 801, configured to obtain intermediate results provided by a plurality of second nodes, where the intermediate results are obtained by the second nodes performing forward propagation training on local models corresponding to the target models based on the locally stored feature data of the plurality of samples, and the plurality of second nodes store feature data of different dimensions of the plurality of samples; a selecting unit 802 configured to determine scores for characterizing reliability, respectively corresponding to the respective intermediate results, based on the tag data, and select a plurality of first intermediate results whose scores reach a threshold value from the respective intermediate results; a loss determination unit 803 configured to determine a first predicted loss value of the target model based on the aggregated result for the plurality of first intermediate results and the tag data; a gradient determining unit 804 configured to determine, in response to the first predicted loss value not satisfying the model convergence condition, gradient values respectively corresponding to a plurality of third nodes providing the plurality of first intermediate results, based on the first predicted loss value and first model parameters of the local model of each of the plurality of third nodes; a transmitting unit 805 configured to transmit its corresponding gradient value to a third node of the plurality of third nodes.
The present description also provides a computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed in a computer, causes the computer to perform the method as shown in any of fig. 3 to 5.
Embodiments of the present specification also provide a computing device comprising a memory and a processor, wherein the memory has executable code stored therein, and wherein the processor, when executing the executable code, implements a method as shown in any one of fig. 3-5.
The present description also provides a computer program product, wherein the computer program product, when executed in a computer, causes the computer to perform the method as shown in any one of fig. 3 to 5.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation device is a server system. Of course, the application does not exclude that as future computer technology advances, the computer implementing the functions of the above-described embodiments may be, for example, a personal computer, a laptop computer, a car-mounted human-computer interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When implemented in an actual device or end product, the instructions may be executed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment, or even in a distributed data processing environment) as illustrated by the embodiments or by the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, it is not excluded that additional identical or equivalent elements may be present in a process, method, article, or apparatus that comprises a described element. For example, if first, second, etc. words are used to indicate a name, but not any particular order.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, when one or more of the present description is implemented, the functions of each module may be implemented in the same piece or pieces of software and/or hardware, or a module that implements the same function may be implemented by a plurality of sub-modules or a combination of sub-units, or the like. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
One skilled in the relevant art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Moreover, one or more embodiments of the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
One or more embodiments of the present specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present description may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments. In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present specification. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
The foregoing is merely an example of one or more embodiments of the present specification and is not intended to limit the one or more embodiments of the present specification. Various modifications and alterations to one or more embodiments of this description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of the present specification, should be included in the scope of the claims.

Claims (14)

1. A privacy protection-based model training method performed by a plurality of first nodes storing tag data corresponding to a plurality of samples of a target model, the method comprising:
obtaining intermediate results respectively provided by a plurality of second nodes, wherein the intermediate results are obtained by performing forward propagation training on a local model corresponding to the target model by the second nodes based on the locally stored characteristic data of the plurality of samples, and the plurality of second nodes store the characteristic data of different dimensionalities of the plurality of samples;
determining scores for representing reliability, which correspond to the intermediate results respectively, based on the tag data, and selecting a plurality of first intermediate results with scores reaching a threshold value from the intermediate results;
Determining a first predicted loss value for the target model based on the aggregate result for the plurality of first intermediate results and the tag data;
determining gradient values corresponding to a plurality of third nodes respectively based on the first predicted loss value and first model parameters of the local model of each of the plurality of third nodes providing the plurality of first intermediate results in the plurality of second nodes in response to the first predicted loss value not meeting a model convergence condition;
and respectively sending the corresponding gradient values to the plurality of third nodes.
2. The method of claim 1, wherein the determining, based on the tag data, a score for characterizing reliability for each intermediate result, respectively, and selecting, from the each intermediate result, a plurality of first intermediate results for which the score reaches a threshold value, comprises:
a target node in the first nodes determines a first node for scoring each intermediate result in the first nodes, and sends the determined result to other nodes in the first nodes;
the plurality of first nodes determine a second predicted loss value based on the aggregate result and the tag data for each intermediate result, determine a third predicted loss value based on the aggregate result and the tag data for intermediate results other than the second intermediate result responsible for scoring itself among the respective intermediate results, and determine a difference between the third predicted loss value and the second predicted loss value as a score corresponding to the second intermediate result;
The target node receives scores corresponding to other intermediate results sent by other nodes;
the target node selects a plurality of first intermediate results from the respective intermediate results for which the score reaches a threshold.
3. The method of claim 1, wherein after transmitting their corresponding gradient values to the plurality of third nodes, respectively, further comprising:
acquiring second model parameters of local model updating provided by the plurality of third nodes, wherein the second model parameters are obtained by the third nodes after updating parameters of the local model based on the obtained gradient values;
determining model performance of the target model based on each of the second model parameters;
and determining each second model parameter as an updated parameter of the target model in response to the model performance meeting the model convergence condition.
4. The method of claim 3, wherein the plurality of first nodes and the plurality of second nodes are included in a blockchain system; and
after determining each of the second model parameters as updated parameters of the target model, further comprising:
storing each of the second model parameters in the blockchain system.
5. A method according to claim 3, further comprising:
and in response to the model performance not meeting the model convergence condition, sending feedback information for indicating that the local model is subjected to the next round of model training to the plurality of third nodes.
6. The method of claim 1, wherein the initial target model is an initial model provided by a device of a model consumer; and
before obtaining the intermediate results respectively provided by the plurality of second nodes, the method further comprises:
acquiring the tag data provided by the equipment of the model user;
acquiring the initial model as the target model;
and sending the initial model to the plurality of second nodes so that the plurality of second nodes perform model training by taking the initial model as a local model.
7. The method of claim 6, wherein the plurality of first nodes and the plurality of second nodes are included in a blockchain system; and
before acquiring the tag data provided by the device of the model user, the method further comprises:
receiving first transactions sent by nodes of a plurality of participants of the blockchain system, wherein the first transactions are used for requesting participation in executing the model training task;
And determining the second nodes from the nodes of the participants based on the model training task issued by the equipment of the model user and aiming at the initial model and the first transaction.
8. The method of claim 7, wherein after determining the plurality of second nodes from the plurality of participant nodes, further comprising:
and configuring a key pair for each determined second node, and sending a private key of the key pair to the second node.
9. The method of claim 8, wherein the obtaining intermediate results provided by the plurality of second nodes comprises:
obtaining ciphertext results provided by the plurality of second nodes, wherein the ciphertext results are obtained by encrypting the intermediate results by the second nodes by using the private key;
decrypting the ciphertext result provided by each of the second nodes into an intermediate result using a public key of the key pair configured for that second node.
10. The method of claim 7, wherein each of the first transactions is sent by a node of the plurality of participants to the blockchain system, the plurality of first nodes being determined by the blockchain system from nodes of the blockchain system other than the node of the plurality of participants after each of the first transactions is received.
11. The method of claim 10, wherein the model training task and the initial model are included in a second transaction sent by a device of the model user to the blockchain system, the blockchain system storing the model training task and the initial model into the blockchain system based on the second transaction; each of the first transactions is sent by a node of the plurality of participants after completion of execution of the second transaction.
12. A privacy protection-based model training apparatus applied to one of a plurality of first nodes storing tag data corresponding to a plurality of samples of a target model, the apparatus comprising:
the acquisition unit is configured to acquire intermediate results respectively provided by a plurality of second nodes, wherein the intermediate results are obtained by performing forward propagation training on a local model corresponding to the target model by the second nodes based on the locally stored characteristic data of the plurality of samples, and the plurality of second nodes store the characteristic data of different dimensionalities of the plurality of samples;
a selecting unit configured to determine scores for characterizing reliability, which correspond to the respective intermediate results, based on the tag data, and select a plurality of first intermediate results whose scores reach a threshold value from the respective intermediate results;
A loss determination unit configured to determine a first predicted loss value of the target model based on an aggregation result of the plurality of first intermediate results and the tag data;
a gradient determining unit configured to determine, in response to the first predicted loss value not satisfying a model convergence condition, gradient values respectively corresponding to a plurality of third nodes providing the plurality of first intermediate results based on the first predicted loss value and first model parameters of local models of the third nodes, respectively, of the plurality of second nodes;
and a transmitting unit configured to transmit its corresponding gradient value to a third node of the plurality of third nodes.
13. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-11.
14. A computing device comprising a memory having executable code stored therein and a processor, which when executing the executable code, implements the method of any of claims 1-11.
CN202310956400.9A 2023-07-31 2023-07-31 Model training method and device based on privacy protection Pending CN116975918A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310956400.9A CN116975918A (en) 2023-07-31 2023-07-31 Model training method and device based on privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310956400.9A CN116975918A (en) 2023-07-31 2023-07-31 Model training method and device based on privacy protection

Publications (1)

Publication Number Publication Date
CN116975918A true CN116975918A (en) 2023-10-31

Family

ID=88472762

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310956400.9A Pending CN116975918A (en) 2023-07-31 2023-07-31 Model training method and device based on privacy protection

Country Status (1)

Country Link
CN (1) CN116975918A (en)

Similar Documents

Publication Publication Date Title
WO2021017444A1 (en) Blockchain-based data authorization method and device
WO2021017441A1 (en) Blockchain-based data authorization method and apparatus
US11726968B2 (en) Methods, apparatuses, and devices for transferring data assets based on blockchain
US20230028606A1 (en) Method and apparatus for vertical federated learning
De Oliveira et al. Towards a blockchain-based secure electronic medical record for healthcare applications
US20200059362A1 (en) Methods and systems for enhancing privacy on distributed ledger-based networks
WO2020155832A1 (en) Cross-chain usage-rights system and method, device, eletronic apparatus and storage medium
TW202107458A (en) Data authorization method and device based on smart contract
EP3933642B1 (en) Managing transactions in multiple blockchain networks
CN110189131A (en) The implementation method and device traded using the secret block chain of ring signatures
US11233660B2 (en) Confidential blockchain transactions
CN110245942B (en) Receipt storage method and node combining user type and judgment condition
EP3937050B1 (en) Managing transactions in multiple blockchain networks
EP3933641B1 (en) Managing transactions in multiple blockchain networks
WO2021204044A1 (en) Correction of blockchain data
CN110335042A (en) Anonymous deal method and device based on ring signatures
TWI727642B (en) Method and device for realizing confidential transaction in block chain
CN116975918A (en) Model training method and device based on privacy protection
Kumar et al. Blockchain technology and applications
Mahmood et al. A survey on privacy and policy aspects of blockchain technology
Li et al. A blockchain‐based traceable group loan system
Shu Blockchain for security of a cloud-based online auction system
CN112199695A (en) Processing method and device for receivable financing, electronic device and storage medium
CN115037548B (en) System, method, device, medium and equipment for secure multiparty computation of data based on blockchain
Xu et al. POMF: A Privacy-preserved On-chain Matching Framework

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination