CN117034307A

CN117034307A - Data encryption method, device, computer equipment and storage medium

Info

Publication number: CN117034307A
Application number: CN202310869716.4A
Authority: CN
Inventors: 杨诗友
Original assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Current assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Priority date: 2023-07-14
Filing date: 2023-07-14
Publication date: 2023-11-10

Abstract

The present application relates to a data encryption method, apparatus, computer device, storage medium and computer program product. The method comprises the following steps: receiving a public key sent by a second data party and a ciphertext of an intermediate calculation result, and determining a ciphertext of a predictive tag and a ciphertext of a tag difference value; performing blinding treatment on the ciphertext of the predicted tag and the ciphertext of the tag difference value to obtain the blinded ciphertext of the predicted tag and the blinded ciphertext of the tag difference value; and sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model, wherein the received ciphertext can be blindly processed by the tagged data party, so that the tagged data party cannot learn the gradient of the untagged data party and the plaintext of the model weight in the training and prediction process, and the data safety and the model training performance are improved.

Description

Data encryption method, device, computer equipment and storage medium

Technical Field

The present application relates to the field of security technologies, and in particular, to a data encryption method, apparatus, computer device, storage medium, and computer program product.

Background

With the development of the security technology field, federal learning, multiparty security computing and the like are developed, mature and mainstream data sharing security technologies are also coming to be used in modeling more and more commonly in the industry. The training and prediction requirements of the linear model under the vertical federal learning scene (such as a cross-enterprise and cross-industry joint modeling scene) are vigorous.

In the related art, the linear model comprises a label data party and a label-free data party for joint training, and the specific process is as follows: the labeled data party updates the weight through the gradient, so that the labeled data party needs to know the own plaintext gradient, but after knowing the own plaintext gradient, the labeled data party can reversely push out the model parameter wx of the other party through combining the own plaintext gradient with other known intermediate parameters and conditions, reversely push out the original characteristic data x of the other party through the model parameter wx and the known intermediate parameters, and based on the model parameter wx and the model parameter wx, the labeled data party can reversely push out the original data of the non-labeled data party through available information, so that the risk of data leakage exists, and the security of the data is poor.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a data encryption method, apparatus, computer device, computer-readable storage medium, and computer program product that can improve data security.

In a first aspect, the present application provides a data encryption method applied to a first data party, where the first data party is a data party with a tag, the method includes:

receiving a public key sent by a second data party and ciphertext of an intermediate calculation result, wherein the intermediate calculation result is calculated by the second data party based on model parameters corresponding to each non-tag sample data and characteristic components of each non-tag sample data;

determining a ciphertext of a predicted tag and a ciphertext of a tag difference value based on the ciphertext of the intermediate calculation result and the characteristic component of the tagged sample data;

performing blinding treatment on the ciphertext of the predictive tag and the ciphertext of the tag difference value to obtain the blinded ciphertext of the predictive tag and the blinded ciphertext of the tag difference value;

and sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model.

In one embodiment, the determining the ciphertext of the predicted tag and the ciphertext of the tag difference based on the ciphertext of the intermediate calculation result and the feature component of the tagged sample data includes:

Determining the ciphertext of an ith prediction tag based on the ciphertext of the ith intermediate calculation result, the ciphertext of the current first model parameter of the first data party and the ith characteristic component in the tagged sample data aiming at the ith sample data in the untagged sample data;

and determining the ciphertext of the label difference value based on the ciphertext of the ith intermediate calculation result in the label-free sample data, the ciphertext of the ith intermediate calculation result in the label-free sample data and the ith label data aiming at the ith sample data in the label-free sample data.

In one embodiment, the obtaining, based on the ciphertext of the blinded prediction tag and the ciphertext of the blinded tag difference, the ciphertext of the first model weight of the first data party and the second model weight of the second data party corresponding to the trained model includes:

sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party so as to enable the second data party to perform decryption processing and obtain a blinded second party gradient;

receiving a blinded second-party gradient sent by the second data party, performing blinding removal processing on the blinded second-party gradient to obtain a second-party gradient, and sending the second-party gradient to the second data party so that the second data party obtains updated second model weight and target indication information based on the second-party gradient;

And if the preset training completion condition is not met based on the target indication information, re-executing the step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the preset training completion condition is met based on the target indication information, and determining that the ciphertext of the first model weight of the current first data party is the ciphertext of the first model weight of the first data party corresponding to the trained model.

In one embodiment, the obtaining the ciphertext of the first model weight of the first data party corresponding to the trained model based on the ciphertext of the blinded prediction tag and the ciphertext of the blinded tag difference value includes:

calculating the ciphertext of the loss sub-function of the first data side based on the ith tag data and the ciphertext of the tag difference value;

performing blinding treatment on the ciphertext of the loss sub-function of the first data side to obtain the blinded ciphertext of the loss sub-function of the first data side;

sending the ciphertext of the blinded predictive tag, the ciphertext of the blinded tag difference value and the ciphertext of the loss sub-function of the blinded first data party to the second data party so as to enable the second data party to perform decryption processing to obtain a blinded second party gradient and a blinded loss function;

Receiving a blinded second-party gradient and the blinded loss function sent by the second data party, performing blinding treatment on the blinded second-party gradient and the blinded loss function to obtain a second-party gradient and a loss function, and sending the second-party gradient to the second data party;

and if the loss function is determined not to meet the preset training completion condition, re-executing the step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the loss function is determined to meet the preset training completion condition, and determining the ciphertext of the first model weight of the current first data party as the ciphertext of the first model weight of the first data party corresponding to the trained model.

Receiving a blinded second-party gradient sent by the second data party, performing blinding removal processing on the blinded second-party gradient to obtain a second-party gradient, and sending the second-party gradient to the second data party so that the second data party obtains updated second model weights based on the second-party gradient;

and if the preset training completion condition is not met, re-executing the step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the preset training completion condition is met, and determining that the ciphertext of the current first model weight of the first data party is the ciphertext of the first model weight of the first data party corresponding to the trained model.

In one embodiment, the method further comprises:

determining a current gradient ciphertext of the first data party based on the characteristic component of the labeled sample data and the ciphertext of the label difference value;

and calculating the ciphertext of the current first model weight of the first data party based on the current gradient ciphertext of the first data party and the model parameters of the labeled sample data.

In one embodiment, the method further comprises:

Calculating random ciphertext of the test sample data based on ciphertext of the model parameters of the first data side corresponding to the trained model, the characteristic components of the labeled sample data and the test random number;

the random ciphertext of the test sample data is sent to the second data party, so that the second data party processes the random ciphertext of the test sample data to obtain random data of the predictive label data;

and receiving the random data of the predicted tag data sent by the second data party, and carrying out derandomizing processing on the random data of the predicted tag data to obtain ciphertext of the predicted tag data, wherein the ciphertext of the predicted tag data is used for determining a test result.

In a second aspect, the present application provides a data encryption method applied to a second data party, where the second data party is a label-free data party, the method including:

calculating an intermediate calculation result based on model parameters corresponding to each non-tag sample data and characteristic components of each non-tag sample data, encrypting the intermediate calculation result to obtain a ciphertext of the intermediate calculation result, and sending the ciphertext of the intermediate calculation result to a first data side;

And receiving the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value sent by the first data party, and obtaining a second model weight of a second data party corresponding to the trained model based on the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value.

In one embodiment, the obtaining the second model weight of the second data party corresponding to the trained model based on the received ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value includes:

decrypting the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to obtain a blinded second square gradient;

sending the blinded second-party gradient to the first data party so that the first data party obtains a second-party gradient;

receiving a second-party gradient sent by the first data party, updating a second model weight of a current second data party based on the second-party gradient to obtain an updated second model weight, generating target indication information based on the updated second model weight, wherein the target indication information characterizes that a preset training completion condition is met or a training completion condition is not met, and sending the target indication information to the first data party.

receiving a ciphertext of a blinded prediction tag, a ciphertext of a blinded tag difference value, and a ciphertext of a blinded loss sub-function;

decrypting the ciphertext of the blinded prediction tag, the ciphertext of the blinded tag difference value and the ciphertext of the blinded loss sub-function to obtain a blinded loss function and a blinded second-party gradient;

transmitting the blinding loss function and the blinding second-party gradient to the first data party, so that the first data party determines a second-party gradient and a training result based on the blinding loss function and the blinding second-party gradient;

and receiving the training result and the second-party gradient, and updating the second model weight of the current second data party based on the second-party gradient to obtain an updated second model weight.

In one embodiment, the method further comprises:

receiving a random ciphertext of test sample data sent by a first data party, wherein the random ciphertext of the test sample data is obtained by the first data party based on a ciphertext of a model parameter of the first data party corresponding to the trained model, a characteristic component of the sample data with a label and a test random number;

Decrypting the random ciphertext of the test sample data to obtain random data of the test sample data, and obtaining random data of predicted tag data based on characteristic components of the label-free sample data, model parameters of a second data party and the random data of the test sample data;

and the random data of the predicted tag data is sent to the first data party, so that the first data party carries out derandomization on the random data of the predicted tag data to obtain ciphertext of the predicted tag data, and the ciphertext of the predicted tag data is used for determining a test result.

In a third aspect, the present application provides a data encryption method applied to a first data party and a second data party, where the first data party is a data party with a tag, and the second data party is a data party without a tag, and the method includes:

the second data side calculates an intermediate calculation result based on model parameters corresponding to each non-tag sample data and characteristic components of each non-tag sample data, encrypts the intermediate calculation result to obtain a ciphertext of the intermediate calculation result, and sends the ciphertext of the intermediate calculation result to the first data side;

The first data side determines a ciphertext of a predicted tag and a ciphertext of a tag difference value based on the ciphertext of the intermediate calculation result and characteristic components of the tagged sample data; performing blinding treatment on the ciphertext of the predictive tag and the ciphertext of the tag difference value to obtain the blinded ciphertext of the predictive tag and the blinded ciphertext of the tag difference value; sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model;

and the first data party obtains second model weights of a second data party corresponding to the trained model based on the ciphertext of the blinded predictive label and the ciphertext of the blinded label difference value.

In a fourth aspect, the present application provides a data encryption apparatus for use with a first data party, the first data party being a tagged data party, the apparatus comprising:

the first receiving module is used for receiving the public key sent by the second data party and ciphertext of an intermediate calculation result, wherein the intermediate calculation result is calculated by the second data party based on model parameters corresponding to each non-tag sample data and characteristic components of each non-tag sample data;

The first determining module is used for determining the ciphertext of the predicted tag and the ciphertext of the tag difference value based on the ciphertext of the intermediate calculation result and the characteristic component of the tagged sample data;

the blinding processing module is used for carrying out blinding processing on the ciphertext of the predictive tag and the ciphertext of the tag difference value to obtain the blinded ciphertext of the predictive tag and the blinded ciphertext of the tag difference value;

and the second determining module is used for sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party so as to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model.

In a fifth aspect, the present application provides a data encryption apparatus for use with a second party, the second party being a non-tag party, the apparatus comprising:

the third determining module is used for calculating an intermediate calculation result based on model parameters corresponding to each non-label sample data and characteristic components of each non-label sample data, carrying out encryption processing on the intermediate calculation result to obtain a ciphertext of the intermediate calculation result, and sending the ciphertext of the intermediate calculation result to the first data side;

And the second receiving module is used for receiving the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value sent by the first data party and obtaining a second model weight of a second data party corresponding to the trained model based on the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value.

In a sixth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In a seventh aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In an eighth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

The data encryption method, apparatus, computer device, storage medium and computer program product described above, by receiving a public key transmitted by the second data party, and a ciphertext of the intermediate calculation result; determining a ciphertext of a predicted tag and a ciphertext of a tag difference value based on the ciphertext of the intermediate calculation result and the characteristic component of the tagged sample data; performing blinding treatment on the ciphertext of the predicted tag and the ciphertext of the tag difference value to obtain the blinded ciphertext of the predicted tag and the blinded ciphertext of the tag difference value; and sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model. By adopting the method, the received ciphertext can be subjected to blinding treatment on the tagged data party, so that the tagged data party cannot learn the gradient of the untagged data party and the plaintext of the model weight in the training and prediction process, all the obtained data are encrypted and protected by the public key of the untagged data party, the data leakage is avoided, and the safety of the data and the performance of model training are improved.

Drawings

FIG. 1 is an application environment diagram of a data encryption method in one embodiment;

FIG. 2 is a flow chart of a data encryption method in one embodiment;

FIG. 3 is a flow chart illustrating a ciphertext step of determining a tag difference value in one embodiment;

FIG. 4 is a flowchart illustrating a ciphertext step of determining a first model weight in one embodiment;

FIG. 5 is a flowchart illustrating a ciphertext step of determining a first model weight in one embodiment;

FIG. 6 is a flowchart illustrating a ciphertext step of determining a first model weight in one embodiment;

FIG. 7 is a flow chart of a test procedure in one embodiment;

FIG. 8 is a flow diagram of a method of data encryption in one embodiment;

FIG. 9 is a flow diagram of the steps for generating a target indication message in one embodiment;

FIG. 10 is a flowchart illustrating a ciphertext step of determining a second model weight in one embodiment;

FIG. 11 is a flow chart illustrating the steps for determining predictive tag data in one embodiment;

FIG. 12 is a block diagram of a data encryption device in one embodiment;

FIG. 13 is a block diagram showing the structure of a data encryption device in one embodiment;

fig. 14 is an internal structural diagram of a computer device in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

The data encryption method provided by the embodiment of the application can be applied to an application environment shown in figure 1. The first terminal 102 and the second terminal 104 may communicate with the server 106 through a network, the first terminal may be a first training client in federal learning, the second terminal may be another training client in federal learning, the first terminal may store tag data, the second terminal may store tag data, and the first terminal and the second terminal may perform training based on the tag data and the non-tag data. The first terminal 102 and the second terminal 104 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and the like. The server 106 may be implemented as a stand-alone server or as a cluster of servers.

In one embodiment, a data encryption method is provided and applied to a terminal corresponding to a first data party, where the first data party is a data party with a tag, as shown in fig. 2, and the data encryption method includes:

Step 202, receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result.

The intermediate calculation result is calculated by the second data party based on the model parameters corresponding to the unlabeled sample data and the characteristic components of the unlabeled sample data. The first party may be a tagged party, storing tag data, for example a gust party; the second party may be a non-tagged party and store non-tagged data, for example, a host party. The public key sent by the second data party may be a public key obtained by calculation of the second data party, and the ciphertext of the intermediate calculation result used for encrypting the data sent by the first data party by the second data party may be obtained by encrypting the intermediate calculation result by the second data party based on the public key of the second data party; in one example, the second data party may perform encryption processing, which may be homomorphic encryption processing in which the second data party performs addition type on the intermediate calculation result.

In an implementation, the second data party may perform processing based on the model parameters corresponding to the locally stored unlabeled exemplar data and the feature components of each piece of unlabeled exemplar data, to obtain the intermediate calculation result. Based on the above, the second data party can encrypt the obtained intermediate calculation result based on the public key of the second data party, so as to obtain the ciphertext of the intermediate calculation result. In one example, the second data party may determine a homomorphic encryption public key, and perform homomorphic encryption processing on the intermediate calculation result based on the homomorphic encryption public key, to obtain an intermediate calculation result under the homomorphic encryption public key, that is, a ciphertext of the intermediate calculation result. Thus, the second party can send the public key and the ciphertext of the intermediate calculation result calculated based on the model parameters corresponding to the unlabeled exemplar data and the unlabeled exemplar data to the first party. The first party may receive the public key of the second party, and the ciphertext of the intermediate calculation result.

Step 204, determining the ciphertext of the predicted tag and the ciphertext of the tag difference value based on the ciphertext of the intermediate calculation result and the characteristic component of the tagged sample data.

The ciphertext of the predictive tag represents a predictive value of tagged sample data in a ciphertext form, and the tagged sample data is sample data stored in a tagged data party; the ciphertext of the label difference value is calculated based on the ciphertext of the intermediate calculation result corresponding to the labeled sample data, the ciphertext of the intermediate calculation result corresponding to the unlabeled sample data and the label data in the labeled sample data, and represents the difference between the sample data and the label data.

In an implementation, the first party may calculate the ciphertext of the predictive tag and the ciphertext of the tag difference based on the ciphertext of the intermediate calculation and the feature component determined based on the tagged sample data. In one example, the first party may perform an operation based on the ciphertext of the intermediate calculation result corresponding to the labeled sample data, the ciphertext of the intermediate calculation result corresponding to the unlabeled sample data, and the label data in the labeled sample data to determine the ciphertext of the predicted label and the ciphertext of the label difference.

And 206, performing blinding processing on the ciphertext of the predicted tag and the ciphertext of the tag difference value to obtain the blinded ciphertext of the predicted tag and the blinded ciphertext of the tag difference value.

Wherein the blinding process may be a random process based on a random number, which may be a fixed length random bit.

In the implementation, the first data party can determine one or more random numbers, and perform blinding processing on the ciphertext of the predicted tag and the ciphertext of the tag difference value based on the determined one or more random numbers, so as to obtain the blinded ciphertext of the predicted tag and the blinded ciphertext of the tag difference value. In one example, the first party may determine a first random number and a second random number, the first party may process the ciphertext of the predicted tag based on the determined first random number to obtain a blind ciphertext of the predicted tag, and the first party may further perform a blind process on the ciphertext of the tag difference based on the first random number and the second random number to obtain a blind ciphertext of the first tag difference.

And step 208, sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model.

In an implementation, the first party may send the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference to the second party, so that the second party may perform decryption based on the received ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference, and perform data interaction with the first party, so that the first party may obtain the ciphertext of the first model weight corresponding to the first party in the trained model.

In the data encryption method, a public key sent by a second data party and a ciphertext of an intermediate calculation result are received; determining a ciphertext of a predicted tag and a ciphertext of a tag difference value based on the ciphertext of the intermediate calculation result and the characteristic component of the tagged sample data; performing blinding treatment on the ciphertext of the predicted tag and the ciphertext of the tag difference value to obtain the blinded ciphertext of the predicted tag and the blinded ciphertext of the tag difference value; and sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model. By adopting the method, the received ciphertext can be subjected to blinding treatment on the tagged data party, so that the tagged data party cannot learn the gradient of the untagged data party and the plaintext of the model weight in the training and prediction process, all the obtained data are encrypted and protected by the public key of the untagged data party, the data leakage is avoided, and the safety of the data and the performance of model training are improved.

In one embodiment, as shown in fig. 3, step 204, "determining the specific process of predicting the ciphertext of the tag, the ciphertext of the tag difference value" based on the ciphertext of the intermediate calculation result and the feature component of the tagged sample data "includes:

step 302, for the ith sample data in the unlabeled sample data, determining the ciphertext of the ith predicted label based on the ciphertext of the ith intermediate calculation result, the ciphertext of the current first model parameter of the first data party, and the ith feature component in the labeled sample data.

Wherein the unlabeled exemplar data may include a plurality of pieces of exemplar data; the ciphertext of the current first model parameter of the first data party may be the ciphertext of the corresponding first model parameter of the first data party at the current moment.

In implementation, for the ith sample data in the unlabeled sample data, the first data party can acquire the ciphertext of the current first model parameter of the first data party and the ith feature component in the labeled sample data, and calculate the ith feature component to obtain a first intermediate quantity; based on this, the first party may calculate a sum of the first intermediate quantity and the ciphertext of the i-th intermediate calculation result, and determine the resulting sum as the ciphertext of the i-th predictive tag.

Step 304, for the ith sample data in the unlabeled sample data, determining the ciphertext of the label difference value based on the ciphertext of the ith intermediate calculation result in the labeled sample data, and the ith label data.

In an implementation, the first data party may process based on the ciphertext of the ith intermediate calculation result corresponding to the unlabeled sample data, the ciphertext of the ith intermediate calculation result corresponding to the labeled sample data, and the ith label data in the labeled sample data, to obtain the ciphertext of the ith label difference.

In this embodiment, the training performance of model training can be ensured by calculating the ciphertext of the predicted tag and the ciphertext of the tag difference value.

In one embodiment, as shown in fig. 4, the specific processing procedure of step 208 "send the ciphertext of the blind prediction tag and the ciphertext of the blind tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model" includes:

and step 402, sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party so as to enable the second data party to perform decryption processing and obtain a blinded second party gradient.

In the implementation, after obtaining the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference, the first party may send the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference to the second party; the second data party can perform decryption processing to obtain a blinded predictive tag and a blinded tag difference value, calculate based on the blinded tag difference value and characteristic components of the non-tag data to obtain a blinded second party gradient, and return the blinded second party gradient to the first data party.

And step 404, receiving the blinded second-party gradient sent by the second data party, performing blind removal processing on the blinded second-party gradient to obtain a second-party gradient, and sending the second-party gradient to the second data party so that the second data party obtains updated second model weight and target indication information based on the second-party gradient.

The target indication information is used for representing whether the preset training completion condition is met or not, and the target indication information can be used for representing that the preset training completion condition is met or not.

In an implementation, the first data party may perform blind removal processing based on the received blinded second party gradient, for example, blind removal processing may be performed on the received blinded second party gradient based on the determined first random number and the second random number, to obtain the second party gradient. Based on this, the first party may send a second party gradient to the second party; the second data party can update the current second model weight based on the received second party gradient to obtain an updated second model weight. And the second data party determines whether a preset training completion condition is met or not based on the updated second party gradient, and generates target indication information. In this way, the second party may return the target indication information to the first party.

And step 406, if the preset training completion condition is not met based on the target indication information, re-executing the step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the preset training completion condition is met based on the target indication information, and determining that the ciphertext of the first model weight of the current first data party is the ciphertext of the first model weight of the first data party corresponding to the trained model.

In an implementation, if the first data party determines, based on the received target indication information, that the information carried in the target indication information represents that the preset training completion condition is not currently met, the first data party may use the ciphertext of the first model weight of the first data party obtained in the step as the first model parameter of the first data party corresponding to the current moment of the model in training, and re-execute the step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the first data party determines, based on the received target indication information, that the information carried in the target indication information represents that the preset training completion condition is currently met, then the first data party may determine the ciphertext of the first model weight of the current first data party, and may be the ciphertext of the first model weight of the first data party corresponding to the training completion model, that is, the ciphertext of the first model parameter of the first data party corresponding to the training completion model.

In one example, the second data party may determine whether a preset training completion condition is met based on the updated second model weight change, alternatively the preset training completion condition may be a preset convergence condition, or the like.

In this embodiment, the unlabeled data party determines whether the preset training completion condition is satisfied based on the model weight change corresponding to the updated unlabeled data party, so that the judgment mode of the training completion condition can be enriched, and the accuracy of judging whether the training is completed is ensured.

In one embodiment, the specific processing procedure of step 208 "send the ciphertext of the blinded prediction tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model" includes:

and step, sending the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to the second data party so as to enable the second data party to perform decryption processing and obtain a blinded second party gradient.

And step, receiving a blinded second-party gradient sent by a second data party, performing blinding treatment on the blinded second-party gradient to obtain a second-party gradient, and sending the second-party gradient to the second data party so that the second data party obtains updated second model weight based on the second-party gradient.

In an implementation, the first data party may perform blind removal processing based on the received blinded second party gradient, for example, blind removal processing may be performed on the received blinded second party gradient based on the determined first random number and the second random number, to obtain the second party gradient. Based on this, the first party may send a second party gradient to the second party; the second data party can update the current second model weight based on the received second party gradient to obtain an updated second model weight.

In the implementation, the first data party can determine whether the preset training completion condition is currently met or not based on own data, and under the condition that the preset training completion condition is not currently met, the first data party can take the ciphertext of the first model weight of the first data party obtained in the step as the first model parameter of the first data party corresponding to the current moment of the model in training, and re-execute the step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the first data party determines that the preset training completion condition is currently met based on own data, and then the first data party can determine the ciphertext of the first model weight of the current first data party, namely the ciphertext of the first model weight of the first data party corresponding to the trained model.

In one example, the data of the first data party may be a current iteration number, after the step of sending the second gradient to the second data party, the terminal corresponding to the first data party may obtain the current iteration number, compare the current iteration number with a preset iteration number threshold, and if the terminal corresponding to the first data party determines that the current iteration number is less than the preset iteration number threshold, determine that the preset training completion condition is not met currently; if the terminal corresponding to the first data party determines that the current iteration number is greater than or equal to the preset iteration number threshold, the terminal corresponding to the first data party can determine that the preset training completion condition is met.

In one example, the data of the first data party may be a first model weight corresponding to the first data party, after the step of sending the second gradient to the second data party, the terminal corresponding to the first data party may be a current ciphertext of the first model weight, and calculate with the ciphertext of the first model weight in the previous iteration process to obtain a weight difference parameter, and if the weight difference parameter is less than the target value, the terminal corresponding to the first data party may determine that the preset training completion condition is currently met; if the terminal corresponding to the first data party determines that the weight difference parameter is greater than or equal to the target value, the terminal corresponding to the first data party can determine that the preset training completion condition is not met. Alternatively, the target value may be, for example, 0 or the like.

In this embodiment, the label-bearing data party may determine whether the preset training completion condition is satisfied based on the calculated weight difference or the iteration number, so that the determination mode of the training completion condition may be enriched, and high accuracy of determining whether the training is completed is achieved under the condition that the training performance is ensured and the calculation resources required for the training are saved.

In one embodiment, as shown in fig. 5, the specific processing procedure of step 208 "send the ciphertext of the blind prediction tag and the ciphertext of the blind tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model" includes:

Step 502, calculating ciphertext of the loss sub-function of the first data side based on the ith tag data and ciphertext of the tag difference.

The loss sub-function of the first data party may be calculated based on the tag difference value and tag data in the sample data, for example, may be a loss fragment; the ith tag data may be the ith tag data (may be denoted as y _i )。

In the implementation, the first party may calculate the ciphertext of the loss sub-function of the ith first party based on the ith tag data and the ciphertext of the ith tag difference value, and the first party may perform superposition processing based on the ciphertext of each loss sub-function to obtain the ciphertext of the loss sub-function of the first party. In one example, the first data party may perform product operation on the ciphertext of the i-th tag difference value and the corresponding i-th tag data, respectively, to obtain the ciphertext of each loss sub-function.

And 504, performing blinding processing on the ciphertext of the loss sub-function of the first data side to obtain the blinded ciphertext of the loss sub-function of the first data side.

In the implementation, the terminal corresponding to the first data party can perform blinding processing on the calculated ciphertext of the loss sub-function of the first data party based on the predetermined random number; in one example, the terminal corresponding to the first data party may multiply the ciphertext of the loss sub-function of the first data party with the random number, and determine the resulting product as the ciphertext of the blinded loss sub-function of the first data party.

And step 506, sending the ciphertext of the blinded predictive tag, the ciphertext of the blinded tag difference value and the ciphertext of the loss sub-function of the blinded first data party to the second data party so as to enable the second data party to perform decryption processing and obtain a blinded second party gradient and a blinded loss function.

In an implementation, the terminal corresponding to the first data party may perform data interaction with the terminal corresponding to the second data party. The specific data interaction process can be as follows: the terminal corresponding to the first data party can send the calculated ciphertext of the blinded predictive tag, the calculated ciphertext of the blinded tag difference value and the calculated ciphertext of the blinded loss sub-function of the first data party to the terminal corresponding to the second data party. In this way, after receiving the ciphertext of the blinded predictive tag, the ciphertext of the blinded tag difference value and the ciphertext of the loss sub-function of the blinded first data party, the terminal corresponding to the second data party can decrypt the received data based on the public key, and return the decrypted data to the terminal corresponding to the first data party.

In one example, the second party may decrypt the ciphertext of the blinded prediction tag, the ciphertext of the blinded tag difference value, and the ciphertext of the blinded loss sub-function of the first party based on the public key of the second party to obtain a blinded complete loss function and a blinded second party gradient, i.e., a blinded loss function and a blinded second party gradient; the second-party gradient is used for updating the model weight of the second data party, and the blinding loss function is used for judging whether a preset training completion condition is met currently.

And step 508, receiving the blinded second-side gradient and the blinded loss function sent by the second data side, performing blinding removal processing on the blinded second-side gradient and the blinded loss function to obtain a second-side gradient and a loss function, and sending the second-side gradient to the second data side.

In the implementation, the terminal corresponding to the first data party performs the blind removing process on the blind second party gradient and the blind loss function sent by the terminal corresponding to the received second data party, for example, the blind removing process may be performed on the received blind second party gradient and blind loss function based on the first random number and the second random number which are subjected to the blind removing process in advance, so as to obtain the second party gradient and the loss function. Based on the above, the terminal corresponding to the first data party can send the second party gradient obtained by the blind removal processing to the terminal corresponding to the second data party.

And step 510, if the preset training completion condition is not met based on the loss function, re-executing the step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the preset training completion condition is met based on the loss function, and determining the ciphertext of the first model weight of the current first data party as the ciphertext of the first model weight of the first data party corresponding to the trained model.

In implementation, the terminal corresponding to the first data party may determine whether the preset training completion condition is currently satisfied based on the loss function obtained by the blind removal process. If the preset training completion condition is determined to be met currently, the terminal corresponding to the first data party can determine the ciphertext of the current first model weight of the first data party, and the terminal corresponding to the second data party can obtain the second model weight of the second data party corresponding to the trained model as the ciphertext of the first model weight of the first data party corresponding to the trained model. That is, if it is determined that the preset training completion condition is not currently satisfied, the first data party may use the ciphertext of the first model weight of the first data party obtained in the above step as the first model parameter of the first data party corresponding to the current time of the model in the training, and re-execute the above step of receiving the public key sent by the second data party and the ciphertext of the intermediate calculation result until the terminal corresponding to the first data party determines that the preset training completion condition is currently satisfied, and then the first data party may determine the ciphertext of the first model weight of the current first data party, which may be the ciphertext of the first model weight of the first data party corresponding to the trained model, that is, the ciphertext of the first model parameter of the first data party corresponding to the trained model. Similarly, the terminal corresponding to the second data party may determine the current second model weight of the first data party, which is the second model weight of the second data party corresponding to the trained model, that is, the second model parameter of the second data party corresponding to the trained model.

In this embodiment, the loss function is used as a basis for judging whether the preset training completion condition is met, so that the training efficiency and accuracy can be ensured, the loss function can be obtained in a whole-course protected state, and the safety of the related data of the loss function can be ensured.

In one embodiment, as shown in fig. 6, the data encryption method further includes:

step 602, determining a current gradient ciphertext of the first data party based on the characteristic component of the labeled sample data and the ciphertext of the label difference.

In implementation, the terminal corresponding to the first data party may process based on the ith sample data in the sample data with the tag and the ciphertext of the corresponding ith tag difference value to obtain the intermediate quantity corresponding to the ith sample data, so that the terminal corresponding to the first data party may perform superposition processing on the intermediate quantity corresponding to each sample data in the sample data with the tag to obtain the current gradient ciphertext of the first data party, that is, the current gradient of the first data party in the ciphertext form.

Step 604, calculating a ciphertext of a first model weight of the current first data party based on the current gradient ciphertext of the first data party and the model parameters of the tagged sample data.

In implementation, the terminal corresponding to the first data party determines the adjustment factor, calculates the product of the adjustment factor and the current gradient ciphertext of the first data party in the above step, and obtains the product value. Thus, the terminal corresponding to the first data party can calculate the difference value between the model parameter with the label sample data and the product value, and determine that the difference value is the ciphertext of the first model weight of the current first data party.

In an example, the ciphertext corresponding to the first data party and capable of determining that the difference value is the ciphertext of the first model weight of the current first data party may be, for example, the nth iteration process currently, and then the ciphertext corresponding to the first data party and capable of determining that the ciphertext corresponding to the first data party is the ciphertext of the first model parameter of the first data party in the (n+1) th iteration process may also be performed by the terminal corresponding to the second data party, which is not described herein.

In this embodiment, the ciphertext of the first model weight is updated through the ciphertext having the characteristic component and the label difference value of the label sample data, so that the accuracy of the obtained weight ciphertext is ensured, and the risk of data leakage is avoided.

In one embodiment, as shown in fig. 7, the data encryption method further includes:

Step 702, calculating a random ciphertext of the test sample data based on the ciphertext of the model parameter of the first data side corresponding to the trained model, the feature component of the labeled sample data, and the test random number.

In implementation, the terminal corresponding to the first data party may determine the ciphertext of the first model parameter of the corresponding first data party based on the ciphertext of the first model weight of the trained model, and calculate the product of the ciphertext of the model parameter of the first data party and the characteristic component of the labeled sample data, so that the terminal may randomize the product based on the test random number to obtain the random ciphertext corresponding to the test sample data.

Step 704, sending a random ciphertext of the test sample data to the second data party, so that the second data party decrypts the random ciphertext of the test sample data to obtain random data of the test sample data, and obtaining random data of the predicted tag data based on the feature component of the unlabeled sample data, the model parameter of the second data party and the random data of the test sample data.

In implementation, the terminal corresponding to the first data party may send the random ciphertext corresponding to the test sample data obtained by calculation to the terminal corresponding to the second data party, so that the terminal corresponding to the second data party may decrypt the random ciphertext of the test sample data to obtain random data of the test sample data, and obtain random data of the predicted tag data based on the feature component of the label-free sample data, the model parameter of the second data party, and the random data of the test sample data.

Step 706, receiving the random data of the predicted tag data sent by the second data party, and performing derandomizing processing on the random data of the predicted tag data to obtain predicted tag data, where ciphertext of the predicted tag data is used to determine a test result.

In an implementation, the terminal corresponding to the first data party may perform a derandomization process based on the received random data of the predicted tag data, so as to obtain the predicted tag data, and thus, the terminal corresponding to the first data party may determine a test result based on the obtained predicted tag data, where the test result may include a test passing or a test failing, and so on.

In the embodiment, accurate test results can be obtained by performing test processing on the test data, and the effectiveness of model training is ensured.

In one embodiment, a data encryption method is provided and applied to a terminal corresponding to a second data party, where the second data party is a label-free data party, as shown in fig. 8, and the data encryption method includes:

step 802, calculating an intermediate calculation result based on the model parameters corresponding to each unlabeled sample data and the characteristic components of each unlabeled sample data, performing encryption processing on the intermediate calculation result to obtain a ciphertext of the intermediate calculation result, and sending the ciphertext of the intermediate calculation result to the first data side.

In the implementation, the terminal corresponding to the second data party may process based on the model parameters corresponding to the locally stored unlabeled sample data and the feature components of each piece of unlabeled sample data, to obtain the intermediate calculation result. Based on the above, the second data party can encrypt the obtained intermediate calculation result based on the public key of the second data party, so as to obtain the ciphertext of the intermediate calculation result. In one example, the second data party may determine a homomorphic encryption public key, and perform homomorphic encryption processing on the intermediate calculation result based on the homomorphic encryption public key, to obtain an intermediate calculation result under the homomorphic encryption public key, that is, a ciphertext of the intermediate calculation result. Thus, the second party can send the public key and the ciphertext of the intermediate calculation result calculated based on the model parameters corresponding to the unlabeled exemplar data and the unlabeled exemplar data to the first party.

Step 804, receiving the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value sent by the first data party, and obtaining the second model weight of the second data party corresponding to the trained model based on the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value.

In the implementation, the terminal corresponding to the second data party may perform decryption processing based on the received ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value, so as to obtain the blinded predictive tag and the blinded tag difference value. The specific process can be as follows: the terminal corresponding to the second data party can process based on the characteristic components of the label-free sample data and the blind label difference values corresponding to the label-free sample data to obtain second model weights of the blind second data party, and under the condition that the preset training completion condition is met currently, the second model weights of the second data party corresponding to the trained model are determined based on the second model weights of the current second data party.

In this embodiment, the received ciphertext may be blinded by the tagged data party and encrypted by the untagged data party, so that in the training process and the prediction process, the tagged data party cannot learn the plaintext of the gradient and the model weight of the untagged data party, the untagged data party cannot obtain the ciphertext of the gradient and the model weight of the tagged data party, all data available to the tagged data party are encrypted and protected by the public key of the untagged data party, all data available to the untagged data party are protected by the random number of the tagged data party, data leakage is avoided, data security is improved, and training efficiency of model training is improved.

In one embodiment, as shown in fig. 9, step 804 "a specific process of obtaining a second model weight of a second data party corresponding to the trained model based on the received ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value" includes:

and step 902, decrypting the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value to obtain a blinded second square gradient.

In the implementation, the terminal corresponding to the second data party may decrypt the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value respectively, for example, may decrypt the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value respectively based on a predetermined public key of the second data party, so as to obtain a blinded second party gradient, that is, a blinded second party gradient.

Step 904, sending the blinded second-party gradient to the first party to obtain the second-party gradient for the first party.

In the implementation, the second data party can send the blinded second party gradient to the first data party, the first data party can perform blind removal processing on the blinded second party gradient after receiving the blinded second party gradient to obtain the second party gradient, and the first data party can send the determined second party gradient to the terminal corresponding to the second data party.

Step 906, receiving the second gradient sent by the first data party, updating the second model weight of the current second data party based on the second gradient, obtaining an updated second model weight, and generating the target indication information based on the updated second model weight.

The target indication information characterizes that the preset training completion condition is met or the training completion condition is not met, and the target indication information is sent to the first data side.

In an implementation, the terminal corresponding to the second data party may perform update processing on the model weight based on the received second party gradient, that is, the terminal corresponding to the second data party may update the current second model weight of the second data party based on the current received second party gradient, to obtain an updated second model weight. In one example, the terminal corresponding to the second data party may update the second model weight of the second data party in the n-1 th iteration based on the received second party gradient in the n-th iteration, to obtain the second model weight in the n-th iteration, and determine the second model weight calculated in the n-th iteration as the second model parameter of the second data party in the n+1-th iteration.

Optionally, the terminal corresponding to the second data party determines whether the preset training completion condition is met based on the updated second model weight, if it is determined that the preset training completion condition is currently met, target indication information for ensuring that the preset training completion condition is met is generated, for example, the terminal corresponding to the second data party may determine whether the second model weight converges based on the second model weight in the nth iteration process and the second model weight in the n-1 th iteration process, and if it is determined that the second model weight meets the preset convergence condition, the terminal corresponding to the second data party may determine that the preset training completion condition is currently met, and generate target indication information for representing that the preset training completion condition is currently met; similarly, under the condition that the terminal corresponding to the second data side determines that the preset training completion condition is not met currently, target indication information for representing that the preset training completion condition is not met currently can be generated. Based on the above, the terminal corresponding to the second data party can return the generated target indication information to the terminal corresponding to the first data party.

In this embodiment, the terminal corresponding to the second data party determines whether the preset training completion condition is met based on the second model weight, so that the determination modes of the preset training completion condition can be enriched, and the performance of model training is ensured.

In one embodiment, as shown in fig. 10, the specific processing procedure of step "obtaining the second model weight of the second data party corresponding to the trained model based on the received ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value" includes:

step 1002 receives the ciphertext of the blinded predictive tag, the ciphertext of the blinded tag difference, and the ciphertext of the blinded loss sub-function.

In an implementation, the terminal corresponding to the second data party may receive the ciphertext of the blinded predictive tag, the ciphertext of the blinded tag difference value, and the ciphertext of the blinded loss sub-function sent by the terminal corresponding to the first data party. The ciphertext of the blinded loss sub-function may be the ciphertext of the blinded loss fragments.

And step 1004, decrypting the ciphertext of the blinded prediction tag, the ciphertext of the blinded tag difference value and the ciphertext of the blinded loss sub-function to obtain the blinded loss function and the blinded second-party gradient.

In the implementation, the terminal corresponding to the second data party may decrypt the ciphertext of the blinded prediction tag, the ciphertext of the blinded tag difference value, and the ciphertext of the blinded loss sub-function, for example, may decrypt the data based on a predetermined homomorphic encryption key of the second data party, to obtain the blinded prediction tag, the blinded tag difference value, and the blinded loss sub-function; based on the product operation, the terminal corresponding to the second data party can perform product operation based on the blinded prediction tag and the blinded tag difference value, and obtain a blinded loss function based on the obtained product value and the obtained blinded loss sub-function; similarly, the terminal corresponding to the second data party can calculate based on the label-free sample data and the blinded label difference value to obtain the blinded second party gradient.

Step 1006, sending the blinded loss function and the blinded second-party gradient to the first data-party, so that the first data-party determines the second-party gradient and the training result based on the blinded loss function and the blinded second-party gradient.

In the implementation, the terminal corresponding to the second data party can blindly obtain the loss function and the blindly obtain the second-party gradient and the loss function by blindly obtaining the second-party gradient and the blindly obtain the second-party gradient. The terminal corresponding to the first data party can determine whether the preset training completion condition is met or not currently based on the obtained loss function, and under the condition that the preset training completion condition is met, the terminal corresponding to the first data party can generate a training result used for representing the completion of training, and returns a second party gradient and a training result used for guaranteeing the completion of training to the terminal corresponding to the second data party; similarly, under the condition that the preset training completion condition is not met, the terminal corresponding to the first data party can generate a training result used for representing that training is not completed, and a second party gradient and a training result used for guaranteeing that training is not completed are returned to the terminal corresponding to the second data party.

Step 1008, receiving the training result and the second gradient, and updating the second model weight of the current second data party based on the second gradient, to obtain an updated second model weight.

In an implementation, the terminal corresponding to the second data party may receive the training result and the second party gradient, update the current second model weight of the second data party based on the second party gradient, obtain an updated second model weight, and if the training is determined to be completed based on the training result, the terminal corresponding to the second data party may determine the updated second model weight as the second model weight of the second data party corresponding to the trained model.

In this embodiment, whether the current training is complete is determined through the training result sent by the first data party, and the current second model weight is updated based on the second party gradient, so as to ensure the effectiveness of the training.

In one embodiment, as shown in fig. 11, the data encryption method further includes:

step 1102, the receiving first data party sends a random ciphertext of the test sample data.

The random ciphertext of the test sample data is obtained by the first data party based on the ciphertext of the model parameter of the first data party corresponding to the trained model, the characteristic component of the sample data with the label and the test random number.

In an implementation, the terminal corresponding to the second data party may receive a random ciphertext of the test sample data transmitted by the first data party.

And step 1104, performing decryption processing on the random ciphertext of the test sample data to obtain random data of the test sample data, and obtaining random data of the predicted tag data based on the characteristic component of the unlabeled sample data, the model parameter of the second data party and the random data of the test sample data.

In implementation, the terminal corresponding to the second data party can decrypt the random ciphertext of the test sample data to obtain the random data of the test sample data. In this way, the terminal corresponding to the second data party can process based on the characteristic component of the unlabeled exemplar data and the second model parameter of the second data party to obtain the intermediate quantity. The terminal corresponding to the second data party can calculate based on the intermediate quantity, the random data of the test sample data and the test random number, and the random data of the predicted tag data is obtained.

Step 1106, the random data of the predicted tag data is sent to the first data party, so that the first data party performs a derandomizing process on the random data of the predicted tag data to obtain the predicted tag data.

Wherein the predictive tag data is used to determine a test result.

In an implementation, the second party may send the random data of the predicted tag data to the first party, so that the first party may perform a derandomization process based on the random data of the predicted tag data, for example, may perform a derandomization process on the random data of the predicted tag data based on the test random number, to obtain the predicted tag data. Test results may include test pass as well as test fail.

In one embodiment, a data encryption method is provided, applied to a terminal corresponding to a first data party and a terminal corresponding to a second data party, where the first data party is a tagged data party, and the second data party is untagged data, and the data encryption method includes:

and the second data party calculates an intermediate calculation result based on the model parameters corresponding to the unlabeled sample data and the characteristic components of the unlabeled sample data, encrypts the intermediate calculation result to obtain a ciphertext of the intermediate calculation result, and sends the ciphertext of the intermediate calculation result to the first data party.

The first data side determines the ciphertext of the predicted tag and the ciphertext of the tag difference based on the ciphertext of the intermediate calculation result and the characteristic component of the tagged sample data. And performing blinding treatment on the ciphertext of the predicted tag and the ciphertext of the tag difference value to obtain the ciphertext of the blinded predicted tag and the ciphertext of the blinded tag difference value, and sending the ciphertext of the blinded predicted tag and the ciphertext of the blinded tag difference value to the second data party to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model.

And the second data party obtains second model weights of the second data party corresponding to the trained model based on the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value.

The following describes in detail, in connection with a specific embodiment, a specific implementation procedure of the above data encryption method:

with the continuous development of data sharing security technologies, the application ranges of federal learning and multiparty security computing therein are also wider and wider, and the industry has also begun to use these technologies in modeling more and more commonly. The training and prediction requirements of the linear model are vigorous in a longitudinal federal learning scene (for example, a cross-enterprise application scene and a cross-industry joint modeling application scene). Classification and regression problems solved by machine learning algorithms such as linear models (e.g., linear regression, logistic regression, etc.) are the main directions of study for supervised learning.

However, the attack means of the linear model in the federal learning framework is more, and the current mainstream longitudinal federal linear model algorithm has potential data leakage problems: tagged data side B needs to pass through the own gradient g ^B To update the weight w ^B So the tagged data party must know the own plaintext gradient g ^B Thus, the tagged data party can reverse the party's raw feature data by the following procedure but can gradient g from own by the following steps ^B Or model parameters w ^B The original characteristic data X (i.e. X) of the unlabeled data side A is deduced in the middle and the opposite way ^A )：

1. The tagged data side B passes the own plaintext gradient g ^B The wx of the other party is reversely deduced by combining other known intermediate parameters and conditions ^A (i.e. X ^A W ^A )；

2. The tagged data party B may incorporate wx ^A And deriving, in combination with other known intermediate parameters, the raw data X (i.e. X ^A ) A system of quadratic linear equations;

3) The original characteristic data X (namely X) of the unlabeled data party A can be reversely deduced by meeting the matrix reverse-push condition of the quadratic equation set and the known partial data ^A )。

Based on the above description, it can be determined that the related linear model in the prior art has a risk of data leakage in the application scene of federal learning, and the security of the data is low.

The data encryption method provided by the embodiment comprises a model training method and a prediction method of a longitudinal federal learning linear model based on semi-homomorphic encryption and random number multiplication blinding, and aims to avoid the problem of data leakage of the linear model in the federal learning application scene and ensure the safety of data: for example, in the whole model training and prediction process, the tagged data party cannot obtain any model weight and gradient of the untagged data, so that potential data leakage risks are avoided, and safety and performance are considered by using semi-homomorphic encryption instead of secret sharing technology.

The longitudinal federal linear model training and prediction method in the data encryption method provided in this embodiment may include:

step one: data preprocessing and encrypted sample alignment

According to the conventional longitudinal federal learning framework, a tagged data party (which can be marked as a Guest party) and an untagged data party (which can be marked as a Host party) carry out encryption samples to obtain a virtual fusion data set, and carry out proper data preprocessing, feature selection and feature engineering on the data set.

Step two: label-free data party configures key pairs and transmits public keys and encryption parameter fragments

The label-free data party generates an addition homomorphic encryption public-private key pair (which can be recorded as PK ^H ，SK ^H ) The untagged party may write to tagged data Fang Fenfa public key (denoted PK ^H ). The terminal corresponding to the unlabeled data side may calculate an intermediate calculation result with respect to each piece of sample data of the unlabeled data side, the intermediate calculation result with respect to the ith piece of sample data in the unlabeled sample data (may be noted as) The calculation can be performed by the following formula: />

Wherein w is ^H Model parameters representing unlabeled exemplar data,representing the number of ith samples in unlabeled exemplar dataAccording to the characteristic components.

The unlabeled party may be directed to all intermediate calculations (which may be noted as) Using public key PK ^H Homomorphic encryption is performed to obtain ciphertext of the intermediate calculation result, and the ciphertext of the intermediate calculation result is sent to the side with tag data (which can be recorded as)。

In addition, if the first iteration is performed in the training process, the unlabeled data side needs to initialize the model weight (i.e., the first model weight) of the labeled data side, and uses the public key PK for the first model weight ^H And sending the homomorphic encryption result to the party with the tag data.

Step three: the data side with label calculates the needed intermediate parameter and encryption model weight and stores

With label data, based on each sample i receivedCiphertext (i.e., ciphertext of intermediate calculation result) calculates ciphertext of the predictive tag for each sample i (may be denoted +.>) Label difference (can be noted as +.>) And ciphertext of the loss subfunction (which can be noted +.>For example, ciphertext of the lost fragments). The unlabeled party may calculate the encryption gradient of the labeled party based on the product of the label difference ciphertext and the characteristic component of the labeled sample data of the labeled party>And calculates a new round of model weight ciphertext (which is used to calculate the intermediate parameters required for the next round) related to the local features of the tagged data party by means of the gradient. The method comprises the steps of performing multiplication blinding protection on a predicted tag, a tag difference value and a ciphertext of a lost fragment respectively, and sending blinded parameters to a non-tag data party, wherein the parameters can be calculated through the following formula:

wherein,ciphertext representing intermediate calculation result corresponding to ith sample data in unlabeled sample data, ++>Ciphertext representing a first model parameter having tag data,/->Representing an ith feature component in the labeled sample data; y is _i Representing the ith tag data in the tag sample data; / >First gradient ciphertext representing a first party (tagged party), +_>Representing ciphertext of the tagged sample data party corresponding to the first model weight,ciphertext representing model parameters of the tag sample data.

Step four: the unlabeled data side decrypts the intermediate parameters and calculates blinded loss L and blinded own gradient

The non-tag data party may be based on the received ciphertext of the blinded predictive tag, the ciphertext of the blinded tag difference, and the ciphertext of the blinded lossy patch, based on the private key SK ^H Decryption results in blinded intermediate parameters, which may include, for example, blinded predictive labels (which may be denoted as) The blinded tag difference (can be noted +.>) And a blinded loss subfunction +.>And calculating the blinding loss function L and blinding own gradient +.>The blinding loss L and blinding own gradient are sent to the tagged data party, for example, by the following formula:

wherein,representing a blinded loss function,/->Representing the second-order gradient of blinding.

Step five: de-randomizing a tagged data party and transmitting a gradient to an untagged data party

The tagged data party receives the blind loss L and the blind non-tagged data party gradient, and then randomizes the blind loss L and the blind non-tagged data party gradient, and sends non-tagged data Fang Tidu to the non-tagged data party, which may be, for example, a second party gradient g _H 。

Step six: label-free data party update model

The unlabeled party uses the gradient of the current round of unlabeled parties obtained from the labeled partyAnd uses the gradient +.>Model updating is performed to obtain new rounds of model weights related to the features possessed by the unlabeled data party, for example, updating the second model weights can be performed by the following formula to obtain updated second model weights (which can be marked as W ^H* )：

W ^H* ＝W ^H -ηg _H

Step seven: label data side stop condition judgment

And the data side with the label judges whether to enter the next iteration through some indexes or early stopping conditions (whether convergence is judged according to the current round of loss L and the previous round of loss is common), if yes, the steps II to six are circulated, and if not, training is completed.

Specifically, the prediction process may include: the tagged data party calculates the random ciphertext of the test sample data (which may be referred to as) For example, it can be calculated by the following formula:

wherein r is _i Representing the test random number.

The label data party sends the random ciphertext of the test sample data to the label-free data party, and the label-free data party carries out decryption processing to obtain the random data (which can be recorded as) And based on the test sample data corresponding to the second party >Test sample data corresponding to the first data side +.>Random data (which can be written +.>) For example, by +.> Obtained and returns random data of predicted tag data (which can be noted +.>). Thus, the tagged data party can target the predictionThe random data of the tag data is derandomized to obtain predicted tag data, for example, by +.>Obtained.

The data encryption method provided in this embodiment may be used by the tagged data party in training, where the public key PK of the untagged data party of the last round is obtained ^H Model weight W of encrypted tagged data party ^G Calculate each sample i for the present featureAnd adds the ciphertext to the addition mask r _i Then the data is sent to a non-tag data party, and the non-tag data party decrypts and adds the self local calculation to obtain +.>The result of the calculation is then transmitted back to the unlabeled party, who subtracts the mask r _i And (3) restoring the clear text of the calculation result, and then performing proper processing (for example, logistic regression can be used for sigmoid nonlinear transformation) to obtain a final result, so that data leakage is avoided, and the safety of the data is ensured.

In the data encryption method provided by the embodiment, in the whole federal linear model modeling and prediction process, a tagged data party cannot learn the plaintext of own gradient and model weight, all the obtained data is encrypted and protected by a public key of an untagged data party, the following security problem existing in the existing federal learning linear model framework is solved, the problem that potential data leakage is caused because the tagged data party can reversely push out the original data of the untagged data party through the available information is avoided, and the performance of an algorithm can be improved by using addition homomorphic encryption.

Specifically, the labeled data party is called as a Guest party for short, the unlabeled data party is called as a Host party for short, the training data identifier set formed by aligning samples of the Host data party and the GUEST data party is called as D, and the training data held by the Host party is expressed asTraining data held by the GUEST side is expressed as +.>Each iteration process requires the calculation of the following intermediate variables:

w ^H ,w ^G the current HOST side part model parameters and the GUEST side part model parameters are respectively,the characteristic components of the data sample marked as i on the HOST side and the GUEST side respectively, namely the characteristic components, L is a loss function, and two partial derivatives are gradients required by the two sides to update the respective models.

Contract useMarking X homomorphic encryption public key PK ^H (i.e., the public key generated by the Host). The addition homomorphic encryption algorithm adopts Paillier homomorphic encryption algorithm, and the common public key encryption algorithm adopts RSA, SM2 and the like.

In another embodiment, the labeled data party is called a Guest party, the unlabeled data party is called a Host party, if the training data identifier set formed by aligning the Host and the GUEST through the samples is D, the training data held by the Host party is expressed asTraining data held by the GUEST side is expressed as +.>Each iterative process requires the computation of the following intermediate variables (loss L uses a second order taylor expansion):

w ^H ,w ^G The current HOST side part model (model parameters) and the GUEST side part model (model parameters) respectively,the characteristic components of the data sample marked as i are respectively the HOST side and the GUEST side, L is a loss function, and the two partial derivatives are gradients required by updating the respective models of the two sides.

In the data encryption method provided by the embodiment, in the whole training and predicting process, a tagged data party cannot know a model weight plaintext of any round and a gradient plaintext required by model weight updating, all weight correlations are protected by a public key of an untagged data party, and the whole process is encrypted based on an addition homomorphic encryption algorithm; the intermediate calculation result fragments can be protected to be safely decrypted by using a multiplication random number blinding mode, and replacement of the multiplication random number and realization of subsequent calculation are carried out by using a division cancellation method; the method can also use Taylor expansion of the loss function, and converts the nonlinear term into a linear term by using a special intermediate calculation result splitting mode, multiplication random number blinding and addition homomorphic encryption and decryption mode, so that the loss L can be calculated and obtained under the condition of being protected in the whole course.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a data encryption device for realizing the above related data encryption method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the first or more embodiments of the data encryption device provided below may refer to the limitation of the data encryption method hereinabove, and will not be repeated here.

In one embodiment, as shown in fig. 12, there is provided a data encryption apparatus 1200 applied to a first data party, the first data party being a tagged data party, including:

the first receiving module 1202 is configured to receive a public key sent by the second data party and ciphertext of an intermediate calculation result, where the intermediate calculation result is calculated by the second data party based on model parameters corresponding to each unlabeled sample data and feature components of each unlabeled sample data;

a first determining module 1204, configured to determine, based on the ciphertext of the intermediate calculation result and the feature component of the labeled sample data, a ciphertext of the predicted label and a ciphertext of the label difference;

the blinding processing module 1206 is configured to perform blinding processing on the ciphertext of the predicted tag and the ciphertext of the tag difference value, so as to obtain a blinded ciphertext of the predicted tag and a blinded ciphertext of the tag difference value;

the second determining module 1208 is configured to send the ciphertext of the blinded prediction tag and the ciphertext of the blinded tag difference value to the second data party, so as to obtain the ciphertext of the first model weight of the first data party corresponding to the trained model.

In one embodiment, as shown in fig. 13, there is provided a data encryption apparatus 1300 applied to a second data party, the second data party being a non-tag data party, comprising:

The third determining module 1302 is configured to calculate an intermediate calculation result based on the model parameters corresponding to each unlabeled sample data and the feature components of each unlabeled sample data, encrypt the intermediate calculation result to obtain a ciphertext of the intermediate calculation result, and send the ciphertext of the intermediate calculation result to the first data party;

the second receiving module 1304 is configured to receive a ciphertext of the blinded prediction tag and a ciphertext of the blinded tag difference value, which are sent by the first data party, and obtain a second model weight of the second data party corresponding to the trained model based on the ciphertext of the blinded prediction tag and the ciphertext of the blinded tag difference value.

Each of the modules in the above-described data encryption apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 14. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing data related to data encryption. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data encryption method.

It will be appreciated by those skilled in the art that the structure shown in fig. 14 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements are applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.

In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.

In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.

In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. A data encryption method, applied to a first data party, the first data party being a tagged data party, the method comprising:

receiving a public key sent by a second data party and ciphertext of an intermediate calculation result, wherein the intermediate calculation result is calculated by the second data party based on model parameters of each non-tag sample data and characteristic components of each non-tag sample data;

2. The method of claim 1, wherein determining the ciphertext of the predicted tag, the ciphertext of the tag difference, based on the ciphertext of the intermediate calculation and the feature component of the tagged sample data, comprises:

3. The method of claim 1, wherein the obtaining, based on the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference, the ciphertext of the first model weight of the first data party and the second model weight of the second data party corresponding to the trained model comprises:

4. The method of claim 1, wherein the obtaining, based on the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference, the ciphertext of the first model weight of the first data party and the second model weight of the second data party corresponding to the trained model comprises:

5. The method according to claim 1, wherein the obtaining the ciphertext of the first model weight of the first data side corresponding to the trained model based on the ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value comprises:

6. The method according to claim 4 or 5, characterized in that the method further comprises:

7. The method according to claim 1, wherein the method further comprises:

and receiving the random data of the predicted tag data sent by the second data party, and carrying out derandomizing processing on the random data of the predicted tag data to obtain the predicted tag data, wherein the predicted tag data is used for determining a test result.

8. A data encryption method, applied to a second data party, the second data party being a label-free data party, the method comprising:

9. The method of claim 8, wherein the obtaining the second model weight of the second data party corresponding to the trained model based on the received ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value comprises:

10. The method of claim 8, wherein the obtaining the second model weight of the second data party corresponding to the trained model based on the received ciphertext of the blinded predictive tag and the ciphertext of the blinded tag difference value comprises:

11. The method of claim 8, wherein the method further comprises:

and the random data of the predicted tag data is sent to the first data party, so that the first data party carries out derandomizing processing on the random data of the predicted tag data to obtain the predicted tag data, and the predicted tag data is used for determining a test result.

12. A data encryption method, characterized in that it is applied to a first data party and a second data party, the first data party being a tagged data party, the second data party being an untagged data party, the method comprising:

and the second data party obtains second model weights of the second data party corresponding to the trained model based on the ciphertext of the blinded predictive label and the ciphertext of the blinded label difference value.

13. A data encryption device for use with a first party, the first party being a tagged party, the device comprising:

14. A data encryption device for use with a second party, the second party being a non-tagged party, the device comprising:

15. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 12 when the computer program is executed.

16. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 12.

17. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 12.