Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used in this specification is a method for distinguishing different components, elements, parts or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
FIG. 1 is a schematic diagram of an application scenario of an exemplary data processing system, shown in accordance with some embodiments of the present description.
The data processing system 100 may convert the first secret sharing mode into the second secret sharing mode by implementing the methods and/or processes disclosed herein while securing private data of different parties. For example, an addition secret share is converted to a multiplication secret share.
In some embodiments, the data processing system 100 may be used to implement the establishment of predictive machine learning models based on secret shared data. Among them, the machine learning model data and the sample data for training are stored in a plurality of parties in a secret sharing manner (for example, an addition secret sharing manner, a multiplication secret sharing manner, or the like). In some embodiments, establishing a predictive machine learning model based on secret sharing data may be applied to multiple industries, such as banking, insurance, merchant, and so forth. For example, a bank has the loan information data of a user, a third party has the machine learning model data, and the bank wishes to establish a model for assessing the credit rating of the user according to the machine learning model data and the loan information data owned by the bank, wherein the model can be used for the credit business of the bank, determine the credit rating of the user applying for loan, and further determine whether to offer the loan to the user. The bank and the third party do not want the other party to know the data held by the bank and the third party in order to guarantee the interest of the bank and the third party, so the machine learning model data and the loan information data are respectively stored in the two parties in an additive secret sharing mode. In the process of establishing the model, a sigmoid function of the model is calculated by converting the addition secret sharing data into the multiplication secret sharing data, so that a trained model is obtained.
Data processing system 100 may be an online cloud storage platform including servers 110, network 120, business terminals 130, databases 140, and other data sources 150. The server 110 may include a processing device 112.
In some embodiments, server 110 may be used to process information and/or data related to data processing. For example, the server 110 may send data generated by other data sources 150 to the database 140. As another example, the server 110 may obtain the conversion request from the service terminal 130. The server 110 may be a stand-alone server or a group of servers. The set of servers can be centralized or distributed (e.g., server 110 can be a distributed system). The server 110 may be regional or remote in some embodiments. For example, the server 110 may access information and/or data stored in the database 140 and other data sources 150 via the network 120. In some embodiments, the server 110 may be directly connected to the database 140, other data sources 150 to access information and/or material stored therein. In some embodiments, the server 110 may execute on a cloud platform. For example, the cloud platform may include one or any combination of a private cloud, a public cloud, a hybrid cloud, a community cloud, a decentralized cloud, an internal cloud, and the like.
In some embodiments, the server 110 may include a processing device 112. The processing device 112 may process data and/or information to perform one or more of the functions described herein. For example, processing device 112 may convert data stored in the additive secret sharing mode to data stored in the multiplicative secret sharing mode. In some embodiments, the processing device 112 may include one or more sub-processing devices (e.g., a single core processing device or a multi-core processing device). By way of example only, the processing device 112 may include a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), an Application Specific Instruction Processor (ASIP), a Graphics Processor (GPU), a Physical Processor (PPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), a programmable logic circuit (PLD), a controller, a micro-controller unit, a Reduced Instruction Set Computer (RISC), a microprocessor, or the like, or any combination thereof.
The network 120 may facilitate the exchange of data and/or information, which may include a conversion request initiated by the service terminal 130, additive secret sharing data stored in the database 140, converted secondary secret sharing (e.g., multiplicative secret sharing) data stored in the database 140, and data generated by other data sources 150. In some embodiments, one or more components in data processing system 100 (e.g., servers 110, service terminals 130, database 10) may send data and/or information to other components in data processing system 100 via network 120. In some embodiments, network 120 may be any type of wired or wireless network. For example, network 120 may include a cable network, a wired network, a fiber optic network, a telecommunications network, an intranet, the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Wireless Local Area Network (WLAN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a bluetooth network, a ZigBee network, a Near Field Communication (NFC) network, the like, or any combination thereof. In some embodiments, network 120 may include one or more network access points. For example, the network 120 may include wired or wireless network access points, such as base stations and/or Internet switching points 120-1, 120-2, …, through which one or more components of the additive secret sharing to multiplicative secret sharing system 100 may connect to the network 120 to exchange data and/or information.
The service terminal 130 may refer to a terminal for initiating a conversion request instruction. For example, the bank needs to create a user credit level prediction model based on machine learning model data and training sample data stored in the database 140 in a first secret share (e.g., an additive secret share), and in creating the model, a conversion instruction is issued by the service terminal 130 to convert the additive secret share data into multiplicative secret share data and use the multiplicative secret share data in creating the prediction model. In some embodiments, the service terminal may include one or any combination of a cell phone 130-1, a tablet computer 130-2, a laptop computer 130-3, and the like. In some embodiments, the service terminal 130 may transmit a plurality of data to the server 110.
The database 140 may be configured to store secret sharing data, where the database 140 includes a plurality of independent storage spaces, and data is stored in the database 140 in a secret sharing manner in the plurality of independent storage spaces, and data in different storage spaces is not visible to other spaces. For example, one of the storage spaces is used for storing machine learning model data, and the other space is used for storing sample data (such as loan information data of the user) for training, so that a model for predicting the credit level of the user can be obtained based on the data of the two spaces.
Database 140 may be implemented in a single central server, multiple servers connected by communication links, or multiple personal devices. Database 140 may be generated by a plurality of personal devices and cloud servers. In some embodiments, the database 140 may be used to provide the device or raw media for the desired data, and may also be used for data storage, encryption, and the like. In some embodiments, database 140 may store information and/or instructions for server 110 to perform or use to perform the example methods described herein. In some embodiments, database 140 may include mass storage, removable storage, volatile read-write memory (e.g., random access memory RAM), read-only memory (ROM), the like, or any combination thereof. In some embodiments, database 140 may be implemented on a cloud platform. For example, the cloud platform may include a private cloud, a public cloud, a hybrid cloud, a community cloud, a decentralized cloud, an internal cloud, and the like, or any combination thereof.
The other data source 150 may be for generating intermediate conversion data for converting the first secret shared data into the second secret shared data (e.g., converting the addition secret shared data into the multiplication secret shared data). In some embodiments, the other data source 150 may generate 4 data, where the product of two data, etc. is summed with the other two data. In some embodiments, the other data sources 150 send the generated data to different storage spaces in the database 140, respectively.
FIG. 2 is a block diagram of an exemplary data processing system shown in accordance with some embodiments of the present description.
In some embodiments, data processing system 100 may be used in a service platform that contains secure storage and encryption of data. For example, a data query sharing platform, a data marketing service platform, an enterprise big data query sharing platform, and the like. The data may include, but is not limited to, transaction data, flow data, billing data, borrowing data, loan data, and the like.
As shown in fig. 2, the system may include a data generation end 210, a first data end 220, and a second data end 230.
The data generating end 210 may be configured to generate two first initial data and two second initial data, wherein a sum of the two first initial data is equal to a product of the two second initial data. The data generating end 210 may be configured to send the two first initial data to the first data end 220 and the second data end 230, respectively. The data generating end 210 may be configured to send the two second initial data to the first data end 220 and the second data end 230, respectively.
The first data end 220 and the second data end 230 may be configured to obtain third data and fourth data respectively held based on the multiplicative secret sharing, according to the first data and the second data respectively held by the additive secret sharing, the data sent by the data generating end, and the data sent by the other party; the first data and the third data are private data of a first object, the first object holds a first data end, the second data and the third data are private data of a second object, and the second object holds a second data end. Wherein the object may be a user, a merchant, etc.
In some embodiments, the first data terminal 220 may be configured to calculate the first converted data based on the received first initial data, the received second initial data, and the held first data. In some embodiments, the second initial data received by the first data terminal 220 is reversible. In some embodiments, when the second initial data received by the first data end 220 is reversible, the first data end 220 may calculate the first conversion data based on formula (1):
where t is the first converted data, a is the first data shared by the first data end 220 with a first secret, and a0For the first initial data, u, received by the first data end 220 from the data generating end 2100The second initial data received from the data generating end 210 for the first data end 220.
In some embodiments, the first data terminal 220 may be configured to send the first converted data to the second data terminal 230.
In some embodiments, the second data terminal 230 may be configured to calculate the fourth data held based on the received second initial data and the first converted data. In some embodiments, the second data terminal 230 may calculate the fourth data held by the second data terminal based on formula (2):
v=v0+t (2)
where v is the fourth data held by the second data end 230, v0Is received from the data generation end 210 for the second data end 230And t is the first conversion data.
In some embodiments, the second data terminal 230 may be configured to calculate second conversion data based on the received first initial data, the held second data, and the held fourth data.
In some embodiments, the second data terminal 230 may be configured to determine whether the held fourth data is reversible before calculating the second conversion data; in response to being invertible, the second data terminal 230 calculates second conversion data based on the received first initial data, the held second data and the held fourth data; in response to being irreversible, the data producing end 210 regenerates two new first initial data and two new second initial data. In some embodiments, when the fourth data held by the second data terminal 230 is reversible, the second data terminal 230 may calculate the second conversion data based on formula (3):
where s is the second converted data, b is the second data shared by the second data end 230 with the first secret, and b0V is the fourth data held by the second data terminal, which is the first initial data received by the second data terminal 230 from the data generating terminal 210.
In some embodiments, the second data terminal 230 may be configured to send the second conversion data to the first data terminal 220.
In some embodiments, the first data terminal 220 may be configured to calculate the third data based on the received second initial data and the second conversion data. In some embodiments, the first data peer 220 may calculate the third data held by the first data peer 220 based on formula (4):
u=u0+s (4)
wherein u is the data held by the first data port 220Third data, u0For the second initial data received by the first data end 220 from the data generating end 210, s is the second converted data.
In some embodiments, the first data terminal 220 may be used to store a machine learning model; wherein the machine learning model belongs to private data of the first object. In some embodiments, the second data terminal 230 may be configured to store loan data of a plurality of users; wherein the loan data of the plurality of users belongs to the private data of the second object 230. In some embodiments, the machine learning model may be used to train a model for scoring a user's credit based on the loan data of the plurality of users.
It should be understood that the system shown in FIG. 2 and its ends may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It should be noted that the above description of data processing system 200 and its modules is merely for convenience of description and is not intended to limit the present description to the scope of the embodiments illustrated. It will be appreciated by those skilled in the art that, given the teachings of the present system, any combination of modules or sub-system configurations may be used to connect to other modules without departing from such teachings. For example, the data generating end 210, the first data end 220, and the second data end 230 disclosed in fig. 2 may be implemented in different modules in a system, or may be implemented in a module to implement the functions of the two ends. Such variations are within the scope of the present disclosure.
Fig. 3 is an exemplary flow diagram of a data processing method shown in accordance with some embodiments of the present description. As shown in fig. 3, the data processing method 300 includes:
step 302, a first data end and a second data end respectively hold first data and second data in a first secret sharing mode; the first data is private data of a first object, and the second data is private data of a second object. Specifically, the step 302 can be executed by the first data terminal 220 and the second data terminal 230.
The first data terminal and the second data terminal may be one or more of a port, a program, logic, and the like of a database or a database server, and may be used for operations such as data query, data calculation, and the like. In some embodiments, the data is stored on the first data side and the second data side respectively in a secret sharing manner, for example, in an addition secret sharing manner, a multiplication secret sharing manner, and the like. The data respectively stored in the first data terminal and the second data terminal in a secret sharing mode belong to private data of holding objects of the storage terminals, and the private data can be seen only by a holder, cannot be seen by other parties in the data conversion, operation and other processes, or cannot be obtained by derivation of other parties. Wherein, the holding object can be a user, a merchant and the like.
The first object refers to a holder of the first data terminal, e.g. a certain user, a merchant, etc. in possession of the first data terminal. The second object refers to the holder of the second data terminal, e.g. a certain user, merchant, etc. owning the second data terminal.
The secret sharing method is a storage method of storing data in a secret manner on different parties, and the data on the storing parties are not visible. In some embodiments, the first secret sharing mode may be an additive secret sharing mode.
In some embodiments, the first data terminal may store a machine learning model, for example, an XGBoost model (Extreme Gradient Boosting), a Logistic Regression model (LR), and the like, the machine learning model may belong to private data of the first object, and the second data terminal may store loan data of a plurality of users, and the loan data of the plurality of users may belong to private data of the second object. In some embodiments, the machine learning model of the first data end can be trained based on the user loan data of the second data end, and a model for predicting the credit score of the user is obtained, so that the default situation of the user is predicted, and the default risk of the user is reduced.
The first data a and the second data b may refer to data stored in different parties in a first secret sharing manner. The first data are stored in the first data end, the private data belonging to the first data end are invisible to the second data end, the second data are stored in the second data end, and the private data belonging to the second data end are invisible to the first data end. In some embodiments, the first data a and the second data b may refer to data stored in different parties in an additive secret sharing manner.
In some embodiments, the first data and the second data may be different data. The data may be data generated in various industries, including but not limited to financial industry, insurance industry, internet industry, automobile industry, catering industry, telecommunication industry, energy industry, entertainment industry, sports industry, logistics industry, medical industry, security industry, and the like.
Step 304, the data generation end generates two first initial data and two second initial data, wherein the sum of the two first initial data is equal to the product of the two second initial data; and the data generation end respectively sends the two first initial data to the first data end and the second data end, and respectively sends the two second initial data to the first data end and the second data end. Specifically, this step 304 may be performed by the data generation end 210.
The data production side can be independent of the first data side and the second data side. In some embodiments, for the first data end and the second data end, the data generating end may be a semi-trusted service party, and specifically, private data held by the first data end and the second data end cannot be visible to the service party, but may receive data sent by the service party and perform corresponding operation.
The data generation terminal may be a port for generating data that meets preset requirements. In some embodiments, the preset requirement may be that the size of the generated data, the number of decimal places, and the like meet the requirement, or that the relationship between the generated data meets a specific equation, inequality, and the like. For example, the sum of the generated partial data and the product of the generated other partial data.
The preset requirements may be contingent upon the particular situation. In some embodiments, in order to be able to convert the first data a and the second data b respectively stored in the first data terminal and the second data terminal with the addition secret sharing into the third data u and the fourth data v respectively stored in the first data terminal and the second data terminal with the multiplication secret sharing, i.e., a + b u × v, the data generation terminal may generate two first initial data a0And b0Two second initial data u0And v0And the sum of the two first initial data is equal to the product of the two second initial data, i.e. a0+b0=u0×v0Therefore, the equality relationship satisfied by the data generated by the data generation end is consistent with the secret sharing conversion relationship.
In some embodiments, the data generating end may send the two first initial data to the first data end and the second data end, respectively. Specifically, the data generation end may use one of the two first initial data as the first initial data a0Sending the data to a first data end and sending another first initial data b0And sending the data to a second data terminal. Wherein, the transmission can be realized by a wireless network, a wired network and the like.
In some embodiments, the data generation side maySo as to respectively send the two second initial data to the first data terminal and the second data terminal. Specifically, the data generating end may use one of the two second initial data u0Sending the initial data v to the first data end and sending another second initial data v0And sending the data to a second data terminal.
Step 306, the first data end and the second data end obtain third data and fourth data respectively held based on a second secret share according to the first data and the second data held by the first data end and the second data, the data sent by the data generation end, and the data sent by the other party; the third data is private data of the first object, and the fourth data is private data of the second object. Specifically, the step 306 can be executed by the first data port 220 and the second data port 230.
In some embodiments, the second secret share may be a multiplicative secret share.
The third data u and the fourth data v may refer to data stored in different parties in a second secret sharing manner, where the third data is stored in the first data end, private data belonging to the first data end is invisible to the second data end, and the fourth data is stored in the second data end, private data belonging to the second data end is invisible to the first data end. In some embodiments, the third data u and the fourth data v may refer to data stored in different parties in an additive secret sharing manner.
In some embodiments, the first data end and the second data end may obtain, according to the first data a and the second data b owned by themselves, the data sent by the data generation end, and the data sent by the other party, the third data u and the fourth data v owned by the multiplication secret sharing, respectively. The data sent by the opposite side comprises first conversion data t sent by the first data end to the second data end, and second conversion data s sent by the second data end to the first data end. Specifically, the second data end may send the first conversion data t sent by the first data end and the second initial data v sent by the data generation end0V shared by the second secret is generated, and the first data terminal can be based on the second data terminalSecond conversion data s sent to first data end and second initial data u sent by data generation end0Generating u held by the second secret share, wherein the first conversion data t can be according to the first data held by the first data end, the first initial data a sent to the first data end by the data generating end0And second initial data u0The second conversion data s is obtained according to the second data held by the second data end, the held fourth data and the first initial data b sent to the second data end by the data generation end0Thus obtaining the product. For more details on calculating the second secret sharing third data u and the fourth data v, reference may be made to fig. 4 and the description, which are not repeated herein.
Fig. 4 is an exemplary flow diagram illustrating the calculation of second secret shared data according to some embodiments of the present description. As shown in fig. 4, the method 300 of computing second secret shared data includes:
step 402, the first data terminal calculates to obtain first conversion data based on the received first initial data, the received second initial data and the held first data, and sends the first conversion data to the second data terminal. Specifically, step 402 may be performed by the first data terminal 220.
The first conversion data may be data sent from the first data terminal to the second data terminal, and may be denoted by t. In some embodiments, the first conversion data t may be a data result obtained by the first data terminal by calculating the received first initial data, the received second initial data, and the held first data a. The first initial data received by the first data end is the first initial data sent by the data generating end to the first data end, and may be a0It is shown that the second initial data received by the first data end is the second initial data sent by the data generating end to the first data end, and u may be used0And (4) showing.
In some embodiments, the second initial data u is received at the first data end0When reversible, the first data terminal may calculate the first conversion data t based on equation (1):
wherein t represents first conversion data, a represents first data held by the first data terminal with the first secret, and a0Indicating the first initial data received at the first data terminal, u0Representing second initial data received by the first data terminal.
In some embodiments, the first data terminal may send the first conversion data t to the second data terminal. For example, the transmission may be via wireless, limited network, or the like.
Step 404, the second data end calculates, based on the received second initial data and the first converted data, the fourth data that is held. Specifically, step 404 may be performed by the second data terminal 230.
The fourth data may refer to data converted from the first data shared by the first secret and the second data and stored at the second data end in the second secret sharing manner. In some embodiments, the first secret share is an additive secret share and the second secret share is a multiplicative secret share.
In some embodiments, the second data terminal may calculate fourth data v holding the second secret share based on the received second initial data and the first converted data. The second initial data received by the second data end is the second initial data sent by the data generating end to the second data end, and v may be used0And (4) showing.
In some embodiments, the second data terminal may determine the fourth data v according to equation (2):
v=v0+t (2)
where v denotes a second secret held by the second data terminal sharing fourth data, v0Indicating the second initial data received by the second data terminal and t indicating the first converted data. Wherein t can be determined according to step 404, which is not described herein again.
Step 406, the second data terminal calculates second conversion data based on the received first initial data, the held second data, and the held fourth data, and sends the second conversion data to the first data terminal. In particular, step 406 may be performed by the second data terminal 230.
The second conversion data may refer to data sent by the second data terminal to the first data terminal, and may be denoted by s. In some embodiments, the second conversion data s may be a data result obtained by the second data terminal by calculating the received first initial data, the held addition secret sharing second data b, and the held multiplication secret sharing fourth data v. The first initial data received by the second data end is the first initial data sent by the data generating end to the second data end, and b can be used0And (4) showing.
In some embodiments, the second data terminal may determine whether the fourth data v held by the second data terminal is invertible before calculating the second conversion data s.
In some embodiments, if the fourth data v is reversible, the second data terminal may calculate the second conversion data based on the received first initial data, the held second data, and the held fourth data v. In some embodiments, the second data terminal may determine the second conversion data s according to equation (3):
wherein s represents second conversion data, b represents second data held by the second data terminal with the first secret, b0Indicating the first initial data received by the second data terminal, and v indicating the fourth data held by the second data terminal.
In some embodiments, the second data terminal may send the second data to the first data terminal. E.g., via a wireless, wired network, etc.
In some embodiments, if the fourth data v is irreversible, the subsequent security calculation cannot be performed, and the data production end may regenerate two new first initial data and two new second initial data. The calculations of steps 402 and 404 are then repeated based on the newly generated first initial data and second initial data until the fourth data v calculated in step 406 is invertible, and the calculation of the second converted data and the calculation of the subsequent step 408 are performed again.
Step 408, the first data base calculates the third data u held based on the received second initial data and the second conversion data. Specifically, step 408 may be performed by the first data terminal 220.
The third data u may refer to data converted from the first data a and the second data b shared by the first secret and stored at the first data end in the second secret sharing manner. In some embodiments, the first secret share is an additive secret share and the second secret share is a multiplicative secret share.
In some embodiments, the first data terminal may be based on the received second initial data u0And second secret shared third data u calculated from the second converted data. In some embodiments, the first data terminal may determine the third data according to equation (4):
u=u0+s (4)
wherein u represents a second secret held by the first data terminal to share the third data, and u represents a third secret held by the first data terminal to share the third data0Indicating second initial data received by the first data terminal and s indicating second converted data. Wherein s can be determined according to formula (3) in step 406, which is not described herein again.
After the conversion, a + b-u × v is satisfied between the first data a and the second data b stored in the first data terminal and the second data terminal in the addition secret sharing manner and the third data u and the fourth data v stored in the first data terminal and the second data terminal in the multiplication secret sharing manner. Specifically, uxv ═ u (u)0v+sv)=u0v+b-b0=u0v0+a-a0+b-b0=a+b。
In the conversion process, the second data end only holds the additive secret sharing second data b and receives the first initial data b0And second initial data v0When the first data terminal sends the first conversion data t to the first data terminalWhen the second data end is used, the second data end cannot see the private first data a of the first data end and cannot reversely deduce the first data a from the existing data, so that the security of the private data held by the first data end is ensured. Similarly, the first data end only holds the addition secret sharing first data a, and the received first initial data a0And second initial data u0When the second data end sends the second conversion data s to the first data end, the first data end cannot see the private second data b and the third data u of the second data end, so that the security of the private data held by the first data end is ensured.
Through the embodiment, the data shared and stored in the first data end and the second data end by the addition secret is converted into the data shared and stored in the first data end and the second data end by the multiplication secret, so that the data shared and stored in different parties by the addition secret can be subjected to multi-party secure calculation with different functions, and any party of the secret sharing data cannot see or deduce the private data of other parties. That is, data stored in different parties are shared with additive secrets for secure interaction during function computation. Wherein the function may be a power function, a logarithmic function, a sigmoid function, or the like.
Log in a logarithmic function f (x)tx, the first data a and the second data b are shared and stored in the first data terminal and the second data terminal by using the addition secret: let X be a + b, calculate log to be securet(a + b), wherein t is a constant. The data a and b stored in the addition secret sharing is converted into the third data u and the fourth data v stored in the multiplication secret sharing by the above-described embodiment, that is, a + b is u × v. Log is thent(a+b)=logt(u×v)=logt(u)+logt(v) The first data terminal can calculate log based on self-supporting private data ut(u), the second data side may calculate log based on the self-contained private data vt(v) Meanwhile, the respective calculation results of the two data ends are respectively stored in the two data ends in an addition secret sharing mode, namely, the calculation result logt(u) storing the result log in the first data terminal in a manner of additive secret sharingt(v) By addition of secretsAnd the secret sharing mode is stored in the second data terminal. In the calculation process, the respective storage ends of the private data between the first data end and the second data end are calculated, and the other side is invisible, so that the calculation safety is ensured.
With power function f (x) xnFor example, where n is a constant integer, e.g., n is-1. To calculate (a + b) safelyn. The data a and b stored in the addition secret sharing is converted into the data u and v stored in the multiplication secret sharing by the above-described embodiment, that is, a + b ═ u × v. Then (a + b)n=(u×v)n=un×vn. Thus, the first data side can calculate u based on the self-contained private data unThe second data terminal can calculate v based on self-contained private data vn. In the calculation process, the respective storage ends of the private data between the first data end and the second data end perform calculation. Specifically, when n is-1, the power function is a reciprocal function, and therefore, the way of performing reciprocal secure calculation by sharing data stored in different parties with addition secrets is the same as the above calculation process (power function calculation).
The Sigmoid function is a common function when a machine learning model is built, and is often used as a threshold function to map variables between 0 and 1. When sigmoid function calculation is performed on data stored in different ends in an addition secret sharing manner, the data stored in the addition secret sharing manner needs to be converted into data stored in a multiplication secret sharing manner. In particular, the method comprises the following steps of,
wherein g (x) is 1+ e ^ (-x), and since the data in the encryption secret sharing mode is safe, the calculation result is always stored in different parties in the addition secret sharing mode, and if g (x) is safely calculated based on the data stored in the addition secret sharing mode, Y stored in the first data end in the addition secret sharing mode is respectively obtained
1And Y stored in the second data terminal
2If yes, sigmoid (a + b) is equal to (Y)
1+Y
2)
-1. As can be seen from the above, the reciprocal calculation of data in the additive secret sharing method is the same as the power function, and therefore, it is possible to perform the arithmetic operationTo share data Y by secretly adding
1And Y
2And converting the result into multiplication secret data to perform reciprocal calculation, and further realizing the secure calculation of sigmoid.
Compared with the existing method for realizing the safe calculation of the addition secret sharing data based on polynomial fitting or piecewise linear function fitting based on a garbled circuit, the safe calculation is carried out by converting the addition secret sharing data into multiplication secret sharing mode data, and the calculation precision is higher. Specifically, polynomial fitting or piecewise linear function fitting requires fitting different objective functions (e.g., power functions, exponential functions, etc.) to a polynomial by which secure calculation of the additive secret sharing data is performed. However, fitting the transformed polynomial function is only an approximate expression of the objective function, and the result calculated based on the fitted polynomial is less accurate. By converting the addition secret sharing data into the multiplication secret sharing data disclosed by the embodiment, the secret sharing data can be directly substituted into the target function for safe calculation without approximate substitution, and the calculation precision is higher.
The embodiment of the present specification further provides an apparatus, which at least includes a processor and a memory. The memory is to store instructions. Which when executed by the processor, cause the apparatus to carry out the data processing method described previously. The method may include: the first data end and the second data end respectively hold first data and second data in a first secret sharing mode; the first data is private data of a first object, and the second data is private data of a second object; the data generation end generates two first initial data and two second initial data, wherein the sum of the two first initial data is equal to the product of the two second initial data; the data generation end sends the two first initial data to the first data end and the second data end respectively, and sends the two second initial data to the first data end and the second data end respectively; the first data end and the second data end obtain third data and fourth data respectively held based on a second secret sharing mode according to the first data and the second data held by the first data end and the second data, the data sent by the data generating end and the data sent by the other party; the third data is private data of the first object, and the fourth data is private data of the second object.
The embodiment of the specification also provides a computer readable storage medium. The storage medium stores computer instructions, and after the computer reads the computer instructions in the storage medium, the computer realizes the data processing method. The method may include: the first data end and the second data end respectively hold first data and second data in a first secret sharing mode; the first data is private data of a first object, and the second data is private data of a second object; the data generation end generates two first initial data and two second initial data, wherein the sum of the two first initial data is equal to the product of the two second initial data; the data generation end sends the two first initial data to the first data end and the second data end respectively, and sends the two second initial data to the first data end and the second data end respectively; the first data end and the second data end obtain third data and fourth data respectively held based on a second secret sharing mode according to the first data and the second data held by the first data end and the second data, the data sent by the data generating end and the data sent by the other party; the third data is private data of the first object, and the fourth data is private data of the second object.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: (1) by the data processing method in the specification, the interactive safety of the addition secret shared data in different function calculation processes can be realized; (2) in the method for converting addition secret sharing into multiplication secret sharing in the present specification, the accuracy of the security calculation results of different functions of addition secret sharing data can be made higher. It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran2003, Perl, COBOL2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or processing device. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which the elements and sequences of the process are recited in the specification, the use of alphanumeric characters, or other designations, is not intended to limit the order in which the processes and methods of the specification occur, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing processing device or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the number allows a variation of ± 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.