CN113420335A - Block chain-based federal learning system - Google Patents

Block chain-based federal learning system Download PDF

Info

Publication number
CN113420335A
CN113420335A CN202110973124.8A CN202110973124A CN113420335A CN 113420335 A CN113420335 A CN 113420335A CN 202110973124 A CN202110973124 A CN 202110973124A CN 113420335 A CN113420335 A CN 113420335A
Authority
CN
China
Prior art keywords
node
value
field
target model
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110973124.8A
Other languages
Chinese (zh)
Other versions
CN113420335B (en
Inventor
张金琳
高航
俞学劢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Shuqin Technology Co Ltd
Original Assignee
Zhejiang Shuqin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Shuqin Technology Co Ltd filed Critical Zhejiang Shuqin Technology Co Ltd
Priority to CN202110973124.8A priority Critical patent/CN113420335B/en
Publication of CN113420335A publication Critical patent/CN113420335A/en
Application granted granted Critical
Publication of CN113420335B publication Critical patent/CN113420335B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Economics (AREA)
  • Technology Law (AREA)
  • General Health & Medical Sciences (AREA)
  • Marketing (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Mathematical Physics (AREA)
  • Computing Systems (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Artificial Intelligence (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to the technical field of block chains, in particular to a block chain-based federal learning system, which comprises: the receiving node receives the target model and the prepaid token, and receives the data field composition and the data line hash value provided by the data source party; a plurality of reservation nodes; the cooperative nodes match the target model and the training data rows; the service node creates a federal learning task and uploads the federal learning task to a block chain for storage, the reservation nodes substitute data into the target model to obtain an intermediate result, the intermediate result is sent to the service node, the service node collects all the intermediate results to obtain a prediction result of the target model, the loss value is calculated and published, the plurality of reservation nodes update the target model, the plurality of reservation nodes substitute the data into the updated target model again until the obtained loss value is smaller than a preset threshold value, and the service node issues rewards. The substantial effects of the invention are as follows: and the data source is stimulated to participate in federal learning, so that the data privacy safety is ensured, and the efficiency of the federal learning is improved.

Description

Block chain-based federal learning system
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain-based federal learning system.
Background
The data is the basis for machine learning. However, in most industries, data is often in the form of islands due to problems of industry competition, privacy security, complex administrative procedures, and the like. Achieving data aggregation across different organizations or enterprises also faces significant weight resistance. The difficulty of integrating data scattered in various places and in various organizations is very great. Google has proposed federal learning for mobile phone terminals in 2016. Federal learning is a machine learning framework, and can effectively help a plurality of organizations to perform data use and machine learning modeling under the condition of meeting the requirements of user privacy protection, data safety and government regulations. All the parties participating in federal learning are equal in status, and after the combined modeling, the models run locally. After federated learning joint modeling, the model has better accuracy. Currently, federal learning mainly aims at joint modeling of a neural network model, such as a convolutional neural network model. However, the current federal learning system needs to encrypt and transmit intermediate results for many times, which results in low efficiency of joint learning. Although federated learning can achieve the joint application of multiple data source data at present, all parties participating in federated learning have the need for machine learning model training. For data source parties that only own the data, but do not need to build a machine learning model, no revenue is gained from participating in federated learning, and thus there is no incentive to participate in federated learning. Resulting in a narrower scope of applicability for federal learning.
Chinese patent CN111212110A, published as 2020, 5, 29, discloses a block chain-based federal learning system and method, and a block chain-based federal learning system and method, the system including: the model training module is used for updating the machine learning model in the federal learning process and aggregating the change values of the machine learning model; the intelligent contract module based on the block chain technology is used for providing decentralized control function and key management function in the process of federal learning; the storage module based on the IPFS protocol is used for providing a decentralized information storage mechanism for intermediate information in the federal learning process; and simultaneously operating a model training module, an intelligent contract module based on a block chain technology and a storage module based on an IPFS protocol on each node participating in the federal learning. According to the technical scheme, decentralization is achieved, failure and exit of any node cannot influence other nodes to continue federally learning, and the method has stronger robustness. It does not address the issue of federal learning inefficiency.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the application range of the prior federal study is narrow. The federal learning system based on the block chain is provided, and more data source parties can be encouraged to participate in federal learning.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: a blockchain-based federated learning system, comprising: the receiving node is used for receiving the federal learning target model to be trained and the prepaid token, distributing model numbers, receiving data field compositions and data line hash values provided by a data source party, and distributing field numbers and line numbers; the plurality of reserved nodes are established on a data source side, and data lines of the data source side and corresponding field numbers and line numbers are obtained; the cooperative node is connected with the receiving node, compares the input field and the label field of the target model with the field composition of the data line, matches the target model with the training data line, and sends the model number and the line number of the training data line to the reserved node of the data source side; the service node is connected with the reservation node and the cooperative node, the reservation node informs the service node to create a federal learning task after being authorized by a data source party, the federal learning task comprises a model number, a line number, a participating data source party identifier and a corresponding reward, the service node uploads the federal learning task to a block chain for storage, a target model is sent to the corresponding reservation node, the reservation node substitutes data into the target model to obtain an intermediate result, the intermediate result is sent to the service node, the service node collects all the intermediate results to obtain a prediction result of the target model, the prediction result is collected and sent to the reservation node with a label, a loss value is calculated and published, the reservation nodes update the target model according to gradient, the reservation nodes substitute data into the updated target model again until the obtained loss value is smaller than a preset threshold value, and the service node issues rewards and uploads the issuing result to the block chain for storage.
Preferably, the service node divides the target model into several sub models and a main model, the number of the sub models is the same as the number of neurons of layer 1 of the target model, the input field of the submodel is the field corresponding to the input layer neuron connected with the corresponding layer 1 neuron, the output of the submodel is the input number of the corresponding layer 1 neuron, the service node deletes the input layer of the target model, changes the input of the layer 1 neuron into the output of the corresponding submodel to be used as a main model, when a plurality of reserved nodes receive the submodel, randomly changing the connection weight of the submodel, and judging the number of input fields related to the submodel, if the input of the submodel is a single field, and judging that the sub-model privacy is not safe, rejecting the sub-model by the reserved node, and informing the service node to cancel the training of the target model.
Preferably, after the target model training is completed, the reservation node sends the target model stored locally to the service node, and the service node issues rewards to the data source sides corresponding to the reservation node according to the number of data rows provided by the reservation node in the target model training process and preset quotations.
Preferably, the service node divides the target model into a plurality of sub-models and a main model, the number of the sub-models is the same as the number of neurons on the layer 1 of the target model, the input field of each sub-model is a field corresponding to the neuron of the input layer connected with the corresponding neuron on the layer 1, the output of each sub-model is the input number of the corresponding neuron on the layer 1, the service node deletes the input layer of the target model, changes the input of the neuron on the layer 1 into the output of the corresponding sub-model and then serves as the main model, when a plurality of retention nodes receive the sub-models, the connection weight of the sub-models is changed randomly, the number of the input fields related to the sub-models is judged, if the input of the sub-models is a single field, the sub-models are judged to be unsafe, the retention nodes apply cooperative modeling to the cooperative nodes, and the retention nodes generate a random scale factor k for the single field, multiplying a value of a single field by a proportionality coefficient k to serve as a cooperation value and sending the cooperation value to a cooperation node, taking a difference between the value of the single field and the cooperation value as a reserved value, distributing a cooperation weight coefficient for the cooperation value by the cooperation node, generating a reserved weight coefficient for the reserved value by the reserved node, outputting the submodel equal to a weighted sum of the cooperation value, the reserved value and a constant term, independently updating the cooperation weight coefficient and the reserved weight coefficient by the cooperation node and the reserved node when the service node publishes a loss value until the loss value obtained by the service node is smaller than a preset threshold value, finishing the training of a target model, sending the cooperation weight to the corresponding reserved node by the cooperation node after the training of the target model is finished, obtaining a new data row by the reserved node when a new data row is input by a data source side and substituted into the target model for prediction, and sending the dereferencing of the single field by the proportionality coefficient k to the cooperation node, and meanwhile, calculating to obtain a reserved value, substituting the reserved value into the submodel to obtain the output of the submodel, and substituting the output of the submodel and the output of the rest submodels into the main model to obtain a prediction result.
Preferably, the reservation node applies for cooperative modeling to the cooperative node for each input field, generates a random scale coefficient k for each input field, multiplies the value of a single field by the scale coefficient k to obtain a cooperative value, and sends the cooperative value to the cooperative node, the difference between the value of the single field and the cooperative value is used as the reservation value, and distributes a cooperative weight coefficient and a reservation weight coefficient respectively, the output of the submodel is the weighted sum of the cooperative value, the reservation value and a constant term of all the connected input fields, the cooperative node sends the cooperative weight to the corresponding reservation node after the target model is trained, and the reservation node calculates and obtains the equivalent weight of each input field in the target model.
Preferably, when a new data source party wants to use the target model, the new data source party establishes a user node, the user node randomly generates a proportionality coefficient k for each input field and submits the proportionality coefficient k to the reservation node, the reservation node randomly generates a cooperation weight coefficient for each input field, sends the cooperation weight coefficient to the cooperation node, calculates according to the equivalent weight, the proportionality coefficient k and the cooperation weight coefficient to obtain a reservation weight coefficient, feeds back the reservation weight coefficient and a constant item to the user node, the user node multiplies the value of each input field by the proportionality coefficient k and then sends the multiplication result as a cooperation value to the cooperation node, the difference between the value of the input field and the cooperation value is stored in the user node as a reservation value, and the user node and the cooperation node multiply the cooperation value and the reservation value of the input field by the cooperation weight coefficient and the reservation weight coefficient and then add the cooperation value to the constant item, and sending the obtained result to the main model of the service node to obtain the prediction output of the target model.
Preferably, before submitting the proportional coefficient k of each input field to the reservation node, the user node transfers a plurality of tokens to a service node, the guarantee node extracts the hash value of the reservation weight coefficient and uploads the hash value to a block chain for storage, after receiving the reservation weight coefficient, the user node extracts the hash value of the reservation weight coefficient and compares the hash value with the hash value stored on the block chain for verification, if the verification is passed, the service node is informed to transfer a plurality of corresponding tokens to a virtual account of the reservation node, after receiving the cooperation value sent by the user node, the cooperation node discards the cooperation weight coefficient after sending the multiplication result of the cooperation value and the cooperation weight coefficient to the service node, before substituting the user node into the next data line to the target model, the proportional coefficient k is randomly generated for each input field again and submitted to the reservation node.
Preferably, the receiving node discloses a standard field table, the standard field table records standard field names and corresponding field descriptions, the data source side modifies the field names of the data lines according to the standard field table, and submits the data field components to the receiving node.
Preferably, the receiving node agrees with the data source party with salt, the data source party adds salt to the external main key field value to extract a hash value serving as an identification value, the field number, the identification value and the row number of the external main key field are submitted to the receiving node, the receiving node discloses the field number, the identification value and the row number, and the cooperative node matches the target model and the training data row according to the field number and the identification value.
Preferably, when the cooperative node matches the target model and the training data line according to the field number and the identification value, the following steps are executed: obtaining an associated row of each data row according to the identification value, wherein the data row and the associated row have the same identification value; obtaining data field composition of a data line and a related line to form a field set; if the field set contains all of the input fields and tag fields of the target model, then the data rows and associated rows are matched to the target model.
Preferably, the receiving node discloses a plurality of normalization operators for each field, when the cooperative node sends the model number and the row number of the training data row to the reservation node of the data source side, the reservation node feeds back the adopted normalization operators, and the cooperative node selects one of the normalization operators fed back by the reservation nodes for broadcasting.
The substantial effects of the invention are as follows: 1) the method has the advantages that the federated learning task is built through the block chain, and data source parties participating in federated learning can obtain corresponding rewards based on the provided data amount, so that the incentive is that machine learning models do not need to be built, but the data source parties with data participate in federated learning; 2) dividing the target model into a sub-model and a main model, submitting the main model to a service node for calculation, submitting the sub-model to a data source side for substituting data, checking the privacy safety of the sub-model, ensuring the privacy safety of the data, avoiding exchanging intermediate data between the data source sides, and improving the efficiency of federal learning; 3) splitting each input field into a cooperation value and a reserved value, and respectively reserving a cooperation weight coefficient and a reserved weight coefficient by the cooperation node and the reserved node so as to hide the weight coefficient corresponding to the input field; 4) the combined action of the cooperation weight coefficient and the retention weight coefficient is equal to the equivalent weight coefficient, so that the safety of the machine learning model is improved, and meanwhile, data of a data source side which does not participate in federal learning is divided into cooperation number and retention number, so that a target model can be used under the condition that the weight coefficient of the machine learning model is not obtained and the data is not leaked, and the application range of federal learning is expanded.
Drawings
Fig. 1 is a schematic structural diagram of a federal learning system according to an embodiment.
FIG. 2 is a schematic diagram of an object model according to an embodiment.
FIG. 3 is a schematic diagram of a master model according to an embodiment.
FIG. 4 is a diagram illustrating a sub-model according to an embodiment.
Fig. 5 is a schematic diagram of a process of participating in federal learning by a cooperative node according to the second embodiment.
FIG. 6 is a diagram of submodels for collaborative modeling according to the second embodiment.
FIG. 7 is a diagram illustrating an embodiment of a sub-model for use by a second user node.
FIG. 8 is a flowchart illustrating an embodiment of a sub-model for using a user node.
Wherein: 11. object model, 12, prepaid token, 13, main model, 14, sub model, 21, data field composition, 22, data line hash value, 30, receiving node, 40, collaboration node, 50, reservation node, 60, service node, 70, user node.
Detailed Description
The following provides a more detailed description of the present invention, with reference to the accompanying drawings.
The first embodiment is as follows:
a block chain based federal learning system, referring to fig. 1, the system comprising: the receiving node 30 is used for receiving the federal learning target model 11 and the prepaid token 12 to be trained, distributing model numbers, receiving data field components 21 provided by a data source party, data line hash values 22, and distributing field numbers and line numbers; the plurality of reserved nodes 50 are established on the data source side, and data lines of the data source side and corresponding field numbers and line numbers are obtained; the cooperative node 40 is connected with the receiving node 30, compares the input field and the label field of the target model 11 with the field composition of the data line, matches the target model 11 with the training data line, and sends the model number and the line number of the training data line to the reserved node 50 on the data source side; the service node 60 is connected with the reservation nodes 50 and the cooperative nodes 40, after the reservation nodes 50 obtain authorization of a data source party, the service node 60 is informed to create a federal learning task, the federal learning task comprises a model number, a line number, participating data source party identifications and corresponding rewards, the service node 60 uploads block chains for storage of the federal learning task, the target model 11 is sent to the corresponding reservation nodes 50, the reservation nodes 50 substitute the data into the target model 11 to obtain intermediate results, the intermediate results are sent to the service node 60, the service node 60 summarizes all the intermediate results to obtain prediction results of the target model 11, the prediction results are summarized and sent to the reservation nodes 50 with labels, loss values are calculated and published, the target model 11 is updated according to gradients by the plurality of reservation nodes 50, the data are substituted into the target model 11 again by the plurality of reservation nodes 50, until the obtained loss value is smaller than the preset threshold value, the service node 60 issues the reward, and uploads the issuing result to the block chain for storage.
In order to improve the matching efficiency, the present embodiment performs the following preparation before establishing the federal learning task. The receiving node 30 discloses a standard field table, which records the standard field names and corresponding field descriptions, the data source side modifies the field names of the data lines according to the standard field table, and submits the data field components 21 to the receiving node 30.
Table 1 standard fields table provided in this embodiment
Standard field names Equivalent field names Field description
Hash value Digital fingerprint, hash value, digital digest, MD5 value The method adopts the Hash function to convert the information with any length into the ciphertext with fixed length and has uniqueness
Citizen identity number Identity card number, certificate number, identity number, resident identity card number and identity card information The resident identification number issued by the police department has uniqueness
As shown in table 1, two standard field names are illustrated. Because the field names are not unified, the field names adopted by different data sources are different, and the corresponding English field names are different, for example, if the citizen identification number is in the database, the field names which may be used are: ID _ No, User _ No, uid, u _ No, etc. In order to facilitate establishment of federal learning, the target model 11 can conveniently call the correct field, in this embodiment, a standard field table is provided, and the data source side unifies respective field names into standard field names recorded in the standard field table. The efficiency of federal learning is improved, and calling errors caused by excessively complicated field names are avoided.
The receiving node 30 agrees with the data source party to salt, the data source party submits a hash value extracted after the external main key field value is added with salt as an identification value, the field number, the identification value and the row number of the external main key field are submitted to the receiving node 30, the receiving node 30 discloses the field number, the identification value and the row number, and the cooperative node 40 matches the target model 11 and the training data row according to the field number and the identification value. Using the external primary key enables to identify data belonging to the same object in different databases. The deposit data of two banks like one ID number can be connected to calculate the total deposit of residents. The business data of a mobile phone number in a bank and the order data of the same mobile phone number in an E-commerce platform. Banking data can be correlated with the e-commerce platform's order data. The external primary key is required to be exposed so that the coordinating node can query. But if the identification number or the mobile phone number is disclosed, the serious problem of revealing the privacy of the user can be caused. Therefore, the external primary key needs to be processed and then published.
The embodiment discloses hash values of identification numbers and mobile phone numbers. The hash value can also be used for solving the intersection of data to realize the matching of the data. For example, the loan data disclosed in bank a has the mobile phone number of the borrower recorded therein, and the deposit statistics data disclosed in bank b has the mobile phone number 18866663333 of the same resident recorded therein, assuming that the loan data is 18866663333. The disclosure of bank a is SHA256 (18866663333) =57A4AC1BBC03679EF2EEB5DA678095746FFC6a055DFB25C4538BCABEEC988E9F, and the same result is obtained by calculating SHA256 for mobile phone number 18866663333 in the same disclosure of bank b. A comparison of the two can correlate the two data lines. If the loan institution C gives credit to the user, the credit is given to the same resident, the mobile phone number is also 18866663333, the identity card number of the resident can be used for inquiring the business data of the resident in other banks, and the mobile phone number can also be used for inquiring. The loan institution C extracts the hash value of 18866663333 of the mobile phone number, and can search two records with the same hash value from the hash value of the public mobile phone number, wherein the two records are the loan data of the bank A and the deposit data of the bank B respectively. The cooperative nodes can match two data rows for federal learning.
The hash value, although not directly back-calculated to the original cell phone number, still presents a risk. Namely, the risk of obtaining the original identity card number or the mobile phone number through the collision attack exists. That is, when the cell phone number hash value 57A4AC1BBC03679EF2EEB5DA678095746FFC6a055DFB25C4538BCABEEC988E9F is known, all cell phone numbers of the number segment that have been sold by the telecom carrier are exhausted, and SHA256 is used to extract the hash value comparison. Then within a certain time, it can exhaust to a mobile phone number whose hash value is exactly equal to 57A4AC1BBC03679EF2EEB5DA678095746FFC6a055DFB25C4538 bcabbeec 988E9F, and the original mobile phone number is obtained. For the identification number, the first 6 bits are region codes, the middle 8 bits are birth dates, which are limited values, so that the original identification number plaintext can be obtained by exhaustive means. Therefore, the method of adding salt is needed to further improve the safety of data. Salting, in cryptography, refers to the process of inserting a specific character string at an arbitrarily fixed location in a password to make the hashed result not match the hashed result of the original password, which is called "salting". If the salt of the appointed mobile phone number is added with characters at the initial position: PHE, adding characters at the end: HUD, then cell phone number 18866663333 after adding salt: PHE 18866663333HUD, hash value of PHE 18866663333 HUD: BDA2773420943B5589CC8C5A406E97A921D140753C431958C8D80B96E59506C 1. Since the salt is random and its length and form are not well defined, it would be unacceptable to use exhaustive means which are time consuming. Thereby effectively protecting the private data of the user. To avoid salt leakage, in this embodiment, the cooperative node exposes an API that returns a salted hash value of the submitted data. Namely, the data source side submits the mobile phone number 18866663333 to the API, and the obtained salted hash value returned by the cooperative node is: BDA2773420943589CC8C5A406E97A921D140753C431958C8D80B96E59506C1 uses this hash value to find the intersection so that the outer primary key is not revealed.
The receiving node 30 discloses a plurality of normalization operators for each field, when the cooperative node 40 sends the model number and the row number of the training data row to the reservation node 50 on the data source side, the reservation node 50 feeds back the adopted normalization operators, and the cooperative node 40 selects one normalization operator from the normalization operators fed back by the reservation nodes 50 for broadcasting. When the federal study is carried out, the data needs to be normalized, different parties use the same normalization operator for the same field, and evidence storage errors after the data normalization are avoided.
Referring to fig. 2, the target model 11 used in this embodiment has three input neurons, input values x1, x2, and x3, and two hidden layers, each hidden layer has four neurons, an output layer includes two neurons, and the hidden layers are fully connected layers. The activation function used by the neurons of the hidden layer is the Sigmod function. When the method is implemented, other activation functions can be replaced. The input to the Sigmod function is the sum of the weighted sum and the offset value of the neuron in the upper layer to which the neuron is connected. In fig. 2, the input number of the first neuron of the first hidden layer is Σ w1i × xi + b1, w1i is a weight coefficient, xi is a value of the neuron of the input layer, i.e., a real value of the input field corresponding to the data source side, and is a value related to privacy. The input number and output of the hidden layer neuron are both intermediate results that need to be exchanged. The intermediate result is a weighted sum of the plurality of input numbers. If only one input number is unknown to a certain federal learning participant, the value of the input number, i.e. the field true value, can be deduced from the intermediate result, resulting in the leakage of privacy-related data. The prior art adopts a homomorphic encryption technical means to avoid private data from being revealed. Homomorphic encryption, however, results in reduced computational efficiency. The embodiment provides a scheme for protecting the privacy security of the private data under the condition of not adopting encryption communication.
Referring to fig. 3 and 4, schematic diagrams of the technical solution of splitting the target model 11 into the main model 13 and the sub-models 14 according to this embodiment are shown. The number of the sub-models 14 is the same as the number of neurons in the layer 1 of the target model 11, 4 sub-models 14 are correspondingly established in the present embodiment, and fig. 4 shows 1 sub-model 14. The input field of the sub-model 14 is a field corresponding to an input layer neuron connected to the corresponding layer 1 neuron, and the output of the sub-model 14 is the input number of the corresponding layer 1 neuron. Input layer neurons are commonly referred to as layer 0, and layer 1 neurons are neurons in the hidden layer that are connected to the input layer. The input number for layer 1 neurons is the weighted sum of the connected layer 0 neurons, plus the offset number. The layer 2 neurons are then the sum of the weighted sum and the offset number of the outputs of the connected first layer neurons. In some neural network models, the offset number takes the value 0. In fig. 4, the number of inputs to the first neuron in layer 1 is Q1, Q1=Σw1i × xi + b 1. Inputting Q1 into the activation function, the output of the first neuron at layer 1, y1= Sigmod (Q1), is obtained.
The service node 60 deletes the input layer of the target model 11, changes the input of the layer 1 neuron into the output of the corresponding submodel 14, and then the submodel is used as the main model 13, when a plurality of reservation nodes 50 receive the submodel 14, the connection weight coefficient of the submodel 14 is randomly changed, the number of input fields related to the submodel 14 is judged, if the input of the submodel 14 is a single field, the submodel 14 is judged to be unsafe in privacy, the reservation nodes 50 refuse the submodel 14, and the service node 60 is informed to cancel the training of the target model 11.
In this embodiment, when the reservation node 50 determines the number of input fields related to the submodel 14, only the number of input fields provided by the reservation node 50 related to the submodel 14 is determined, and when only a single field of the reservation node 50 is related, the respective addends are concatenated at other nodes, and the value of the single field can be accurately estimated by the output of the submodel 14. There is a risk of privacy leakage and thus the execution of such sub-models 14 is denied. If the number of the input fields is more than 1, it can be ensured that the other reservation nodes 50 and the service node 60 cannot acquire the true values of the input fields, and the privacy of the data is effectively protected.
After finishing the training of the target model 11, the reservation node 50 sends the target model 11 stored locally to the service node 60, and the service node 60 issues rewards to the data source sides corresponding to the reservation node 50 according to the number of data lines provided by the reservation node 50 in the training process of the target model 11 and preset quotations. If all data source parties are providers of the target model 11, several prepaid tokens 12 have been paid out separately when the target model 11 is provided. At this time, by providing data to participate in federal learning, a reward corresponding to the amount of data is obtained. The party providing the data with less data will receive less rewards, and the party providing the data with more data will receive more rewards. If the data source does not submit the target model 11 and participates in federal learning by providing data only, there is no need to pay out the prepaid token 12. Equivalent to the revenue being related to the net provided data, the data revenue is realized. Therefore, only data is encouraged, a data source side which does not need to use the model participates in federal learning, circulation of the data is promoted, and privacy of the data is protected.
When the cooperative node 40 matches the target model 11 and the training data line according to the field number and the identification value, the following steps are executed: obtaining an associated row of each data row according to the identification value, wherein the data rows and the associated rows have the same identification value; obtaining data field composition 21 of the data row and the related row to form a field set; if the field set contains all of the input fields and tag fields of the target model 11, then the data line and associated lines are matched to the target model 11.
In the embodiment, the block chain is used for constructing the federal learning task, and the data source parties participating in the federal learning can obtain corresponding rewards based on the provided data amount, so that the incentive is that the machine learning model does not need to be constructed, but the data source parties with data participate in the federal learning. The reservation node 50 divides the target model 11 into the sub-models 14 and the main model 13, the main model 13 is calculated by the service node 60, the sub-models 14 are substituted into data by a data source side, the privacy safety of the sub-models 14 is checked, the data privacy safety is ensured, intermediate data do not need to be exchanged between the data source sides, and the federal learning efficiency is improved.
The present embodiment protects data privacy on the data source side by denying execution of the submodel 14 that involves only a single field of the reservation node 50. But also causes part of the target model 11 to be unable to be operated, and reduces the application range of federal learning. The application further provides a second embodiment, which solves the problem of protecting the data privacy of the data source side only when the sub-model 14 only relates to the retention node 50 single field is executed.
Example two:
the block chain-based federal learning system also comprises a receiving node 30, a plurality of reservation nodes 50, a cooperative node 40 and a service node 60, and the connection relationship is the same as that of the first embodiment, which is not repeated herein. The service node 60 divides the target model 11 into a plurality of sub-models 14 and a main model 13, the number of the sub-models 14 is the same as the number of neurons on the layer 1 of the target model 11, the input field of the sub-model 14 is a field corresponding to the input layer neuron connected with the corresponding layer 1 neuron, the output of the sub-model 14 is the input number of the corresponding layer 1 neuron, the service node 60 deletes the input layer of the target model 11, changes the input of the layer 1 neuron into the output of the corresponding sub-model 14 to serve as the main model 13, when the plurality of reservation nodes 50 receive the sub-models 14, the connection weight coefficient of the sub-models 14 is randomly changed, the number of the input fields related to the sub-models 14 is judged, and if the input of the sub-models 14 is a single field, the sub-models 14 are judged to be unsafe.
The present embodiment is different from the first embodiment in that when it is determined that the privacy of the sub-model 14 is not safe, the retention node 50 in the present embodiment applies for cooperative modeling to the cooperative node 40. Privacy is maintained when implementing a single field substitution into sub-model 14 through collaborative modeling.
Specifically, the collaborative modeling comprises the following steps:
step a 01) retaining the node 50 to generate a random scaling factor k for a single field;
step A02) multiplying the value of the single field by the proportionality coefficient k and then sending the value as a cooperation value to the cooperation node 40;
step A03) the difference between the value of the single field and the cooperation value is used as a reserved value;
step A04) the cooperative node 40 distributes cooperative weight coefficients for the cooperative values, and the reservation node 50 generates reservation weight coefficients for the reservation values;
step a 05) the output of the submodel 14 is equal to the weighted sum of the cooperation value, the retention value and the constant term;
step a 06), when the service node 60 publishes the loss value, the reservation node 50 regenerates the random scale coefficient k for the single field, updates the cooperation value and the reservation value, and the cooperation node 40 and the reservation node 50 independently update the cooperation weight coefficient and the reservation weight coefficient respectively until the loss value obtained by the service node 60 is smaller than the preset threshold value, thereby completing the training of the target model 11;
step A07), after the target model 11 is trained, the cooperative node 40 sends the cooperative weight coefficient to the corresponding reserved node 50;
step A08), when inputting a new data row to substitute into the target model 11 for prediction, the reservation node 50 obtains the new data row, and sends the value of a single field multiplied by a proportionality coefficient k to the cooperative node 40;
step A09), calculating to obtain a reserved value, substituting the reserved value into the submodel 14 to obtain the output of the submodel 14, and substituting the output of the submodel 14 and the output of the rest submodels into the main model 13 to obtain a prediction result.
The further reservation node 50 not only establishes cooperative modeling for the submodel 14 with a single input field, but applies cooperative modeling for each input field to the cooperative node 40, generates a random proportionality coefficient k for each input field, multiplies the value of the single field by the proportionality coefficient k to serve as a cooperative value, and sends the cooperative value to the cooperative node 40, the difference between the value of the single field and the cooperative value serves as a reservation value, and distributes a cooperative weight coefficient and a reservation weight coefficient respectively, the output of the submodel 14 is the weighted sum of the cooperative value, the reservation value and a constant term of all the connected input fields, the cooperative node 40 sends the cooperative weight coefficient to the corresponding reservation node 50 after the training of the target model 11 is completed, and the reservation node 50 calculates and obtains an equivalent weight coefficient of each input field in the target model 11.
When the connection weight coefficient of the target model 11 learned by the federal is leaked, the submodel 14 with a single input field can directly obtain the true value of the input field by reverse deduction from the intermediate result generated in training, so that the privacy data are leaked. And after the weight coefficients are updated for multiple times, multiple equations can be obtained through intermediate results generated in training, and the values of each input field can be solved through simultaneous equations, so that privacy data are revealed. Specifically, the method comprises the following steps: for a single input field, the true value is x1, the connection weight coefficient is w11, the intermediate result is Q1= x1 × w11, and if the connection coefficient w11 leaks, the value of x1 can be directly obtained from the intermediate result Q1. For multiple input fields, for example, the true values of 3 input fields are x1, x2, and x3, the corresponding connection weight coefficients are w11, w12, and w13, respectively, and the intermediate result Q1= w11 x1+ w12 x2+ w13 x 3. If the values of w11, w12, and w13 leak, the exact values of x1, x2, and x3 cannot be inferred from the single intermediate results. However, after the sub-model 14 is updated according to the gradient values during training, the values of w11, w12 and w13 will change continuously, and an intermediate result Q1 will be calculated respectively. Obtaining the arbitrary 3 times of connection weight coefficients and the intermediate result Q1, 3 equations can be obtained, and combining the 3 equations can obtain accurate values of x1, x2 and x3, so that the privacy data are leaked.
Thus, the current federal learning needs to hide the link weight coefficients of the submodel 14, i.e. to ensure that the link weight coefficients w and the intermediate result Q are kept secret. The participants of federal learning also need to perform homomorphic decryption when exchanging intermediate results. Excessive data confidentiality results in severely reduced federal learning efficiency. Even if the federal learning is trained, the weight coefficient value of the final target model 11 needs to be kept secret, so that the trained model can be used locally and respectively, and the use range is also limited.
In the technical solution provided in this embodiment, each input field is split into a cooperation value and a reserved value, and the cooperation node 40 and the reserved node 50 respectively reserve a cooperation weight coefficient and a reserved weight coefficient, so that the weight coefficient corresponding to the input field is hidden. Specifically, the method comprises the following steps: referring to fig. 6, for each input field, for example, the real value x1 of the input field, it is split into a cooperation value r1 and a reserved value c1, where the cooperation value c1= the real value x1 × scaling factor k, the reserved value r1= the real value x1 — (1-scaling factor k), and the reserved node 50 and the cooperation node 40 generate connection weight coefficients for the cooperation value c1 and the reserved value r1, respectively. For example, the connection weight coefficient with the first neuron in layer 1 is the cooperation weight coefficient u11 and the retention weight coefficient v11, respectively.
Considering only x1, Q1= u11 × c1+ v11 × 1+ b1= u11 × 1 × k + v11 × 1 × 1-k) + b1, i.e., Q1= x1 × (u11 × k + v11 (1-k)) + b1= x1 _ w11 +1. Where _ w11 is an equivalent weight coefficient. As can be seen from the equation, the equivalent weight coefficient _ w11= u11 × k + v11 (1-k). If the connection weight coefficient of the submodel 14 leaks, i.e. the cooperation weight coefficient u11 and the retention weight coefficient v11 leak, the value of the equivalent weight coefficient _ w11 still cannot be obtained by calculation, and the value of x1 cannot be reversely deduced through the intermediate result Q1. The key value that can cause the leakage of the private data is the scaling factor k, which does not need to leave the reservation node 50 all the time, and thus has extremely high security. The cooperative node 40 cannot deduce the proportionality coefficient k and the true value from the cooperative value.
After the service node 60 discloses the loss value each time, the reservation node 50 updates the value of the scaling coefficient k, the updated cooperation value is sent to the cooperative node 40, and the cooperative node 40 and the reservation node 50 independently update the cooperation weight coefficient u11 and the reservation weight coefficient v11, which is equivalent to updating the equivalent weight coefficient _ w11, and is equivalent to that the updating step is no longer linear. The step size of the update does not affect the convergence of the target model 11. Therefore, the federal learning system provided by the embodiment does not need to keep the connection weight coefficient secret, does not need to homomorphically encrypt the intermediate result, and greatly improves the efficiency of federal learning. As shown in fig. 5, considering that the number of input fields corresponding to Q1 is 3, that is, Q1= ∑ ci × u1i + ∑ ri × v1i + b1, the number of variables included in the intermediate result is further increased, and the privacy and security of data can be further ensured.
In this embodiment, the main model 13 performs calculation at the service node 60, and the reservation node 50 substitutes the corresponding cooperation value and the reservation value into the sub-model 14, and sends the obtained result to the service node 60. The service node 60 sums the results sent by the reservation nodes 50 corresponding to each submodel 14 again, and adds the offset value b to obtain the output of the submodel 14. The output of the submodel 14 is substituted into the main model 13, and the calculation is continued, so that the prediction result of the target model 11 can be obtained. If the data line has 100 lines in total, 100 prediction results are obtained, and the 100 prediction results are packaged and sent to the reservation node 50 with the label. The reservation node 50 calculates the loss values for 100 predictions. The loss value is sent to serving node 60 and serving node 60 discloses the loss value. The plurality of reservation nodes 50 and the cooperative node 40 update the connection weight coefficient according to the loss value. The next round of training is performed.
For example, the bank credit card customer attrition model is established, and the bank A and the E-commerce platform B establish federal learning. The customer loss means that the customer logs off the credit card, and the bank customer manager can know the customer demand by contacting the customer in time and provide more services to recover the customer loss. The bank A has the using requirement of a customer loss model, the E-commerce platform B does not need to use the model, but the E-commerce platform B can obtain benefits by participating in federal learning by providing related transaction data, and the bank A can improve the accuracy of customer loss model prediction by participating in federal learning and improve the pertinence of the work of bank customer managers. Firstly, a bank A and an E-business platform B find out a data line of the same customer, namely a data intersection, through the mobile phone number of the user.
Assume that the data intersection is 100 lines, where some customers logout the credit card at bank a, i.e., bank a has the tag data. The data line field of the bank A comprises a user name, a mobile phone number, the number of times of swiping the card in the last month, the amount of swiping the card in the last month and whether the user is sold, and the data line field of the E-commerce platform B comprises a user ID, the mobile phone number, the transaction number of the payment pen of the payment card of the last month and the payment amount of the payment card of the last month. The target model 11 has the input of the previous month card reading times x1, the previous month card reading amount x2, the previous month credit card payment pen transaction number x3 and the previous month credit card payment amount x4, and the tag data of the number of sales right y 1.
The target model 11 is established as a fully connected neural network model. The target model 11 is split into a main model 13 and several sub-models 14. For the first neuron in layer 1, its corresponding sub-model 14 output Q1=Σxi × w1i + b 1. Further co-modeling is performed for each input field, resulting in the output Q1=Σci u1i + ∑ ri v1i + b1 of the submodel 14. In the data of the bank A, the number of times of card swiping in the previous month x1=3 times, and the amount of card swiping in the previous month x2=0.3 ten-thousand yuan, and in the data of the E-commerce platform B, the customer pays the number of transactions with the card in the previous month x3=16 and pays the amount of card in the previous month x4=1.2 ten-thousand yuan. Taking the above month card swiping times x1=3 as an example, the reservation node 50 generates a proportionality coefficient k =0.3, and calculates the obtained cooperation number c1=0.9, the reservation number r1=2.1, the cooperation weight coefficient u11=0.8, the reservation weight coefficient v11=0.3, and the offset value b1= 0.4. Then the output Q1 of submodel 14 =0.9 x 0.8+2.1 x 0.3+0.4=1.35+0.4=3 x 0.45+0.4, i.e. the equivalent weight factor _ w11 is 0.45, in the case where submodel 14 only involves the input field x 1. The equivalent weight coefficient is obtained by calculation under the condition of knowing the real value, and only the reserved node 50 of the bank A can calculate. None of the other reservation nodes 50, collaboration nodes 40, and serving nodes 60 are computationally available.
When the target model 11 is executed 100 times, 100 prediction results are output, the service node 60 sends 100 prediction results to the bank A, the bank A obtains the prediction accuracy rate according to whether the sales field in the data row exists, namely the loss value is obtained, and the service node 60 publishes the loss value. The reservation node 50 of the bank A updates the proportionality coefficient k =0.4, and calculates the number of acquired cooperations c1=1.2 and the number of reservations r1= 1.8. And the reservation node 50 and the cooperation node 40 of the bank A and the E-commerce platform B respectively update corresponding connection weight coefficients. Since the cooperative node 40 cannot control the scaling factor k, and actually cannot control the update step length, in this embodiment, the step length of the cooperative weight factor of the cooperative node 40 should be as small as possible, even the value is unchanged, and the reservation node 50 controls the change of the equivalent weight factor _ w11 according to the scaling factor k and the reservation weight factor. In this embodiment, the cooperative weight coefficient remains unchanged, and still takes the value u11=0.8, the updated retained weight coefficient v11=0.35, the updated offset value b1=0.45, and the output Q1=1.2 × 0.8+1.8 × 0.35+0.45=1.59+0.45=3 × 0.53+0.45 of the recalculated submodel 14, that is, the equivalent weight coefficient _ w11 changes from 0.45 to 0.53. In the embodiment, the weight coefficient of the target model 11 is updated by updating the scale coefficient k, the cooperation weight coefficient and the retention weight coefficient. In each round of training, the proportionality coefficient k changes, so that the real value can be effectively hidden, and the privacy of the real value is kept. The connection weight coefficients and intermediate results, no longer need to be kept secret. After training for a preset number of times, the loss value of the target model 11 reaches below a preset threshold value, and training for federal learning is completed. The bank A and the E-commerce platform B both obtain corresponding rewards. However, since the prepaid token 12 is provided by bank a, bank a pays out the token as a whole, and the e-commerce platform b obtains the token equivalent to the data use right that bank a purchased e-commerce platform b. On the premise of keeping data privacy, circulation of data is promoted. In subsequent use, the bank A and the E-commerce platform B divide the real value into a cooperation value and a reserved value according to the proportion coefficient k, the cooperation weight coefficient and the reserved weight coefficient when the training is finished, and the cooperation values are all sent to the cooperation result and substituted into the trained sub-model 14. The output of the sub-model 14 is sent to the service node 60, the service node 60 substitutes into the main model 13 to obtain the prediction result of the target model 11, and the prediction result is sent to the bank A for use. In this process, there is no need to exchange intermediate results between reservation nodes 50, all of which are processed at serving node 60. Although the embodiment increases the transmission of the cooperation value, the transmission of the intermediate result is reduced, the amount of information to be transmitted is still greatly reduced on the whole, the connection weight coefficient of the target model 11 does not need to be kept secret, the encryption difficulty is reduced, and the efficiency of federal learning is effectively improved.
Example three:
the embodiment provides a further improvement on the basis of the second embodiment. So that the target model 11 can be used on the data source side that is not involved in federal learning. While keeping the privacy of the data and the weighting factors of the target model 11 from being revealed. Namely, when the user uses the target model 11, the federal learning participant can not obtain the data of the user, and the user can not obtain the connection weight coefficient of the target model 11, so that the bidirectional confidentiality of the data and the target model 11 is realized.
Referring to fig. 8, when a new data source wants to use the target model 11, the method includes the following steps:
step B01), establishing a user node 70 by a new data source side, and randomly generating a proportionality coefficient k for each input field by the user node 70;
step B02) transferring tokens to the service node 60;
step B03) the user node 70 submits the scaling factor k for each input field to the reservation node 50;
step B04) the reservation node 50 randomly generates a cooperation weight coefficient for each input field;
step B05) the reservation node 50 sends the cooperation weight coefficient to the cooperative node 40, as shown in fig. 7;
step B06), the reservation node 50 obtains a reservation weight coefficient by calculation according to the equivalent weight coefficient, the proportionality coefficient k and the cooperation weight coefficient;
step B07) feeding back the retention weight coefficients and the constant terms to the user node 70;
step B08) the user node 70 multiplies the value of each input field by the proportionality coefficient k and then sends the multiplied value as a cooperation value to the cooperation node 40;
step B09) the difference between the value of the input field and the cooperation value is saved as a reserved value at the user node 70;
step B10) the user node 70 and the cooperative node 40 multiply the cooperation value and the reserve value of the input field by the cooperation weight coefficient and the reserve weight coefficient, respectively, and add them to the constant term;
step B11), the result obtained is sent to the master model 13 of the service node 60, and the prediction output of the target model 11 is obtained.
Before the step B03), the reservation node 50 extracts the hash value of the reservation weight coefficient and uploads the hash value to the blockchain for storage, after the user node 70 receives the reservation weight coefficient, the hash value of the reservation weight coefficient is extracted and compared with the hash value stored on the blockchain for verification, and if the verification is passed, the service node 60 is notified to transfer a plurality of corresponding tokens to the virtual account of the reservation node 50.
After receiving the cooperation value sent by the user node 70, the cooperative node 40 sends the result of multiplying the cooperation value by the cooperation weight coefficient to the service node 60, and then discards the cooperation weight coefficient. The user node 70 again randomly generates a scaling factor k for each input field and submits it to the reservation node 50 before substituting the next data line into the target model 11. After discarding the cooperative weight coefficients, the user node 70 cannot calculate the next submodel 14, and therefore must send the scaling factor k to the reservation node 50 again and request to obtain new reservation weight coefficients. The reservation node 50 can control the number of times of calling the target model 11 by the user node 70, and the target model 11 is prevented from being leaked.
The bank credit card customer churn model established as in example two is used by a bank to predict churn prediction for a customer in order to determine whether to send a customer manager to contact the customer. The bank C provides data of the customer, namely the number of times of swiping the card in the previous month ux1 and the amount of swiping the card in the previous month ux2, the E-commerce platform C has the transaction number of the payment pen of the card for the previous month credit of the corresponding customer ux3 and the payment amount of the card for the previous month credit of the corresponding customer ux4, and the label data is whether the customer is a seller y 1. If the first neuron in layer 1 connects only the real values ux1, ux1=5 of the input field, and the value of the equivalent weight coefficient _ w11 in the trained target model 11 is 0.53, there are countless combinations of the scaling coefficient k, the cooperative weight coefficient u11, and the retention weight coefficient v11, which make the value of the equivalent weight coefficient _ w11 0.53, as shown in table 2. There are also countless combinations of values of the cooperation weight coefficient u11 and the retention weight coefficient v11 given the scaling factor k by the user node 70. A set of scaling coefficients k, cooperation weight coefficients u11 and retention weight coefficients v11 can thus be generated for each data row between the retention node 50 and the user node 70 while maintaining the sub-model 14 still maintaining the correct connection weight coefficients.
Table 2 several combinations corresponding to the values of the equivalent weight coefficient _ w11
Coefficient of proportionality k Cooperation weight coefficient u11 Retention weight coefficient v11 Equivalent weight coefficient _ w11
0.4 -0.475 1.2 0.53
0.4 0.125 0.8 0.53
0.3 -0.1 0.8 0.53
0.53
The user node 70 sends the scaling factor k =0.4 to the reserved node 50 of bank a, and the user node 70 calculates the cooperation value uc1=2, the reserved value ur1=3, and sends the cooperation value uc1=2 to the cooperative node 40. After receiving the scaling factor k =0.4, the reservation node 50 allocates a cooperation weight factor u11= -0.475 to the cooperative node 40, and after receiving the cooperation weight factor, the cooperative node 40 multiplies the cooperation value uc1=2 by the cooperation weight factor u11= -0.475 and sends the multiplication result to the serving node 60, that is, to-0.95. According to the equivalent weight coefficient _ w11=0.53, the proportionality coefficient k =0.4 and the cooperation weight coefficient u11= -0.475, the reservation weight coefficient v11=1.2 is obtained through calculation, and the reservation node 50 of the bank nail sends the reservation weight coefficient v11=1.2 to the user node 70. Upon receipt, the user node 70 sends the reserved value ur1=3 multiplied by the reserved weight coefficient v11=1.2 to the serving node 60, i.e., 3.6. The values received by the serving node 60 are summed to obtain a result of-0.95 +3.6=2.65, exactly equal to the product of the true value ux1=5 and the equivalent weight coefficient _ w11= 0.53.
In this process, the cooperative node 40 only knows the cooperative value and the cooperative weight coefficient, and cannot recover the true value or obtain the equivalent weight coefficient. The user node 70 knows the cooperation value, the reserved value, the scaling factor k, and the reserved weight factor, but does not know the cooperation weight factor, and therefore cannot obtain the equivalent weight factor, and keeps the privacy of the target model 11. That is, when the user node 70 leaves the reservation node 50, the target model 11 cannot be called correctly, and a correct prediction result is obtained. Although the proportional coefficient k and the retention weight coefficient are known to the retention node 50, the true value owned by the user node 70 cannot be restored because the cooperation value is not known, and the security and privacy of the user data are maintained.
The combined action of the cooperation weight coefficient and the retention weight coefficient is equal to the equivalent weight coefficient, so that the safety of the machine learning model is improved, meanwhile, a data source side which does not participate in the federal learning is enabled to split the data into cooperation number and retention number, the target model 11 can be used under the condition that the weight coefficient of the machine learning model is not obtained and the data is not leaked, the target model 11 which is trained through the federal learning can be used by a participant who participates in the federal learning and a user who does not participate in the federal learning, and the application range of the federal learning is expanded.
The above embodiment is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and other variations and modifications may be made without departing from the technical scope of the claims.

Claims (10)

1. A block chain-based federal learning system is characterized in that,
the method comprises the following steps:
the receiving node is used for receiving the federal learning target model to be trained and the prepaid token, distributing model numbers, receiving data field compositions and data line hash values provided by a data source party, and distributing field numbers and line numbers;
the plurality of reserved nodes are established on a data source side, and data lines of the data source side and corresponding field numbers and line numbers are obtained;
the cooperative node is connected with the receiving node, compares the input field and the label field of the target model with the field composition of the data line, matches the target model with the training data line, and sends the model number and the line number of the training data line to the reserved node of the data source side;
the service node is connected with the reservation node and the cooperative node, the reservation node informs the service node to create a federal learning task after being authorized by a data source party, the federal learning task comprises a model number, a line number, a participating data source party identifier and a corresponding reward, the service node uploads the federal learning task to a block chain for storage, a target model is sent to the corresponding reservation node, the reservation node substitutes data into the target model to obtain an intermediate result, the intermediate result is sent to the service node, the service node collects all the intermediate results to obtain a prediction result of the target model, the prediction result is collected and sent to the reservation node with a label, a loss value is calculated and published, the reservation nodes update the target model according to gradient, the reservation nodes substitute data into the updated target model again until the obtained loss value is smaller than a preset threshold value, and the service node issues rewards and uploads the issuing result to the block chain for storage.
2. The block chain-based federated learning system of claim 1,
the service node divides the target model into a plurality of sub models and a main model, the number of the sub models is the same as the number of neurons of the layer 1 of the target model, the input field of the submodel is the field corresponding to the input layer neuron connected with the corresponding layer 1 neuron, the output of the submodel is the input number of the corresponding layer 1 neuron, the service node deletes the input layer of the target model, changes the input of the layer 1 neuron into the output of the corresponding submodel to be used as a main model, when a plurality of reserved nodes receive the submodel, randomly changing the connection weight coefficient of the submodel, and judging the number of input fields related to the submodel, if the input of the submodel is a single field, and judging that the sub-model privacy is not safe, rejecting the sub-model by the reserved node, and informing the service node to cancel the training of the target model.
3. The block chain-based federated learning system of claim 2,
and after finishing the target model training, the reservation node sends the target model stored locally to the service node, and the service node sends rewards to the data source sides corresponding to the reservation node according to the data line quantity provided by the reservation node in the target model training process and the preset quotation.
4. The block chain-based federated learning system of claim 1,
the service node divides the target model into a plurality of sub-models and a main model, the number of the sub-models is the same as the number of neurons on the layer 1 of the target model, the input field of each sub-model is a field corresponding to the neuron on the input layer connected with the corresponding neuron on the layer 1, the output of each sub-model is the input number of the corresponding neuron on the layer 1, the service node deletes the input layer of the target model, changes the input of the neuron on the layer 1 into the output of the corresponding sub-model and uses the output as the main model, when a plurality of retention nodes receive the sub-models, the connection weight coefficient of the sub-models is randomly changed, the number of the input fields related to the sub-models is judged, if the input of the sub-models is a single field, the sub-models are judged to be unsafe, the retention nodes apply cooperative modeling to the cooperative nodes, and the retention nodes generate random proportionality coefficients k for the single fields, multiplying the value of a single field by a proportionality coefficient k to be used as a cooperation value and sending the cooperation value to a cooperation node, using the difference between the value of the single field and the cooperation value as a reserved value, distributing a cooperation weight coefficient for the cooperation value by the cooperation node, generating a reserved weight coefficient for the reserved value by the reserved node, wherein the output of the submodel is equal to the weighted sum of the cooperation value, the reserved value and a constant item, when the loss value is published by the service node, regenerating a random proportionality coefficient k for the single field by the reserved node, updating the cooperation value and the reserved value, independently updating the cooperation weight coefficient and the reserved weight coefficient by the cooperation node and the reserved node respectively until the loss value obtained by the service node is less than a preset threshold value, finishing the training of the target model, sending the cooperation weight coefficient to the corresponding reserved node by the cooperation node after the training of the target model is finished, and when a new data line is input by, and the reserved node obtains the new data line, multiplies the value of the single field by a proportionality coefficient k and sends the multiplied value to the cooperative node, calculates to obtain a reserved value, substitutes the reserved value into the submodel to obtain the output of the submodel, and substitutes the output of the submodel and the output of the rest submodels into the main model to obtain a prediction result.
5. The block chain-based federated learning system of claim 4,
the method comprises the steps that a reserved node applies for cooperative modeling to a cooperative node for each input field, a random proportional coefficient k is generated for each input field respectively, a value of a single field is multiplied by the proportional coefficient k to serve as a cooperative value to be sent to the cooperative node, the difference between the value of the single field and the cooperative value serves as the reserved value, the cooperative weight coefficient and the reserved weight coefficient are distributed to the cooperative node respectively, the output of the submodel is the weighted sum of the cooperative value, the reserved value and a constant item of all connected input fields, the cooperative weight coefficient is sent to the corresponding reserved node by the cooperative node after the target model is trained, and the equivalent weight coefficient of each input field in the target model is obtained through calculation by the reserved node.
6. The block chain-based federated learning system of claim 5,
when a new data source party wants to use a target model, the new data source party establishes a user node, the user node randomly generates a proportionality coefficient k for each input field and submits the proportionality coefficient k to the reservation node, the reservation node randomly generates a cooperation weight coefficient for each input field, sends the cooperation weight coefficient to the cooperation node, calculates according to the equivalent weight coefficient, the proportionality coefficient k and the cooperation weight coefficient to obtain a reservation weight coefficient, feeds the reservation weight coefficient and a constant item back to the user node, the user node multiplies the value of each input field by the proportionality coefficient k to serve as a cooperation value and sends the cooperation value to the cooperation node, the difference between the value of the input field and the cooperation value serves as a reservation value to be stored in the user node, and the cooperation value and the reservation value of the input field are multiplied by the cooperation weight coefficient and the reservation weight coefficient respectively and then are added to the constant item, and sending the obtained result to the main model of the service node to obtain the prediction output of the target model.
7. The block chain-based federated learning system of claim 6,
the method comprises the steps that before the user node submits a proportionality coefficient k of each input field to a reserved node, a plurality of tokens are transferred to a service node, the reserved node extracts a hash value of a reserved weight coefficient and uploads the hash value to a block chain for storage, after the user node receives the reserved weight coefficient, the hash value of the reserved weight coefficient is extracted and is compared with the hash value stored in the block chain for verification, if the verification is passed, the service node is informed of transferring a plurality of corresponding tokens to a virtual account of the reserved node, the cooperative node receives a cooperative value sent by the user node, after a result of multiplying the cooperative value and the cooperative weight coefficient is sent to the service node, the cooperative weight coefficient is discarded, and before the user node substitutes a next data line to the target model, the proportionality coefficient k is randomly generated for each input field again and submitted to the reserved node.
8. The block chain-based federated learning system of any one of claims 1 to 7,
the receiving node discloses a standard field table, the standard field table records standard field names and corresponding field descriptions, the data source side modifies the field names of the data lines according to the standard field table, and the data field components are submitted to the receiving node.
9. The block chain-based federated learning system of claim 8,
the receiving node and the data source side agree on salt, the data source side adds salt to an external main key field value to extract a hash value serving as an identification value, the field number, the identification value and the row number of the external main key field are submitted to the receiving node, the receiving node discloses the field number, the identification value and the row number, and the cooperative node matches a target model and a training data row according to the field number and the identification value.
10. The block chain-based federated learning system of claim 9,
when the cooperative nodes match the target model and the training data line according to the field numbers and the identification values, the following steps are executed:
obtaining an associated row of each data row according to the identification value, wherein the data row and the associated row have the same identification value; obtaining data field composition of a data line and a related line to form a field set;
if the field set contains all of the input fields and tag fields of the target model, then the data rows and associated rows are matched to the target model.
CN202110973124.8A 2021-08-24 2021-08-24 Block chain-based federal learning system Active CN113420335B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110973124.8A CN113420335B (en) 2021-08-24 2021-08-24 Block chain-based federal learning system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110973124.8A CN113420335B (en) 2021-08-24 2021-08-24 Block chain-based federal learning system

Publications (2)

Publication Number Publication Date
CN113420335A true CN113420335A (en) 2021-09-21
CN113420335B CN113420335B (en) 2021-11-12

Family

ID=77719250

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110973124.8A Active CN113420335B (en) 2021-08-24 2021-08-24 Block chain-based federal learning system

Country Status (1)

Country Link
CN (1) CN113420335B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113704804A (en) * 2021-10-27 2021-11-26 浙江数秦科技有限公司 Privacy calculation method based on heterogeneous neural network model
CN115454654A (en) * 2022-11-11 2022-12-09 中诚华隆计算机技术有限公司 Adaptive resource matching obtaining method and device
CN117408332A (en) * 2023-10-19 2024-01-16 华中科技大学 De-centralized AI training and transaction platform and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111125779A (en) * 2019-12-17 2020-05-08 山东浪潮人工智能研究院有限公司 Block chain-based federal learning method and device
CN111898764A (en) * 2020-06-23 2020-11-06 华为技术有限公司 Method, device and chip for federal learning
CN112329073A (en) * 2021-01-05 2021-02-05 腾讯科技(深圳)有限公司 Distributed data processing method, device, computer equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111125779A (en) * 2019-12-17 2020-05-08 山东浪潮人工智能研究院有限公司 Block chain-based federal learning method and device
CN111898764A (en) * 2020-06-23 2020-11-06 华为技术有限公司 Method, device and chip for federal learning
CN112329073A (en) * 2021-01-05 2021-02-05 腾讯科技(深圳)有限公司 Distributed data processing method, device, computer equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113704804A (en) * 2021-10-27 2021-11-26 浙江数秦科技有限公司 Privacy calculation method based on heterogeneous neural network model
CN115454654A (en) * 2022-11-11 2022-12-09 中诚华隆计算机技术有限公司 Adaptive resource matching obtaining method and device
CN115454654B (en) * 2022-11-11 2023-01-13 中诚华隆计算机技术有限公司 Adaptive resource matching obtaining method and device
CN117408332A (en) * 2023-10-19 2024-01-16 华中科技大学 De-centralized AI training and transaction platform and method

Also Published As

Publication number Publication date
CN113420335B (en) 2021-11-12

Similar Documents

Publication Publication Date Title
CN113420335B (en) Block chain-based federal learning system
EP4120150A1 (en) Calculation method for vertical federated learning, apparatus, device, and medium
CN110971390A (en) Fully homomorphic encryption method for intelligent contract privacy protection
CN107615317A (en) The system and method for block chain transaction record
CN109191272A (en) About the data processing method of electronic bill, device, storage medium and equipment
CN110020541A (en) A kind of the reputation evaluation method and system of the secret protection based on block chain
CN112737772B (en) Security statistical method, terminal device and system for private set intersection data
US11265166B2 (en) Distributed machine learning via secure multi-party computation and ensemble learning
CN111461712A (en) Transaction privacy protection and hierarchical supervision under block chain supply chain financial scenario
WO2022156594A1 (en) Federated model training method and apparatus, electronic device, computer program product, and computer-readable storage medium
CN112600830B (en) Service data processing method and device, electronic equipment and storage medium
CN112508722A (en) Policy information verification method and device based on zero knowledge proof
CN108268799A (en) Data query system and method, storage medium, terminal
CN112232828A (en) Power grid data transaction method and system
CN109685659B (en) Method for supporting offline transaction of block chain hard wallet and hard wallet
US20240179211A1 (en) Computer-implemented system and method for controlling processing steps of a distributed system
CN110502905A (en) A kind of distributed account book method of commerce and system of secret protection
Chin et al. A sealed-bid auction with fund binding: Preventing maximum bidding price leakage
CN113657616B (en) Updating method and device of federal learning model
CN114819197A (en) Block chain alliance-based federal learning method, system, device and storage medium
CN114547684A (en) Method and device for protecting multi-party joint training tree model of private data
CN114331460A (en) Method, device, equipment and storage medium for confirming fund transaction based on block chain
CN113656829A (en) Medical data security sharing method based on lattice code and alliance chain
CN112911018A (en) Block chain-based network community credit investigation management method
CN111369251A (en) Block chain transaction supervision method based on user secondary identity structure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant