CN115766295A - Industrial internet data secure transmission method, device, equipment and medium - Google Patents
Industrial internet data secure transmission method, device, equipment and medium Download PDFInfo
- Publication number
- CN115766295A CN115766295A CN202310010963.9A CN202310010963A CN115766295A CN 115766295 A CN115766295 A CN 115766295A CN 202310010963 A CN202310010963 A CN 202310010963A CN 115766295 A CN115766295 A CN 115766295A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- model update
- preset
- terminal devices
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000005540 biological transmission Effects 0.000 title claims abstract description 27
- 230000004931 aggregating effect Effects 0.000 claims abstract description 12
- 238000004220 aggregation Methods 0.000 claims description 15
- 230000002776 aggregation Effects 0.000 claims description 15
- 238000009826 distribution Methods 0.000 claims description 13
- 239000013598 vector Substances 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 8
- 238000003860 storage Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 9
- 238000004422 calculation algorithm Methods 0.000 abstract description 4
- 238000010801 machine learning Methods 0.000 description 8
- 238000013507 mapping Methods 0.000 description 4
- 238000012549 training Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 241000170489 Upis Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000003595 mist Substances 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 238000006116 polymerization reaction Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000009827 uniform distribution Methods 0.000 description 1
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method, a device, equipment and a medium for safely transmitting industrial internet data, wherein the method comprises the following steps: the method comprises the steps of sending a preset key pair to a plurality of terminal devices, wherein the preset key pair comprises a private key and a public key, receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public key and corresponding local model parameters, verifying the plurality of ciphertext messages according to a preset consensus committee to obtain a plurality of target local model update ciphertexts, aggregating the plurality of target local model update ciphertexts according to contribution rate sets corresponding to the plurality of terminal devices to generate a global model update ciphertext, and sending the global model update ciphertext to the plurality of terminal devices to enable the terminal devices to decrypt the global model update ciphertext according to the private key to obtain global model update data. Therefore, data encryption transmission based on the CKKS homomorphic encryption algorithm model is achieved, communication links are prevented from being eavesdropped, and data privacy of terminal equipment is protected.
Description
Technical Field
The invention relates to the technical field of data transmission, in particular to a method, a device, equipment and a medium for safely transmitting industrial internet data.
Background
Data safety in the industrial production process is a key for realizing reliable production, terminal equipment in the industrial internet can jointly establish a machine learning model based on the federal learning technology so as to realize intellectualization of the terminal equipment, but the gradient information in the transmission process of model data still can reveal privacy data such as equipment running state, return rate, manufacturing state, node position and the like. Therefore, how to avoid the leakage of data privacy in the data transmission process of the industrial internet becomes a problem to be solved urgently.
Disclosure of Invention
Aiming at the technical problem of data privacy disclosure in the prior art, the invention provides a method, a device, equipment and a medium for safe data transmission of an industrial internet.
In order to realize the purpose, the invention is realized by the following technical scheme:
in a first aspect of the embodiments of the present invention, a method for securely transmitting industrial internet data is provided, where the method includes:
sending a preset key pair to a plurality of terminal devices, wherein the preset key pair comprises a private key and a public key;
receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public key and the corresponding local model parameters;
verifying the plurality of ciphertext messages according to a preset consensus committee to obtain a plurality of target local model update ciphertexts;
aggregating the target local model update ciphertexts according to the contribution rate sets corresponding to the terminal devices to generate a global model update cipher text;
and sending the global model update ciphertext to the terminal equipment so that the terminal equipment decrypts the global model update ciphertext according to the private key to obtain global model update data.
Optionally, the method further comprises:
acquiring the private key from a preset binary vector set according to a preset security parameter;
acquiring a first encryption parameter from a preset plaintext space and acquiring a second encryption parameter from a preset uniform random distribution;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the preset key pair according to the public key and the private key.
Optionally, the sending the preset key pair to a plurality of terminal devices includes:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
Optionally, the aggregating the plurality of target local model update ciphertexts according to the contribution rate sets corresponding to the plurality of terminal devices to generate a global model update cipher text includes:
determining the target contribution rate of each target aggregation model update ciphertext according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
Optionally, the verifying the ciphertext information according to a predetermined consensus committee to obtain a target local model update ciphertext includes:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee reaches consensus based on the first ciphertext information, determining that the first ciphertext information is a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
and traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
Optionally, the verifying the plurality of ciphertext information according to a predetermined consensus committee includes:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the pre-established consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the quantity of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
Optionally, the sending the global model update ciphertext to the plurality of terminal devices, so that the plurality of terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data includes:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
In a second aspect of the embodiments of the present invention, an apparatus for securely transmitting industrial internet data is provided, including:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a preset secret key pair to a plurality of terminal devices, and the preset secret key pair comprises a private key and a public key;
the receiving module is used for receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public keys and the corresponding local model parameters;
the obtaining module is used for verifying the ciphertext information according to a preset consensus committee so as to obtain a plurality of target local model update ciphertexts;
the generating module is used for aggregating the target local model update ciphertexts according to the contribution rate sets corresponding to the terminal devices to generate a global model update cipher text;
and the execution module is used for sending the global model update ciphertext to the plurality of terminal equipment so that the terminal equipment decrypts the global model update ciphertext according to the private key to obtain global model update data.
In a third aspect of the embodiments of the present invention, there is provided an electronic device, including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of any one of the methods of the first aspect of the present disclosure.
In a fourth aspect of the embodiments of the present invention, a computer-readable storage medium is provided, on which computer program instructions are stored, and the program instructions, when executed by a processor, implement the steps of any one of the methods in the first aspect of the present disclosure.
The invention provides a method and a device for safely transmitting industrial internet data, electronic equipment and a storage medium, and compared with the prior art, the method and the device have the following beneficial effects that:
according to the scheme, a preset key pair is sent to a plurality of terminal devices, the preset key pair comprises a private key and a public key, a plurality of ciphertext messages generated by the terminal devices according to the public key and corresponding local model parameters are received, the ciphertext messages are verified according to a preset consensus committee to obtain a plurality of target local model update ciphertexts, the target local model update ciphertexts are aggregated according to contribution rate sets corresponding to the terminal devices to generate a global model update ciphertext, and the global model update ciphertext is sent to the terminal devices to enable the terminal devices to decrypt the global model update ciphertext according to the private key to obtain global model update data. Therefore, data encryption transmission based on the CKKS homomorphic encryption algorithm model is realized, the communication link is prevented from being eavesdropped, and the data privacy of the terminal equipment is protected.
Drawings
Fig. 1 is a flowchart illustrating a method for secure transmission of industrial internet data according to an exemplary embodiment.
Fig. 2 is a block diagram illustrating an apparatus for secure transmission of industrial internet data according to an exemplary embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart illustrating a method for securely transmitting data of an industrial internet according to an exemplary embodiment, and referring to fig. 1, the present invention provides a technical solution: one such method, comprising the following steps.
In step S11, a preset key pair is sent to a plurality of terminal devices, where the preset key pair includes a private key and a public key.
It should be noted that the present embodiment is applied to a mist server, which can be connected to a plurality of terminal devices in a wireless communication manner through an industrial internet. In this embodiment, a secure communication protocol based on the CKKS homomorphic encryption is adopted, and in the data transmission process, the model data needs to be encrypted based on the CKKS secure communication protocol. Wherein, CKKS is a homomorphic algorithm of RLWE (Ring Learning With Errors, based on the on-Ring error Learning problem), and the preset plaintext space for storing model data, that is, the polynomial quotient Ring, is set as:
wherein,is a ring, and the ring is a hollow ring,is an integer of any one of the above-mentioned integers,to a power of 2, the plaintext space of CKKS is the complex phasor space. And set upIs composed ofModulo integerWhere RLWE assumes the given form:when coming fromUniformly and randomly selecting first encryption parametersTime of day, encryption parameterIn calculating andis indistinguishable from the uniform random element of (1), error parameterFromIn the error distribution of (1), a second encryption parameterFromExtract in upper error distribution, for trueness,SamplingThe coefficients of the vector of (1) are independent of the varianceDiscrete gaussian distribution ofWhereinis a preset uniform random distribution.Is thatHaving Hamming weight thereinA set of signed binary vectors. Therefore, the mapping relationship between the former and the latter is found, so that a complex vector can be represented by a polynomial, otherwise, the complex vector can be restored after decryption. There are quite a few vector-based operations in practical applications, such as summation, dot product, etc., whenOnly one operation is needed to be carried out on the ciphertext, and the separate operation of each component is not needed.
In an example, the method for data security transmission of the industrial internet provided in this embodiment may be applied to transmission of neural network model update data in a terminal device in the industrial internet, in a data transmission system of the industrial internet, this embodiment may be applied to a fog server, a corresponding terminal device may be an edge device disposed on a user side, the fog server establishes data connection with a plurality of edge devices in a wireless communication manner, the fog server generates a preset key pair through a CKKS, and sends the key pair to each edge device through a preset fog node, wherein edge devices with higher daily operation data recognition degree are classified into one type according to data types of daily operation data in each edge device, corresponding fog nodes are set based on the same category of the edge device, in an example, the same fog node may be set for each edge device in the same area according to an area in which the edge device is set, for example, each edge device in the same city is governed by one fog node, and the fog node is set for each fog node according to different types of the preset fog node, and the preset key pair of the fog server is different from each fog node. The preset key pair comprises a private key and a public key which are respectively used for decrypting and encrypting the related data. It should be noted that the edge device may also be other client terminal devices in the industrial internet, and is used to meet a transmission requirement of user-related data in a segment, which is not limited in this embodiment.
Optionally, before step S11, the transmission method further includes:
acquiring the private key from a preset binary vector set according to a preset security parameter;
from a predetermined plaintext spaceObtaining a first encryption parameter, and from a predetermined uniform random distributionObtaining a second encryption parameter;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the key pair according to the public key and the private key.
It should be noted that, in the present embodiment, a polynomial quotient ring is setRecord as,Record as. The following mapping is defined: canonical embedding mappings,Here, theRepresents a polynomialIsAnd (5) carrying out root treatment.Sub-ring of. Natural projection mapping,. Can prove thatAndall are full shots, and the inverse of both are written as,;Essentially, in solving a linear system of equations with the vandermonde matrix as coefficients,the vector is conjugated and inverted and connected to the tail of the original vector. Determining preset safety parametersAnd according to the preset safety parameter, from a preset binary vector setMiss sampling to obtain private keyAnd from a predetermined plaintext spaceObtain a first encryption parameterAnd is randomly distributed from a predetermined uniform distributionTo obtain a second encryption parameterSetting the private key toThe public key is set asWherein the parameters are encryptedIs composed of,Is a model operation. And generating a key pair according to the private key and the public key and sending the key pair to all the terminal equipment。
In step S12, a plurality of pieces of ciphertext information generated by the plurality of terminal devices according to the public key and the corresponding local model parameter are received.
It should be noted that in this embodiment, the terminal devices connected to the fog server are all provided with machine learning models for performing model training according to log data stored in the terminal devices, so that the trained models complete corresponding intelligentization. When the log data in the terminal device is changed greatly due to external environmental factors, the machine learning model in the terminal device needs to be updated according to the changed log data to generate local model parameters. Illustratively, after the terminal device receives the key pair sent by the fog server, the key pair is analyzed to generate a private key and a public key corresponding to the terminal device, and the local model parameters are encrypted according to the public key to generate ciphertext information.
Optionally, before the step S12, the method further includes:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
For example, in this embodiment, the machine learning model in each terminal device encrypts the local model parameter generated when the model is updated according to the key pair sent by the fog server to generate ciphertext information, and after the ciphertext information is generated in each terminal device, the ciphertext information is sent to the corresponding fog node, and the ciphertext information is sent to the fog server through the fog node, so that the fog server obtains a plurality of pieces of ciphertext information. Exemplary, terminal deviceThe calculated local model parameters areThe public key received by the terminal device from the fog server isBy passing fromAnd initial encryption parametersThe third encryption parameter obtained by sample extraction is:and the fourth encryption parameter is:and according to the third encryption parameter, the fourth encryption parameter and the public key, the local model parameter is compared with the local model parameterPerforming encryption to obtain:
wherein,is shown asFirst of a clusterThe relevant parameters and the cryptogram of the individual terminal device,in order to be the third encryption parameter,in order to initiate the encryption parameters, a key is used,in order to be the fourth encryption parameter,in order to be the public key,are the parameters of the local model and are,andfor the ciphertext sub-information generated after encryption,is a power of 2 and is,is the ciphertext information. It is worth mentioning that the encrypted messages obtained by encryption are all inAnd each terminal device encrypts the local model parameters through the steps to generate ciphertext information, and transmits the ciphertext information to the fog server through the fog nodes.
It should be noted that after receiving ciphertext information fed back by multiple terminal devices, each fog node needs to aggregate the multiple ciphertext information according to a contribution rate of each terminal device, where the contribution rate is a ratio of the number of samples provided by each terminal device to the total number of samples, and the contribution rate of the terminal device is set as follows:the fog nodes of each cluster will aggregateCiphertext information of each terminal device, ciphertext part:,,…,the polymerization was as follows:
wherein,for terminal equipmentThe rate of contribution of (a) to (b),for terminal equipmentThe corresponding ciphertext information may be the result of,is a power of 2 and is,in order to perform the operation of the modulus,andfor the aggregate ciphertext sub-information generated after the encryption set, whereinAndcan be determined by the following formula:
wherein,in order to be the first encryption parameter,for the encryption parameters, other parameters are the same as those in the above embodiments, and reference may be made to the above embodiments, which are not described again. It is worth mentioning that the sample size of each terminal device is set as follows:when the aggregation is completed, the fog node willAnd sending the data to a fog server, and verifying the parameters of the aggregation completion by the fog server through a preset consensus committee in the block chain.
Optionally, the step S12 includes:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee achieves consensus based on the first ciphertext information, determining the first ciphertext information as a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
For example, in this embodiment, for any ciphertext message received by the fog server, any ciphertext message is used as the first ciphertext message, the first ciphertext message is verified by the predetermined consensus committee based on the first ciphertext message, and when the consensus committee achieves consensus through the first ciphertext message, the first ciphertext message is determined as the target local model update ciphertext. And if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information, and traversing the plurality of ciphertext information to generate the plurality of target local model update ciphertexts.
In step S13, the ciphertext information is verified according to a predetermined consensus committee to obtain a target local model update ciphertext.
It should be noted that, in this embodiment, a preset consensus committee is established in the fog server, and is used for verifying each piece of ciphertext information by each consensus member in the preset consensus committee, so as to obtain a plurality of target local model update ciphertexts from each piece of ciphertext information. The members of each preset consensus committee can verify the model update ciphertext by using a consensus mechanism of the preset consensus committee, if the verification is successful, the ciphertext information is determined to achieve consensus, and the target local model update ciphertext is generated according to the ciphertext information.
Optionally, the step S13 includes:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the preset consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the number of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
It is worth mentioning that, in the embodiment, the fog node that completes the aggregation task in the embodiment is illustratedThe second ciphertext information is used as the proposal information, and the information is used as the affairAnd broadcasting the transaction in the consensus committeeAndwhereinis andthe corresponding view number is given to the user,is thatThe unique number of (a) is,is thatThe hash digest of (1). Other committee members are receivingInformation post-pair transactionPerforming verification, and broadcasting in the consensus committee when the verification is successful(preliminary) information, for example:whereinThe serial numbers of the members, when other members receive the prepared information with set threshold, the preset consensus committee can be ensured to achieve consensus according to the second ciphertext information, and further the consensus is broadcasted(protocol) information, for example:each other committee member was allowed to establish a new protocol. If the second ciphertext information is verified by other members, the second ciphertext information is discarded if no consensus can be achieved.
In step S14, according to the contribution rate sets corresponding to the plurality of terminal devices, aggregating the plurality of target local model update ciphertexts to generate a global model update cipher text.
It should be noted that, in this embodiment, the contribution rate set is in the above stepsThe consensus committee performs a second aggregation of the multiple target local model update ciphertexts on the same principle, i.e.Whereinandand encrypting the ciphertext sub-information generated after aggregation. And acquiring local model update ciphertexts of each terminal device, and storing the local model update ciphertexts acquired by aggregation as global model update ciphertexts in a global model update block.
Optionally, the step S14 includes:
determining target contribution rates corresponding to the updated ciphertext of each target aggregation model according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
It should be noted that, in this embodiment, after the consensus committee is applied to screen the multiple pieces of ciphertext information through the above steps to obtain the target local model update ciphertext, multiple target contribution rates corresponding to the multiple pieces of target local model update ciphertext are determined according to a preset contribution rate set, and the aggregation mode is applied to perform secondary aggregation on the multiple pieces of target local model update ciphertext through the target contribution rates, so as to generate the global model update ciphertext.
In step S15, the global model update ciphertext is sent to the plurality of terminal devices, so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
In this embodiment, for example, the global model update ciphertext obtained through encryption and aggregation is sent to the corresponding terminal device through the cloud node of the corresponding cluster, so that the terminal device decrypts the global model update ciphertext according to the key to obtain global model update data, updates the machine learning model in the terminal device according to the global model update data, and trains the log data of the terminal device again through the updated machine learning model to generate a new local model update parameter. And repeating the steps based on the new local model updating parameters until the training times reach the preset times or the model parameters are converged. Therefore, the terminal equipment obtains a machine learning model with more individuation, and generates a more accurate model identification result based on the machine learning model.
Optionally, the step S15 includes:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
By way of example, in the present embodiment a private key for a terminal device is givenAnd global model update ciphertext downloaded from blockchainEach fog node willDistribution to terminal devices within a cluster, the terminal devices using their private keysAnd (3) decrypting the ciphertext:
wherein,as a result of the contribution rate of the terminal device,andin order to encrypt the ciphertext sub-information generated after aggregation,is the weight of the base layer or layers,is an error parameter. Due to the fact thatHere, the global parameter is obtained from an aggregation of local parameters of the respective terminal devices. And finally, according to the updating, each terminal device locally calculates a new global model and starts the next round of training. In the whole process, the parameter information is always transmitted on the communication link in a ciphertext mode, so that an attacker cannot acquire useful information in the data transmission process due to the fact that the useful information cannot be decrypted when the attacker eavesdrops the communication link.
According to the scheme, a preset key pair is sent to a plurality of terminal devices, the preset key pair comprises a private key and a public key, a plurality of ciphertext information generated by the terminal devices according to the public key and corresponding local model parameters is received, the ciphertext information is verified according to a preset consensus committee to obtain a plurality of target local model update ciphertexts, the target local model update ciphertexts are aggregated according to contribution rate sets corresponding to the terminal devices to generate a global model update ciphertext, and the global model update ciphertext is sent to the terminal devices to enable the terminal devices to decrypt the global model update ciphertext according to the private key to obtain global model update data. Therefore, data encryption transmission based on the CKKS homomorphic encryption algorithm model is achieved, communication links are prevented from being eavesdropped, and data privacy of terminal equipment is protected.
Fig. 2 is a block diagram illustrating an industrial internet data security transmission apparatus according to an exemplary embodiment, and as shown in fig. 2, the industrial internet data security transmission apparatus 100 includes: the device comprises a sending module 110, a receiving module 120, an obtaining module 130, a generating module 140 and an executing module 150.
A sending module 110, configured to send a preset key pair to a plurality of terminal devices, where the preset key pair includes a private key and a public key;
a receiving module 120, configured to receive multiple pieces of ciphertext information generated by the multiple terminal devices according to the public key and the corresponding local model parameter;
an obtaining module 130, configured to verify the ciphertext information according to a preset consensus committee, so as to obtain a plurality of target local model update ciphertexts;
a generating module 140, configured to aggregate the multiple target local model update ciphertexts according to the contribution rate sets corresponding to the multiple terminal devices, so as to generate a global model update cipher text;
and the execution module 150 is configured to send the global model update ciphertext to the multiple terminal devices, so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
Optionally, the industrial internet data security transmission apparatus 100 further includes an obtaining module, configured to:
acquiring the private key from a preset binary vector set according to a preset security parameter;
acquiring a first encryption parameter from a preset plaintext space and acquiring a second encryption parameter from a preset uniform random distribution;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the key pair according to the public key and the private key.
Optionally, the sending module 110 is configured to:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
Optionally, the generating module 140 is configured to:
determining target contribution rates corresponding to the updated ciphertext of each target aggregation model according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
Optionally, obtaining module 130 is configured to:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee achieves consensus based on the first ciphertext information, determining the first ciphertext information as a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
and traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
Optionally, the obtaining module 130 is configured to:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the pre-established consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the number of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
Optionally, the executing module 150 is configured to:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
In another exemplary embodiment, a computer program product is also provided, which contains a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned method for secure transmission of industrial internet data when executed by the programmable apparatus.
In light of the foregoing description of the preferred embodiments according to the present application, it is to be understood that various changes and modifications may be made without departing from the spirit and scope of the invention. The technical scope of the present application is not limited to the contents of the specification, and must be determined according to the scope of the claims.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A method for securely transmitting industrial Internet data is characterized by comprising the following steps:
sending a preset key pair to a plurality of terminal devices, wherein the preset key pair comprises a private key and a public key;
receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public key and the corresponding local model parameters;
verifying the plurality of ciphertext information according to a preset consensus committee to obtain a plurality of target local model update ciphertexts;
aggregating the target local model update ciphertexts according to the contribution rate sets corresponding to the terminal devices to generate a global model update cipher text;
and sending the global model update ciphertext to the plurality of terminal devices, so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
2. The secure transmission method of industrial internet data according to claim 1, further comprising:
acquiring the private key from a preset binary vector set according to a preset security parameter;
acquiring a first encryption parameter from a preset plaintext space and acquiring a second encryption parameter from a preset uniform random distribution;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the preset key pair according to the public key and the private key.
3. The method for securely transmitting industrial internet data according to claim 2, wherein the sending the preset key pair to a plurality of terminal devices comprises:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
4. The method for securely transmitting industrial internet data according to claim 1, wherein the aggregating the target local model update ciphertexts to generate a global model update cipher text according to the contribution rate sets corresponding to the terminal devices comprises:
determining target contribution rates corresponding to the updated ciphertext of each target aggregation model according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
5. The method for securely transmitting industrial internet data according to claim 1, wherein the verifying the plurality of ciphertext information according to a predetermined consensus committee to obtain a plurality of target local model update ciphertexts comprises:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee achieves consensus based on the first ciphertext information, determining the first ciphertext information as a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
and traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
6. The method for securely transmitting industrial internet data according to claim 5, wherein the verifying the plurality of ciphertext information according to a predetermined consensus committee comprises:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the preset consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the number of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
7. The industrial internet data secure transmission method according to claim 1, wherein the sending the global model update ciphertext to the plurality of terminal devices so that the plurality of terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data includes:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
8. An industrial internet data security transmission device, characterized by comprising:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a preset secret key pair to a plurality of terminal devices, and the preset secret key pair comprises a private key and a public key;
the receiving module is used for receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public keys and the corresponding local model parameters;
the obtaining module is used for verifying the ciphertext information according to a preset consensus committee so as to obtain a plurality of target local model update ciphertexts;
the generating module is used for aggregating the plurality of target local model update ciphertexts according to the contribution rate sets corresponding to the plurality of terminal devices to generate a global model update cipher text;
and the execution module is used for sending the global model update ciphertext to the plurality of terminal devices so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
9. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method for secure transmission of industrial internet data according to any one of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer program instructions, wherein the program instructions, when executed by a processor, implement the steps of the secure transmission method of industrial internet data according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310010963.9A CN115766295A (en) | 2023-01-05 | 2023-01-05 | Industrial internet data secure transmission method, device, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310010963.9A CN115766295A (en) | 2023-01-05 | 2023-01-05 | Industrial internet data secure transmission method, device, equipment and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115766295A true CN115766295A (en) | 2023-03-07 |
Family
ID=85348219
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310010963.9A Pending CN115766295A (en) | 2023-01-05 | 2023-01-05 | Industrial internet data secure transmission method, device, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115766295A (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112685783A (en) * | 2021-01-05 | 2021-04-20 | 西安电子科技大学 | Data sharing method supporting privacy protection in financial permission block chain |
CN113095510A (en) * | 2021-04-14 | 2021-07-09 | 深圳前海微众银行股份有限公司 | Block chain-based federal learning method and device |
CN113344222A (en) * | 2021-06-29 | 2021-09-03 | 福建师范大学 | Safe and credible federal learning mechanism based on block chain |
CN113570065A (en) * | 2021-07-08 | 2021-10-29 | 国网河北省电力有限公司信息通信分公司 | Data management method, device and equipment based on alliance chain and federal learning |
CN113612598A (en) * | 2021-08-02 | 2021-11-05 | 北京邮电大学 | Internet of vehicles data sharing system and method based on secret sharing and federal learning |
US20220245528A1 (en) * | 2021-02-01 | 2022-08-04 | Jpmorgan Chase Bank , N.A. | Systems and methods for federated learning using peer-to-peer networks |
CN115037477A (en) * | 2022-05-30 | 2022-09-09 | 南通大学 | Block chain-based federated learning privacy protection method |
CN115270145A (en) * | 2022-06-22 | 2022-11-01 | 国网河北省电力有限公司信息通信分公司 | User electricity stealing behavior detection method and system based on alliance chain and federal learning |
CN115310137A (en) * | 2022-10-11 | 2022-11-08 | 深圳市深信信息技术有限公司 | Secrecy method and related device of intelligent settlement system |
CN115392487A (en) * | 2022-06-30 | 2022-11-25 | 中国人民解放军战略支援部队信息工程大学 | Privacy protection nonlinear federal support vector machine training method and system based on homomorphic encryption |
CN115549888A (en) * | 2022-09-29 | 2022-12-30 | 南京邮电大学 | Block chain and homomorphic encryption-based federated learning privacy protection method |
-
2023
- 2023-01-05 CN CN202310010963.9A patent/CN115766295A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112685783A (en) * | 2021-01-05 | 2021-04-20 | 西安电子科技大学 | Data sharing method supporting privacy protection in financial permission block chain |
US20220245528A1 (en) * | 2021-02-01 | 2022-08-04 | Jpmorgan Chase Bank , N.A. | Systems and methods for federated learning using peer-to-peer networks |
CN113095510A (en) * | 2021-04-14 | 2021-07-09 | 深圳前海微众银行股份有限公司 | Block chain-based federal learning method and device |
CN113344222A (en) * | 2021-06-29 | 2021-09-03 | 福建师范大学 | Safe and credible federal learning mechanism based on block chain |
CN113570065A (en) * | 2021-07-08 | 2021-10-29 | 国网河北省电力有限公司信息通信分公司 | Data management method, device and equipment based on alliance chain and federal learning |
CN113612598A (en) * | 2021-08-02 | 2021-11-05 | 北京邮电大学 | Internet of vehicles data sharing system and method based on secret sharing and federal learning |
CN115037477A (en) * | 2022-05-30 | 2022-09-09 | 南通大学 | Block chain-based federated learning privacy protection method |
CN115270145A (en) * | 2022-06-22 | 2022-11-01 | 国网河北省电力有限公司信息通信分公司 | User electricity stealing behavior detection method and system based on alliance chain and federal learning |
CN115392487A (en) * | 2022-06-30 | 2022-11-25 | 中国人民解放军战略支援部队信息工程大学 | Privacy protection nonlinear federal support vector machine training method and system based on homomorphic encryption |
CN115549888A (en) * | 2022-09-29 | 2022-12-30 | 南京邮电大学 | Block chain and homomorphic encryption-based federated learning privacy protection method |
CN115310137A (en) * | 2022-10-11 | 2022-11-08 | 深圳市深信信息技术有限公司 | Secrecy method and related device of intelligent settlement system |
Non-Patent Citations (1)
Title |
---|
林伟伟: "联邦学习开源框架综述" * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10903991B1 (en) | Systems and methods for generating signatures | |
EP3862956B1 (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
CN108886468B (en) | System and method for distributing identity-based key material and certificates | |
CN110138802B (en) | User characteristic information acquisition method, device, block chain node, network and storage medium | |
EP3987711B1 (en) | Authenticated lattice-based key agreement or key encapsulation | |
CN114219483B (en) | Method, equipment and storage medium for sharing block chain data based on LWE-CPBE | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
US20110058672A1 (en) | Message deciphering method, system and article | |
CN112104453B (en) | Anti-quantum computation digital signature system and signature method based on digital certificate | |
CN111769938B (en) | Key management system and data verification system of block chain sensor | |
CN111865582B (en) | Private key offline storage method, system and storage medium based on zero knowledge proof | |
CN110999202B (en) | Computer-implemented system and method for highly secure, high-speed encryption and transmission of data | |
US9923720B2 (en) | Network device configured to derive a shared key | |
CN112532580B (en) | Data transmission method and system based on block chain and proxy re-encryption | |
CN112997448A (en) | Public/private key system with reduced public key size | |
CN113037499A (en) | Block chain encryption communication method and system | |
CN110365662A (en) | Business approval method and device | |
CN106941404A (en) | Cryptographic key protection method and device | |
CN110383755A (en) | The network equipment and trusted third party's equipment | |
CN116232578A (en) | Multi-party collaborative signature system, method and equipment integrating quantum key distribution | |
CN111565108B (en) | Signature processing method, device and system | |
CN114070549B (en) | Key generation method, device, equipment and storage medium | |
CN110247761B (en) | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner | |
CN111639937A (en) | Digital currency risk management and control method and system | |
CN109981294A (en) | Electronic communication methods and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230307 |