CN115766295A - Industrial internet data secure transmission method, device, equipment and medium - Google Patents

Industrial internet data secure transmission method, device, equipment and medium Download PDF

Info

Publication number
CN115766295A
CN115766295A CN202310010963.9A CN202310010963A CN115766295A CN 115766295 A CN115766295 A CN 115766295A CN 202310010963 A CN202310010963 A CN 202310010963A CN 115766295 A CN115766295 A CN 115766295A
Authority
CN
China
Prior art keywords
ciphertext
model update
preset
terminal devices
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310010963.9A
Other languages
Chinese (zh)
Inventor
李贝贝
郭宇清
李佳琦
石雅歆
戴婉莹
简欣娅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Mojia Information Technology Co ltd
Original Assignee
Chengdu Mojia Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Mojia Information Technology Co ltd filed Critical Chengdu Mojia Information Technology Co ltd
Priority to CN202310010963.9A priority Critical patent/CN115766295A/en
Publication of CN115766295A publication Critical patent/CN115766295A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)

Abstract

The invention discloses a method, a device, equipment and a medium for safely transmitting industrial internet data, wherein the method comprises the following steps: the method comprises the steps of sending a preset key pair to a plurality of terminal devices, wherein the preset key pair comprises a private key and a public key, receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public key and corresponding local model parameters, verifying the plurality of ciphertext messages according to a preset consensus committee to obtain a plurality of target local model update ciphertexts, aggregating the plurality of target local model update ciphertexts according to contribution rate sets corresponding to the plurality of terminal devices to generate a global model update ciphertext, and sending the global model update ciphertext to the plurality of terminal devices to enable the terminal devices to decrypt the global model update ciphertext according to the private key to obtain global model update data. Therefore, data encryption transmission based on the CKKS homomorphic encryption algorithm model is achieved, communication links are prevented from being eavesdropped, and data privacy of terminal equipment is protected.

Description

Industrial internet data secure transmission method, device, equipment and medium
Technical Field
The invention relates to the technical field of data transmission, in particular to a method, a device, equipment and a medium for safely transmitting industrial internet data.
Background
Data safety in the industrial production process is a key for realizing reliable production, terminal equipment in the industrial internet can jointly establish a machine learning model based on the federal learning technology so as to realize intellectualization of the terminal equipment, but the gradient information in the transmission process of model data still can reveal privacy data such as equipment running state, return rate, manufacturing state, node position and the like. Therefore, how to avoid the leakage of data privacy in the data transmission process of the industrial internet becomes a problem to be solved urgently.
Disclosure of Invention
Aiming at the technical problem of data privacy disclosure in the prior art, the invention provides a method, a device, equipment and a medium for safe data transmission of an industrial internet.
In order to realize the purpose, the invention is realized by the following technical scheme:
in a first aspect of the embodiments of the present invention, a method for securely transmitting industrial internet data is provided, where the method includes:
sending a preset key pair to a plurality of terminal devices, wherein the preset key pair comprises a private key and a public key;
receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public key and the corresponding local model parameters;
verifying the plurality of ciphertext messages according to a preset consensus committee to obtain a plurality of target local model update ciphertexts;
aggregating the target local model update ciphertexts according to the contribution rate sets corresponding to the terminal devices to generate a global model update cipher text;
and sending the global model update ciphertext to the terminal equipment so that the terminal equipment decrypts the global model update ciphertext according to the private key to obtain global model update data.
Optionally, the method further comprises:
acquiring the private key from a preset binary vector set according to a preset security parameter;
acquiring a first encryption parameter from a preset plaintext space and acquiring a second encryption parameter from a preset uniform random distribution;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the preset key pair according to the public key and the private key.
Optionally, the sending the preset key pair to a plurality of terminal devices includes:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
Optionally, the aggregating the plurality of target local model update ciphertexts according to the contribution rate sets corresponding to the plurality of terminal devices to generate a global model update cipher text includes:
determining the target contribution rate of each target aggregation model update ciphertext according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
Optionally, the verifying the ciphertext information according to a predetermined consensus committee to obtain a target local model update ciphertext includes:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee reaches consensus based on the first ciphertext information, determining that the first ciphertext information is a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
and traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
Optionally, the verifying the plurality of ciphertext information according to a predetermined consensus committee includes:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the pre-established consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the quantity of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
Optionally, the sending the global model update ciphertext to the plurality of terminal devices, so that the plurality of terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data includes:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
In a second aspect of the embodiments of the present invention, an apparatus for securely transmitting industrial internet data is provided, including:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a preset secret key pair to a plurality of terminal devices, and the preset secret key pair comprises a private key and a public key;
the receiving module is used for receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public keys and the corresponding local model parameters;
the obtaining module is used for verifying the ciphertext information according to a preset consensus committee so as to obtain a plurality of target local model update ciphertexts;
the generating module is used for aggregating the target local model update ciphertexts according to the contribution rate sets corresponding to the terminal devices to generate a global model update cipher text;
and the execution module is used for sending the global model update ciphertext to the plurality of terminal equipment so that the terminal equipment decrypts the global model update ciphertext according to the private key to obtain global model update data.
In a third aspect of the embodiments of the present invention, there is provided an electronic device, including:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of any one of the methods of the first aspect of the present disclosure.
In a fourth aspect of the embodiments of the present invention, a computer-readable storage medium is provided, on which computer program instructions are stored, and the program instructions, when executed by a processor, implement the steps of any one of the methods in the first aspect of the present disclosure.
The invention provides a method and a device for safely transmitting industrial internet data, electronic equipment and a storage medium, and compared with the prior art, the method and the device have the following beneficial effects that:
according to the scheme, a preset key pair is sent to a plurality of terminal devices, the preset key pair comprises a private key and a public key, a plurality of ciphertext messages generated by the terminal devices according to the public key and corresponding local model parameters are received, the ciphertext messages are verified according to a preset consensus committee to obtain a plurality of target local model update ciphertexts, the target local model update ciphertexts are aggregated according to contribution rate sets corresponding to the terminal devices to generate a global model update ciphertext, and the global model update ciphertext is sent to the terminal devices to enable the terminal devices to decrypt the global model update ciphertext according to the private key to obtain global model update data. Therefore, data encryption transmission based on the CKKS homomorphic encryption algorithm model is realized, the communication link is prevented from being eavesdropped, and the data privacy of the terminal equipment is protected.
Drawings
Fig. 1 is a flowchart illustrating a method for secure transmission of industrial internet data according to an exemplary embodiment.
Fig. 2 is a block diagram illustrating an apparatus for secure transmission of industrial internet data according to an exemplary embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart illustrating a method for securely transmitting data of an industrial internet according to an exemplary embodiment, and referring to fig. 1, the present invention provides a technical solution: one such method, comprising the following steps.
In step S11, a preset key pair is sent to a plurality of terminal devices, where the preset key pair includes a private key and a public key.
It should be noted that the present embodiment is applied to a mist server, which can be connected to a plurality of terminal devices in a wireless communication manner through an industrial internet. In this embodiment, a secure communication protocol based on the CKKS homomorphic encryption is adopted, and in the data transmission process, the model data needs to be encrypted based on the CKKS secure communication protocol. Wherein, CKKS is a homomorphic algorithm of RLWE (Ring Learning With Errors, based on the on-Ring error Learning problem), and the preset plaintext space for storing model data, that is, the polynomial quotient Ring, is set as:
Figure 403240DEST_PATH_IMAGE001
wherein,
Figure 664589DEST_PATH_IMAGE002
is a ring, and the ring is a hollow ring,
Figure 913167DEST_PATH_IMAGE003
is an integer of any one of the above-mentioned integers,
Figure 167431DEST_PATH_IMAGE004
to a power of 2, the plaintext space of CKKS is the complex phasor space. And set up
Figure 450645DEST_PATH_IMAGE005
Is composed of
Figure 817648DEST_PATH_IMAGE002
Modulo integer
Figure 943736DEST_PATH_IMAGE006
Where RLWE assumes the given form:
Figure 611477DEST_PATH_IMAGE007
when coming from
Figure 827826DEST_PATH_IMAGE008
Uniformly and randomly selecting first encryption parameters
Figure 680245DEST_PATH_IMAGE009
Time of day, encryption parameter
Figure 903416DEST_PATH_IMAGE010
In calculating and
Figure 984635DEST_PATH_IMAGE008
is indistinguishable from the uniform random element of (1), error parameter
Figure 304758DEST_PATH_IMAGE011
From
Figure 203444DEST_PATH_IMAGE002
In the error distribution of (1), a second encryption parameter
Figure 789277DEST_PATH_IMAGE012
From
Figure 533242DEST_PATH_IMAGE002
Extract in upper error distribution, for trueness
Figure 770189DEST_PATH_IMAGE013
Figure 574196DEST_PATH_IMAGE014
Sampling
Figure 667834DEST_PATH_IMAGE015
The coefficients of the vector of (1) are independent of the variance
Figure 215490DEST_PATH_IMAGE016
Discrete gaussian distribution of
Figure 572522DEST_PATH_IMAGE017
Wherein
Figure 813010DEST_PATH_IMAGE014
is a preset uniform random distribution.
Figure 842277DEST_PATH_IMAGE018
Is that
Figure 459203DEST_PATH_IMAGE019
Having Hamming weight therein
Figure 405163DEST_PATH_IMAGE020
A set of signed binary vectors. Therefore, the mapping relationship between the former and the latter is found, so that a complex vector can be represented by a polynomial, otherwise, the complex vector can be restored after decryption. There are quite a few vector-based operations in practical applications, such as summation, dot product, etc., whenOnly one operation is needed to be carried out on the ciphertext, and the separate operation of each component is not needed.
In an example, the method for data security transmission of the industrial internet provided in this embodiment may be applied to transmission of neural network model update data in a terminal device in the industrial internet, in a data transmission system of the industrial internet, this embodiment may be applied to a fog server, a corresponding terminal device may be an edge device disposed on a user side, the fog server establishes data connection with a plurality of edge devices in a wireless communication manner, the fog server generates a preset key pair through a CKKS, and sends the key pair to each edge device through a preset fog node, wherein edge devices with higher daily operation data recognition degree are classified into one type according to data types of daily operation data in each edge device, corresponding fog nodes are set based on the same category of the edge device, in an example, the same fog node may be set for each edge device in the same area according to an area in which the edge device is set, for example, each edge device in the same city is governed by one fog node, and the fog node is set for each fog node according to different types of the preset fog node, and the preset key pair of the fog server is different from each fog node. The preset key pair comprises a private key and a public key which are respectively used for decrypting and encrypting the related data. It should be noted that the edge device may also be other client terminal devices in the industrial internet, and is used to meet a transmission requirement of user-related data in a segment, which is not limited in this embodiment.
Optionally, before step S11, the transmission method further includes:
acquiring the private key from a preset binary vector set according to a preset security parameter;
from a predetermined plaintext space
Figure 816552DEST_PATH_IMAGE002
Obtaining a first encryption parameter, and from a predetermined uniform random distribution
Figure 598695DEST_PATH_IMAGE014
Obtaining a second encryption parameter;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the key pair according to the public key and the private key.
It should be noted that, in the present embodiment, a polynomial quotient ring is set
Figure 488153DEST_PATH_IMAGE021
Record as
Figure 757461DEST_PATH_IMAGE002
Figure 215118DEST_PATH_IMAGE022
Record as
Figure 609190DEST_PATH_IMAGE008
. The following mapping is defined: canonical embedding mappings
Figure 426973DEST_PATH_IMAGE023
Figure 957312DEST_PATH_IMAGE024
Here, the
Figure 582941DEST_PATH_IMAGE025
Represents a polynomial
Figure 464309DEST_PATH_IMAGE026
Is
Figure 85783DEST_PATH_IMAGE004
And (5) carrying out root treatment.
Figure 736207DEST_PATH_IMAGE027
Sub-ring of
Figure 270088DEST_PATH_IMAGE028
. Natural projection mapping
Figure 638753DEST_PATH_IMAGE029
Figure 798338DEST_PATH_IMAGE030
. Can prove that
Figure 834428DEST_PATH_IMAGE031
And
Figure 539209DEST_PATH_IMAGE032
all are full shots, and the inverse of both are written as
Figure 395170DEST_PATH_IMAGE033
Figure 358447DEST_PATH_IMAGE034
Figure 717884DEST_PATH_IMAGE033
Essentially, in solving a linear system of equations with the vandermonde matrix as coefficients,
Figure 859146DEST_PATH_IMAGE034
the vector is conjugated and inverted and connected to the tail of the original vector. Determining preset safety parameters
Figure 936824DEST_PATH_IMAGE035
And according to the preset safety parameter, from a preset binary vector set
Figure 703792DEST_PATH_IMAGE036
Miss sampling to obtain private key
Figure 183315DEST_PATH_IMAGE037
And from a predetermined plaintext space
Figure 492549DEST_PATH_IMAGE002
Obtain a first encryption parameter
Figure 57522DEST_PATH_IMAGE009
And is randomly distributed from a predetermined uniform distribution
Figure 362602DEST_PATH_IMAGE014
To obtain a second encryption parameter
Figure 696631DEST_PATH_IMAGE012
Setting the private key to
Figure 179696DEST_PATH_IMAGE038
The public key is set as
Figure 231966DEST_PATH_IMAGE039
Wherein the parameters are encrypted
Figure 75157DEST_PATH_IMAGE010
Is composed of
Figure 529272DEST_PATH_IMAGE040
Figure 917659DEST_PATH_IMAGE041
Is a model operation. And generating a key pair according to the private key and the public key and sending the key pair to all the terminal equipment
Figure 457225DEST_PATH_IMAGE042
In step S12, a plurality of pieces of ciphertext information generated by the plurality of terminal devices according to the public key and the corresponding local model parameter are received.
It should be noted that in this embodiment, the terminal devices connected to the fog server are all provided with machine learning models for performing model training according to log data stored in the terminal devices, so that the trained models complete corresponding intelligentization. When the log data in the terminal device is changed greatly due to external environmental factors, the machine learning model in the terminal device needs to be updated according to the changed log data to generate local model parameters. Illustratively, after the terminal device receives the key pair sent by the fog server, the key pair is analyzed to generate a private key and a public key corresponding to the terminal device, and the local model parameters are encrypted according to the public key to generate ciphertext information.
Optionally, before the step S12, the method further includes:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
For example, in this embodiment, the machine learning model in each terminal device encrypts the local model parameter generated when the model is updated according to the key pair sent by the fog server to generate ciphertext information, and after the ciphertext information is generated in each terminal device, the ciphertext information is sent to the corresponding fog node, and the ciphertext information is sent to the fog server through the fog node, so that the fog server obtains a plurality of pieces of ciphertext information. Exemplary, terminal device
Figure 104107DEST_PATH_IMAGE043
The calculated local model parameters are
Figure 412728DEST_PATH_IMAGE044
The public key received by the terminal device from the fog server is
Figure 237596DEST_PATH_IMAGE045
By passing from
Figure 998879DEST_PATH_IMAGE002
And initial encryption parameters
Figure 449451DEST_PATH_IMAGE046
The third encryption parameter obtained by sample extraction is:
Figure 612580DEST_PATH_IMAGE047
and the fourth encryption parameter is:
Figure 605419DEST_PATH_IMAGE048
and according to the third encryption parameter, the fourth encryption parameter and the public key, the local model parameter is compared with the local model parameter
Figure 119577DEST_PATH_IMAGE049
Performing encryption to obtain:
Figure 780365DEST_PATH_IMAGE050
+
Figure 125896DEST_PATH_IMAGE051
(
Figure 479517DEST_PATH_IMAGE052
,
Figure 294020DEST_PATH_IMAGE053
wherein,
Figure 86396DEST_PATH_IMAGE054
is shown as
Figure 755274DEST_PATH_IMAGE055
First of a cluster
Figure 483059DEST_PATH_IMAGE056
The relevant parameters and the cryptogram of the individual terminal device,
Figure 581596DEST_PATH_IMAGE057
in order to be the third encryption parameter,
Figure 787450DEST_PATH_IMAGE058
in order to initiate the encryption parameters, a key is used,
Figure 904310DEST_PATH_IMAGE059
in order to be the fourth encryption parameter,
Figure 802996DEST_PATH_IMAGE045
in order to be the public key,
Figure 123250DEST_PATH_IMAGE060
are the parameters of the local model and are,
Figure 132794DEST_PATH_IMAGE061
and
Figure 104161DEST_PATH_IMAGE062
for the ciphertext sub-information generated after encryption,
Figure 173749DEST_PATH_IMAGE004
is a power of 2 and is,
Figure 243948DEST_PATH_IMAGE063
is the ciphertext information. It is worth mentioning that the encrypted messages obtained by encryption are all in
Figure 791604DEST_PATH_IMAGE064
And each terminal device encrypts the local model parameters through the steps to generate ciphertext information, and transmits the ciphertext information to the fog server through the fog nodes.
It should be noted that after receiving ciphertext information fed back by multiple terminal devices, each fog node needs to aggregate the multiple ciphertext information according to a contribution rate of each terminal device, where the contribution rate is a ratio of the number of samples provided by each terminal device to the total number of samples, and the contribution rate of the terminal device is set as follows:
Figure 883057DEST_PATH_IMAGE065
the fog nodes of each cluster will aggregate
Figure 857966DEST_PATH_IMAGE066
Ciphertext information of each terminal device, ciphertext part:
Figure 418392DEST_PATH_IMAGE067
Figure 504159DEST_PATH_IMAGE068
,…,
Figure 450119DEST_PATH_IMAGE069
the polymerization was as follows:
Figure 861508DEST_PATH_IMAGE070
wherein,
Figure 643651DEST_PATH_IMAGE071
for terminal equipment
Figure 329847DEST_PATH_IMAGE072
The rate of contribution of (a) to (b),
Figure 271258DEST_PATH_IMAGE073
for terminal equipment
Figure 712604DEST_PATH_IMAGE072
The corresponding ciphertext information may be the result of,
Figure 106676DEST_PATH_IMAGE004
is a power of 2 and is,
Figure 675192DEST_PATH_IMAGE074
in order to perform the operation of the modulus,
Figure 471110DEST_PATH_IMAGE075
and
Figure 348936DEST_PATH_IMAGE076
for the aggregate ciphertext sub-information generated after the encryption set, wherein
Figure 230304DEST_PATH_IMAGE075
And
Figure 334002DEST_PATH_IMAGE076
can be determined by the following formula:
Figure 984426DEST_PATH_IMAGE077
Figure 767574DEST_PATH_IMAGE078
wherein,
Figure 136239DEST_PATH_IMAGE009
in order to be the first encryption parameter,
Figure 312136DEST_PATH_IMAGE010
for the encryption parameters, other parameters are the same as those in the above embodiments, and reference may be made to the above embodiments, which are not described again. It is worth mentioning that the sample size of each terminal device is set as follows:
Figure 551488DEST_PATH_IMAGE079
when the aggregation is completed, the fog node will
Figure 771116DEST_PATH_IMAGE080
And sending the data to a fog server, and verifying the parameters of the aggregation completion by the fog server through a preset consensus committee in the block chain.
Optionally, the step S12 includes:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee achieves consensus based on the first ciphertext information, determining the first ciphertext information as a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
For example, in this embodiment, for any ciphertext message received by the fog server, any ciphertext message is used as the first ciphertext message, the first ciphertext message is verified by the predetermined consensus committee based on the first ciphertext message, and when the consensus committee achieves consensus through the first ciphertext message, the first ciphertext message is determined as the target local model update ciphertext. And if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information, and traversing the plurality of ciphertext information to generate the plurality of target local model update ciphertexts.
In step S13, the ciphertext information is verified according to a predetermined consensus committee to obtain a target local model update ciphertext.
It should be noted that, in this embodiment, a preset consensus committee is established in the fog server, and is used for verifying each piece of ciphertext information by each consensus member in the preset consensus committee, so as to obtain a plurality of target local model update ciphertexts from each piece of ciphertext information. The members of each preset consensus committee can verify the model update ciphertext by using a consensus mechanism of the preset consensus committee, if the verification is successful, the ciphertext information is determined to achieve consensus, and the target local model update ciphertext is generated according to the ciphertext information.
Optionally, the step S13 includes:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the preset consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the number of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
It is worth mentioning that, in the embodiment, the fog node that completes the aggregation task in the embodiment is illustrated
Figure 627077DEST_PATH_IMAGE081
The second ciphertext information is used as the proposal information, and the information is used as the affair
Figure 75507DEST_PATH_IMAGE010
And broadcasting the transaction in the consensus committee
Figure 700523DEST_PATH_IMAGE082
And
Figure 763157DEST_PATH_IMAGE083
wherein
Figure 168731DEST_PATH_IMAGE084
is and
Figure 607802DEST_PATH_IMAGE081
the corresponding view number is given to the user,
Figure 165954DEST_PATH_IMAGE085
is that
Figure 727385DEST_PATH_IMAGE010
The unique number of (a) is,
Figure 292359DEST_PATH_IMAGE086
is that
Figure 79662DEST_PATH_IMAGE010
The hash digest of (1). Other committee members are receiving
Figure 679270DEST_PATH_IMAGE087
Information post-pair transaction
Figure 411603DEST_PATH_IMAGE010
Performing verification, and broadcasting in the consensus committee when the verification is successful
Figure 463872DEST_PATH_IMAGE088
(preliminary) information, for example:
Figure 57796DEST_PATH_IMAGE089
wherein
Figure 511911DEST_PATH_IMAGE090
The serial numbers of the members, when other members receive the prepared information with set threshold, the preset consensus committee can be ensured to achieve consensus according to the second ciphertext information, and further the consensus is broadcasted
Figure 415145DEST_PATH_IMAGE091
(protocol) information, for example:
Figure 220290DEST_PATH_IMAGE092
each other committee member was allowed to establish a new protocol. If the second ciphertext information is verified by other members, the second ciphertext information is discarded if no consensus can be achieved.
In step S14, according to the contribution rate sets corresponding to the plurality of terminal devices, aggregating the plurality of target local model update ciphertexts to generate a global model update cipher text.
It should be noted that, in this embodiment, the contribution rate set is in the above steps
Figure 352325DEST_PATH_IMAGE065
The consensus committee performs a second aggregation of the multiple target local model update ciphertexts on the same principle, i.e.
Figure 926526DEST_PATH_IMAGE093
Wherein
Figure 735082DEST_PATH_IMAGE094
and
Figure 761944DEST_PATH_IMAGE095
and encrypting the ciphertext sub-information generated after aggregation. And acquiring local model update ciphertexts of each terminal device, and storing the local model update ciphertexts acquired by aggregation as global model update ciphertexts in a global model update block.
Optionally, the step S14 includes:
determining target contribution rates corresponding to the updated ciphertext of each target aggregation model according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
It should be noted that, in this embodiment, after the consensus committee is applied to screen the multiple pieces of ciphertext information through the above steps to obtain the target local model update ciphertext, multiple target contribution rates corresponding to the multiple pieces of target local model update ciphertext are determined according to a preset contribution rate set, and the aggregation mode is applied to perform secondary aggregation on the multiple pieces of target local model update ciphertext through the target contribution rates, so as to generate the global model update ciphertext.
In step S15, the global model update ciphertext is sent to the plurality of terminal devices, so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
In this embodiment, for example, the global model update ciphertext obtained through encryption and aggregation is sent to the corresponding terminal device through the cloud node of the corresponding cluster, so that the terminal device decrypts the global model update ciphertext according to the key to obtain global model update data, updates the machine learning model in the terminal device according to the global model update data, and trains the log data of the terminal device again through the updated machine learning model to generate a new local model update parameter. And repeating the steps based on the new local model updating parameters until the training times reach the preset times or the model parameters are converged. Therefore, the terminal equipment obtains a machine learning model with more individuation, and generates a more accurate model identification result based on the machine learning model.
Optionally, the step S15 includes:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
By way of example, in the present embodiment a private key for a terminal device is given
Figure 963249DEST_PATH_IMAGE037
And global model update ciphertext downloaded from blockchain
Figure 860798DEST_PATH_IMAGE096
Each fog node will
Figure 105835DEST_PATH_IMAGE096
Distribution to terminal devices within a cluster, the terminal devices using their private keys
Figure 619993DEST_PATH_IMAGE037
And (3) decrypting the ciphertext:
Figure 280781DEST_PATH_IMAGE097
wherein,
Figure 170852DEST_PATH_IMAGE071
as a result of the contribution rate of the terminal device,
Figure 727735DEST_PATH_IMAGE094
and
Figure 588244DEST_PATH_IMAGE095
in order to encrypt the ciphertext sub-information generated after aggregation,
Figure 990407DEST_PATH_IMAGE098
is the weight of the base layer or layers,
Figure 737914DEST_PATH_IMAGE011
is an error parameter. Due to the fact thatHere, the global parameter is obtained from an aggregation of local parameters of the respective terminal devices. And finally, according to the updating, each terminal device locally calculates a new global model and starts the next round of training. In the whole process, the parameter information is always transmitted on the communication link in a ciphertext mode, so that an attacker cannot acquire useful information in the data transmission process due to the fact that the useful information cannot be decrypted when the attacker eavesdrops the communication link.
According to the scheme, a preset key pair is sent to a plurality of terminal devices, the preset key pair comprises a private key and a public key, a plurality of ciphertext information generated by the terminal devices according to the public key and corresponding local model parameters is received, the ciphertext information is verified according to a preset consensus committee to obtain a plurality of target local model update ciphertexts, the target local model update ciphertexts are aggregated according to contribution rate sets corresponding to the terminal devices to generate a global model update ciphertext, and the global model update ciphertext is sent to the terminal devices to enable the terminal devices to decrypt the global model update ciphertext according to the private key to obtain global model update data. Therefore, data encryption transmission based on the CKKS homomorphic encryption algorithm model is achieved, communication links are prevented from being eavesdropped, and data privacy of terminal equipment is protected.
Fig. 2 is a block diagram illustrating an industrial internet data security transmission apparatus according to an exemplary embodiment, and as shown in fig. 2, the industrial internet data security transmission apparatus 100 includes: the device comprises a sending module 110, a receiving module 120, an obtaining module 130, a generating module 140 and an executing module 150.
A sending module 110, configured to send a preset key pair to a plurality of terminal devices, where the preset key pair includes a private key and a public key;
a receiving module 120, configured to receive multiple pieces of ciphertext information generated by the multiple terminal devices according to the public key and the corresponding local model parameter;
an obtaining module 130, configured to verify the ciphertext information according to a preset consensus committee, so as to obtain a plurality of target local model update ciphertexts;
a generating module 140, configured to aggregate the multiple target local model update ciphertexts according to the contribution rate sets corresponding to the multiple terminal devices, so as to generate a global model update cipher text;
and the execution module 150 is configured to send the global model update ciphertext to the multiple terminal devices, so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
Optionally, the industrial internet data security transmission apparatus 100 further includes an obtaining module, configured to:
acquiring the private key from a preset binary vector set according to a preset security parameter;
acquiring a first encryption parameter from a preset plaintext space and acquiring a second encryption parameter from a preset uniform random distribution;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the key pair according to the public key and the private key.
Optionally, the sending module 110 is configured to:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
Optionally, the generating module 140 is configured to:
determining target contribution rates corresponding to the updated ciphertext of each target aggregation model according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
Optionally, obtaining module 130 is configured to:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee achieves consensus based on the first ciphertext information, determining the first ciphertext information as a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
and traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
Optionally, the obtaining module 130 is configured to:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the pre-established consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the number of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
Optionally, the executing module 150 is configured to:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
In another exemplary embodiment, a computer program product is also provided, which contains a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned method for secure transmission of industrial internet data when executed by the programmable apparatus.
In light of the foregoing description of the preferred embodiments according to the present application, it is to be understood that various changes and modifications may be made without departing from the spirit and scope of the invention. The technical scope of the present application is not limited to the contents of the specification, and must be determined according to the scope of the claims.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A method for securely transmitting industrial Internet data is characterized by comprising the following steps:
sending a preset key pair to a plurality of terminal devices, wherein the preset key pair comprises a private key and a public key;
receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public key and the corresponding local model parameters;
verifying the plurality of ciphertext information according to a preset consensus committee to obtain a plurality of target local model update ciphertexts;
aggregating the target local model update ciphertexts according to the contribution rate sets corresponding to the terminal devices to generate a global model update cipher text;
and sending the global model update ciphertext to the plurality of terminal devices, so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
2. The secure transmission method of industrial internet data according to claim 1, further comprising:
acquiring the private key from a preset binary vector set according to a preset security parameter;
acquiring a first encryption parameter from a preset plaintext space and acquiring a second encryption parameter from a preset uniform random distribution;
generating the public key according to the first encryption parameter, the second encryption parameter and the private key;
and generating the preset key pair according to the public key and the private key.
3. The method for securely transmitting industrial internet data according to claim 2, wherein the sending the preset key pair to a plurality of terminal devices comprises:
and sending the preset key pair to the plurality of terminal devices, so that the plurality of terminal devices sample and acquire a third encryption parameter from the preset plaintext space according to the public key, acquire a fourth encryption parameter from the preset uniform random distribution, determine an encryption calculation function according to the public key, the third encryption parameter and the fourth encryption parameter, and generate the plurality of ciphertext information according to the local model parameter and the encryption calculation function.
4. The method for securely transmitting industrial internet data according to claim 1, wherein the aggregating the target local model update ciphertexts to generate a global model update cipher text according to the contribution rate sets corresponding to the terminal devices comprises:
determining target contribution rates corresponding to the updated ciphertext of each target aggregation model according to the contribution rate set;
aggregating the plurality of target local models based on the target contribution rates to generate the global model update ciphertext.
5. The method for securely transmitting industrial internet data according to claim 1, wherein the verifying the plurality of ciphertext information according to a predetermined consensus committee to obtain a plurality of target local model update ciphertexts comprises:
for any first ciphertext information in the plurality of ciphertext information, if the preset consensus committee achieves consensus based on the first ciphertext information, determining the first ciphertext information as a target local model update ciphertext;
if the preset consensus committee achieves consensus based on the first ciphertext information, generating a target local model update ciphertext according to the first ciphertext information;
and traversing the plurality of ciphertext messages to generate the plurality of target local model update ciphertexts.
6. The method for securely transmitting industrial internet data according to claim 5, wherein the verifying the plurality of ciphertext information according to a predetermined consensus committee comprises:
for any second ciphertext information of the plurality of ciphertext information, broadcasting the second ciphertext information as suggestion information to a first other member of the preset consensus committee;
broadcasting provisioning information to a second other member of the pre-defined consensus committee if any of the first other members agree to the recommendation information;
and if the number of the prepared information in the preset consensus committee reaches a set threshold value, determining that the preset consensus committee achieves consensus based on the second ciphertext information.
7. The industrial internet data secure transmission method according to claim 1, wherein the sending the global model update ciphertext to the plurality of terminal devices so that the plurality of terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data includes:
and sending the global model update ciphertext to the terminal devices, so that the terminal devices multiply the private key and the global model update ciphertext to obtain the global model update data.
8. An industrial internet data security transmission device, characterized by comprising:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a preset secret key pair to a plurality of terminal devices, and the preset secret key pair comprises a private key and a public key;
the receiving module is used for receiving a plurality of ciphertext messages generated by the plurality of terminal devices according to the public keys and the corresponding local model parameters;
the obtaining module is used for verifying the ciphertext information according to a preset consensus committee so as to obtain a plurality of target local model update ciphertexts;
the generating module is used for aggregating the plurality of target local model update ciphertexts according to the contribution rate sets corresponding to the plurality of terminal devices to generate a global model update cipher text;
and the execution module is used for sending the global model update ciphertext to the plurality of terminal devices so that the terminal devices decrypt the global model update ciphertext according to the private key to obtain global model update data.
9. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method for secure transmission of industrial internet data according to any one of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer program instructions, wherein the program instructions, when executed by a processor, implement the steps of the secure transmission method of industrial internet data according to any one of claims 1 to 7.
CN202310010963.9A 2023-01-05 2023-01-05 Industrial internet data secure transmission method, device, equipment and medium Pending CN115766295A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310010963.9A CN115766295A (en) 2023-01-05 2023-01-05 Industrial internet data secure transmission method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310010963.9A CN115766295A (en) 2023-01-05 2023-01-05 Industrial internet data secure transmission method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN115766295A true CN115766295A (en) 2023-03-07

Family

ID=85348219

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310010963.9A Pending CN115766295A (en) 2023-01-05 2023-01-05 Industrial internet data secure transmission method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115766295A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685783A (en) * 2021-01-05 2021-04-20 西安电子科技大学 Data sharing method supporting privacy protection in financial permission block chain
CN113095510A (en) * 2021-04-14 2021-07-09 深圳前海微众银行股份有限公司 Block chain-based federal learning method and device
CN113344222A (en) * 2021-06-29 2021-09-03 福建师范大学 Safe and credible federal learning mechanism based on block chain
CN113570065A (en) * 2021-07-08 2021-10-29 国网河北省电力有限公司信息通信分公司 Data management method, device and equipment based on alliance chain and federal learning
CN113612598A (en) * 2021-08-02 2021-11-05 北京邮电大学 Internet of vehicles data sharing system and method based on secret sharing and federal learning
US20220245528A1 (en) * 2021-02-01 2022-08-04 Jpmorgan Chase Bank , N.A. Systems and methods for federated learning using peer-to-peer networks
CN115037477A (en) * 2022-05-30 2022-09-09 南通大学 Block chain-based federated learning privacy protection method
CN115270145A (en) * 2022-06-22 2022-11-01 国网河北省电力有限公司信息通信分公司 User electricity stealing behavior detection method and system based on alliance chain and federal learning
CN115310137A (en) * 2022-10-11 2022-11-08 深圳市深信信息技术有限公司 Secrecy method and related device of intelligent settlement system
CN115392487A (en) * 2022-06-30 2022-11-25 中国人民解放军战略支援部队信息工程大学 Privacy protection nonlinear federal support vector machine training method and system based on homomorphic encryption
CN115549888A (en) * 2022-09-29 2022-12-30 南京邮电大学 Block chain and homomorphic encryption-based federated learning privacy protection method

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112685783A (en) * 2021-01-05 2021-04-20 西安电子科技大学 Data sharing method supporting privacy protection in financial permission block chain
US20220245528A1 (en) * 2021-02-01 2022-08-04 Jpmorgan Chase Bank , N.A. Systems and methods for federated learning using peer-to-peer networks
CN113095510A (en) * 2021-04-14 2021-07-09 深圳前海微众银行股份有限公司 Block chain-based federal learning method and device
CN113344222A (en) * 2021-06-29 2021-09-03 福建师范大学 Safe and credible federal learning mechanism based on block chain
CN113570065A (en) * 2021-07-08 2021-10-29 国网河北省电力有限公司信息通信分公司 Data management method, device and equipment based on alliance chain and federal learning
CN113612598A (en) * 2021-08-02 2021-11-05 北京邮电大学 Internet of vehicles data sharing system and method based on secret sharing and federal learning
CN115037477A (en) * 2022-05-30 2022-09-09 南通大学 Block chain-based federated learning privacy protection method
CN115270145A (en) * 2022-06-22 2022-11-01 国网河北省电力有限公司信息通信分公司 User electricity stealing behavior detection method and system based on alliance chain and federal learning
CN115392487A (en) * 2022-06-30 2022-11-25 中国人民解放军战略支援部队信息工程大学 Privacy protection nonlinear federal support vector machine training method and system based on homomorphic encryption
CN115549888A (en) * 2022-09-29 2022-12-30 南京邮电大学 Block chain and homomorphic encryption-based federated learning privacy protection method
CN115310137A (en) * 2022-10-11 2022-11-08 深圳市深信信息技术有限公司 Secrecy method and related device of intelligent settlement system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
林伟伟: "联邦学习开源框架综述" *

Similar Documents

Publication Publication Date Title
US10903991B1 (en) Systems and methods for generating signatures
EP3862956B1 (en) Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
CN108886468B (en) System and method for distributing identity-based key material and certificates
CN110138802B (en) User characteristic information acquisition method, device, block chain node, network and storage medium
EP3987711B1 (en) Authenticated lattice-based key agreement or key encapsulation
CN114219483B (en) Method, equipment and storage medium for sharing block chain data based on LWE-CPBE
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
US20110058672A1 (en) Message deciphering method, system and article
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN111769938B (en) Key management system and data verification system of block chain sensor
CN111865582B (en) Private key offline storage method, system and storage medium based on zero knowledge proof
CN110999202B (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
US9923720B2 (en) Network device configured to derive a shared key
CN112532580B (en) Data transmission method and system based on block chain and proxy re-encryption
CN112997448A (en) Public/private key system with reduced public key size
CN113037499A (en) Block chain encryption communication method and system
CN110365662A (en) Business approval method and device
CN106941404A (en) Cryptographic key protection method and device
CN110383755A (en) The network equipment and trusted third party's equipment
CN116232578A (en) Multi-party collaborative signature system, method and equipment integrating quantum key distribution
CN111565108B (en) Signature processing method, device and system
CN114070549B (en) Key generation method, device, equipment and storage medium
CN110247761B (en) Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner
CN111639937A (en) Digital currency risk management and control method and system
CN109981294A (en) Electronic communication methods and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20230307