CN117272389B - Non-interactive verifiable joint safety modeling method - Google Patents
Non-interactive verifiable joint safety modeling method Download PDFInfo
- Publication number
- CN117272389B CN117272389B CN202311510068.XA CN202311510068A CN117272389B CN 117272389 B CN117272389 B CN 117272389B CN 202311510068 A CN202311510068 A CN 202311510068A CN 117272389 B CN117272389 B CN 117272389B
- Authority
- CN
- China
- Prior art keywords
- client
- training
- ith
- target model
- local
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012549 training Methods 0.000 claims abstract description 69
- 230000004927 fusion Effects 0.000 claims abstract description 52
- 230000002452 interceptive effect Effects 0.000 claims abstract description 29
- 238000004364 calculation method Methods 0.000 claims abstract description 19
- 239000013598 vector Substances 0.000 claims description 9
- 238000010276 construction Methods 0.000 claims description 3
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 239000011159 matrix material Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 14
- 230000003993 interaction Effects 0.000 abstract description 7
- 238000004891 communication Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 31
- 230000002776 aggregation Effects 0.000 description 13
- 238000004220 aggregation Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000004931 aggregating effect Effects 0.000 description 2
- 238000012905 input function Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 101100478633 Escherichia coli O157:H7 stcE gene Proteins 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000001151 other effect Effects 0.000 description 1
- 238000006116 polymerization reaction Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 101150115529 tagA gene Proteins 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/25—Fusion techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Computer Security & Cryptography (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Biology (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a non-interactive verifiable joint safety modeling method, which is characterized in that based on the training of a target model by each local node in each client by respectively applying a corresponding partial local data set, each client executes the first fusion of model parameter sets obtained by each training, then based on the encryption communication design between each client and a server, a service area sequentially carries out fusion and decryption to obtain the final fusion parameter set of the fusion parameter sets obtained by each client training, the joint training of the target model is completed, and the target model after the joint training is obtained; in the implementation of the design scheme, other participants can not obtain the privacy data except the data owner, the privacy safety of the client is effectively ensured, and meanwhile, no additional interaction is needed between the clients, so that the problem of client disconnection is effectively solved, no additional calculation loss is needed, the user can dynamically join or exit, and the efficiency and the safety of the joint modeling are improved.
Description
Technical Field
The invention relates to a non-interactive verifiable joint safety modeling method, and belongs to the technical field of joint modeling.
Background
With the development of multiple data technologies, the data and information amount generated and collected in social activities are rapidly increased, and the collection of sensitive information data, the cooperation of cross-institutions, the business operation of cross-country companies and the like provide new challenges for the traditional modeling method. In order to solve the problems of privacy disclosure and data island, the federal learning technology is widely adopted for safety modeling nowadays, in the federal learning realization process, data of a plurality of participants do not need to be uploaded to a server for training, update parameters are uploaded to the server for aggregation after local training, and a global model after iteration convergence can be further issued to the participants. The modeling method indeed relieves privacy challenges brought by data sensitive applications in the machine learning field, but the potential privacy revealing risk is still faced in the process of executing local user model parameter uploading and server model aggregation, and the training data cannot be sufficiently protected from reasoning attacks of attackers and data reconstruction attacks.
Aiming at the problems, the prior technical scheme mainly adopts a differential privacy or safe multiparty calculation mode to realize joint safety modeling, and adopts the differential privacy scheme to effectively protect the data safety, but has the problem of reduced model precision.
Compared with a differential privacy scheme, the scheme adopting the secure multiparty calculation does not add extra noise in the training process, so that a more accurate model can be obtained, the value of data can be better exerted under the requirement of higher model precision, and a plurality of defects still exist. For example, existing secret sharing techniques require frequent user interactions, fail to handle client-side drop-out situations, and some multiparty computing schemes rely on trusted servers. These limit the efficiency and safety of the solution to some extent.
In addition, some researches try to apply the function encryption technology to federal learning, so that the communication efficiency is effectively improved while the privacy security is ensured. However, most of the existing schemes need a trusted third party to assist, and there is a problem of weight leakage.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a non-interactive verifiable joint security modeling method, which is based on distributed training of multiple local nodes in multiple clients, introduces innovative encryption communication, and enables a server to perform fusion decoding so as to effectively improve the security of the joint modeling process.
The invention adopts the following technical scheme for solving the technical problems: the invention designs a non-interactive verifiable joint safety modeling method, which is based on a server and each client side communicated with the server, and comprises the following steps of A to C, so as to realize joint training construction of a target model;
step A, based on the division correspondence of local data sets owned by each client to local nodes corresponding to the clients, respectively applying corresponding partial local data sets to each local node, training a target model, obtaining model parameter sets obtained by training the target model respectively corresponding to each local node in each client, respectively obtaining fusion parameter sets of model parameter sets obtained by training the target model respectively corresponding to each local node in each client, namely obtaining fusion parameter sets obtained by training the target model respectively corresponding to each client, and then entering step B;
step B, each client encrypts the obtained fusion parameter set respectively, generates a part of decryption key for decryption, and uploads the partial decryption key to a server by combining the data size of the local data set, and then enters the step C;
and C, the server sequentially executes fusion and decryption operations on the data uploaded by the clients respectively to obtain final fusion parameter sets of the target model, wherein the final fusion parameter sets correspond to the fusion parameter sets obtained by training the clients respectively, so that the combined training of the target model is completed, and the target model after the combined training is obtained.
As a preferred technical scheme of the invention: in the step a, based on the model parameter sets obtained by training the target models respectively corresponding to the local nodes in the clients, the following formulas are respectively used for each client:
obtaining target models to train corresponding to local nodes in the clientThe fusion parameter set of the obtained model parameter set is obtained, namely the fusion parameter set obtained by training each client is respectively corresponding to the target model, wherein I is more than or equal to 1 and less than or equal to I, I represents the number of clients, J is more than or equal to 1 and less than or equal to J, J represents the number of local nodes corresponding to the clients, and x is more than or equal to 1 and less than or equal to J i,j Representing the model parameter set obtained by training the jth local node in the ith client corresponding to the target model, |D i,j I represents that the local data set owned by the ith client divides the corresponding partial local data set D to the jth local node of the ith client i,j Data size, x i And representing the fusion parameter set obtained by training the ith client corresponding to the target model.
As a preferred technical scheme of the invention: in the step B, based on that I is more than or equal to 1 and less than or equal to I, wherein I represents the number of clients, each client respectively executes the following steps B1 to B5;
firstly, calling a group generation algorithm to generate (G, p, G) according to a security parameter lambda by an ith client based on a function encryption system; and according to the preset unified label value a of each client, the method comprises the following steps of alpha= (1, a) T Generating a vector alpha; wherein G represents a p-order cyclic group, and G represents a generator of G;
then, the ith client randomly selects one of the one-dimensional vectorsAnd calculate [ alpha ]]=g α ,Randomly selecting a parameter u i ∈Z p Constitute the encryption parameters (G, p, G, [ alpha ] corresponding to the ith client],W i ,[W i α],u i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is p Representing the modular p remaining class integer ring, +.>Representing Z p A 1 x 2 matrix;
finally, the ith client uses the key generation algorithm NIKE. KeyGen of the non-interactive key exchange NIKE system to obtain the parameters (NIKE. Pk) corresponding to the ith client i ,NIKE.sk i ) And calling a function NIZK.setup, and initializing a non-interactive zero knowledge proving system;
step B2. The ith client randomly selects a parameter r i ∈Z p And the ith client terminal is used for generating the encryption parameters (G, p, G, [ alpha ] according to the encryption parameters corresponding to the ith client terminal],W i ,[W i α],u i ) Fusion parameter set x obtained for training thereof i According to t i =r i , Encryption is carried out to obtain an encrypted ciphertext c corresponding to the ith client i ;
B3, based on non-interactive zero knowledge proving system, the ith client side according to the corresponding c i 、W i 、u i Fusion parameter set x obtained by training the same i Executing a function NIZK.Prove to obtain zero knowledge proof pi corresponding to the ith client i And combine with c i 、t i Constitute the data ciphertext ct corresponding to the ith client i (t i ,c i ,π i );
Step B4. calls a key sharing algorithm NIKE.ShareKey of the NIKE system by the ith client based on 1.ltoreq.i, i.noteq.i, to obtain a corresponding parameter NIKE.sk i The parameters NIKE.pk shared with other clients respectively i" Calculation result K between i" And according to T i =∑ i>i" K i" -∑ i<i" K i" Obtain the mask T corresponding to the ith client i Then according to z i =u i +T i Combined with W i Obtaining a partial decryption key sk corresponding to the ith client i (W i ,z i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein, sigma i>i" K i" The calculation results K corresponding to the clients with the serial numbers i' less than the serial numbers i respectively i" Sum, sigma i<i" K i" Clients representing respective sequence numbers i' greater than sequence number iThe end respectively corresponds to the calculation result K i" And (2) a sum of (2);
step B5. the ith client side sends the corresponding data ciphertext ct to it i (t i ,c i ,π i ) Partial decryption key sk i (W i ,z i ) Data volume size D of its local data set i And uploading the I to a server.
As a preferred technical scheme of the invention: the step C comprises the following steps C1 to C4;
step C1, the server uploads data ciphertext ct to each client respectively i (t i ,c i ,π i ) Based on a non-interactive zero knowledge proving system, a verification function NIZK.verify is called to respectively verify the encrypted ciphertext c of each client i If each client encrypts ciphertext c i If the two are reliable, entering a step C2; otherwise, refusing to receive the uploading of each client;
step C2. server uploads partial decryption key sk for each client separately i (W i ,z i ) By z= Σz i Constitute a complete decryption key set sk y (W 1 、…、W i 、…、W I 、z);
Step C3. the server contacts the data ciphertext ct uploaded by each client according to the vector α generated by presetting the unified tag value a of each client i (t i ,c i ,π i ) Calculation ofWherein (1)>[z]=g z Obtaining fusion parameter groups x obtained by uploading training of each client i Log of sum of g C;
Step C4, the server uploads the data size |D of the local data set according to the data size |D of each client i I, pressThe target model obtained by calculation corresponds to the fusion parameter set x obtained by training each client i And (3) the final fusion parameter group X is used for completing the combined training of the target model, and the target model after the combined training is obtained.
As a preferred technical scheme of the invention: in the step a, each client side has a local data set to execute random division correspondence to each local node corresponding to the client side, so as to obtain a part of local data sets corresponding to each local node in each client side.
Compared with the prior art, the non-interactive verifiable joint safety modeling method has the following technical effects:
(1) The invention designs a non-interactive verifiable joint safety modeling method, which is based on the fact that each local node in each client applies the corresponding part of local data set to train a target model, each client executes the first fusion of the model parameter set obtained by each training, then based on the encryption communication design between each client and a server, the service area sequentially carries out fusion and decryption to obtain the final fusion parameter set of the fusion parameter set obtained by each client training, the joint training of the target model is completed, and the target model after the joint training is obtained; in the implementation of the design scheme, other participants can not obtain the privacy data except the data owner, so that the privacy safety of the client is effectively ensured, and meanwhile, no additional interaction is needed between the clients, the problem of client disconnection is effectively solved, no additional calculation loss is needed, the user can dynamically join or exit, and the efficiency and the safety of the joint modeling are improved;
(2) The invention designs a non-interactive verifiable joint security modeling method, which realizes the effect of decentralization, and the realization of ciphertext encryption and decryption functions is realized by communicating the functions with a client and a server without relying on the assistance of a trusted third party mechanism. Avoiding the possibility of revealing encrypted security parameters; the model training setting of the client side is realized without considering the problem of weight leakage; and the invention uses non-interactive zero knowledge proof to ensure the verifiability of the uploading ciphertext.
Drawings
FIG. 1 is a schematic diagram of a hardware architecture of a non-interactive verifiable joint security modeling method of the present invention;
FIG. 2 is a flow chart of a non-interactive verifiable joint security modeling method of the present invention.
Detailed Description
The following describes the embodiments of the present invention in further detail with reference to the drawings.
The invention designs a non-interactive verifiable joint safety modeling method, which has the following ideas:
(1) And carrying out security protection on a target model of the local client, setting a plurality of local nodes below the client for model training, and weighting and aggregating the results to the client, wherein an attacker cannot infer sensitive data even if obtaining client model parameters.
(2) And (3) considering the condition that the server is not trusted or trusted but curious, designing a safer model aggregation method by utilizing a function encryption method, ensuring that all participants except a parameter provider cannot know the uploaded data, and realizing the aggregation of the model parameter safety.
(3) The function encryption is not realized by a trusted third party, and the encryption and decryption and key generation functions are realized at the client and the server. Reducing the interaction times between users by using a non-interaction key exchange technology; and verifying the uploading ciphertext by using zero knowledge proof, so as to realize safe transmission of data.
Based on the above-mentioned thought, in practical application, as shown in fig. 1, based on a server and each client in communication with the server, according to fig. 2, the following steps a to C are executed to implement joint training construction of a target model;
step A, based on the random division correspondence of local data sets owned by each client to local nodes corresponding to the clients, each local node respectively applies a corresponding partial local data set and trains aiming at a target model to obtain model parameter sets obtained by training the target model respectively corresponding to each local node in each client, and then the model parameter sets are respectively trained aiming at each client according to the following formula:
and B, obtaining fusion parameter sets of the target model corresponding to the model parameter sets obtained by training of each local node in the client, namely obtaining fusion parameter sets of the target model corresponding to the client training respectively, and then entering the step B.
Wherein I is more than or equal to 1 and less than or equal to I, I represents the number of clients, J is more than or equal to 1 and less than or equal to J, J represents the number of local nodes corresponding to the clients, and x is the number of local nodes corresponding to the clients i,j Representing the model parameter set obtained by training the jth local node in the ith client corresponding to the target model, |D i,j I represents that the local data set owned by the ith client divides the corresponding partial local data set D to the jth local node of the ith client i,j Data size, x i And representing the fusion parameter set obtained by training the ith client corresponding to the target model.
The design of multiple local nodes in the client, an attacker wants to obtain sensitive information, and needs to infer the number of local nodes generated by the client and the weights divided into the local nodes, but these are all set by the client itself, in which case even if the attacker obtains the client model parameters, no more private information can be obtained.
And B, each client encrypts the obtained fusion parameter set respectively, generates a part of decryption key for decryption, and uploads the partial decryption key to the server by combining the data size of the local data set, and then enters the step C.
In practical application, in the step B, based on I being 1-I and I being 1-I, I represents the number of clients, each client specifically performs the following steps B1-B5.
Firstly, calling a group generation algorithm to generate (G, p, G) according to a security parameter lambda by an ith client based on a function encryption system; and according to the preset unified label value a of each client, the method comprises the following steps of alpha= (1, a) T Generating a vector alpha; wherein,g represents a p-order cyclic group, and G represents a generator of G.
Then, the ith client randomly selects one of the one-dimensional vectorsAnd calculate [ alpha ]]=g α ,Randomly selecting a parameter u i ∈Z p Constitute the encryption parameters (G, p, G, [ alpha ] corresponding to the ith client],W i ,[W i α],u i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is p Representing the modular p remaining class integer ring, +.>Representing Z p And a 1 x 2 matrix.
Finally, the ith client uses the key generation algorithm NIKE. KeyGen of the non-interactive key exchange NIKE system to obtain the parameters (NIKE. Pk) corresponding to the ith client i ,NIKE.sk i ) And calling a function NIZK.setup, and initializing a non-interactive zero knowledge proving system.
Step B2. The ith client randomly selects a parameter r i ∈Z p And the ith client terminal is used for generating the encryption parameters (G, p, G, [ alpha ] according to the encryption parameters corresponding to the ith client terminal],W i ,[W i α],u i ) Fusion parameter set x obtained for training thereof i According to t i =r i , Encryption is carried out to obtain an encrypted ciphertext c corresponding to the ith client i 。
B3, based on non-interactive zero knowledge proving system, the ith client side according to the corresponding c i 、W i 、u i Fusion parameter set x obtained by training the same i Executing a function NIZK.Prove to obtain the corresponding i clientZero knowledge proof pi i And combine with c i 、t i Constitute the data ciphertext ct corresponding to the ith client i (t i ,c i ,π i )。
Step B4. calls a key sharing algorithm NIKE.ShareKey of the NIKE system by the ith client based on 1.ltoreq.i, i.noteq.i, to obtain a corresponding parameter NIKE.sk i The parameters NIKE.pk shared with other clients respectively i" Calculation result K between i" And according to T i =∑ i>i" K i" -∑ i<i" K i" Obtain the mask T corresponding to the ith client i Then according to z i =u i +T i Combined with W i Obtaining a partial decryption key sk corresponding to the ith client i (W i ,z i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein, sigma i>i" K i" The calculation results K corresponding to the clients with the serial numbers i' less than the serial numbers i respectively i" Sum, sigma i<i" K i" The calculation results K corresponding to the clients with the serial numbers i' which are larger than the serial numbers i are shown i" A kind of electronic device.
Step B5. the ith client side sends the corresponding data ciphertext ct to it i (t i ,c i ,π i ) Partial decryption key sk i (W i ,z i ) Data volume size D of its local data set i And uploading the I to a server.
And C, the server sequentially executes fusion and decryption operations on the data uploaded by the clients respectively to obtain final fusion parameter sets of the target model, wherein the final fusion parameter sets correspond to the fusion parameter sets obtained by training the clients respectively, so that the combined training of the target model is completed, and the target model after the combined training is obtained.
In practical applications, the specific design of the step C includes the following steps C1 to C4.
Step C1, the server uploads data ciphertext ct to each client respectively i (t i ,c i ,π i ) Based on a non-interactive zero knowledge proving system, a verification function NIZK.verify is called to respectively verify the encrypted ciphertext of each clientc i If each client encrypts ciphertext c i If the two are reliable, entering a step C2; otherwise, refusing to receive the uploading of each client.
Note that: at this time z= Σz i =∑(u i +T i )=∑u i (K between the ith client and the ith "client according to NIKE mechanism principles i And K i" T is the same as the value of i =∑ i>i" K i" -∑ i<i" K i" So each T i Sum to 0), where the aggregation is simple, the main purpose is for the server to get each u i And, not separately, u i Otherwise, the server can directly decrypt the ciphertext uploaded by each client. Because the server is known to Thus, the server cannot be given a separate u i I.e. the design herein, each T i Corresponding to each client uploading the mask in the server data.
Step C2. server uploads partial decryption key sk for each client separately i (W i ,z i ) By z= Σz i Constitute a complete decryption key set sk y (W 1 、…、W i 、…、W I 、z)。
Step C3. the server contacts the data ciphertext ct uploaded by each client according to the vector α generated by presetting the unified tag value a of each client i (t i ,c i ,π i ) Calculation ofWherein (1)>[z]=g z Obtaining fusion parameter groups obtained by uploading training of each clientx i Log of sum of g C。
Step C4, the server uploads the data size |D of the local data set according to the data size |D of each client i I, press The target model obtained by calculation corresponds to the fusion parameter set x obtained by training each client i And (3) the final fusion parameter group X is used for completing the combined training of the target model, and the target model after the combined training is obtained.
Here, each client encrypts local model parameters by using encryption parameters generated by the server, generates a partial decryption key for decryption, and the server decrypts all ciphertext by using a function decryption key generated by partial decryption key aggregation to obtain a weighted average result of the fusion parameter sets of each client, so that joint modeling is completed, and in the process, the server cannot obtain any sensitive information of the client and cannot reconstruct the model.
In addition, the clients protect the uploaded part of the decryption key information by generating masks by using the public key and the private key of the clients (independent of encrypting the public and private keys). When the key is transmitted to the server for aggregation, the mask sums to zero without other effects on the result. In the mask generation process, interaction of all clients is not needed, and only the public key is required to be broadcasted in the channel.
Design solution in practical implementation, the security of the proposed function cryptosystem depends on Decisional Diffie-Hellman (DDH) assumption in cryptography. The system consists of Setup, keyGen, keyComb, enc, verifyCT and Dec six algorithms, client and server roles. Each client runs the setting and key generation algorithm to generate the corresponding encryption parameters, runs the encryption algorithm to encrypt the model parameters of the client, and the server runs the key aggregation and decryption algorithm to obtain the aggregation result of the ciphertext of the model parameters.
In addition, the scheme utilizes a non-interactive zero knowledge proof method, and the verifiable function is realized through (NIZK.Setup, NIZK.Prove, NIZK.Verify) three-part algorithm combination. The correctness of the ciphertext is ensured by verifying that the ciphertext is related to the participant, so that the receipt of counterfeit or invalid ciphertext is avoided. The mask of each client is calculated according to the non-interactive key exchange principle, and the specific function is realized by (NIKE.Setup, NIKE.KeyGen, NIKE.SharedKey) three-part algorithm.
All functions have the following specific functions:
setup function: initialization is performed. And inputting the security parameters to obtain a main public and private key, a non-interactive zero knowledge proof parameter and a public and private key for non-interactive key exchange. Wherein the public key in the key exchange is known to the whole client.
Enc function: encryption model parameters. And inputting a public and private key and a plaintext to be encrypted to obtain a corresponding ciphertext and zero knowledge proof.
KeyDer function: a partial key is generated. And inputting the main private key and the key exchange private key, and generating a mask according to public keys of other clients to obtain a function decryption part key.
Dkeycomb function: the aggregation generates a key. The input function decrypts the partial key to obtain the complete decryption key.
VerifyCT function: the ciphertext and zero knowledge proof are entered to verify that the ciphertext is associated with the plaintext and the key. If so, outputting 1, and receiving ciphertext by the aggregator; if not, output 0, the aggregator refuses to accept.
Dec function: and inputting the ciphertext and the complete decryption key to obtain a ciphertext aggregate result.
The specific function encryption algorithm is defined as follows.
Wherein a represents the tag value of the client, only clients with the same tag can participate in the process; the labels are different and cannot participate. If an attacker impersonates a client, it is impossible to construct a secret meeting the requirements because he does not know the tagA text; the server is impersonated, the aggregation result of the ciphertext cannot be decrypted, and the data security can be guaranteed to a certain extent. K (K) i" And I-1 key exchange results are obtained for the current client I and the client I'. If the current client sequence i is greater than client i ", K is added i" The method comprises the steps of carrying out a first treatment on the surface of the If less, K is subtracted i" 。T i Mask results calculated for final key exchange, all T i The addition result is zero, no influence is generated on the polymerization result, b i The results are demonstrated for zero knowledge.
The design scheme of the invention changes the original multi-input function encryption system which depends on the trusted third party into a distributed mode, thereby effectively avoiding the situation that the trusted third party is not trusted. The original algorithm is characterized in that an initialization encryption parameter generated by a trusted third party is generated by a user, and a client generates a secret key by itself to encrypt.
For the problem of leakage of the client model caused by weight leakage in the traditional function encryption scheme, the scheme avoids the same problem by improving the client model. The NIZK function in the algorithm utilizes the idea of non-interactive zero knowledge proof, ensures that the ciphertext obtained by the server is related to the plaintext, the secret key and other information under the condition of not adding additional interaction, and realizes the verifiability of the ciphertext. The clients do not need to interact, only one public key irrelevant to encryption is disclosed to generate a mask, and the security of the key is protected.
In the practical application of the design scheme, aiming at a trusted but curious server, only a result obtained by weighting and aggregating model parameters can be obtained, and in addition, privacy information of any client can not be obtained; the scheme uses the thought of a multi-client function encryption system to extend the parameter a shared by the original trusted third party to be the label of the participant, and only the participant with the same label can participate in the multiparty model aggregation at the time; under the condition that the client or the server only needs to have one party as honest and reliable, the impersonation of an external attacker can be avoided. The ciphertext can be verified, so that the condition that a malicious user constructs an invalid ciphertext can be avoided; the client performs model training by dividing a plurality of local nodes according to its own computing power, in which case even if an attacker obtains the client model, it is impossible to obtain more private information because of the aggregation result unless the attacker knows the division result of the client.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the spirit of the present invention.
Claims (2)
1. A non-interactive verifiable joint safety modeling method is characterized in that based on a server and each client side communicated with the server, the following steps A to C are executed to realize joint training construction of a target model;
step A, based on the division correspondence of local data sets owned by each client to local nodes corresponding to the clients, respectively applying corresponding partial local data sets to each local node, training a target model, obtaining model parameter sets obtained by training the target model respectively corresponding to each local node in each client, respectively obtaining fusion parameter sets of model parameter sets obtained by training the target model respectively corresponding to each local node in each client, namely obtaining fusion parameter sets obtained by training the target model respectively corresponding to each client, and then entering step B;
step B, each client encrypts the obtained fusion parameter set respectively, generates a part of decryption key for decryption, and uploads the partial decryption key to a server by combining the data size of the local data set, and then enters the step C;
step C, the server sequentially executes fusion and decryption operations on the data uploaded by the clients respectively to obtain final fusion parameter sets of the target model corresponding to the fusion parameter sets obtained by the client training respectively, so as to complete the joint training of the target model and obtain the target model after the joint training;
in step a, based on the model parameter sets obtained by training the target models respectively corresponding to the local nodes in the clients, the following formulas are respectively used for each client:
obtaining fusion parameter sets of the target models respectively corresponding to the model parameter sets obtained by training of each local node in the client, namely obtaining fusion parameter sets of the target models respectively corresponding to each client training, wherein I is 1.ltoreq.i which is the number of the clients, J is 1.ltoreq.j which is the number of the local nodes corresponding to the clients, and x i,j Representing the model parameter set obtained by training the jth local node in the ith client corresponding to the target model, |D i,j I represents that the local data set owned by the ith client divides the corresponding partial local data set D to the jth local node of the ith client i,j Data size, x i Representing a fusion parameter set obtained by training the ith client corresponding to the target model;
in the step B, based on that I is more than or equal to 1 and less than or equal to I, wherein I represents the number of clients, each client respectively executes the following steps B1 to B5;
firstly, calling a group generation algorithm to generate (G, p, G) according to a security parameter lambda by an ith client based on a function encryption system; and according to the preset unified label value a of each client, the method comprises the following steps of alpha= (1, a) T Generating a vector alpha; wherein G represents a p-order cyclic group, and G represents a generator of G;
then, the ith client randomly selects one of the one-dimensional vectorsAnd calculate [ alpha ]]=g α ,/>Randomly selecting a parameter u i ∈Z p Constitute the encryption parameters (G, p, G, [ alpha ] corresponding to the ith client],W i ,[W i α],u i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is p Representing the modular p remaining class integer ring, +.>Representing Z p A 1 x 2 matrix;
finally, the ith client uses the key generation algorithm NIKE. KeyGen of the non-interactive key exchange NIKE system to obtain the parameters (NIKE. Pk) corresponding to the ith client i ,NIKE.sk i ) And calling a function NIZK.setup, and initializing a non-interactive zero knowledge proving system;
step B2. The ith client randomly selects a parameter r i ∈Z p And the ith client terminal is used for generating the encryption parameters (G, p, G, [ alpha ] according to the encryption parameters corresponding to the ith client terminal],W i ,[W i α],u i ) Fusion parameter set x obtained for training thereof i According to t i =r i , Encryption is carried out to obtain an encrypted ciphertext c corresponding to the ith client i ;
B3, based on non-interactive zero knowledge proving system, the ith client side according to the corresponding c i 、W i 、u i Fusion parameter set x obtained by training the same i Executing a function NIZK.Prove to obtain zero knowledge proof pi corresponding to the ith client i And combine with c i 、t i Constitute the data ciphertext ct corresponding to the ith client i (t i ,c i ,π i );
Step B4. calls a key sharing algorithm NIKE.ShareKey of the NIKE system by the ith client based on 1.ltoreq.i, i.ltoreq.i, i.noteq.i, to obtain a corresponding parameter NIKE.sk thereof i The parameters NIKE.pk shared with other clients respectively i″ Calculation result K between i″ And according to T i =∑ i>i″ K i″ -∑ i<i″ K i″ Obtain the mask T corresponding to the ith client i Then according to z i =u i +T i Combined with W i Obtaining a partial decryption key sk corresponding to the ith client i (W i ,z i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein, sigma i>i″ K i″ The calculation results K corresponding to the clients with the serial numbers i' less than the serial numbers i respectively i″ Sum, sigma i<i″ K i″ The calculation results K corresponding to the clients with the serial numbers i' which are larger than the serial numbers i are shown i″ And (2) a sum of (2);
step B5. the ith client side sends the corresponding data ciphertext ct to it i (t i ,c i ,π i ) Partial decryption key sk i (W i ,z i ) Data volume size D of its local data set i Uploading to a server;
step C includes the following steps C1 to C4;
step C1, the server uploads data ciphertext ct to each client respectively i (t i ,c i ,π i ) Based on a non-interactive zero knowledge proving system, a verification function NIZK.verify is called to respectively verify the encrypted ciphertext c of each client i If each client encrypts ciphertext c i If the two are reliable, entering a step C2; otherwise, refusing to receive the uploading of each client;
step C2. server uploads partial decryption key sk for each client separately i (W i ,z i ) By z= Σz i Constitute a complete decryption key set sk y (W 1 、…、W i 、…、W I 、z);
Step C3. the server contacts the data ciphertext ct uploaded by each client according to the vector α generated by presetting the unified tag value a of each client i (t i ,c i ,π i ) Calculation ofWherein (1)>[z]=g z Obtaining fusion parameter groups x obtained by uploading training of each client i Log of sum of g C;
Step C4, the server uploads the data size |D of the local data set according to the data size |D of each client i I, pressThe target model obtained by calculation corresponds to the fusion parameter set x obtained by training each client i And (3) the final fusion parameter group X is used for completing the combined training of the target model, and the target model after the combined training is obtained.
2. A non-interactively verifiable joint security modeling method in accordance with claim 1, wherein: in the step a, each client side has a local data set to execute random division correspondence to each local node corresponding to the client side, so as to obtain a part of local data sets corresponding to each local node in each client side.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311510068.XA CN117272389B (en) | 2023-11-14 | 2023-11-14 | Non-interactive verifiable joint safety modeling method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311510068.XA CN117272389B (en) | 2023-11-14 | 2023-11-14 | Non-interactive verifiable joint safety modeling method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117272389A CN117272389A (en) | 2023-12-22 |
| CN117272389B true CN117272389B (en) | 2024-04-02 |
Family
ID=89212656
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311510068.XA Active CN117272389B (en) | 2023-11-14 | 2023-11-14 | Non-interactive verifiable joint safety modeling method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117272389B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110601814A (en) * | 2019-09-24 | 2019-12-20 | 深圳前海微众银行股份有限公司 | Federal learning data encryption method, device, equipment and readable storage medium |
| CN112804356A (en) * | 2021-03-30 | 2021-05-14 | 信联科技(南京)有限公司 | Block chain-based networking equipment supervision authentication method and system |
| CN113065934A (en) * | 2021-02-21 | 2021-07-02 | 西安电子科技大学 | Auction method and system with verifiable privacy, computer equipment and application |
| CN114338045A (en) * | 2022-01-14 | 2022-04-12 | 中国人民解放军战略支援部队信息工程大学 | Information data verifiability safety sharing method and system based on block chain and federal learning |
| CN114362940A (en) * | 2021-12-29 | 2022-04-15 | 华东师范大学 | Server-free asynchronous federated learning method for data privacy protection |
| EP4195107A1 (en) * | 2021-12-10 | 2023-06-14 | Fundación Tecnalia Research & Innovation | Method for training an algorithm and method for providing a service based on the trained algorithm |
-
2023
- 2023-11-14 CN CN202311510068.XA patent/CN117272389B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110601814A (en) * | 2019-09-24 | 2019-12-20 | 深圳前海微众银行股份有限公司 | Federal learning data encryption method, device, equipment and readable storage medium |
| CN113065934A (en) * | 2021-02-21 | 2021-07-02 | 西安电子科技大学 | Auction method and system with verifiable privacy, computer equipment and application |
| CN112804356A (en) * | 2021-03-30 | 2021-05-14 | 信联科技(南京)有限公司 | Block chain-based networking equipment supervision authentication method and system |
| EP4195107A1 (en) * | 2021-12-10 | 2023-06-14 | Fundación Tecnalia Research & Innovation | Method for training an algorithm and method for providing a service based on the trained algorithm |
| CN114362940A (en) * | 2021-12-29 | 2022-04-15 | 华东师范大学 | Server-free asynchronous federated learning method for data privacy protection |
| CN114338045A (en) * | 2022-01-14 | 2022-04-12 | 中国人民解放军战略支援部队信息工程大学 | Information data verifiability safety sharing method and system based on block chain and federal learning |
Non-Patent Citations (1)
| Title |
|---|
| 面向联邦学习多服务器模式的非交互可验证安全聚合协议;于婧悦,卞超轶;《北京电子科技学院学报》;第31卷(第2期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117272389A (en) | 2023-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xiong et al. | Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing | |
| Sonnino et al. | Coconut: Threshold issuance selective disclosure credentials with applications to distributed ledgers | |
| Mahmood et al. | An elliptic curve cryptography based lightweight authentication scheme for smart grid communication | |
| Zeng et al. | E-AUA: An efficient anonymous user authentication protocol for mobile IoT | |
| CN109495465B (en) | Privacy set intersection method based on intelligent contracts | |
| Zhang et al. | Privacy-preserving profile matching for proximity-based mobile social networking | |
| He et al. | A pairing‐free certificateless authenticated key agreement protocol | |
| Wu et al. | A new provably secure authentication and key agreement protocol for SIP using ECC | |
| Sun et al. | A provable authenticated group key agreement protocol for mobile environment | |
| CN107947913A (en) | The anonymous authentication method and system of a kind of identity-based | |
| CN104184588B (en) | The undetachable digital signatures method of identity-based | |
| Ma et al. | Distributed access control with adaptive privacy preserving property for wireless sensor networks | |
| CN107659395A (en) | The distributed authentication method and system of identity-based under a kind of environment of multi-server | |
| CN108600174B (en) | Access control mechanism of large cooperative network and implementation method thereof | |
| Nam et al. | DDH-based group key agreement in a mobile environment | |
| US10630476B1 (en) | Obtaining keys from broadcasters in supersingular isogeny-based cryptosystems | |
| CN109639439A (en) | A kind of ECDSA digital signature method based on two sides collaboration | |
| CN116933899A (en) | Data security aggregation method and system based on multiple homomorphism attributes | |
| CN110011803A (en) | A kind of method that two side of lightweight SM2 cooperates with generation digital signature | |
| Xin et al. | Quantum public-key designated verifier signature | |
| Abouelkheir et al. | Pairing free identity based aggregate signcryption scheme | |
| CN115442050A (en) | Privacy protection federal learning method based on SM9 algorithm | |
| Huang et al. | A conference key agreement protocol with fault-tolerant capability | |
| CN116011014A (en) | Privacy computing method and privacy computing system | |
| CN106850584B (en) | A kind of anonymous authentication method of curstomer-oriented/server network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |