KR20160041028A - A method and system for privacy preserving matrix factorization - Google Patents

Abstract

A method and system for securely profiling items through matrix decomposition for use in recommendation systems includes receiving as input a set of records including tokens and items without learning the content of any individual record and; Based on matrix decomposition for a set of records to generate item profiles in a privacy-protected manner with respect to at least one item without learning the contents of any information or any individual records extracted from the records other than the item profiles Start by designing and evaluating distortion circuits. The system comprises three parties, a database or a plurality of users representing a source for records; And a recommender system for evaluating the circuit, so that any information extracted from the records other than the records and item profiles is kept secret from parties other than their sources do.

Description

[0001] METHOD AND SYSTEM FOR PRIVATIZATION OF PRIVACY PROTECTION MATRIX [0002] METHOD AND SYSTEM FOR PRIVATE PRESERVING MATRIX FACTORIZATION [

Cross-reference to related applications

This application is a continuation-in-part of Serial No. 61/864088, entitled " A METHOD AND SYSTEM FOR PRIVACY PRESERVING MATRIX FACTORIZATION, " filed August 9, 2013, Serial No. 61/864085 entitled " A METHOD AND SYSTEM FOR PRIVACY PRESERVING COUNTING "; Serial No. 61/864094 entitled " A METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATION TO RATING CONTRIBUTING USERS BASED ON MATRIX FACTORIZATION "; And 61 / 864,098 entitled " A METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATION BASED ON MATRIX FACTORIZATION AND RIDGE REGRESSION ". This application is further described in PCT Patent Application No. PCT / US13 / 76353 entitled " A METHOD AND SYSTEM FOR PRIVACY PRESERVING COUNTING ", filed December 19, 2013, Quot; PRIVACY-PRESERVING LINEAR AND RIDGE REGRESSION ", which claims priority to US patent application Ser. No. 61 / 772,404. The provisional application and the PCT application are expressly incorporated by reference herein in their entirety for all purposes.

Technical field

The principles of the present disclosure relate to privacy-protected recommendation systems and secure multi-party computation, and particularly to privacy-preserving fashion for profiling items, and to performing a collaborative filtering technique known as matrix factorization.

In the past decades, tremendous research and commercial activity has led to widespread use of referral systems. These systems provide users with personalized recommendations for many kinds of items such as movies, TV shows, music, books, hotels, restaurants, and the like. Figure 1 illustrates the components of a general recommendation system 100, that is, a plurality of users < RTI ID = 0.0 > (RecSys) < / RTI > 130 representing a source and recommender system (RecSys) 130 that processes user inputs 120 and outputs recommendations 140 (110). To receive useful recommendations, users supply important personal information about their preferences (users' inputs), believing that the recommender will manage this data appropriately.

Nevertheless, a study by B. Mobasher, R. Burke, R. Bhaumik, and C. Williams ("Toward trustworthy recommender systems: an analysis of attack models and algorithm robustness.", ACM Trans. , 2007), and E. A'imeur, G. Brassard, JM Fernandez, and FSM Onana ("ALAMBIC: A privacy-preserving recommender system for electronic commerce" , 2008) have identified a number of ways in which recommenders exploit this information or expose users to privacy threats. Recommenders are often tempted to reproduce the data for profit, as well as to extract more information than is intentionally released by the user. For example, records of user preferences that are not normally perceived as sensitive, such as a movie rating or an individual's TV viewing history, can be used to infer a user's political affiliation, gender, and the like. Personal information that can be deduced from the data in the referral system is evolving as malicious or good intentions are developed as new data mining and reasoning methods are developed. Extremely, records of user preferences can even be used to uniquely identify a user: A. Naranyan and V. Shmatikov, in "Robust de-anonymization of large sparse datasets," in IEEE S & P, This was demonstrated by de-anonymizing the data set. Thus, even if the recommender is not malicious, the unintentional leakage of such data makes it susceptible to attacks by users, such as attacks using one database as ancillary information and endangering privacy in different databases.

It is of interest to build a recommendation system that does not explicitly expose users' personal data, as future speculative threats, accidental information leaks, or internal threats (intentional leaks) are not always predictable. There are no practical recommendation systems that operate on encrypted data today. In addition, it is of interest to build recommenders that can profile items without ever knowing what users are offering, or even what users have rated. The principles herein suggest such a security recommendation system.

The principles of the present application propose a method for securely performing collaborative filtering techniques known as matrix decomposition in a privacy-protected manner to profile items. In particular, the method can be used subsequently to receive evaluations given by users to items (e. G., Movies, books) as input and to predict which evaluation the user may give to each item Create a profile for each item in the list. The principles herein allow the recommender system to perform this task without knowledge of the user's assessments, or even what the user has rated based on the matrix decomposition.

According to an aspect of the principles herein, a method is provided for securely profiling items through matrix decomposition, the method comprising: receiving a set of records (220) from a source, A set of items, each record kept secret from parties other than the source; Receiving (360) at least one separate item; And evaluating (395) at least one discrete item and a set of records in the recommender (RecSys) 230 by using a garbled circuit based on matrix decomposition, the output of the distortion circuit Item profiles for at least one separate item. The method includes designing (360) a distortion circuit in a Crypto-System Provider (CSP) to perform a matrix decomposition on a set of records (380) and at least one separate item, Outputting the item profiles of the separate items of the item; And transmitting (385) the distortion circuit to the RecSys. The designing step in the method may include: designing 382 a matrix decomposition operation as a Boolean circuit. The method of designing a matrix decomposition circuit in a method includes: configuring (410) an array of sets of records; 440, 470, and 490 for the array, copy operations 430 and 450, update operations 470 and 480, compare operation 480, and calculation operations of gradient contributions 460 ). ≪ / RTI > The method may further comprise receiving a set of parameters for the design of the distortion circuit by the CSP, and the parameters are transmitted by RecSys (330).

According to an aspect of the principles herein, the method may further comprise encrypting a set of records to generate encrypted records (330), wherein encrypting is performed prior to receiving the set of records. The method may be such that public cryptographic keys are generated in the CSP 320 and transmitted to the source. The method includes generating public cryptographic keys in a CSP; And transmitting (320) keys to the source. The encryption scheme may be partially perpetual encryption 330, and the method may include: masking the encrypted records in RecSys to generate (340) masked records; And decrypting the masked records in the CSP to generate decrypted-masked records (350). The design step 380 in the method may include: unmasking them in the distortion circuit before processing the decrypted-masked records. The method may further comprise performing (392) oblivious transfers 390 between the CSP and the RecSys, the RecSys receiving the distorted values of the decrypted-masked records, Are kept private from RecSys and CSP.

According to an aspect of the principles herein, the method may further comprise receiving a plurality of tokens and items of each record 220, 310. The method also includes padding each record with null entries when the number of tokens of each record is less than a value representing the maximum value to produce records having a number of tokens equal to the value (Step 312). The source of a set of records in the method may be one of a set of databases and users 210, each user being a source of one record, each record being a secret from a party other than its corresponding user Lt; / RTI >

According to an aspect of the principles of the present disclosure there is provided a system for securely profiling items through matrix decomposition, the system comprising a source to provide a set of records, a cryptographic service provider (CSP) And a RecSys for evaluating the records so that the records are kept private from parties other than the source, the source, the CSP and the RecSys each comprising: a processor 602 for receiving at least one input / output 604; And at least one memory (606, 608) in signal communication with the processor, wherein the processor of the RecSys: receives a set of records, each record comprising a set of tokens and a set of items, Kept secret -; Receive at least one separate item; And to evaluate a set of records and at least one separate item using a distortion circuit based on matrix decomposition, the output of the distortion circuit being item profiles for at least one separate item. The processor of the CSP in the system: designing a distortion circuit to perform a matrix decomposition of a set of records and at least one separate item, the distortion circuit outputting item profiles for at least one separate item; And to deliver a distortion circuit to RecSys. The processor of the CSP in the system may be configured to design a distortion circuit by being configured to design the matrix decomposition operation as a Boolean circuit. The processor of the CSP in the system configuring the array of sets of records; And to perform a calculation operation of the classification operation, the copy operation, the update operation, the comparison operation, and the slope contributions for the array. The processor of the CSP in the system may be further configured to receive a set of parameters for the design of the distortion circuit, and the parameters are transmitted by the RecSys.

According to an aspect of the principles herein, a source processor in the system may be configured to encrypt the set of records before generating a set of records to generate encrypted records. The processor of the CSP in the system further generates public cryptographic keys; And transmit the keys to the source. The encryption scheme may be partially perturbed encryption and the processor of RecSys may further be configured to: mask the encrypted records to generate the masked records; The processor of the CSP may further be configured to decrypt the masked records to generate decrypted-masked records. The processor of the CSP in the system may be further configured to design the distortion circuitry to unmask them in the distortion circuit before processing the decrypted-masked records. The processor of the RecSys and the processor of the CSP can be further configured to perform indeterminate transmissions, the RecSys receives the distortion values of the decrypted-masked records, and the records remain private from the RecSys and CSP .

According to an aspect of the principles herein, the processor of the RecSys in the system may additionally be configured to receive a plurality of tokens of each record, and a plurality of tokens are transmitted by the source. The source processor in the system is configured to: pad each record with null entries to produce records having the same number of tokens as the value when the number of tokens in each record is less than the value representing the maximum value . If the source of the set of records may be one of a set of databases and users, and the source is a set of users, each user may have a processor 602 for receiving at least one input / output 604; And at least one memory (606, 608), each user is a source of one record, and each record is kept secret from parties other than its corresponding user.

Additional features and advantages of the principles herein will become apparent from the following detailed description of illustrative embodiments which will be developed in connection with the accompanying drawings.

The principles herein may be better understood in accordance with the following illustrative figures, which are briefly described below.
Figure 1 illustrates components of a prior art recommendation system.
2 illustrates components of a recommendation system in accordance with the principles of the present disclosure.
Figures 3a, 3b and 3c illustrate a flow chart of a privacy-protection method for profiling items through matrix decomposition according to the principles of the present disclosure.
Figures 4A, 4B and 4C illustrate a flow diagram of a matrix decomposition algorithm according to the principles of the present disclosure.
Figures 5 (A) and 5 (B) illustrate a data structure S constructed by a matrix decomposition algorithm according to the principles of the present application.
Figure 6 illustrates a block diagram of a computing environment used to implement the principles of the present disclosure.

According to the principles herein, a method is provided for securely performing collaborative filtering techniques known as matrix decomposition in a privacy-protected manner to profile items.

The method of principles herein may serve as a service for profiling at least one item in a corpus of records, each record including tokens and a set of items. The set or record contains more than one record, and the set of tokens includes at least one token. A typical descriptor will recognize in the above example that a record can represent a user; The tokens may be user evaluations of corresponding items in the record. The tokens may also represent rankings, weights, or measures associated with the items, and the items may represent people, tasks, or occupations. For example, rankings, weights, or measures may be associated with an individual's health and the researcher attempts to correlate the health measures of the population. Or they can be associated with individual productivity, and the company tries to predict a schedule for a particular job based on its previous history. However, in order to ensure the privacy of the individuals concerned, the service wants to do so without knowing any information extracted from the records, rather than the content or item profiles of each record. In particular, the service is configured to (a) determine which records each token / item appeared in, or more strongly, (b) which tokens / items appear in each record, and (c) You should not. In the following, terms and words such as "privacy-protected "," personal ", and "secure" are used interchangeably to denote that information deemed to be private by the user (record) Is used.

There are several challenges associated with performing matrix decomposition in a privacy-protected manner. First, in order to address privacy concerns, matrix decomposition must be performed without any knowledge of the recommendations by the user's assessments, or even by what users have rated them. The latter requirement is key, that is, early research shows that even knowing which movies a user has rated can be used, for example, to infer their gender. Second, such a privacy-protection algorithm should be efficient and scaled appropriately (e.g., linearly) using the number of evaluations submitted by users. The privacy requirements imply that the matrix decomposition algorithm should be data-indeterminate, i.e., its execution should not depend on user input. Also, the operations performed by matrix decomposition are non-linear; Hence, it is not a priori clear how to efficiently implement matrix decomposition under all of these constraints. Finally, in realistic scenarios, users have limited communication and computing resources and should not expect them to keep online after providing their data. Instead, it is desirable to have a "send and forget" type of solution that can operate in the presence of users moving back and forth between online and offline from a referral service.

의 사용자들의 세트, 및

의 항목들의 세트에 대해, 평가가 생성된 사용자/항목 쌍들을

로, 그리고 평가들의 전체 개수를

로 표기한다. 마지막으로,

에 대해, 항목 j에 대해 사용자 i에 의해 생성된 평가를

라고 표기한다. 실제 설정에서, n과 m 모두 큰 수이며, 통상적으로 10⁴ 와 10⁶ 사이를 범위로 한다. 추가로, 제공된 평가들은 희소적, 즉

인데, 이는 잠재적인 평가들의 전체 수인 n×m보다 훨씬 더 작다. 이는, 각각의 사용자가 단지 유한 개수의 항목들만을 평가할 수 있음에 따라("목록" 크기인 m에 의존하지 않고), 통상적인 사용자 행동과 부합한다.As an overview of matrix decomposition, in the standard "collaborative filtering" setting, n users evaluate a subset of m possible items (e.g., movies).

A set of users of

For the set of items of the user /

, And the total number of ratings

. Finally,

, The evaluation generated by user i for item j

. In the actual setting, both n and m are large numbers, typically between 10 ⁴ and 10 ⁶ . In addition, the evaluations provided are scarce, i.e.,

, Which is much smaller than n x m, the total number of potential assessments. This is consistent with normal user behavior, as each user can only evaluate a finite number of items (without relying on the "list" size m).

내의 사용자/항목 쌍들에 대한 평가들을 예측하기를 원한다. 행렬 분해는 기존의 평가들 상에서 이중-선형(bi-linear) 모델을 맞춤으로써 이 작업을 수행한다. 특히, 일부 작은 디멘젼

에 대해, 벡터

및

가 존재한다고 가정되며, 따라서,Given the ratings in M, the recommender system

Lt; RTI ID = 0.0 > user / item pairs < / RTI > Matrix decomposition does this by aligning the bi-linear model on existing evaluations. In particular, some small dimensions

, For vector

And

Is present, and therefore,

는 i.i.d.(independent and identically distributed; 독립적이고 동일하게 분포된) 가우시안 랜덤 변수들이다. 벡터들

및

는 각자 사용자 프로파일 및 항목 프로파일로 명명되며,

는 벡터들의 내적(inner product of the vectors)이다. 사용된 표기는 제i 행이 사용자 i의 프로파일을 포함하는 n×d 행렬에 대해

이고, 제j 행이 항목 j의 프로파일을 포함하는 m×d 행렬에 대해

이다.ego,

Are independent and identically distributed (iid) Gaussian random variables. Vectors

And

Are each named user profile and item profile,

Is the inner product of the vectors. The notation used is that for the n × d matrix where the ith row contains the user i's profile

, And the j-th row is for an m x d matrix containing the profile of the item j

to be.

가 주어지면, 추천기는 통상적으로 일부 양의(positive) λ,μ＞0에 대해, 후속하는 정규 최소 제곱 최소화(regularized least squares minimization)를 수행하여 프로파일들 U 및 V를 계산한다:evaluation

, The recommender typically performs the following regularized least squares minimization for some positive?, Mu> 0 to calculate the profiles U and V:

을 예측할 수 있고, 따라서 사용자 i 및 항목 j에 대해The usual descriptor will recognize that the minimization in (2) corresponds to the maximum likelihood estimation of U and V, assuming Gaussian priors for the profiles U and V. With a user profile and an item profile, the recommender is evaluated subsequently

And therefore, for user i and item j

.

The normal mean square error in equation (2) is not a convex function; Several methods for performing this minimization have been proposed in the literature. The principles herein focus on a gradient descent, which is a popular method in practice, which is described as follows. The normalized mean square error in Equation (2) is denoted by F (U, V)

는 작은 이득 인자이고,Lt; RTI ID = 0.0 > U < / RTI > and V,

Is a small gain factor,

U (0) and V (0) consist of uniformly random norm 1 rows (i. E., The profiles are from norm 1 ball to uar (uniformly random Uniformly at random.

를 평가하기를 원하는 평가자 ― a_i는 사용자 i의 개인 입력을 나타내고 1≤i≤n 임 ―, 및 제3자인 암호-서비스 제공자(CSP; Crypto-Service Provider) 사이에서 실행된다. 프로토콜의 종료 시, 평가자는

의 값을 학습하지만, 어떠한 당사자도 이 출력 값으로부터 노출되는 것 이상을 학습하지는 않는다. 프로토콜은 함수(f)가 부울 회로로서, 예를 들어, OR, AND, NOT 및 XOR 게이트들의 그래프로서 표현될 수 있는 것, 및 평가자와 CSP가 충돌하지 않을 것을 요구한다.Another aspect of the present principles proposes a multi-party computation (MPC) algorithm for matrix decomposition based on classification networks and Yao's distortion circuit. Security Multiparty Calculation (MPC) was initially proposed by A. Chi-Chih Yao in the 1980s. Yao's protocol (ie, distortion circuits) is a comprehensive method for secure multiparametric calculations. V. Nikolaenko, U. Weinsberg, S. Ioannidis, M. Joye, D. Boneh, and N. Taft ("Privacy-preserving Ridge Regression on Hundreds of Millions of Records", in IEEE S & P, In its variant, the protocol is a set of n input holders,

The evaluator-a _i wanting to evaluate the user input i is a personal input of user i, 1? I? N, and a third party Crypto-Service Provider (CSP). Upon termination of the protocol, the evaluator

, But no party learns more than is exposed from this output value. The protocol requires that the function (f) be a Boolean circuit, which can be represented, for example, as a graph of OR, AND, NOT, and XOR gates, and that the evaluator and the CSP do not collide.

Recently, there are a number of frameworks that implement Yao's distortion circuits. A different approach to universal MPC is based on secret-sharing schemes and another approach is based on fully-homomorphic encryption (FHE). Secret-sharing schemes have been proposed for a variety of linear algebraic operations such as linear systems, linear regression, and solving an auction. Secret-sharing requires at least three non-colluding online authorities that share the workload of computation equally and communicate over multiple rounds; Calculation is safe unless two of these are conciliatory. The distortion circuits assume only fewer communications that are better suited to the scenario in which the two non-contracting authorities and the evaluator are implemented in a hardware service and a cryptographic service provider (CSP) is implemented in a trusted hardware component.

Regardless of the cipher primitives used, a major challenge in constructing efficient algorithms for secure multiparameter computation is to implement algorithms in a data-indeterminate manner, ie, the execution path is not dependent on input. In general, any RAM program executable within a limited time T may be converted to a 0 (T ^ 3) Turing machine, which is described by Alan Turing as acting as an idealized model for mathematical calculations , Where 0 (T ^ 3) means that the complexity is proportional to T ³ . In addition, any limited T-time TM may be converted to a circuit of size 0 (T log T) which is data-uncertain. This implies that any limited T-time executable RAM program can be converted into a data-uncertainty circuit with a 0 (T ^ 3 log T) complexity. This complexity is too high and forbidden in most applications. An investigation of algorithms for which efficient data-uncertainty implementations are not known can be found in W. Du and MJ Atallah ("Secure multi-party computation problems and their applications: A review and open problems ", New Security Paradigms Workshop, 2001 ), And the problem of matrix decomposition is broadly categorized into data mining summary problems.

를 단조 증가 시퀀스

로 분류하는 회로들이다. 이들은 비교 및 스와프 회로들(compare-and-swap circuits)과 함께 이들의 주요 빌딩 블록을 와이어링함으로써 구성된다. 몇몇 작업들은 암호화 목적으로 분류 네트워크들의 데이터-불확정성을 이용한다. 그러나, 암호화는 프라이버시를 보장하기에 항상 충분하지는 않다. 상대방이 암호화된 저장에 대한 당신의 액세스 패턴들을 관측할 수 있는 경우, 그들은 당신의 애플리케이션들이 무엇을 하고 있는지에 관한 민감한 정보를 여전히 학습할 수 있다. 불확정성 RAM은 메모리가 액세스되고 있을 때 메모리를 계속 셔플링하고; 이에 의해, 어떤 데이터가 액세스되고 있는지 심지어 그것이 이전에 언제 액세스되었는지를 완벽하게 숨김으로써, 이 문제를 해결한다. 불확정성 RAM에서, 분류는 데이터-불확정성 랜덤 순열을 생성하는 수단으로서 사용된다. 더 최근에, 그것은 볼록 껍질(convex hull), 모든-가장 가까운 이웃들, 및 가중된 교집합의 데이터-불확정성 계산을 수행하기 위해 사용되었다.Classification networks were originally developed to enable efficient hardware implementation as well as classification parallelization. These networks may include input sequences

A monotone increasing sequence

. These are configured by wiring their major building blocks together with compare-and-swap circuits. Some operations take advantage of the data-uncertainty of classification networks for encryption purposes. However, encryption is not always sufficient to ensure privacy. If the other party can observe your access patterns for encrypted storage, they can still learn sensitive information about what your applications are doing. Uncertainty RAM continues to shuffle memory while memory is being accessed; This solves this problem by completely hiding what data is being accessed and even when it was previously accessed. In uncertainty RAM, the classification is used as a means of generating a random-permutation data-uncertainty. More recently, it was used to perform data-uncertainty calculations of convex hull, all-nearest neighbors, and weighted intersection.

The principles of the present application propose a method based on a secure multiline classification approaching weighted intersection but involving distortion circuits. FIG. 2 illustrates actors or parties in a privacy-protection matrix decomposition system according to the principles of the present application. These are:

I. Recommender system (RecSys) 230, which is an entity that performs privacy-protect matrix decomposition operations. In particular, RecSys learns item profiles (V (240)) as extracted from the matrix decomposition for user evaluations, without learning anything extracted from user data that is not useful or item profiles about users .

Ⅱ. A Cryptographic Service Provider (CSP) 250 that will enable security calculations without learning anything useful or about users extracted from user data.

는 행렬 분해를 통해 자신의 평가들

에 기초한 항목들의 프로파일링에 동의하지만, 자신의 평가들 또는 심지어 이들이 어느 항목들을 평가했는지를 추천기에 노출하기를 원하지 않는다. 등가적으로, 소스는 하나 이상의 사용자들의 데이터를 포함하는 데이터베이스를 나타낼 수 있다.Ⅲ. Each comprising a set of ratings for each of a set of items (220). Each user

Through its matrix decomposition,

, But do not want to expose to their recommendations or even to what items they have evaluated to the recommender. Equivalently, a source may represent a database containing data of one or more users.

According to the principles herein, RecSys allows to perform matrix decomposition to provide item profiles, while neither RecSys nor CSP is able to use item profiles, that is, a protocol that does not learn anything other than V, the sole output of RecSys in FIG. Is proposed. In particular, it should not learn any of the user's evaluations, or even the items that the user actually evaluated. A typical descriptor exposes too much of a protocol that allows the recommender to learn both the user profile and the item profile, that is, in this design, the recommender would make user's evaluations from the dot product in equation (3) I can clearly infer that I can reason. Thus, the principles herein suggest a privacy-protection protocol in which the recommender learns only item profiles.

에 대해 풀어냄으로써 사용자의 (개인) 프로파일인

를 추론할 수 있고; 주어진 V에 대해(이것은 별도의 문제임), 각각의 사용자는 사용자의 평가들에 대해 리지 회귀(ridge regression)를 수행함으로써 사용자의 프로파일을 획득할 수 있다.

및 V를 가지는 경우, 사용자는 수학식 (4)를 통해 로컬로 다른 항목들에 대한 사용자의 모든 평가들을 예측할 수 있다. 이는 이 출원과 동일한 날에 "A METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATION BASED ON MATRIX FACTORIZATION AND RIDGE REGRESSION"라는 명칭으로 출원된 발명자들에 의해 공동-계류중인 출원의 주제이다.The item profile can be viewed as a metric that defines the item as a function of evaluations of a set of users / records. Similarly, the user profile can be viewed as a metric that defines the user as a function of the evaluations of the set of users / records. In this regard, the item profile is a measure of the acceptance / disapproval of the item, i.e., a reflection of the characteristics or characteristics of the item. And, the user profile is a measure of the user's likes / dislikes, i.e., the reflection of the user's personality. When computed based on a large set of users / records, the item or user profile can be viewed as an independent measure of each item or user. A typical descriptor will recognize that there is a utility to learn item profiles solely. First, the insertion of items in R ^d through matrix decomposition allows the recommender to infer (and encode) similarities, and the items whose profiles have small Euclidian distances are similarly evaluated by users. Thus, the task of learning item profiles is of interest to the recommender beyond the actual work of recommendation. In particular, users may or may not want to receive recommendations when they may be the source of the database. Second, if item profiles are acquired, there may be trivia: the recommender can use them to provide relevant recommendations without any additional data exposure by users. The recommender can send a V (or release it publicly) to the user; If the user's evaluation of each item is known, the user i can use Equation (2)

(Personal) profile of the user

Can be inferred; For a given V (which is a separate issue), each user can obtain the user's profile by performing a ridge regression on the user's evaluations.

And V, the user can predict all of the user's evaluations of other items locally via equation (4). This is the subject of a co-pending application by the inventors filed on the same day as the present application under the title "METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATION BASED ON MATRIX FACTORIZATION AND RIDGE REGRESSION".

Both of the scenarios discussed above assume that neither the recommender nor the users are opposed to the public release of V. For the sake of brevity, as well as the utility of such a protocol for recommenders, the principles of the present application allow the recommender to learn item profiles. Filed on the same day as the present application entitled " A METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATION TO RATING CONTRIBUTING USERS BASED ON MATRIX FACTORIZATION ", and "A METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATION BASED ON MATRIX FACTORIZATION AND RIDGE REGRESSION & While the users learn their predicted assessments, as described in co-pending applications by the inventors of the present invention, the recommender does not learn anything extracted from useful or even non-V user data about users There is a way to extend this design.

It will be appreciated by those of ordinary skill in the art that, in general, the output of the profile (V) or the evaluation estimates for the user may expose something to other user evaluations. For example, in the case of abnormalities where there are only two users, both exposures may allow users to discover the evaluations of different persons, respectively. The principles of the present application do not focus on these cases. When the privacy implications of item profiles or exposure of individual assessments are not tolerable, techniques such as differential privacy may be used to add noise to these outputs and protect against such leaks.

According to the principles herein, security assurance is assumed to be maintained under an honest but curious threat model. In other words, although the RecSys and CSP are in accordance with protocols as specified, these interested parties may choose to analyze protocol transcripts even offline to infer some additional information. It is further assumed that the Recommender and the CSP will not co-exist.

A preferred embodiment of the present principles includes a protocol that satisfies the flowchart 300 of FIG. 3 and is described by the following steps:

P1. The source reports to RecSys how many tokens (evaluations) and pairs of items will be submitted for each participating record (310). The set or records contain more than one record, and the set of tokens per record includes at least one token.

P2. The CSP generates a public cryptographic key ξ for the partial peer-to-peer scheme and sends it to all users (source) (320). It will be appreciated that a typical descriptor is a form of encryption that allows certain types of computations to be performed on a cipher text and that the decrypted cipher result matches the result of the operations performed on the plain text. For example, no one can find the value of individual numbers, one can add two encrypted numbers, and then another person can decrypt the results. Partially perturbed encryption is quasi-dynamic for one operation (addition or multiplication) on plaintexts. Partially perturbed cryptography can be crossover for addition and multiplication to a scalar.

가 사용자 i가 j에 제공한 평가인 모든 쌍

에 대해, 사용자는 공개 암호 키를 사용하여 이 쌍을 암호화한다.P3. Each user encrypts his / her data using his / her key and transmits the encrypted data to RecSys (330). Specifically, j is the item id

Lt; RTI ID = 0.0 > i < / RTI >

, The user encrypts this pair using the public cryptographic key.

P4. RecSys adds the mask eta to the encrypted data and sends the masked and encrypted data to the CSP (340). It will be appreciated by those of ordinary skill in the art that the mask is a form of data obfuscation and can be as simple as adding a random number generator or shuffling by random numbers.

P5. The CSP decrypts the masked data (350).

P6. RecSys receives or determines a separate set of items to calculate matrix decomposition (360). The set of items may include all items in the corpus, a subset of all items, or even items that are not in the records.

P7. The RecSys may include a number of user and item profiles (i.e., parameter d) 372, a total number of ratings (i.e., parameter M) 374, a total number of users and items 376, And the number of bits 378 used to represent the fractional parts, to the CSP (370). A separate set of items will be included in the parameters if all items are not present in the records.

P8. The CSP prepares (380) what is known to those of ordinary skill in the art as a distortion circuit that performs matrix decomposition on records relating to a separate set of items. To distort, the circuit is first written as a Boolean circuit 382. The input to the circuit contains the masks that RecSys used to mask the user data. In the circuit, the mask is used to unmask the data and then perform matrix decomposition. The output of the circuit is V, the item profiles. No knowledge is obtained about the content of any individual records and the content of any information extracted from the records other than the item profiles.

P9. The CSP sends the distortion circuit for matrix decomposition to RecSys (385). Specifically, the CSP processes gates into distortion tables and sends them to RecSys in the order defined by the circuit structure.

P10. Through an indeterminate transmission 390 between RecSys and CSP 392, RecSys learns the distorted values of the decoded and masked records, either itself or the CSP, without learning the actual values. Conventional descriptors indicate that an indeterminate transmission is a type of transmission that causes the transmitter to transmit one of a number of potentially pieces of information to the receiver and to keep it unclear as to which piece is delivered (if any) I will understand.

P11. RecSys evaluates (395) distortion circuits that compute item profiles (V) and output item profiles (V).

Technically, this protocol leaks beyond V and also the number of tokens provided by each user. This may be rectified by simple protocol modification, for example by "padding" the submitted records to the "null" entries, as appropriate, until a pre-set maximum number is reached. For brevity, the protocol has been described without this "padding" operation.

As the distortion circuits can only be used once, any future calculations for the same evaluations will require users to re-submit their data via proxy indeterminate transmission. A proxy indeterminate transmission is an indeterminate transmission involving more than two parties. For this reason, the protocol of the principles herein adopts a hybrid approach that combines public-key encryption with distortion circuits.

에 제공된 공개 키 pk_CSP하에서 자신의 각자의 입력들

을 암호화하고, 평가된 각각의 항목(j)에 대해, 사용자는

를 가지는 쌍(i, c)을 RecSys에 제출하며, 여기서, M개의 평가들이 전체적으로 제출된다. 자신의 평가들을 제출한 사용자는 오프라인이 될 수 있다.In the principles herein, public-key encryption is used as follows: Each user i is encrypted by CSP with a semantically secure encryption algorithm

_{Lt; RTI ID =} 0.0 > pk _{CSP < /} RTI >

, And for each item j evaluated, the user

(I, c) to RecSys, where M evaluations are submitted as a whole. Users who submit their assessments can be taken offline.

The CSP public-key encryption algorithm is partially perturbed, i.e., without knowing the corresponding decryption key, a constant may be applied to the encrypted message. Apparently, additive quasi-dynamic methods such as Paillier or Regev are also constant, but only partially quadratic, which may be sufficient and can be used to add hash-ElGamal which can be implemented more efficiently in this case.

을 이용하여 이들을 모호하게 하며, 여기서,

는 랜덤 또는 의사-랜덤 변수이고,

는 XOR 연산이다. RecSys는 왜곡 회로를 구축하기 위해 필요한 완전한 사양들과 함께 이들을 CSP에 송신한다. 특히, RecSys는 사용자 및 항목 프로파일들의 디멘젼(즉, 파라미터 d), 평가들의 전체 수(즉, 파라미터 M), 및 사용자들의 그리고 항목들의 전체 수, 뿐만 아니라, 왜곡 회로에서 실수의 정수 및 소수 부분들을 표현하기 위해 사용되는 비트수를 특정한다.Recieving M ratings from users - Recalling that encryption is partially quasi-dynamic - RecSys uses random masks

To make them ambiguous, where < RTI ID = 0.0 >

Is a random or pseudo-random variable,

Is an XOR operation. RecSys sends these to the CSP along with the complete specifications needed to build the distortion circuit. In particular, RecSys provides the integer and fractional parts of real numbers in the distortion circuit as well as the dimensions (i.e., parameter d) of the user and item profiles, the total number of evaluations (i.e., parameter M) Specifies the number of bits used to represent.

Whenever RecSys wants to perform matrix decomposition on M accumulation evaluations, it reports M to CSP. CSP can provide a distortion circuit to (a) decode inputs and then (b) perform matrix decomposition on RecSys. In the Privacy-preserving ridge regression on hundreds of millions of records, in IEEE S & P, 2013, by V. Nikolaenko, U. Weinsberg, S. Ioannidis, M. Joye, D. Boneh, and N. Taft, Cryptanalysis within the circuit is avoided by using masks and perceptual encryption. Our principles use this idea for matrix decomposition, but only require a partial perturbation cipher.

을 획득한다. 이후, 행렬 분해를 청사진으로서 사용하여, CSP는:Upon receiving the ciphers, the CSP decrypts them and stores the masked values

. Using the matrix decomposition as a blueprint, CSP then:

에 대응하는 왜곡된 값들을 입력으로서 취하고;(a) masks

Taking as input the distorted values corresponding to < RTI ID = 0.0 >

을 제거하여 대응하는 투플들

을 복원시키고;(b)

Lt; RTI ID = 0.0 >

≪ / RTI >

(c) performing matrix decomposition; And

(d) outputting item profiles (V)

Prepare Yao's distortion circuit.

The calculation of matrix decomposition by the slope descending operation outlined in equations (4) and (5) involves addition, subtraction and multiplication of real numbers. These operations can be efficiently implemented in a circuit. The K iterations of the slope descent 4 corresponds to K circuit "layers ", each of which computes new values of the profiles from the values of the previous layer. The outputs of the circuit are item profiles (V), while user profiles are discarded.

에서 수행될 수 있다.A typical descriptor will observe that the time complexity for calculating each iteration of slope descent is O (M) when the operations are performed explicitly, for example, in a RAM model. The calculation of each slope 5 involves adding 2M entries, and the profile updates 4

Lt; / RTI >

The main challenge in implementing slope descent as a circuit is to perform very efficiently. To illustrate this, the following naive implementation may be considered:

에 대해, i가 j를 평가하는 경우 1이고 그렇지 않은 경우 0인 표시자들

을 입력으로부터 계산하는 회로를 생성한다.Q1. Each pair

For indicators where i evaluates j and 1 otherwise,

From the input.

Q2. In each iteration, the outputs of these circuits are used to calculate each item and the user slope as a sum for their respective m and n products:

의 회로 복잡도를 가질 것이다.

일 때, 그것이 일반적으로 실제 경우임에 따라, 위의 회로는 명료하게 기울기 하강보다 훨씬 덜 효율적이다. 실제로, 2차 비용

은 대부분의 데이터세트들에 대해 금지된다. 순수한 구현예의 비효율성은 어느 사용자들이 항목을 평가했는지 그리고 어느 항목들이 회로 설계 시점에 사용자에 의해 평가되는지를 식별하지 못함으로부터 발생하여, 데이터에서의 내재적인 희소성(inherent sparsity)을 레버리지(leverage)할 능력을 경감시킨다.Unfortunately, this implementation is inefficient, i.e., all iterations of the slope descent algorithm

Of circuit complexity.

The above circuit is obviously much less efficient than the slope descent, as it is generally the case in practice. In fact,

Is forbidden for most data sets. The inefficiency of pure implementations arises from the inability to identify which users have evaluated an item and which items are being evaluated by the user at the time of circuit design, thereby leverage inherent sparsity in the data Reduce ability.

에 대응하는 입력 데이터, 및 사용자 및 항목 프로파일들 모두에 대한 플레이스홀더 ⊥는 어레이에 함께 저장된다. 적절한 분류 동작들을 통해, 사용자 또는 항목 프로파일들은 이들이 식별자를 공유하는 입력에 가깝게 배치될 수 있다. 데이터를 통한 선형 패스(pass)들은 기울기들의 계산뿐만 아니라 프로파일들의 업데이트들을 허용한다. 분류 시에, 플레이스홀더는 +∞, 즉, 임의의 다른 수보다 더 큰 것으로 취급된다.On the other hand, according to a preferred embodiment of the principles herein, the circuit implementation is based on classification networks whose complexity is O ((侶 + m + M) log ² (n + m + M)), It is provided within the multiple logarithm of the implementation. In summary,

And the placeholder ⊥ for both user and item profiles are stored together in the array. Through appropriate classification operations, user or item profiles can be placed close to the inputs over which they share an identifier. Linear passes through the data allow updates of profiles as well as computation of slopes. In sorting, the placeholder is treated as + ∞, ie, greater than any other number.

A matrix decomposition algorithm according to a preferred embodiment of the principles herein and that satisfies the flowchart 400 of FIG. 4 may be described by the following steps:

C1. The matrix S is initialized (410).

, 또는 등가적으로, 투플들

을 입력으로서 수신하고, 투플들의 n + m + M 어레이를 구성한다. S의 처음 n개 및 m개 투플들은 각자 사용자 및 항목 프로파일드에 대한 플레이스홀더로서의 역할을 하는 반면, 나머지 M개의 투플들은 입력들(L_i)을 저장한다. 더 구체적으로, 각각의 사용자

에 대해, 알고리즘은 투플

을 구성하고, 여기서

는 랜덤으로 선택된 사용자 i의 초기 프로파일이다. 각각의 항목

에 대해, 알고리즘은 투플

을 구성하고, 여기서

는 또한 랜덤으로 선택된 항목 j의 초기 프로파일이다. 마지막으로, 각각의 쌍

에 대해, 알고리즘은 대응하는 투플

을 구성하고, 여기서

는 항목 j에 대한 사용자 i의 평가이다. 결과적인 어레이는 도 5의 (A)에 도시되어 있는 바와 같다.

에 의해 제k 투플의 제l 엘리먼트를 표기함으로써, 이들 엘리먼트들은 후속하는 역할들을 수행한다:The algorithm

, Or equivalently,

As an input, and constructs an n + m + M array of tuples. The first n and m tuples of S each serve as placeholders for user and item profiles while the remaining M tuples store inputs L _i . More specifically, each user

For the sake of simplicity,

Lt; RTI ID = 0.0 >

Is the initial profile of randomly selected user i. Each item

For the sake of simplicity,

Lt; RTI ID = 0.0 >

Is also the initial profile of the randomly selected item j. Finally, each pair

For the corresponding tuple < RTI ID = 0.0 >

Lt; RTI ID = 0.0 >

Is an estimate of user i for item j. The resulting array is as shown in Fig. 5 (A).

By marking the first element of the k-th tuple by means of these elements, they perform the following roles:

(a) user identifiers in s _{1, k} : [n]

(b) s _{2, k} : the item identifiers in [m]

(c) s _{3, k} : a binary flag indicating whether the tuple is a "profile" tuple or an "input" tuple

(d) s _{4, k} : evaluations on "input" tuples

(e) s _{5, k} : user profiles at R ^d

(f) s _{6, k} : Item profiles at R ^d

C2. Classify the tuples in ascending order (for rows 1 and 3) for user ids (420). If the two ids are equal, the ties are broken by comparing the tuple flags, i.e., the third elements in each tuple. Thus, after classification, each "user profile" tuple is followed by "input"

C3. Clone user profiles (left pass) 430:

에 대해,

About,

C4. (440) the tuples in ascending order (for rows 2 and 3) for the item IDs. If the two id's are the same, break the binds by comparing the tuple flags, i.e., the third elements in each tuple.

C5. Clone item profiles (left pass) 450:

에 대해,

About,

C6. For ∀k <M, the slope contributions are calculated (460):

For ∀k < M,

C7. Update the entry profiles (right pass) (470):

에 대해,

About,

C8. Classify the tuples for rows 1 and 3 (475)

C9. Update user profiles (right pass) (480):

에 대해,

About,

C10. If the iteration count is less than K, go to C3 (485)

C11. Classify the tuples for rows 3 and 2 (490)

C12. (495) the item profiles (s _{6, k} ) for k = 1, ..., m, and the output may be limited to at least one item profile.

The slope descent iterations include the following three main steps:

및

)은 i 및 j가 나타나는 각각의 "입력" 투플의 대응하는 엘리먼트들(s_5,k 및 s_6,k)에 복제된다. 이는 알고리즘의 단계들(C2 내지 C5)에서 구현된다. 예를 들어, 사용자 프로파일들을 복제하기 위해, S는 주 인덱스로서 사용자 id(즉, s_1,k) 및 보조 인덱스로서 플래그(즉, s_3,k)를 사용하여 분류된다. S의 초기 상태에 적용되는 이러한 분류의 예는 도 5의 (B)에서 찾을 수 있다. 후속적으로, 사용자 id들은 알고리즘의 단계(C3)에서 공식적으로 기재된 바와 같이, 어레이를 좌측에서 우측으로("좌측" 패스) 트래버스(traversing)함으로써 복제된다. 이는 s_5,k를 각각의 "프로파일" 투플로부터 그것의 인접한 "입력" 투플들로 복제하며; 항목 프로파일들이 유사하게 복제된다.A. Replicate profiles : At each iteration, the profiles of each individual user i and each item j (

And

) Is duplicated in the corresponding elements (s _{5, k} and s _{6, k} ) of each "input" tuple in which i and j appear. This is implemented in steps (C2 to C5) of the algorithm. For example, to replicate user profiles, S is classified using the user id (i.e., s _{1, k} ) as the primary index and the flag (i.e., s _{3, k} ) as the secondary index. An example of this classification applied to the initial state of S can be found in Figure 5 (B). Subsequently, the user IDs are replicated by traversing the array from left to right ("left" path), as is formally described in step C3 of the algorithm. This replicates s _{5, k} from its respective "profile" to its adjacent "input"tuples; Item profiles are similarly replicated.

)(s_4,k 내의) 뿐만 아니라 프로파일들(

및

)(각자 s_5,k 및 s_6,k내의)을 저장한다. 이들로부터, 후속하는 양:

및

이 계산되며, 이는 수학식 (5)에 의해 주어진 바와 같이

및

에 대해 기울기들에서의 투플의 "기여도"로서 보일 수 있다. 이들은, 알고리즘의 단계(C6)에 의해 지시된 바와 같이, 투플의 s_5,k 및 s_6,k 엘리먼트들을 대체한다. 플래그들의 적절한 사용을 통해, 이러한 동작은 "입력" 투플들에만 영향을 미치며, "프로파일" 투플들을 변경없이 남겨둔다.B. Compute slope contributions : After the profiles have been copied, each "input" tuple corresponding to, for example, (i, j)

) (in s _{4, k} ) as well as profiles

And

) (Each s _{5, k} And s _{6, k} ). From these, the following amounts:

And

Is calculated, which is given by Equation (5)

And

Quot; contribution "of the tuple at slopes with respect to &lt; / RTI &gt; These are s _{5, k} (n) of the tuple, as indicated by step C6 of the algorithm And s _{6, k} elements. Through proper use of flags, this operation only affects the "input" tuples, leaving the "profile" tuples unchanged.

C. Profiles Update : Finally, the user and item profiles are updated as shown in steps (C7 through C9) of the algorithm. With proper classification, the "profile" tuples are re-created such that they are adjacent to the "input" Updated profiles are computed through a right-to-left traversal ("right-hand path") of the array. This operation adds the contributions of the slopes as the slopes traverse the "input" tuples. Upon encountering the "profile" tuple, the summed slope contributions are added to the profile and scaled appropriately. After passing the profile, the summation of the slope contributions restarts from zero, through appropriate use of flags (s _{3, k} , s _{3, k + 1} ).

The above operations will be repeated K times, that is, the desired number of iterations of the slope descent. Finally, at the end of the last iteration, the array is sorted for flags (i.e., s _{3, k} ) as the primary index and item id's (i.e., s _{2, k} ) as the secondary index. This brings all item profile tuples to the first m positions in the array where item profiles can be output. Further, to obtain user profiles, at the end of the last iteration, the array is sorted for the flags (i.e., s _{3, k} ) as the primary index and user ids (i.e., s _{1, k} ) as the secondary index . This brings all user profile tuples to the first n positions in the array where user profiles can be output.

It will be appreciated by those of ordinary skill in the art that each of the above operations is data-indeterminate and may be implemented as circuitry. Copying and updating of the profile is (n + m + M) more gates require, and therefore, overall complexity, e.g., 0 by using the circuit of the Batcher ((n + m + M ) log 2 (n + m + M)) cost. The classification and slope calculations in step C6 of the algorithm are computationally intensive operations; Fortunately, both are highly parallelizable. Additionally, the classification may be further optimized by reusing the previously calculated comparisons in each iteration. In particular, this circuit may be implemented as a Boolean circuit (e.g., as a graph of OR, AND, NOT, and XOR gates), which, as previously described, allows the implementation to be distorted.

According to the principles herein, an implementation of the matrix decomposition algorithm described above in conjunction with the previously described protocol provides a novel method for matrix decomposition, in a privacy-protected manner. In addition, the solution obtains a circuit having complexity in a polylogarithmic factor of matrix decomposition, which is explicitly performed by using classification networks. A further advantage of this implementation is that the distortion and execution of this circuit is highly parallelizable.

In an implementation of the system according to the principles of the present disclosure, the distortion circuitry was based on the publicly available distortion circuit framework FastGC. FastGC is a Java-based open-source framework, which enables circuit definition using basic XOR, OR, and AND gates. Once the circuits are constructed, the framework handles distortion uncertain transmission and a complete evaluation of the distorted circuit. However, before distorting and executing the circuit, FastGC represents the entire unoriented circuit in memory as a set of Java objects. These objects result in significant memory overhead for the memory footprint that the un-distorted circuit must introduce as only a subset of the gates are distorted and / or executed at any point in time. In addition, while FastGC performs distortion in parallel with the execution process as described above, both operations occur in a sequential manner, i.e., the gates are processed one at a time when their inputs are ready. Those of ordinary skill in the art will clearly recognize that this implementation is not modifiable for parallelism.

As a result, the framework has been modified to address these two issues, which not only reduces the memory footprint of FastGC, but also enables parallelized distortion and computation across multiple processors. In particular, we have introduced the ability to horizontally partition circuits into sequential "layers" that each contain a set of vertical "slices" that can be executed in parallel. A layer is created in memory only when all its inputs are ready. Once it is distorted and evaluated, the entire hierarchy can be removed from memory and subsequent hierarchies can be constructed, thus limiting the memory footprint to the size of the largest hierarchy. Execution of the hierarchy is performed by using a scheduler to allocate its slices to the threads so that they can be executed in parallel. Although parallelism is implemented on a single machine with multiple cores, no sharing state between the slices is assumed, so the implementation can be extended to run across different machines in a simple manner.

Finally, to implement the numerical operations summarized in the algorithm, FastGC has been extended to support classification as well as additions and multiplications, as well as real-valued, via fixed-point number representation. For classification, Batcher's classification network was used. Fixed-point representation introduces a trade-off between accuracy loss resulting from truncation and circuit size.

Furthermore, the implementation of the algorithm has been optimized in a number of ways, in particular:

(a) It reduces the cost of classification by reusing the comparisons calculated at the start of circuit execution:

The basic building block of the classification network is a compare-and-swap circuit that compares two items, if necessary, and swaps them, so that the output pairs are aligned accordingly. The classification operations (lines C4 and C8) of the matrix decomposition algorithm perform the same comparisons between the tuples in each of the K slope descent iterations, using exactly the same inputs per iteration. In practice, each classification replaces the tuples in the array S in exactly the same way in each iteration. This feature is used by performing only one comparison operation for each of these classifications. In particular, the classifications of the tuples of the form (i, j, flags, evaluation) are computed at the beginning of the calculation (without the payload of user or item profiles), for example with i and flag first, j and flag, Lt; / RTI &gt; Subsequently, the outputs of the comparison circuits are reused in each of these classifications as inputs to the swap circuits used during the slope descent. As a result, the "classification" network applied in each iteration simply replaces the tuples (i. E., It is a "replacement" network), rather than performing any comparisons;

(b) it reduces the size of the array S:

The precomputation of all comparisons allows us to also greatly reduce the size of the tuples in S. Initially, the normal descriptor can observe that rows corresponding to user or item ids are used only in the matrix decomposition algorithm as inputs to comparisons during classification. The flags and evaluations are used during the cloning and updating phase, but their relative positions are the same in each iteration. These positions can also be calculated as the output of the classification of the tuples (i, j, flags, evaluation) at the start of our calculations. Thus, the "replacement" operations performed in each iteration need only be applied to user and item profiles; All other rows may be removed from the array S. One or more improvements may result in modifying a set of profiles, e. G., Users, and replacing only the item profiles, further reducing the cost of the substitutions by a factor of two. Thereafter, the item profiles can be divided into two states, each of which can be reached from the other via substitution, that is, one state in which they are aligned with user profiles and partial slopes are calculated, and one state in which item profiles are updated and replicated .

(c) It optimizes swap operations by using XORs:

Considering that XOR operations can be performed "free ", optimization of comparison, swap, update and copy operations is performed by using XORs whenever possible. It will be appreciated by those of ordinary skill in the art that free-XOR gates may be distorted without the associated distortion tables and corresponding hashing or symmetric key operations, resulting in a distinct improvement in computation and communication.

(d) it parallelizes the calculations:

Classification and slope calculations constitute the majority of calculations in matrix decomposition circuits (cloning and updating contribute at most to 3% of execution time and 0.4% of non-xor gates); These operations are parallelized through this extension of FastGC. The slope calculations are apparently parallelizable; Classification networks are also highly parallelizable (parallelization is the main motivation behind the development). Also, since many of the parallel slices in each class are the same, the same FastGC objects defining the circuit slices are reused with different inputs, significantly reducing the need to repeatedly create and destroy objects in memory .

It is to be understood that the principles herein may be implemented in various forms of hardware, software, firmware, special purpose processors, or combinations thereof. Preferably, the principles herein are implemented as a combination of hardware and software. Further, the software is preferably implemented as an application program that is implemented as a type on a program storage device. The application program may be uploaded to and executed by a machine including any suitable architecture. Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing unit (CPU), random access memory (RAM), and input / output (I / O) interface (s). The computer platform also includes an operating system and microinstruction code. The various processes and functions described herein may be part of the microcommand code or part of the application (or a combination thereof), which is executed via the operating system. In addition, various other peripheral devices, such as additional data storage devices and printing devices, may be connected to the computer platform.

FIG. 6 illustrates a block diagram of a minimal computing environment 600 used to implement the principles herein. The computing environment 600 includes a processor 610, and at least one (and preferably more than one) I / O interface 620. The I / O interface may be wired or wireless, and in a wireless implementation, the computing environment 600 may operate on a global network (e.g., the Internet) and may include, for example, Using appropriate wireless communication protocols to communicate with other computers or servers (e.g., cloud-based computing or storage servers) in order to be provided as a software as a service (SAAS) feature Pre-configured. One or more memories 630 and / or storage devices (HDD) 640 are also provided in the computing environment 600. Computing environment 600 or a plurality of computer environments 600 may implement protocols P1-P11 (Figure 3) for matrix decomposition (C1-C12) (Figure 4) according to one embodiment of the present principles . In particular, in an embodiment of the principles herein, computing environment 600 may implement RecSys 230; A separate computing environment 600 may implement the CSP 250 and the sources may be a desktop computer, a desktop computer, a laptop computer, etc., each of which is associated with another user 210 and used to communicate with the RecSys 230 and the CSP 250. [ But are not limited to, one or more computer environments 600, including but not limited to cellular phones, smart phones, phone watches, tablet computers, personal digital assistants (PDAs), netbooks and laptop computers . In addition, the CSP 250 can be included in the source, or equivalently, included in the computer environment of each user 210 of the source.

Because some of the constituent system components and method steps shown in the accompanying drawings are preferably implemented in software, actual connections between system components (or process steps) may be different depending on the manner in which the principles herein are programmed It should be further understood that it can be done. Given the teachings herein, those skilled in the art will be able to contemplate these and similar implementations or configurations of the principles herein.

While the illustrative embodiments have been described herein with reference to the accompanying drawings, it is to be understood that the principles herein are not limited to the precise embodiments set forth herein, but are capable of modifications without departing from the scope or spirit of the principles herein, It should be understood that various changes and modifications may be effected therein by one or more of those skilled in the art. All such modifications and variations are intended to be included within the scope of the principles herein as set forth in the appended claims.

Claims (26)

A method for securely profiling items through matrix factorization, the method comprising:
Receiving a set of records (220) from a source, the record comprising a set of tokens and a set of items, each record kept secret from parties other than the source;
Receiving (360) at least one separate item; And
(395) the set of records and the at least one separate item in a recommender (RecSys) 230 using a garbled circuit based on matrix decomposition, the output of the distortion circuit Comprising item profiles for at least one separate item,
&Lt; / RTI &gt; The method according to claim 1,
Designing the distortion circuit in a Crypto-System Provider (CSP) to perform a matrix decomposition on the set of records (380) and the at least one separate item (360) Comprises item profiles for the at least one separate item; And
Transmitting (385) the distortion circuit to the RecSys,
&Lt; / RTI &gt; 3. The method of claim 2,
Wherein the designing step includes designing a matrix decomposition operation as a Boolean circuit (382). The method of claim 3,
The step of designing the matrix disassembly circuit comprises:
Constructing (410) an array of sets of records; And
For the array, the operations of calculating the classification operations 420, 440, 470 and 490, the duplication operations 430 and 450, the update operations 470 and 480, the comparison operation 480 and the gradient contributions 460)
&Lt; / RTI &gt; 3. The method of claim 2,
Encrypting the set of records to generate encrypted records (330), wherein the encrypting is performed prior to the step of receiving the set of records. 6. The method of claim 5,
Generating public cryptographic keys in the CSP; And
Transmitting (320) the keys to the source,
&Lt; / RTI &gt; 6. The method of claim 5,
Wherein the encryption is partially homomorphic encryption 320, the method comprising:
Masking the encrypted records in the RecSys to generate (340) masked records; And
Decrypting the masked records in the CSP to generate decrypted-masked records (350). 8. The method of claim 7,
The designing step 380 includes:
Unmasking the decrypted-masked records in the distortion circuit prior to processing the decrypted-masked records. 8. The method of claim 7,
Further comprising performing (392) oblivious transfers (390) between the CSP and the RecSys, the RecSys receiving distorted values of the decrypted-masked records, Are kept private from the RecSys and the CSP. The method according to claim 1,
Further comprising receiving a plurality of tokens and items of each record (220, 310). The method according to claim 1,
Padding each record with null entries to produce records having the same number of tokens as the value when the number of tokens in each record is less than the value indicating the maximum value (step &lt; RTI ID = 0.0 &gt; 312). &Lt; / RTI &gt; The method according to claim 1,
Wherein the source of the set of records is one of a set of databases and users 210, each user is a source of one record, and the one record is kept secret from parties other than the respective user . 3. The method of claim 2,
Further comprising receiving a set of parameters for the design of the distortion circuit by the CSP, wherein the parameters are transmitted by the RecSys (370). A system for securely profiling items through matrix decomposition,
The system includes a source to provide a set of records, a cryptographic service provider (CSP) to provide a secure matrix factorization circuit, and a cryptographic service provider to evaluate the records such that the records are kept private from parties other than the source RecSys, wherein the source, the CSP and the RecSys each comprise:
A processor (602) for receiving at least one input / output (604); And
At least one memory (606, 608) in signal communication with the processor,
Wherein the processor of the RecSys comprises:
Receiving a set of records, each record including a set of tokens and a set of items, each record kept secret;
Receive at least one separate item; And
Wherein the distortion circuit is configured to evaluate the set of records and the at least one discrete item using a distortion circuit based on matrix decomposition, the output of the distortion circuit comprising item profiles for the at least one separate item. 15. The method of claim 14,
The processor of the CSP comprises:
Design the distortion circuit to perform a matrix decomposition of the set of records and the at least one separate item, the output of the distortion circuit including item profiles for the at least one separate item; And
And to deliver the distortion circuit to the RecSys. 16. The method of claim 15,
The processor of the CSP comprises:
And wherein the system is configured to design the matrix decomposition operation as a Boolean circuit. 17. The method of claim 16,
The processor of the CSP comprises:
Construct an array of sets of records;
Wherein the processor is configured to design the matrix disassembly circuit to perform a classification operation, a duplication operation, an update operation, a comparison operation, and a calculation operation of slope contributions for the array. 16. The method of claim 15,
The source processor comprising:
And encrypt the set of records prior to providing the set of records to generate encrypted records. 19. The method of claim 18,
The processor of the CSP further comprises:
Generate public cryptographic keys; And
And transmit the keys to the source. 19. The method of claim 18,
Wherein the encryption is partly perturbative encryption and the processor of the RecSys is further configured to mask the encrypted records to generate masked records;
Wherein the processor of the CSP is further configured to decrypt the masked records to generate decrypted-masked records. 21. The method of claim 20,
Wherein the processor of the CSP is further configured to unmask the decrypted-masked records in the distortion circuit prior to processing the decrypted-masked records. 21. The method of claim 20,
Wherein the processor of the RecSys and the processor of the CSP are further configured to perform indefinite transfers, the RecSys receives distorted values of decrypted-masked records, and the records are kept private from the RecSys and the CSP System. 15. The method of claim 14,
Wherein the processor of the RecSys is further configured to receive a plurality of tokens of each record, the plurality of tokens being transmitted by the source. 15. The method of claim 14,
The processor of the source is configured to pad each record with null entries to produce records having the same number of tokens as the value when the number of tokens in each record is less than a value representing the maximum value system. 15. The method of claim 14,
A processor (602) for receiving at least one input / output (604) if the source of the set of records is one of a set of databases and users and the source is a set of users; And at least one memory (606, 608), each user being a source of one record, wherein the one record is kept secret from parties other than the respective user. 16. The method of claim 15,
Wherein the processor of the CSP is further configured to receive a set of parameters for the design of the distortion circuit, and wherein the parameters are transmitted by the RecSys.

Images