TW202006615A - Model-based prediction method and device - Google Patents

Model-based prediction method and device Download PDF

Info

Publication number
TW202006615A
TW202006615A TW108115549A TW108115549A TW202006615A TW 202006615 A TW202006615 A TW 202006615A TW 108115549 A TW108115549 A TW 108115549A TW 108115549 A TW108115549 A TW 108115549A TW 202006615 A TW202006615 A TW 202006615A
Authority
TW
Taiwan
Prior art keywords
model
calculation
data
encryption
result
Prior art date
Application number
TW108115549A
Other languages
Chinese (zh)
Other versions
TWI733106B (en
Inventor
林文珍
殷山
劉正
Original Assignee
香港商阿里巴巴集團服務有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 香港商阿里巴巴集團服務有限公司 filed Critical 香港商阿里巴巴集團服務有限公司
Publication of TW202006615A publication Critical patent/TW202006615A/en
Application granted granted Critical
Publication of TWI733106B publication Critical patent/TWI733106B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

Provided are a model-based prediction method and device. The method is implemented at a data demander. The data demander comprises a pre-trained computing model. The method comprises: generating an encryption model by means of encrypting at least one parameter of the computing model; providing the encryption model to a data provider, wherein the data provider stores first data; sending to the data provider a computation request regarding the first data and the encryption model; receiving a computation result corresponding to the computation request from the data provider; and based on the computation result, acquiring a plaintext prediction result of the computation model.

Description

基於模型的預測方法和裝置Model-based prediction method and device

本說明書實施例關於資料處理技術領域,更具體地,關於基於模型的預測方法和裝置。The embodiments of the present specification relate to the field of data processing technology, and more specifically, to a model-based prediction method and device.

在資料分析、資料採擷、經濟預測等領域,經常使用模型對巨量資料進行處理,以分析、發現潛在的資料價值。在實際應用場景中,為了更準確地刻畫目標群體或變數,通常需要使用測試資料進行訓練,得到可以準確描述目標群體或變數的特徵。然而不同的商家擁有的資料類型或特徵往往是不健全的,通過單一的資料難以準確地刻畫目標。為了得到更好的模型預測結果,通常商家間會選擇資料合作的方式,結合不同的資料或特徵標籤共同完成模型計算,以求共贏。在多方資料合作過程中,又涉及資料安全和模型安全等問題。一方面,資料提供方不想輸出自己的價值資料給資料需求方,洩漏私有資料;另一方面,模型中包含的特徵標籤等資訊也是商家的私有資料,具有重要的商業價值,擔憂資料合作過程中的模型安全問題,導致資料合作受阻。 針對上述問題,傳統的解決方案包括,將資料和模型放置在一個可信第三方(如共創實驗室等),進行模型預測。對可信第三方的資料出入進行嚴格控制,保證資訊安全。 因此,需要一種更有效的基於模型的預測方案。In the fields of data analysis, data extraction, and economic forecasting, models are often used to process huge amounts of data to analyze and discover potential data value. In actual application scenarios, in order to more accurately characterize the target group or variable, it is usually necessary to use test data for training to obtain features that can accurately describe the target group or variable. However, the types or characteristics of data owned by different businesses are often unsound, and it is difficult to accurately describe the target through a single data. In order to obtain better model prediction results, usually the merchants will choose the way of data cooperation and combine different data or feature tags to complete the model calculation together to achieve a win-win situation. In the process of multi-party data cooperation, data security and model security are also involved. On the one hand, the data provider does not want to export its own value data to the data demander, leaking private data; on the other hand, the information such as the feature tags included in the model is also the private data of the merchant, which has important commercial value. The security of the model has hindered data cooperation. In response to the above problems, traditional solutions include placing data and models in a trusted third party (such as co-creation labs, etc.) to make model predictions. Strictly control the access of trusted third-party data to ensure information security. Therefore, a more effective model-based prediction scheme is needed.

本說明書實施例旨在提供一種更有效的基於模型的預測方案,以解決現有技術中的不足。 為實現上述目的,本說明書一個方面提供一種基於模型的預測方法,所述方法在資料需求方執行,所述資料需求方包括預先訓練好的計算模型,所述方法包括:通過對所述計算模型的至少一個參數進行加密,生成加密模型;將所述加密模型提供給資料提供方,其中,所述資料提供方儲存有第一資料;向所述資料提供方發送關於所述第一資料和所述加密模型的計算請求;從所述資料提供方接收與所述計算請求對應的計算結果;以及基於所述計算結果,獲取所述計算模型的明文預測結果。 在一個實施例中,在所述基於模型的預測方法中,所述資料需求方安裝有資料需求方計算引擎,其中,通過對所述計算模型的至少一個參數進行加密,生成加密模型包括,通過使用所述資料需求方計算引擎對所述計算模型的至少一個參數進行加密,生成加密模型。 在一個實施例中,在所述基於模型的預測方法中,所述資料提供方安裝有資料提供方計算引擎,其中,從所述資料提供方接收與所述計算請求對應的計算結果包括,通過所述資料需求方計算引擎從所述資料提供方計算引擎接收所述計算結果。 在一個實施例中,在所述基於模型的預測方法中,對所述計算模型的至少一個參數進行加密包括,通過以下一種加密方法對所述至少一個參數進行加密:同態加密方法、混淆電路方法以及差分隱私方法。 在一個實施例中,在所述基於模型的預測方法中,所述計算模型為邏輯回歸模型或線性回歸模型,所述加密方法為同態加密方法,所述計算結果為同態密文結果,其中,基於所述計算結果,獲取所述計算模型的明文預測結果包括:使用與所述計算模型對應的私密金鑰對所述同態密文結果進行解密,以獲取所述計算模型的明文預測結果,其中,所述私密金鑰在本地預先生成。 在一個實施例中,在所述基於模型的預測方法中,所述計算模型為GBDT模型,所述加密方法為混淆電路方法。 在一個實施例中,在所述基於模型的預測方法中,所述計算模型為評分卡模型,所述加密方法為差分隱私方法。 本說明書另一方面提供一種基於模型的預測方法,所述方法在資料提供方執行,所述資料提供方儲存有第一資料,所述方法包括:從資料需求方獲取加密模型,其中,所述資料需求方包括預先訓練好的計算模型,所述加密模型通過由所述資料需求方對所述計算模型的至少一個參數進行加密而生成;從所述資料需求方接收關於所述第一資料和所述加密模型的計算請求;根據所述計算請求,使用所述加密模型基於所述第一資料進行計算,以獲取計算結果;以及將所述計算結果發送給所述資料需求方。 在一個實施例中,在所述基於模型的預測方法中,所述加密模型為通過同態加密方法所獲取的第一加密模型,其中,根據所述計算請求,使用所述加密模型基於所述第一資料進行計算,以獲取計算結果包括:在所述第一加密模型中,使用預先獲取的所述資料需求方的公開金鑰基於所述第一資料進行同態計算,以獲取同態密文結果,其中,所述公開金鑰由所述資料需求方針對所述計算模型預先生成。 本說明書另一方面提供一種基於模型的預測裝置,所述裝置在資料需求方實施,所述資料需求方包括預先訓練好的計算模型,所述裝置包括:生成單元,配置為通過對所述計算模型的至少一個參數進行加密,生成加密模型;提供單元,配置為將所述加密模型提供給資料提供方,其中,所述資料提供方儲存有第一資料;發送單元,配置為向所述資料提供方發送關於所述第一資料和所述加密模型的計算請求;接收單元,配置為從所述資料提供方接收與所述計算請求對應的計算結果;以及獲取單元,配置為基於所述計算結果,獲取所述計算模型的明文預測結果。 在一個實施例中,在所述基於模型的預測裝置中,所述資料需求方安裝有資料需求方計算引擎,其中,所述生成單元還配置為通過使用所述資料需求方計算引擎對所述計算模型的至少一個參數進行加密,生成加密模型。 在一個實施例中,在所述基於模型的預測裝置中,所述資料提供方安裝有資料提供方計算引擎,其中,所述接收單元還配置為,通過所述資料需求方計算引擎從所述資料提供方計算引擎接收所述計算結果。 在一個實施例中,在所述基於模型的預測裝置中,所述生成單元還配置為,通過以下一種加密方法對所述至少一個參數進行加密:同態加密方法、混淆電路方法以及差分隱私方法。 在一個實施例中,在所述基於模型的預測裝置中,所述計算模型為邏輯回歸模型或線性回歸模型,所述加密方法為同態加密方法,所述計算結果為同態密文結果,其中,基於所述計算結果,獲取所述計算模型的明文預測結果包括:使用與所述計算模型對應的私密金鑰對所述同態密文結果進行解密,以獲取所述計算模型的明文預測結果,其中,所述私密金鑰在本地預先生成。 本說明書另一方面提供一種基於模型的預測裝置,所述裝置在資料提供方實施,所述資料提供方儲存有第一資料,所述裝置包括:獲取單元,配置為從資料需求方獲取加密模型,其中,所述資料需求方包括預先訓練好的計算模型,所述加密模型通過由所述資料需求方對所述計算模型的至少一個參數進行加密而生成;接收單元,配置為從所述資料需求方接收關於所述第一資料和所述加密模型的計算請求;計算單元,配置為根據所述計算請求,使用所述加密模型基於所述第一資料進行計算,以獲取計算結果;以及發送單元,配置為將所述計算結果發送給所述資料需求方。 在一個實施例中,在所述基於模型的預測裝置中,所述加密模型為通過同態加密方法獲取的第一加密模型,其中,根據所述計算請求,使用所述加密模型基於所述第一資料進行計算,以獲取計算結果包括:在所述第一加密模型中,使用預先獲取的所述資料需求方的公開金鑰基於所述第一資料進行同態計算,以獲取同態密文結果,其中,所述公開金鑰由所述資料需求方針對所述計算模型預先生成。 本說明書另一方面提供一種計算設備,包括記憶體和處理器,其特徵在於,所述記憶體中儲存有可執行程式碼,所述處理器執行所述可執行程式碼時,實現上述基於模型的預測方法。 通過根據本說明書實施例的模型預測方案,不需要可信的第三方,資料和模型由資料合作方各自持有,規避了資料和模型集中在一起的隱私安全問題,也減少了大批量資料傳輸帶來的傳輸安全隱患等問題。該方案為純軟體方案,除基本的伺服器等,沒有其他額外的硬體要求,不會引入其他硬體安全性漏洞。並且對接成本不高。資料提供方和資料需求方只需要docker部署特定引擎,即可線上完成計算。另外,針對不同的模型特性,使用不同的模型加密方式,提高了計算結果的準確度。The embodiments of the present specification aim to provide a more effective model-based prediction solution to solve the deficiencies in the prior art. To achieve the above purpose, one aspect of this specification provides a model-based prediction method, which is performed on a data demand side, where the data demand side includes a pre-trained calculation model, and the method includes: Encrypt at least one parameter to generate an encryption model; provide the encryption model to the data provider, where the data provider stores the first data; send the first data and the data to the data provider A calculation request of the encryption model; receiving a calculation result corresponding to the calculation request from the data provider; and obtaining a plain-text prediction result of the calculation model based on the calculation result. In one embodiment, in the model-based prediction method, the data demand side is installed with a data demand side calculation engine, wherein generating at least one parameter of the calculation model to generate an encryption model includes: The data demand-side calculation engine is used to encrypt at least one parameter of the calculation model to generate an encryption model. In one embodiment, in the model-based prediction method, the data provider is installed with a data provider calculation engine, wherein receiving the calculation result corresponding to the calculation request from the data provider includes, by The data demand side calculation engine receives the calculation result from the data provider calculation engine. In one embodiment, in the model-based prediction method, encrypting at least one parameter of the calculation model includes encrypting the at least one parameter by one of the following encryption methods: homomorphic encryption method, obfuscation circuit Method and differential privacy method. In one embodiment, in the model-based prediction method, the calculation model is a logistic regression model or a linear regression model, the encryption method is a homomorphic encryption method, and the calculation result is a homomorphic ciphertext result, Wherein, obtaining the plaintext prediction result of the calculation model based on the calculation result includes: decrypting the homomorphic ciphertext result using a private key corresponding to the calculation model to obtain the plaintext prediction of the calculation model As a result, the private key is generated locally in advance. In one embodiment, in the model-based prediction method, the calculation model is a GBDT model, and the encryption method is an obfuscation circuit method. In one embodiment, in the model-based prediction method, the calculation model is a scorecard model, and the encryption method is a differential privacy method. Another aspect of this specification provides a model-based prediction method, the method being executed at a data provider, where the data provider stores first data, the method includes: obtaining an encryption model from a data demander, wherein, the The data demander includes a pre-trained calculation model, and the encryption model is generated by the data demander encrypting at least one parameter of the calculation model; receiving the first data and the first data from the data demander A calculation request of the encryption model; according to the calculation request, use the encryption model to perform calculation based on the first data to obtain a calculation result; and send the calculation result to the data demander. In one embodiment, in the model-based prediction method, the encryption model is a first encryption model obtained by a homomorphic encryption method, wherein, based on the calculation request, using the encryption model based on the The calculation of the first data to obtain the calculation result includes: in the first encryption model, performing a homomorphic calculation based on the first data using the public key of the data acquirer obtained in advance to obtain a homomorphic secret As a result, the public key is generated in advance by the data demander for the calculation model. Another aspect of this specification provides a model-based prediction device, which is implemented on a data demand side, where the data demand side includes a pre-trained calculation model, and the device includes: a generating unit configured to calculate the At least one parameter of the model is encrypted to generate an encryption model; a providing unit is configured to provide the encryption model to a data provider, wherein the data provider stores the first data; a sending unit is configured to send the data The provider sends a calculation request for the first data and the encryption model; a receiving unit configured to receive the calculation result corresponding to the calculation request from the data provider; and an acquisition unit configured to be based on the calculation As a result, the plaintext prediction result of the calculation model is obtained. In one embodiment, in the model-based forecasting device, the data demand side computing engine is installed, wherein the generating unit is further configured to use the data demand side computing engine to At least one parameter of the calculation model is encrypted to generate an encryption model. In one embodiment, in the model-based prediction apparatus, the data provider is installed with a data provider calculation engine, wherein the receiving unit is further configured to use the data demand-side calculation engine from the The data provider calculation engine receives the calculation result. In one embodiment, in the model-based prediction device, the generating unit is further configured to encrypt the at least one parameter by one of the following encryption methods: homomorphic encryption method, obfuscation circuit method, and differential privacy method . In one embodiment, in the model-based prediction device, the calculation model is a logistic regression model or a linear regression model, the encryption method is a homomorphic encryption method, and the calculation result is a homomorphic ciphertext result, Wherein, obtaining the plaintext prediction result of the calculation model based on the calculation result includes: decrypting the homomorphic ciphertext result using a private key corresponding to the calculation model to obtain the plaintext prediction of the calculation model As a result, the private key is generated locally in advance. Another aspect of this specification provides a model-based prediction device, which is implemented at a data provider, where the data provider stores first data, and the device includes: an acquisition unit configured to acquire an encryption model from a data demander , Wherein the data demander includes a pre-trained calculation model, and the encryption model is generated by the data demander encrypting at least one parameter of the calculation model; the receiving unit is configured to The demand side receives a calculation request regarding the first data and the encryption model; a calculation unit configured to perform calculation based on the first data using the encryption model according to the calculation request to obtain a calculation result; and send The unit is configured to send the calculation result to the data demander. In one embodiment, in the model-based prediction device, the encryption model is a first encryption model obtained by a homomorphic encryption method, wherein, based on the calculation request, using the encryption model is based on the first The calculation of a data to obtain the calculation result includes: in the first encryption model, performing a homomorphic calculation based on the first data using the public key of the data acquirer obtained in advance to obtain a homomorphic ciphertext As a result, the public key is generated in advance by the data demander for the calculation model. Another aspect of this specification provides a computing device, including a memory and a processor, characterized in that executable code is stored in the memory, and when the processor executes the executable code, the above model-based Prediction method. The model prediction scheme according to the embodiment of the present specification does not require a trusted third party, and the data and model are held by the data partners, which avoids the privacy and security issues of the data and the model and reduces the mass data transmission. Problems such as hidden transmission security risks. This solution is a pure software solution. Apart from basic servers, there are no additional hardware requirements, and no other hardware security vulnerabilities will be introduced. And the connection cost is not high. The data provider and the data demander only need docker to deploy a specific engine to complete the calculation online. In addition, for different model characteristics, different model encryption methods are used to improve the accuracy of the calculation results.

下面將結合圖式描述本說明書實施例。 圖1示出了根據本說明書實施例的執行模型預測的系統100的示意圖。如圖1所示,系統100包括資料需求方11和資料提供方12。資料需求方11為模型擁有方,其包括訓練好的計算模型,如圖中所示,在資料需求方11,私有資料A包括訓練好的模型的特徵標籤等資料,計算邏輯(模型/規則)通過所述計算模型體現。資料提供方為資料擁有方,圖中所示的私有資料B即為資料提供方擁有的資料,該資料可使用上述計算模型進行計算。如圖中所示,在資料需求方11預先安裝有例如安全計算引擎,在所述資料提供方12安裝有例如安全計算引擎。所述資料需求方11和資料提供方12通過其各自的安全計算引擎執行例如安全計算和計算中的通信。具體是,資料需求方11在本地使用所述計算引擎對計算模型進行加密,也即對私有資料A進行加密,並將加密後的加密模型發送給資料提供方12,並向資料提供方12發送關於該加密模型和私有資料B的計算請求。資料提供方12在接收到計算請求之後,在其本地的計算引擎中使用接收的加密模型基於私有資料B進行計算,並通過計算引擎將計算結果發送給資料需求方11。資料需求方11基於上述計算結果獲取最終的明文結果。 圖1所示的系統100只是示意性的,根據本說明書實施例的系統100不限於圖1所示的結構。例如,在資料需求方11和資料提供方12不必需安全計算引擎,而是可以包括任何計算軟體,只要其能滿足上述計算需求即可。另外,資料需求方11也可以包括需要進行模型預測的資料,即,資料需求方11可以同時作為另一個資料提供方,資料提供方12也可以擁有模型,即,資料提供方12可以同時作為另一個資料需求方。 圖2示出了根據本說明書實施例的一種基於模型的預測方法的流程圖。所述方法在資料需求方執行,所述資料需求方包括預先訓練好的計算模型。所述方法包括: 在步驟S202,通過對所述計算模型的至少一個參數進行加密,生成加密模型; 在步驟S204,將所述加密模型提供給資料提供方,其中,所述資料提供方儲存有第一資料; 在步驟S206,向所述資料提供方發送關於所述第一資料和所述加密模型的計算請求; 在步驟S208,從所述資料提供方接收與所述計算請求對應的計算結果;以及 在步驟S210,基於所述計算結果,獲取所述計算模型的明文預測結果。 首先,在步驟S202,通過對所述計算模型的至少一個參數進行加密,生成加密模型。 在一個實施例中,所述計算模型例如是邏輯回歸模型(LR模型),LR模型的預測函數如下文的公式(1)所示:

Figure 02_image001
其中ω、λ為模型係數,屬於資料需求方。x為計算所需的輸入,屬於資料提供方的私有資料,即上述第一資料。這裡ω、λ、x可以是單個數值,也可以是向量,下文中以ω和x都為包括多個數值的向量為例進行說明。 為了減少計算量,同時為了減少模型參數的洩漏風險,只對公式(1)中的ω參數進行同態加密計算,從而獲取與ωx對應的加密模型。首先,資料需求方生成並儲存用於進行上述同態加密的公開金鑰和私密金鑰,並使用公開金鑰對ω中包括的各數值分別進行同態加密,從而獲取與ω對應的第一加密向量。之後,資料需求方將ω替換成第一加密向量,生成加密模型。所述加密模型中包括第一加密向量、以及與ωx對應的計算規則,即將第一加密向量與第二加密向量(與x對應的同態加密向量)進行點積的運算規則。這裡,加密模型以設定檔的形式表示,可以理解,加密模型不限於設定檔的形式,而可以為其它形式,例如腳本、可執行程式等。 所述計算模型不限於LR模型,所述加密方法也不限於同態加密方法。例如,在一個實施例中,所述計算模型為線性回歸模型,資料需求方可同樣地使用同態加密方法生成加密模型。在一個實施例中,所述計算模型為GBDT模型,資料需求方可通過混淆電路方法生成加密模型。在一個實施例中,所述計算模型為評分卡模型,資料需求方可通過差分隱私方法生成加密模型。評分卡模型最終結果只需輸出分類,不需要精確的計算結果。從而可以使用差分隱私方法模糊化模型係數,加入微小雜訊,而不會影響整體的決策分類。 在一個實施例中,如圖1中所示,資料需求方預先安裝有專用的安全計算引擎,資料需求方通過該計算引擎進行對所述參數的加密,以生成加密模型。 在步驟S204,將所述加密模型提供給資料提供方,其中,所述資料提供方儲存有第一資料。資料需求方在生成所述加密模型之後,例如可通過本地的產品控制台將所述加密模型推送給資料提供方。將所述加密模型提供給資料提供方不限於上述方式,例如,資料需求方還可以通過硬碟儲存的形式將儲存有加密模型的硬碟提供給資料提供方。資料提供方接收所述加密模型之後,可在資料提供方部署該加密模型,以使用該加密模型進行本地的計算。例如,可將模型設定檔載入到一個進程中,然後通過調用該進程進行模型計算。這裡,本領域技術人員可以理解,依據不同的計算環境,可以實施不同的部署方法,在此不進行詳細說明。 在步驟S206,向所述資料提供方發送關於所述第一資料和所述加密模型的計算請求。這裡,第一資料(即上文中的x)例如為特定對象(對象ID)的特徵向量資料。所述計算請求中可包括所述對象ID和所述加密模型的模型ID,或者,所述計算請求中可包括與所述對象ID對應的資訊,例如對象ID的手機號、護照號等資訊。從而資料提供方基於該計算請求,可獲取所述對象ID和所述加密模型,並基於所述對象ID獲取所述第一資料,從而可基於該計算請求進行計算。 在步驟S208,從所述資料提供方接收與所述計算請求對應的計算結果。 例如,在上述計算模型為LR模型的實施例中,所述加密模型是與公式(1)中的ωx對應的加密模型。資料提供方在接收上述關於第一資料和所述加密模型的計算請求之後,在該加密模型中,使用預先獲取的所述資料需求方的公開金鑰基於x進行同態計算,以獲取同態密文結果,其中,所述公開金鑰由所述資料需求方針對所述計算模型預先生成。該同態密文結果即與ωx對應的同態密文結果。之後,資料提供方將所述同態密文結果發送給所述資料需求方。從而所述資料需求方從資料提供方獲取基於所述計算請求的同態密文結果。 在上述計算模型為GBDT模型的實施例中,加密方法為混淆電路方法。所述加密模型中的加密參數為所述GBDT模型中的至少一個參數的混淆值。所述資料提供方使用所述加密的GBDT模型基於所述第一資料進行計算,從而可獲取混淆值結果。之後,資料提供方將該混淆值結果發送給資料需求方。從而,資料需求方從資料提供方獲取基於所述計算請求的混淆值結果。 在上述計算模型為評分卡模型中,資料需求方通過差分隱私方法模糊該模型的係數,同時不影響模型的預測結果。從而,資料提供方直接將第一資料x輸入該經過加密的評分卡模型,可基本準確地獲取該評分卡模型的明文預測結果。之後,資料提供方將該明文預測結果發送給所述資料需求方。 在一個實施例中,如圖1所示,在第一伺服器和資料提供方都預先部署有安全計算引擎。在該情況中,由資料需求方的安全計算引擎從資料提供方的安全計算引擎接收與所述計算請求對應的計算結果。該計算引擎在計算出加密模型的計算結果之後,可對該計算結果附上加密模型的標識,並發送給所述資料需求方的安全計算引擎,從而可確保該計算結果的真實性。 在步驟S210,基於所述計算結果,獲取所述計算模型的明文預測結果。 在所述計算結果為同態密文結果的實施例中,資料需求方使用上述在本地生成的與所述計算模型對應的私密金鑰對所述同態密文結果進行解密,從而獲取與該計算結果對應的明文結果。根據同態加密原理,該明文結果等同於將ω和x直接點積所獲得的值。在獲得ωx的點積的明文值之後,資料需求方將該明文值代入公式(1)中進行計算,從而可最終獲取上述LR模型對第一資料的預測結果。 在所述計算結果為混淆值結果的實施例中,資料需求方基於該混淆值結果獲取其原始值,從而獲取上述GBDT模型對第一資料的明文預測結果。 在所述計算結果為加密評分卡模型的明文預測結果的情況中,根據差分隱私加密原理,資料需求方可直接將該明文預測結果作為所述評分卡模型的明文預測結果。 在一個實施例中,所述資料需求方安裝有資料需求方計算引擎,所述資料提供方安裝有資料提供方計算引擎。例如資料需求方和資料提供方可分別通過Docker(一種開源的應用容器引擎)部署上述資料需求方計算引擎和資料提供方計算引擎,即資料需求方計算引擎和資料提供方計算引擎可理解為軟體。其中所述資料需求方的計算在所述資料需求方計算引擎內進行,所述資料提供方的計算在所述資料提供方計算引擎內進行。例如,資料需求方對模型的加密計算、對密文結果的解密計算可通過資料需求方計算引擎進行,資料提供方基於所述加密模型對第一資料的計算可通過資料提供方計算引擎進行。另外,上述資料需求方計算引擎和資料提供方計算引擎還具備通信功能,例如,資料需求方可通過資料需求方計算引擎向所述資料提供方發送關於所述第一資料和所述加密模型的計算請求,資料提供方可通過資料提供方計算引擎向所述資料需求方發送與所述計算請求對應的計算結果。 圖3示出根據本說明書實施例的一種基於模型的預測方法的流程圖。所述方法在資料提供方執行,所述資料提供方儲存有第一資料。所述方法包括以下步驟S302-S308。 在步驟S302,從資料需求方獲取加密模型,其中,所述資料需求方包括預先訓練好的計算模型,所述加密模型通過由所述資料需求方對所述計算模型的至少一個參數進行加密而生成。該步驟的具體實施可參考上文對圖2中步驟S202和步驟S204的相應描述,在此不再贅述。 在步驟S304,從所述資料需求方接收關於所述第一資料和所述加密模型的計算請求。該步驟的具體實施可參考上文對圖2中步驟S206的相應描述,在此不再贅述。 在步驟S306,根據所述計算請求,使用所述加密模型基於所述第一資料進行計算,以獲取計算結果。該步驟的具體實施可參考上文對圖2中步驟S208的相應描述,在此不再贅述。 在步驟S308,將所述計算結果發送給所述資料需求方。該步驟的具體實施可參考上文對圖2中步驟S208的相應描述,在此不再贅述。 在一個實施例中,如上文對圖2中步驟S208的相應描述,所述加密模型為通過同態加密方法對上述LR模型或線性回歸模型的至少一個參數進行加密所獲取的第一加密模型。其中,根據所述計算請求,使用所述加密模型基於所述第一資料進行計算,以獲取計算結果包括:在所述第一加密模型中,使用預先獲取的所述資料需求方的公開金鑰基於所述第一資料進行同態計算,以獲取同態密文結果,其中,所述公開金鑰由所述資料需求方針對所述計算模型預先生成。所述預先獲取的公開金鑰例如是由所述資料需求方預先發送給所述資料提供方的,或者,所述資料需求方預先向資料提供方提供與所述公開金鑰相關的資訊,所述資料提供方預先基於該資訊推導出述公開金鑰,等等 圖4示出根據本說明書實施例的一種基於模型的預測裝置400。所述裝置在資料需求方實施,所述資料需求方包括預先訓練好的計算模型。所述裝置包括: 生成單元41,配置為通過對所述計算模型的至少一個參數進行加密,生成加密模型; 提供單元42,配置為將所述加密模型提供給資料提供方,其中,所述資料提供方儲存有第一資料; 發送單元43,配置為向所述資料提供方發送關於所述第一資料和所述加密模的計算請求; 接收單元44,配置為從所述資料提供方接收與所述計算請求對應的計算結果;以及 獲取單元45,配置為基於所述計算結果,獲取所述計算模型的明文預測結果。 在一個實施例中,在所述基於模型的預測裝置中,所述資料需求方安裝有資料需求方計算引擎,其中,所述生成單元41還配置為通過使用所述資料需求方計算引擎對所述計算模型的至少一個參數進行加密,生成加密模型。 在一個實施例中,在所述基於模型的預測裝置中,所述資料提供方安裝有資料提供方計算引擎,其中,所述接收單元44還配置為通過所述資料需求方計算引擎從所述資料提供方計算引擎接收與所述計算請求對應的計算結果。 在一個實施例中,在所述基於模型的預測裝置中,所述生成單元41還配置為通過以下一種加密方法對所述至少一個參數進行加密:同態加密方法、混淆電路方法以及差分隱私方法。 在一個實施例中,在所述基於模型的預測裝置中,所述計算模型為邏輯回歸模型或線性回歸模型,所述加密方法為同態加密方法,所述計算結果為同態密文結果,其中,所述獲取單元45配置為:使用與所述計算模型對應的私密金鑰對所述同態密文結果進行解密,以獲取所述計算模型的明文預測結果,其中,所述私密金鑰在本地預先生成。 圖5示出根據本說明書實施例的一種基於模型的預測裝置500。所述裝置在資料提供方實施,所述資料提供方儲存有第一資料,所述裝置包括: 獲取單元51,配置為從資料需求方獲取加密模型,其中,所述資料需求方包括預先訓練好的計算模型,所述加密模型通過由所述資料需求方對所述計算模型的至少一個參數進行加密而生成; 接收單元52,配置為從所述資料需求方接收關於所述第一資料和所述加密模型的計算請求; 計算單元53,配置為根據所述計算請求,使用所述加密模型基於所述第一資料進行計算,以獲取計算結果;以及 發送單元54,配置為將所述計算結果發送給所述資料需求方。 在一個實施例中,在所述基於模型的預測裝置中,所述加密模型為通過同態加密方法對LR模型或線性回歸模型的至少一個參數進行加密所獲取的第一加密模型,其中,所述計算單元53還配置為:在所述第一加密模型中,使用預先獲取的所述資料需求方的公開金鑰基於所述第一資料進行同態計算,以獲取同態密文結果,其中,所述公開金鑰由所述資料需求方針對所述計算模型預先生成。 在一個實施例中,在所述基於模型的預測裝置中,所述資料提供方安裝有資料提供方計算引擎,其中,所述計算單元53還配置為通過所述資料提供方計算引擎,基於所述計算請求,根據所述加密模型對所述第一資料進行計算,以獲取計算結果。 本說明書另一方面如果一種計算設備,包括記憶體和處理器,其特徵在於,所述記憶體中儲存有可執行程式碼,所述處理器執行所述可執行程式碼時,實現上述基於模型的預測方法。 通過根據本說明書實施例的模型預測方案,不需要可信的第三方,資料和模型由資料合作方各自持有,規避了資料和模型集中在一起的隱私安全問題,也減少了大批量資料傳輸帶來的傳輸安全隱患等問題。該方案為純軟體方案,除基本的伺服器等,沒有其他額外的硬體要求,不會引入其他硬體安全性漏洞。並且對接成本不高。資料提供方和資料需求方只需要docker部署特定計算引擎,即可線上完成計算。另外,針對不同的模型特性,使用不同的模型加密方式,提高了計算結果的準確度。 本說明書中的各個實施例均採用遞進的方式描述,各個實施例之間相同相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。尤其,對於系統實施例而言,由於其基本相似於方法實施例,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。 上述對本說明書特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多工處理和並行處理也是可以的或者可能是有利的。 本領域普通技術人員應該還可以進一步意識到,結合本文中所公開的實施例描述的各示例的單元及演算法步驟,能夠以電子硬體、電腦軟體或者二者的結合來實現,為了清楚地說明硬體和軟體的可互換性,在上述說明中已經按照功能一般性地描述了各示例的組成及步驟。這些功能究竟以硬體還是軟體方式來執軌道,取決於技術方案的特定應用和設計約束條件。本領域普通技術人員可以對每個特定的應用來使用不同方法來實現所描述的功能,但是這種實現不應認為超出本申請的範圍。 結合本文中所公開的實施例描述的方法或演算法的步驟可以用硬體、處理器執軌道的軟體模組,或者二者的結合來實施。軟體模組可以置於隨機記憶體(RAM)、記憶體、唯讀記憶體(ROM)、電可程式設計ROM、電可擦除可程式設計ROM、暫存器、硬碟、抽取式磁碟、CD-ROM、或技術領域內所公知的任意其它形式的儲存媒體中。 以上所述的具體實施方式,對本發明的目的、技術方案和有益效果進行了進一步詳細說明,所應理解的是,以上所述僅為本發明的具體實施方式而已,並不用於限定本發明的保護範圍,凡在本發明的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本發明的保護範圍之內。The embodiments of this specification will be described below with reference to the drawings. FIG. 1 shows a schematic diagram of a system 100 for performing model prediction according to an embodiment of the present specification. As shown in FIG. 1, the system 100 includes a data requester 11 and a data provider 12. The data demander 11 is the model owner, which includes the trained calculation model. As shown in the figure, at the data demander 11, the private data A includes the data such as the feature labels of the trained model, and the calculation logic (model/rule) Embodied by the calculation model. The data provider is the data owner, and the private data B shown in the figure is the data owned by the data provider, which can be calculated using the above calculation model. As shown in the figure, for example, a secure computing engine is installed in advance on the data demand side 11, and a secure computing engine is installed on the data provider 12, for example. The data requester 11 and the data provider 12 perform, for example, secure computing and communication in computing through their respective secure computing engines. Specifically, the data demander 11 locally uses the calculation engine to encrypt the calculation model, that is, encrypts the private data A, and sends the encrypted encryption model to the data provider 12, and sends it to the data provider 12. Calculation request for the encryption model and private data B. After receiving the calculation request, the data provider 12 uses the received encryption model in its local calculation engine to perform calculation based on the private data B, and sends the calculation result to the data demander 11 through the calculation engine. The data demander 11 obtains the final plain text result based on the above calculation result. The system 100 shown in FIG. 1 is only schematic, and the system 100 according to the embodiment of the present specification is not limited to the structure shown in FIG. 1. For example, the data demand side 11 and the data provider 12 do not need a secure computing engine, but may include any computing software as long as they can meet the above computing requirements. In addition, the data demander 11 may also include data that needs to be predicted by the model, that is, the data demander 11 may simultaneously act as another data provider, and the data provider 12 may also have the model, that is, the data provider 12 may also act as another A data demand side. FIG. 2 shows a flowchart of a model-based prediction method according to an embodiment of the present specification. The method is executed on the data demand side, which includes a pre-trained calculation model. The method includes: in step S202, encrypt at least one parameter of the calculation model to generate an encryption model; in step S204, provide the encryption model to a data provider, wherein the data provider stores First data; in step S206, a calculation request for the first data and the encryption model is sent to the data provider; in step S208, a calculation result corresponding to the calculation request is received from the data provider And in step S210, based on the calculation result, the plaintext prediction result of the calculation model is obtained. First, in step S202, an encryption model is generated by encrypting at least one parameter of the calculation model. In one embodiment, the calculation model is, for example, a logistic regression model (LR model), and the prediction function of the LR model is as shown in formula (1) below:
Figure 02_image001
Where ω and λ are model coefficients and belong to the data demand side. x is the input required for the calculation and belongs to the private data of the data provider, that is, the above-mentioned first data. Here, ω, λ, and x may be a single value or a vector. Hereinafter, ω and x are vectors including multiple values as an example for description. In order to reduce the amount of calculation and at the same time to reduce the risk of model parameter leakage, only homomorphic encryption calculation is performed on the ω parameter in formula (1), so as to obtain the encryption model corresponding to ωx. First, the data demander generates and stores the public key and the private key used for the homomorphic encryption described above, and uses the public key to homomorphically encrypt each value included in ω to obtain the first corresponding to ω Encryption vector. After that, the data demander replaces ω with the first encryption vector to generate an encryption model. The encryption model includes a first encryption vector and a calculation rule corresponding to ωx, that is, a calculation rule for performing a dot product between the first encryption vector and the second encryption vector (a homomorphic encryption vector corresponding to x). Here, the encryption model is expressed in the form of a configuration file. It can be understood that the encryption model is not limited to the format of the configuration file, but may be in other forms, such as scripts and executable programs. The calculation model is not limited to the LR model, and the encryption method is not limited to the homomorphic encryption method. For example, in one embodiment, the calculation model is a linear regression model, and the data demander can also use the homomorphic encryption method to generate the encryption model. In one embodiment, the calculation model is a GBDT model, and the data demander can generate the encryption model by obfuscation circuit method. In one embodiment, the calculation model is a scorecard model, and the data demander can generate an encryption model through a differential privacy method. The final result of the scorecard model only needs to output the classification, and does not require accurate calculation results. Therefore, the differential privacy method can be used to blur the model coefficients and add small noise without affecting the overall decision classification. In one embodiment, as shown in FIG. 1, the data demander pre-installs a dedicated secure computing engine, and the data demander encrypts the parameters through the computing engine to generate an encryption model. In step S204, the encryption model is provided to the data provider, wherein the data provider stores the first data. After the data demander generates the encryption model, for example, the encryption model can be pushed to the data provider through a local product console. Providing the encryption model to the data provider is not limited to the above manner. For example, the data demander may also provide the hard disk with the encryption model stored in the form of hard disk storage to the data provider. After receiving the encryption model, the data provider may deploy the encryption model in the data provider to use the encryption model for local calculations. For example, you can load the model configuration file into a process, and then calculate the model by calling the process. Here, those skilled in the art can understand that different deployment methods can be implemented according to different computing environments, and detailed descriptions are not provided here. In step S206, a calculation request about the first data and the encryption model is sent to the data provider. Here, the first data (that is, x in the above) is, for example, feature vector data of a specific object (object ID). The calculation request may include the object ID and the model ID of the encryption model, or the calculation request may include information corresponding to the object ID, such as the mobile phone number and passport number of the object ID. Therefore, the data provider can obtain the object ID and the encryption model based on the calculation request, and obtain the first data based on the object ID, so that calculation can be performed based on the calculation request. In step S208, a calculation result corresponding to the calculation request is received from the data provider. For example, in the above embodiment where the calculation model is an LR model, the encryption model is an encryption model corresponding to ωx in formula (1). After the data provider receives the above calculation request for the first data and the encryption model, in the encryption model, the public key of the data demander obtained in advance is used to perform homomorphic calculation based on x to obtain homomorphism A ciphertext result, in which the public key is generated in advance by the data demander for the calculation model. The homomorphic ciphertext result is the homomorphic ciphertext result corresponding to ωx. After that, the data provider sends the homomorphic ciphertext result to the data demander. Therefore, the data demander obtains the homomorphic ciphertext result based on the calculation request from the data provider. In the above embodiment where the calculation model is the GBDT model, the encryption method is the obfuscation circuit method. The encryption parameter in the encryption model is a confusion value of at least one parameter in the GBDT model. The data provider uses the encrypted GBDT model to calculate based on the first data, so that a confusion value result can be obtained. After that, the data provider sends the result of the confusion value to the data demander. Thus, the data demander obtains the confusion value result based on the calculation request from the data provider. In the above calculation model is a scorecard model, the data demander blurs the coefficients of the model through the differential privacy method, and does not affect the prediction results of the model. Therefore, the data provider directly inputs the first data x into the encrypted scorecard model, and the plaintext prediction result of the scorecard model can be obtained substantially accurately. After that, the data provider sends the plain text prediction result to the data demander. In one embodiment, as shown in FIG. 1, a secure computing engine is pre-deployed on both the first server and the data provider. In this case, the security calculation engine of the data requester receives the calculation result corresponding to the calculation request from the security calculation engine of the data provider. After calculating the calculation result of the encryption model, the calculation engine may attach the identification of the encryption model to the calculation result and send it to the secure calculation engine of the data demander, so as to ensure the authenticity of the calculation result. In step S210, based on the calculation result, a plain-text prediction result of the calculation model is obtained. In the embodiment where the calculation result is a homomorphic ciphertext result, the data demander decrypts the homomorphic ciphertext result using the private key generated locally corresponding to the calculation model, so as to obtain the The plaintext result corresponding to the calculation result. According to the principle of homomorphic encryption, the plaintext result is equivalent to the value obtained by directly dot producting ω and x. After obtaining the plain text value of the dot product of ωx, the data demander substitutes the plain text value into the formula (1) for calculation, so that the prediction result of the above-mentioned LR model for the first data can be finally obtained. In the embodiment in which the calculation result is a confusion value result, the data demander obtains its original value based on the confusion value result, thereby obtaining the plaintext prediction result of the above-mentioned GBDT model for the first data. In the case where the calculation result is the plaintext prediction result of the encrypted scorecard model, according to the principle of differential privacy encryption, the data demander may directly use the plaintext prediction result as the plaintext prediction result of the scorecard model. In one embodiment, the data demand side is installed with a data demand side calculation engine, and the data provider is installed with a data provider calculation engine. For example, the data demand side and the data provider can deploy the above data demand side computing engine and data provider computing engine through Docker (an open source application container engine), that is, the data demand side computing engine and the data provider computing engine can be understood as software . The calculation of the data demand side is performed in the data demand side calculation engine, and the calculation of the data provider is performed in the data provider calculation engine. For example, the data demand side encryption calculation of the model and the decryption calculation of the ciphertext result can be performed by the data demand side calculation engine, and the data provider calculation of the first data based on the encryption model can be performed by the data provider calculation engine. In addition, the above-mentioned data-demand computing engine and data-provider computing engine also have a communication function. For example, the data demand-side computing engine can send the data demand-side computing engine to the data provider through the data demand-side computing engine For the calculation request, the data provider may send the calculation result corresponding to the calculation request to the data demander through the data provider calculation engine. FIG. 3 shows a flowchart of a model-based prediction method according to an embodiment of the present specification. The method is executed at a data provider, and the data provider stores first data. The method includes the following steps S302-S308. In step S302, an encryption model is obtained from a data demander, wherein the data demander includes a pre-trained calculation model, and the encryption model is encrypted by the data demander by encrypting at least one parameter of the calculation model generate. For specific implementation of this step, reference may be made to the corresponding descriptions of step S202 and step S204 in FIG. 2 above, and details are not described herein again. In step S304, a calculation request regarding the first data and the encryption model is received from the data demander. For specific implementation of this step, reference may be made to the corresponding description of step S206 in FIG. 2 above, and details are not described herein again. In step S306, according to the calculation request, the encryption model is used to perform calculation based on the first data to obtain a calculation result. For specific implementation of this step, reference may be made to the corresponding description of step S208 in FIG. 2 above, and details are not described herein again. In step S308, the calculation result is sent to the data demander. For specific implementation of this step, reference may be made to the corresponding description of step S208 in FIG. 2 above, and details are not described herein again. In one embodiment, as described above corresponding to step S208 in FIG. 2, the encryption model is the first encryption model obtained by encrypting at least one parameter of the LR model or the linear regression model through the homomorphic encryption method. Wherein, according to the calculation request, using the encryption model to perform calculation based on the first data to obtain the calculation result includes: using the public key of the data acquirer obtained in advance in the first encryption model Perform homomorphic calculation based on the first data to obtain homomorphic ciphertext results, wherein the public key is generated in advance by the data demander for the calculation model. The pre-obtained public key is, for example, pre-sent by the data requester to the data provider, or the data requester provides the data provider with information related to the public key in advance. The data provider derives the public key based on the information in advance, and so on. FIG. 4 shows a model-based prediction apparatus 400 according to an embodiment of the present specification. The device is implemented on the data demand side, which includes a pre-trained calculation model. The apparatus includes: a generating unit 41 configured to generate an encryption model by encrypting at least one parameter of the calculation model; a providing unit 42 configured to provide the encryption model to a data provider, wherein the data The provider stores the first data; the sending unit 43 is configured to send a calculation request about the first data and the encryption module to the data provider; the receiving unit 44 is configured to receive and receive data from the data provider A calculation result corresponding to the calculation request; and an obtaining unit 45, configured to obtain a plain text prediction result of the calculation model based on the calculation result. In one embodiment, in the model-based prediction device, the data demand side computing engine is installed, wherein the generating unit 41 is further configured to use the data demand side computing engine to At least one parameter of the calculation model is encrypted to generate an encryption model. In one embodiment, in the model-based prediction apparatus, the data provider is installed with a data provider calculation engine, wherein the receiving unit 44 is further configured to use the data demand side calculation engine from the The data provider calculation engine receives the calculation result corresponding to the calculation request. In one embodiment, in the model-based prediction device, the generating unit 41 is further configured to encrypt the at least one parameter by one of the following encryption methods: homomorphic encryption method, obfuscation circuit method, and differential privacy method . In one embodiment, in the model-based prediction device, the calculation model is a logistic regression model or a linear regression model, the encryption method is a homomorphic encryption method, and the calculation result is a homomorphic ciphertext result, Wherein, the obtaining unit 45 is configured to: decrypt the homomorphic ciphertext result using a private key corresponding to the calculation model to obtain the plaintext prediction result of the calculation model, wherein the private key Pre-generated locally. FIG. 5 shows a model-based prediction device 500 according to an embodiment of the present specification. The device is implemented at a data provider, and the data provider stores first data. The device includes: an obtaining unit 51 configured to obtain an encryption model from a data demander, wherein the data demander includes pre-trained The calculation model of the encryption model is generated by the data demander encrypting at least one parameter of the calculation model; the receiving unit 52 is configured to receive the first data and the data from the data demander A calculation request of the encryption model; a calculation unit 53 configured to perform calculation based on the first data using the encryption model according to the calculation request to obtain a calculation result; and a sending unit 54 configured to configure the calculation result Send to the data demand side. In one embodiment, in the model-based prediction apparatus, the encryption model is a first encryption model obtained by encrypting at least one parameter of an LR model or a linear regression model by a homomorphic encryption method, wherein The calculation unit 53 is further configured to: in the first encryption model, perform a homomorphic calculation based on the first data using the public key of the data acquirer obtained in advance to obtain a homomorphic ciphertext result, where , The public key is generated in advance by the data demander for the calculation model. In one embodiment, in the model-based prediction device, the data provider is installed with a data provider calculation engine, wherein the calculation unit 53 is further configured to pass the data provider calculation engine based on The calculation request calculates the first data according to the encryption model to obtain the calculation result. In another aspect of this specification, if a computing device includes a memory and a processor, wherein the memory stores executable program code, and when the processor executes the executable program code, the model-based Prediction method. The model prediction scheme according to the embodiment of the present specification does not require a trusted third party, and the data and model are held by the data partners, which avoids the privacy and security issues of the data and the model and reduces the mass data transmission. Problems such as hidden transmission security risks. This solution is a pure software solution. Apart from basic servers, there are no additional hardware requirements, and no other hardware security vulnerabilities will be introduced. And the connection cost is not high. The data provider and the data demander only need docker to deploy a specific computing engine to complete the calculation online. In addition, for different model characteristics, different model encryption methods are used to improve the accuracy of the calculation results. The embodiments in this specification are described in a progressive manner. The same or similar parts between the embodiments can be referred to each other. Each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method embodiment. The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the attached patent application. In some cases, the actions or steps described in the scope of the patent application may be performed in a different order than in the embodiment and still achieve the desired result. In addition, the processes depicted in the drawings do not necessarily require the particular order shown or sequential order to achieve the desired results. In some embodiments, multiplexing and parallel processing are also possible or may be advantageous. Those of ordinary skill in the art should be further aware that the example units and algorithm steps described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two, for clarity The interchangeability of hardware and software is described. In the above description, the composition and steps of each example have been described generally according to functions. Whether these functions are implemented in hardware or software depends on the specific application of the technical solution and design constraints. A person of ordinary skill in the art may use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of the present application. The steps of the method or algorithm described in conjunction with the embodiments disclosed herein may be implemented by hardware, a software module executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable and programmable ROM, registers, hard drives, removable disks , CD-ROM, or any other form of storage media known in the art. The specific embodiments described above further describe the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. The scope of protection, within the spirit and principle of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the scope of protection of the present invention.

11‧‧‧資料需求方 12‧‧‧資料提供方 100‧‧‧系統 41‧‧‧生成單元 42‧‧‧提供單元 43‧‧‧發送單元 44‧‧‧接收單元 45‧‧‧獲取單元 400‧‧‧基於模型的預測裝置 51‧‧‧獲取單元 52‧‧‧接收單元 53‧‧‧計算單元 54‧‧‧發送單元 500‧‧‧基於模型的預測裝置11‧‧‧Data Demand 12‧‧‧ Data provider 100‧‧‧System 41‧‧‧Generation unit 42‧‧‧Provide unit 43‧‧‧Sending unit 44‧‧‧Receiving unit 45‧‧‧ acquisition unit 400‧‧‧Model-based prediction device 51‧‧‧ acquisition unit 52‧‧‧Receiving unit 53‧‧‧Calculation unit 54‧‧‧Sending unit 500‧‧‧Model-based prediction device

通過結合圖式描述本說明書實施例,可以使得本說明書實施例更加清楚: 圖1示出了根據本說明書實施例的執行模型預測的系統100的示意圖; 圖2示出了根據本說明書實施例的一種基於模型的預測方法的流程圖; 圖3示出根據本說明書實施例的一種基於模型的預測方法的流程圖; 圖4示出根據本說明書實施例的一種基於模型的預測裝置400;以及 圖5示出根據本說明書實施例的一種基於模型的預測裝置500。By describing the embodiments of the present specification with reference to the drawings, the embodiments of the present specification can be made clearer: FIG. 1 shows a schematic diagram of a system 100 for performing model prediction according to an embodiment of this specification; 2 shows a flowchart of a model-based prediction method according to an embodiment of this specification; FIG. 3 shows a flowchart of a model-based prediction method according to an embodiment of this specification; FIG. 4 shows a model-based prediction apparatus 400 according to an embodiment of this specification; and FIG. 5 shows a model-based prediction device 500 according to an embodiment of the present specification.

11‧‧‧資料需求方 11‧‧‧Data Demand

12‧‧‧資料提供方 12‧‧‧ Data provider

100‧‧‧系統 100‧‧‧System

Claims (19)

一種基於模型的預測方法,該方法在資料需求方執行,該資料需求方包括預先訓練好的計算模型,該方法包括: 通過對該計算模型的至少一個參數進行加密,生成加密模型; 將該加密模型提供給資料提供方,其中,該資料提供方儲存有第一資料; 向該資料提供方發送關於該第一資料和該加密模型的計算請求; 從該資料提供方接收與該計算請求對應的計算結果;以及 基於該計算結果,獲取該計算模型的明文預測結果。A model-based prediction method. The method is executed on the data demand side. The data demand side includes a pre-trained calculation model. The method includes: Generate an encrypted model by encrypting at least one parameter of the calculation model; Provide the encryption model to the data provider, wherein the data provider stores the first data; Send a calculation request about the first data and the encryption model to the data provider; Receive the calculation result corresponding to the calculation request from the data provider; and Based on the calculation result, the plaintext prediction result of the calculation model is obtained. 根據請求項1所述的基於模型的預測方法,其中,該資料需求方安裝有資料需求方計算引擎,其中,通過對該計算模型的至少一個參數進行加密,生成加密模型包括,通過使用該資料需求方計算引擎對該計算模型的至少一個參數進行加密,生成加密模型。The model-based prediction method according to claim 1, wherein the data demander is installed with a data demander calculation engine, wherein generating the encrypted model by encrypting at least one parameter of the calculation model includes, by using the data The demand-side calculation engine encrypts at least one parameter of the calculation model to generate an encryption model. 根據請求項2所述的基於模型的預測方法,其中,該資料提供方安裝有資料提供方計算引擎,其中,從該資料提供方接收與該計算請求對應的計算結果包括,通過該資料需求方計算引擎從該資料提供方計算引擎接收該計算結果。The model-based prediction method according to claim 2, wherein the data provider is installed with a data provider calculation engine, wherein receiving the calculation result corresponding to the calculation request from the data provider includes, through the data demander The calculation engine receives the calculation result from the data provider calculation engine. 根據請求項1所述的基於模型的預測方法,其中,對該計算模型的至少一個參數進行加密包括,通過以下一種加密方法對所述至少一個參數進行加密:同態加密方法、混淆電路方法以及差分隱私方法。The model-based prediction method according to claim 1, wherein encrypting at least one parameter of the calculation model includes encrypting the at least one parameter by one of the following encryption methods: homomorphic encryption method, obfuscation circuit method, and Differential privacy method. 根據請求項4所述的基於模型的預測方法,其中該計算模型為邏輯回歸模型或線性回歸模型,該加密方法為同態加密方法,該計算結果為同態密文結果, 其中,基於該計算結果,獲取該計算模型的明文預測結果包括: 使用與該計算模型對應的私密金鑰對該同態密文結果進行解密,以獲取該計算模型的明文預測結果,其中,該私密金鑰在本地預先生成。The model-based prediction method according to claim 4, wherein the calculation model is a logistic regression model or a linear regression model, the encryption method is a homomorphic encryption method, and the calculation result is a homomorphic ciphertext result, Wherein, based on the calculation result, obtaining the plain-text prediction result of the calculation model includes: Use the private key corresponding to the calculation model to decrypt the homomorphic ciphertext result to obtain the plaintext prediction result of the calculation model, where the private key is generated locally in advance. 根據請求項4所述的基於模型的預測方法,其中該計算模型為GBDT模型,該加密方法為混淆電路方法。The model-based prediction method according to claim 4, wherein the calculation model is a GBDT model, and the encryption method is a confusion circuit method. 根據請求項4所述的基於模型的預測方法,其中該計算模型為評分卡模型,該加密方法為差分隱私方法。The model-based prediction method according to claim 4, wherein the calculation model is a scorecard model, and the encryption method is a differential privacy method. 一種基於模型的預測方法,該方法在資料提供方執行,該資料提供方儲存有第一資料,該方法包括: 從資料需求方獲取加密模型,其中,該資料需求方包括預先訓練好的計算模型,該加密模型通過由該資料需求方對該計算模型的至少一個參數進行加密而生成; 從該資料需求方接收關於該第一資料和該加密模型的計算請求; 根據該計算請求,使用該加密模型基於該第一資料進行計算,以獲取計算結果;以及 將該計算結果發送給該資料需求方。A model-based prediction method. The method is executed by a data provider. The data provider stores first data. The method includes: Obtain an encryption model from the data demander, where the data demander includes a pre-trained calculation model, the encryption model is generated by the data demander encrypting at least one parameter of the calculation model; Receive a calculation request about the first data and the encryption model from the data demander; According to the calculation request, use the encryption model to perform calculation based on the first data to obtain the calculation result; and Send the calculation result to the data demander. 根據請求項8所述的基於模型的預測方法,其中,該加密模型為通過請求項5所述的方法所獲取的第一加密模型,其中,根據該計算請求,使用該加密模型基於該第一資料進行計算,以獲取計算結果包括:在該第一加密模型中,使用預先獲取的該資料需求方的公開金鑰基於該第一資料進行同態計算,以獲取同態密文結果,其中,該公開金鑰由該資料需求方針對該計算模型預先生成。The model-based prediction method according to claim 8, wherein the encryption model is the first encryption model obtained by the method according to claim 5, wherein, based on the calculation request, using the encryption model based on the first The calculation of the data to obtain the calculation result includes: in the first encryption model, performing a homomorphic calculation based on the first data using the public key of the data acquirer obtained in advance to obtain a homomorphic ciphertext result, where, The public key is generated in advance by the data requirement policy for the calculation model. 一種基於模型的預測裝置,該裝置在資料需求方實施,該資料需求方包括預先訓練好的計算模型,該裝置包括: 生成單元,配置為通過對該計算模型的至少一個參數進行加密,生成加密模型; 提供單元,配置為將該加密模型提供給資料提供方,其中,該資料提供方儲存有第一資料; 發送單元,配置為向該資料提供方發送關於該第一資料和該加密模型的計算請求; 接收單元,配置為從該資料提供方接收與該計算請求對應的計算結果;以及 獲取單元,配置為基於該計算結果,獲取該計算模型的明文預測結果。A model-based prediction device, which is implemented on the data demand side. The data demand side includes a pre-trained calculation model. The device includes: A generating unit configured to generate an encryption model by encrypting at least one parameter of the calculation model; The providing unit is configured to provide the encryption model to the data provider, wherein the data provider stores the first data; A sending unit, configured to send a calculation request about the first data and the encryption model to the data provider; A receiving unit configured to receive the calculation result corresponding to the calculation request from the data provider; and The obtaining unit is configured to obtain the plain-text prediction result of the calculation model based on the calculation result. 根據請求項10所述的基於模型的預測裝置,其中,該資料需求方安裝有資料需求方計算引擎,其中,該生成單元還配置為通過使用該資料需求方計算引擎對該計算模型的至少一個參數進行加密,生成加密模型。The model-based prediction apparatus according to claim 10, wherein the data demander is installed with a data demander calculation engine, wherein the generation unit is further configured to use at least one of the calculation models by using the data demander calculation engine The parameters are encrypted to generate an encrypted model. 根據請求項11所述的基於模型的預測裝置,其中,該資料提供方安裝有資料提供方計算引擎,其中,該接收單元還配置為通過該資料需求方計算引擎從該資料提供方計算引擎接收該計算結果。The model-based prediction device according to claim 11, wherein the data provider is installed with a data provider calculation engine, wherein the receiving unit is further configured to receive from the data provider calculation engine through the data demand side calculation engine The calculation result. 根據請求項10所述的基於模型的預測裝置,其中,該生成單元還配置為,通過以下一種加密方法對所述至少一個參數進行加密:同態加密方法、混淆電路方法以及差分隱私方法。The model-based prediction device according to claim 10, wherein the generation unit is further configured to encrypt the at least one parameter by one of the following encryption methods: homomorphic encryption method, obfuscation circuit method, and differential privacy method. 根據請求項13所述的基於模型的預測裝置,其中該計算模型為邏輯回歸模型或線性回歸模型,該加密方法為同態加密方法,該計算結果為同態密文結果, 其中,該獲取單元還配置為: 使用與該計算模型對應的私密金鑰對該同態密文結果進行解密,以獲取該計算模型的明文預測結果,其中,該私密金鑰在本地預先生成。The model-based prediction device according to claim 13, wherein the calculation model is a logistic regression model or a linear regression model, the encryption method is a homomorphic encryption method, and the calculation result is a homomorphic ciphertext result, Wherein, the acquisition unit is also configured as: Use the private key corresponding to the calculation model to decrypt the homomorphic ciphertext result to obtain the plaintext prediction result of the calculation model, where the private key is generated locally in advance. 根據請求項13所述的基於模型的預測裝置,其中該計算模型為GBDT模型,該加密方法為混淆電路方法。The model-based prediction device according to claim 13, wherein the calculation model is a GBDT model, and the encryption method is an obfuscation circuit method. 根據請求項13所述的基於模型的預測裝置,其中該計算模型為評分卡模型,該加密方法為差分隱私方法。The model-based prediction device according to claim 13, wherein the calculation model is a scorecard model, and the encryption method is a differential privacy method. 一種基於模型的預測裝置,該裝置在資料提供方實施,該資料提供方儲存有第一資料,該裝置包括: 獲取單元,配置為從資料需求方獲取加密模型,其中,該資料需求方包括預先訓練好的計算模型,該加密模型通過由該資料需求方對該計算模型的至少一個參數進行加密而生成; 接收單元,配置為從該資料需求方接收關於該第一資料和該加密模型的計算請求; 計算單元,配置為根據該計算請求,使用該加密模型基於該第一資料進行計算,以獲取計算結果;以及 發送單元,配置為將該計算結果發送給該資料需求方。A model-based prediction device implemented by a data provider, where the data provider stores first data, the device includes: An obtaining unit configured to obtain an encryption model from a data demander, wherein the data demander includes a pre-trained calculation model, and the encryption model is generated by encrypting at least one parameter of the calculation model by the data demander; A receiving unit, configured to receive a calculation request about the first data and the encryption model from the data demander; A calculation unit configured to calculate based on the first data using the encryption model according to the calculation request to obtain the calculation result; and The sending unit is configured to send the calculation result to the data demander. 根據請求項17所述的基於模型的預測裝置,其中,該加密模型為通過請求項5所述的方法所獲取的第一加密模型,其中,該計算單元還配置為:在該第一加密模型中,使用預先獲取的該資料需求方的公開金鑰基於該第一資料進行同態計算,以獲取同態密文結果,其中,該公開金鑰由該資料需求方針對該計算模型預先生成。The model-based prediction device according to claim 17, wherein the encryption model is a first encryption model obtained by the method described in claim 5, wherein the calculation unit is further configured to: In the method, a public key of the data demander obtained in advance is used to perform homomorphic calculation based on the first data to obtain a homomorphic ciphertext result, wherein the public key is pre-generated by the data demand policy for the calculation model. 一種計算設備,包括記憶體和處理器,其特徵在於,該記憶體中儲存有可執行程式碼,該處理器執行該可執行程式碼時,實現請求項1-9中任一項所述的方法。A computing device, including a memory and a processor, characterized in that executable code is stored in the memory, and when the processor executes the executable code, it implements any one of the items 1-9 method.
TW108115549A 2018-07-17 2019-05-06 Model-based prediction method and device TWI733106B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810785420.3A CN109033854B (en) 2018-07-17 2018-07-17 Model-based prediction method and device
CN201810785420.3 2018-07-17

Publications (2)

Publication Number Publication Date
TW202006615A true TW202006615A (en) 2020-02-01
TWI733106B TWI733106B (en) 2021-07-11

Family

ID=64643504

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108115549A TWI733106B (en) 2018-07-17 2019-05-06 Model-based prediction method and device

Country Status (3)

Country Link
CN (1) CN109033854B (en)
TW (1) TWI733106B (en)
WO (1) WO2020015478A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI764640B (en) * 2020-04-27 2022-05-11 大陸商支付寶(杭州)信息技術有限公司 Training method and device for anomaly detection model based on differential privacy

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033854B (en) * 2018-07-17 2020-06-09 阿里巴巴集团控股有限公司 Model-based prediction method and device
CN111435452B (en) * 2019-01-11 2023-11-03 百度在线网络技术(北京)有限公司 Model training method, device, equipment and medium
SG11201910061RA (en) * 2019-01-11 2019-11-28 Alibaba Group Holding Ltd A distributed multi-party security model training framework for privacy protection
CN110032893B (en) * 2019-03-12 2021-09-28 创新先进技术有限公司 Security model prediction method and device based on secret sharing
CN111797126B (en) * 2019-04-08 2024-04-02 阿里巴巴集团控股有限公司 Data processing method, device and equipment
CN110210233B (en) * 2019-04-19 2024-05-24 平安科技(深圳)有限公司 Combined construction method and device of prediction model, storage medium and computer equipment
CN110163008B (en) * 2019-04-30 2023-03-07 创新先进技术有限公司 Security audit method and system for deployed encryption model
CN110113203B (en) * 2019-04-30 2021-10-22 创新先进技术有限公司 Method and equipment for security assessment of encryption model
CN110263919A (en) * 2019-06-20 2019-09-20 福州数据技术研究院有限公司 A kind of reverse transmittance nerve network training method based on medical treatment & health data safety
CN110457912B (en) * 2019-07-01 2020-08-14 阿里巴巴集团控股有限公司 Data processing method and device and electronic equipment
CN110190946B (en) * 2019-07-12 2021-09-03 之江实验室 Privacy protection multi-organization data classification method based on homomorphic encryption
CN110633805B (en) * 2019-09-26 2024-04-26 深圳前海微众银行股份有限公司 Longitudinal federal learning system optimization method, device, equipment and readable storage medium
CN110751330B (en) * 2019-10-18 2022-07-22 支付宝(杭州)信息技术有限公司 Prediction method and device based on tree model
CN111126628B (en) * 2019-11-21 2021-03-02 支付宝(杭州)信息技术有限公司 Method, device and equipment for training GBDT model in trusted execution environment
CN111125727B (en) * 2019-12-03 2021-05-14 支付宝(杭州)信息技术有限公司 Confusion circuit generation method, prediction result determination method, device and electronic equipment
CN111045688A (en) * 2019-12-06 2020-04-21 支付宝(杭州)信息技术有限公司 Method and system for model safe deployment and prediction
US11228423B2 (en) 2020-01-12 2022-01-18 Advanced New Technologies Co., Ltd. Method and device for security assessment of encryption models
US20210350264A1 (en) * 2020-05-07 2021-11-11 Baidu Usa Llc Method for obfuscated ai model training for data processing accelerators
CN112231746B (en) * 2020-09-10 2024-02-02 杭州锘崴信息科技有限公司 Joint data analysis method, device, system and computer readable storage medium
CN112668748B (en) * 2020-09-16 2024-05-10 华控清交信息科技(北京)有限公司 Prediction method and device and electronic equipment
CN114124343B (en) * 2020-11-16 2023-11-14 神州融安数字科技(北京)有限公司 Risk scoring information query method, device, system and equipment for protecting privacy
CN112330048A (en) * 2020-11-18 2021-02-05 中国光大银行股份有限公司 Scoring card model training method and device, storage medium and electronic device
CN117235796B (en) * 2023-09-27 2024-05-07 宁远县大麦电子商务有限公司 Electronic commerce data processing method

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2730048A2 (en) * 2011-07-07 2014-05-14 Verayo, Inc. Cryptographic security using fuzzy credentials for device and server communications
CN102436489B (en) * 2011-11-03 2013-08-21 北京数码大方科技股份有限公司 Processing method, device and system of three-dimensional model data
CN104780214B (en) * 2015-04-20 2018-07-27 河海大学常州校区 Cloud manufacture system based on cloud computing and 3 D-printing
JP6926429B2 (en) * 2016-09-27 2021-08-25 日本電気株式会社 Data processing equipment, data processing methods, and programs
CN107124276B (en) * 2017-04-07 2020-07-28 西安电子科技大学 Safe data outsourcing machine learning data analysis method
CN108228830A (en) * 2018-01-03 2018-06-29 广东工业大学 A kind of data processing system
CN109033854B (en) * 2018-07-17 2020-06-09 阿里巴巴集团控股有限公司 Model-based prediction method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI764640B (en) * 2020-04-27 2022-05-11 大陸商支付寶(杭州)信息技術有限公司 Training method and device for anomaly detection model based on differential privacy

Also Published As

Publication number Publication date
WO2020015478A1 (en) 2020-01-23
TWI733106B (en) 2021-07-11
CN109033854B (en) 2020-06-09
CN109033854A (en) 2018-12-18

Similar Documents

Publication Publication Date Title
TWI733106B (en) Model-based prediction method and device
CN111162896B (en) Method and device for data processing by combining two parties
US11196541B2 (en) Secure machine learning analytics using homomorphic encryption
WO2021120861A1 (en) Method and apparatus for multi-party joint model data processing
CN112989368B (en) Method and device for processing private data by combining multiple parties
CN110912713B (en) Method and device for processing model data by multi-party combination
Suhail et al. On the role of hash-based signatures in quantum-safe internet of things: Current solutions and future directions
Rahulamathavan et al. Privacy-preserving multi-class support vector machine for outsourcing the data classification in cloud
US10438513B2 (en) Hardened white box implementation 1
US10871947B2 (en) Converting a boolean masked value to an arithmetically masked value for cryptographic operations
CN110661764A (en) Input acquisition method and device of secure multi-party computing protocol
CN111898145A (en) Neural network model training method, device, equipment and medium
Erkin et al. Privacy-preserving distributed clustering
CN109687952A (en) Data processing method and its device, electronic device and storage medium
CN113221153B (en) Graph neural network training method and device, computing equipment and storage medium
CN114223175A (en) Generating a sequence of network data while preventing acquisition or manipulation of time data
US20190372757A1 (en) Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
Zheng et al. SecDR: Enabling secure, efficient, and accurate data recovery for mobile crowdsensing
Heiss et al. Trustworthy pre-processing of sensor data in data on-chaining workflows for blockchain-based IoT applications
Amanullah et al. An Effective double verification-based method for certifying information safety in cloud computing
Yao et al. Efficient federated learning aggregation protocol using approximate homomorphic encryption
CN104468535B (en) It is adapted to ciphertext storage and connection query system and the method for cloud environment
KR102067065B1 (en) A matrix-vector multiplication apparatus based on message randomization which is safe for power analysis and electromagnetic analysis, and an encryption apparatus and method using the same
CN113362168A (en) Risk prediction method and device, storage medium and electronic equipment
CN113645022A (en) Method and device for determining privacy set intersection, electronic equipment and storage medium