WO2021203260A1 - 一种节点匹配方法、装置、设备及系统 - Google Patents
一种节点匹配方法、装置、设备及系统 Download PDFInfo
- Publication number
- WO2021203260A1 WO2021203260A1 PCT/CN2020/083639 CN2020083639W WO2021203260A1 WO 2021203260 A1 WO2021203260 A1 WO 2021203260A1 CN 2020083639 W CN2020083639 W CN 2020083639W WO 2021203260 A1 WO2021203260 A1 WO 2021203260A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data flow
- flow graph
- plaintext
- operator
- node information
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 132
- 238000010586 diagram Methods 0.000 claims abstract description 28
- 238000012795 verification Methods 0.000 claims abstract description 20
- 238000010801 machine learning Methods 0.000 claims description 130
- 238000012360 testing method Methods 0.000 claims description 49
- 230000008569 process Effects 0.000 claims description 40
- 230000015654 memory Effects 0.000 claims description 37
- 230000003068 static effect Effects 0.000 claims description 28
- 238000005457 optimization Methods 0.000 claims description 24
- 239000000203 mixture Substances 0.000 claims description 3
- 238000003860 storage Methods 0.000 description 18
- 238000012545 processing Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 14
- 238000011161 development Methods 0.000 description 9
- 230000006872 improvement Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 8
- 238000004364 calculation method Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000000750 progressive effect Effects 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 229910052799 carbon Inorganic materials 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 229910021389 graphene Inorganic materials 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 108020004705 Codon Proteins 0.000 description 1
- 108010001267 Protein Subunits Proteins 0.000 description 1
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000001364 causal effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- JTJMJGYZQZDUJJ-UHFFFAOYSA-N phencyclidine Chemical compound C1CCCCN1C1(C=2C=CC=CC=2)CCCCC1 JTJMJGYZQZDUJJ-UHFFFAOYSA-N 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Definitions
- This application relates to the field of data processing technology, and in particular to a node matching method, device, equipment and system.
- the embodiments of this specification provide a node matching method, device, equipment and system, which can realize automatic testing of the correctness of the data flow graph and the execution result of the data flow graph, thereby improving the verification efficiency.
- the node matching method, device, equipment and system provided in this manual are implemented in the following ways:
- a node matching method includes:
- the data flow graph information includes a first data flow graph corresponding to a preset plaintext machine learning model and a second data flow graph corresponding to a privacy machine learning model
- the node information includes all The plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and the ciphertext operator node information included in the second data flow graph;
- the first data flow graph is a subgraph of the second data flow graph
- matching the plaintext operator node information with the ciphertext operator node information and outputting a matching result.
- a node matching device includes:
- An information acquisition module for acquiring data flow graph information and node information, where the data flow graph information includes a first data flow graph corresponding to a preset plaintext machine learning model and a second data flow graph corresponding to a privacy machine learning model,
- the node information includes plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and ciphertext operator node information included in the second data flow graph;
- a judging module configured to judge whether the first data flow graph is a subgraph of the second data flow graph
- the matching module is configured to match the plaintext operator node information with the ciphertext operator node information when determining that the first data flow graph is a subgraph of the second data flow graph, and output a matching result.
- a node matching device includes a processor and a memory for storing executable instructions of the processor.
- the implementation includes the following steps:
- the data flow graph information includes a first data flow graph corresponding to a preset plaintext machine learning model and a second data flow graph corresponding to a privacy machine learning model
- the node information includes all The plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and the ciphertext operator node information included in the second data flow graph;
- the first data flow graph is a subgraph of the second data flow graph
- matching the plaintext operator node information with the ciphertext operator node information and outputting a matching result.
- a node matching system includes at least one processor and a memory storing computer-executable instructions.
- the processor executes the instructions, the steps of any method embodiment method in the embodiments of this specification are implemented.
- the optimizer test component in the process of replacing the plaintext operator in the preset plaintext machine learning model with the corresponding cryptographic operator, encapsulates the static optimizer, so that in the process of obtaining data flow graph information and node information , Not only can reuse the existing plaintext machine learning model to realize the privacy machine learning model, reduce development costs, but also provide guarantee for the realization of automatic test data flow graphs and the correctness of graph execution results. After obtaining the data flow graph information and node information, by judging the corresponding data flow graph before and after the plaintext operator replacement, it can be ensured that the part of the original graph has not been modified, and the correct execution of the plaintext machine learning model can still be provided.
- the automatic testing of the correctness of the data flow graph and the execution result of the graph can be realized, thereby improving the verification efficiency.
- the implementation scheme provided in this manual can not only reuse the existing plaintext machine learning model to realize the privacy machine learning model, reduce the development cost, and improve the coding efficiency, but also can realize the automatic test of the correctness of the data flow graph and the execution result of the graph. Thereby improving the verification efficiency.
- Fig. 1 is a schematic flowchart of an embodiment of a node matching method provided in this specification
- FIG. 2 is a schematic flowchart of a specific embodiment of the node matching method provided in this specification
- FIG. 3 is a schematic flowchart of another embodiment of the node matching method provided in this specification.
- FIG. 4 is a schematic diagram of the module structure of an embodiment of a node matching device provided in this specification.
- Fig. 5 is a hardware structure block diagram of an embodiment of a node matching server provided in this specification.
- the local plaintext operator in the preset plaintext machine learning model can be replaced with the corresponding cryptographic operator to obtain the corresponding private machine learning model.
- the privacy machine learning model is realized by reusing the existing plaintext machine learning model, which can effectively reduce the huge development cost caused by recoding the application program interface and private data type unique to the privacy machine learning framework, and improve the coding efficiency.
- the plaintext machine learning model is transformed into the corresponding private machine learning model, not only the data flow graph corresponding to the private machine learning model will be generated, but also the execution result of the private data type will be output.
- it is usually necessary to manually write tests for verification which is inefficient.
- This manual provides a node matching method, device, equipment and system, which can not only reuse the existing plaintext machine learning model to realize the privacy machine learning model, reduce development costs, improve coding efficiency, but also realize the execution of data flow graphs and graphs Automated testing of the correctness of the results, thereby improving the efficiency of verification.
- FIG. 1 is a schematic flowchart of an embodiment of the node matching method provided in this specification.
- this specification provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or fewer operation steps after partial combination based on conventional or no creative labor. Or modular unit.
- steps or structures where there is no necessary causal relationship logically the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the embodiments of this specification or the drawings.
- FIG. 1 A specific embodiment is shown in FIG. 1.
- the method may include the following steps.
- S0 Obtain data flow graph information and node information, where the data flow graph information includes a first data flow graph corresponding to a preset plaintext machine learning model and a second data flow graph corresponding to a privacy machine learning model, and the node information It includes the plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and the ciphertext operator node information included in the second data flow graph.
- the data flow graph information may include a data flow graph.
- the data flow graph can be used to characterize the data flow information in the machine learning model.
- the data flow graph is a tensor flow graph.
- the nodes in the tensorflow graph represent mathematical operations in the graph, and the lines in the graph represent multi-dimensional data arrays that are interconnected between nodes, that is, tensors.
- the data flow graph information may include a first data flow graph and a second data flow graph.
- the first data flow graph can be understood as the data flow graph corresponding to the preset plaintext machine learning model
- the second data flow graph can be understood as the data flow graph corresponding to the privacy machine learning model.
- a plaintext machine learning model can be written in a machine learning framework.
- the machine learning framework can be understood as all machine learning systems or methods including machine learning algorithms, and can include data representation and processing methods, methods for representing and suggesting predictive models, and methods for evaluating and using modeling results.
- the machine learning framework can include one of the following: TensorFlow, Pytorch, MxNet, CNTK-Azure and other frameworks.
- the preset plaintext machine learning model may be implemented based on the plaintext machine learning framework.
- the plaintext machine learning model may include local plaintext operators (referred to as plaintext operators) provided by the machine learning framework.
- plaintext operators local plaintext operators
- the local plaintext operator in the plaintext machine learning model can be replaced with the corresponding cryptographic operator to obtain the corresponding private machine learning model.
- this manual does not limit the specific plaintext machine learning framework used to generate the preset plaintext machine learning model, and it can be selected according to actual scenarios.
- the machine learning framework may include multiple plaintext operators.
- the node information may include plaintext operator node information and ciphertext operator node information.
- the node information may include plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and ciphertext operator node information included in the second data flow graph.
- the plaintext operator in the preset plaintext machine learning model is replaced with the operator corresponding to the plaintext operator, so the privacy sample can be replaced
- the operator through which the data flows is determined as the plaintext operator to be replaced.
- the private sample data is used to train the model to obtain model parameters (also referred to as training variables)
- the operator through which the training variable flows can be determined as the plaintext operator to be replaced.
- the plaintext operator that needs to be replaced with the cryptographic operator can be determined.
- the cryptographic operator can be any cryptographic operator that can provide privacy protection for the input data of all parties in a scenario where two or more data holders jointly (or collaboratively) perform machine learning training and prediction.
- the cryptographic operator may be a Secure Multi-Party Computation (MPC) operator, a homomorphic encryption (Homomorphic Encryption, HE) operator, or a zero-knowledge proof (ZKP) operator. Operators and so on.
- MPC Secure Multi-Party Computation
- HE homomorphic Encryption
- ZKP zero-knowledge proof
- the cryptographic operator can be realized and saved by the developer through a static language (such as C, C++, etc.) programming in advance, and obtained when needed, thereby improving efficiency.
- the cipher operator may also include a cipher gradient operator.
- these cryptographic operators should correspond one-to-one with the plaintext operators in the preset plaintext machine learning model to facilitate subsequent corresponding replacements.
- developers can register it in the plaintext machine learning framework to facilitate the use of the plaintext machine learning model.
- the plaintext operator node information may include at least the node location identifier of the plaintext operator that needs to be replaced, and the cryptographic operator identifier corresponding to the plaintext operator, and the ciphertext operator node information may include at least the cryptographic operator.
- the child's node position identification and cryptographic operator identification can be used to uniquely identify the location of the node, for example, the IP address (Internet Protocol Address) corresponding to the node.
- the cipher operator identifier can be used to identify the cipher operator, for example, it can be the name corresponding to the cipher operator.
- the cryptographic operator identifier corresponding to the plaintext operator refers to a preset identifier of the cryptographic operator corresponding to the plaintext operator.
- the obtaining data flow graph information and node information may include: obtaining an optimization test component in a preset plaintext machine learning model, the optimization test component includes a static optimizer, and the optimization test component uses To save information during the node matching process, and use the saved information to verify the data flow graph; based on the optimization test component, save the first data flow graph and the first data corresponding to the preset plaintext machine learning model The plaintext operator node information that needs to be replaced with a cryptographic operator in the flow graph; execute a static optimizer to replace the plaintext operator in the preset plaintext machine learning model with the cryptographic operator corresponding to the plaintext operator to generate a privacy machine Learning model; based on the optimization test component, save the second data flow graph corresponding to the privacy machine learning model and the ciphertext operator node information included in the second data flow graph; obtain data flow graph information and node information .
- the static optimizer can be used to replace the plaintext operator in the plaintext machine model with the corresponding codon operator.
- the optimizer test component in the preset plaintext machine learning model can be obtained during user input, or obtained from a pre-stored server, or obtained in other ways, which is not limited in this specification. .
- the optimizer test component can be used to save information during the node matching process.
- the optimized test component can be used to save the data flow graph corresponding to the preset plaintext machine learning model and In the data flow graph, determine the plaintext operator node information that needs to be replaced with the cipher operator. For example, in order to protect the privacy of the private sample data stored in each holder, the operator that the private sample data flows through in the data flow graph corresponding to the preset plaintext machine learning model can be determined as the plaintext operator to be replaced, and then use The optimization test component saves the node position identification of the plaintext operator to be replaced, and the cryptographic operator identification corresponding to the plaintext operator.
- the plaintext operator node information after determining the plaintext operator that needs to be replaced with the cipher operator, it can be marked in the data flow graph. After that, the marked operator node information can be saved to the stack in sequence.
- the plaintext operator node information may also include the position of the operator in the stack.
- the stack is a data structure. It is a special linear table that can only be inserted and deleted at one end. It stores data according to the principle of first in, last out. The first data is pushed into the bottom of the stack, and the last data is on the top of the stack. , When you need to read data, pop data from the top of the stack (the last data is read out first).
- the static optimizer may be executed. Since the static optimizer can replace the plaintext operator in the preset plaintext machine learning model with the corresponding cryptographic operator, the private machine learning model corresponding to the preset plaintext machine learning model can be generated by executing the static optimizer.
- the general principle for replacing the plaintext operators in the plaintext machine learning model with cryptographic operators is: all the plaintext operators that affect data privacy protection need to be replaced with corresponding cryptographic operators to ensure input Data privacy security; for plaintext operators that do not affect data privacy protection, try not to replace them as much as possible to increase the reuse rate of the plaintext machine learning model, thereby helping to reduce the implementation cost of the privacy machine learning model.
- the optimization test component can be used to save the data flow graph corresponding to the privacy machine learning model and the ciphertext operator node information in the data flow graph.
- the optimization test component can be used to save the node position identification of the cryptographic operator in the data flow graph after the replacement, and the cryptographic operator identification.
- the replaced cipher operator can be marked in the data flow diagram. After that, the marked operator node information can be saved to the stack in sequence.
- the ciphertext operator node information may also include the position of the operator in the stack.
- the data flow graph information and node information can be obtained after saving the corresponding data flow graph information and node information before replacing the plaintext operator, and the corresponding data flow graph information and node information after replacing the plaintext operator.
- the optimization test component since the optimization test component includes a static optimizer, in the process of obtaining data flow graph information and node information, not only can the existing plaintext machine learning model be reused to implement a private machine learning model, and the development cost is reduced, but also It can provide guarantee for the realization of automatic test data flow graph and the correctness of graph execution results.
- the data flow graph can be used to characterize the data flow information in the machine learning model.
- the data flow graph can include nodes.
- the data flow graph is a tensor flow graph.
- the nodes in the tensorflow graph represent mathematical operations in the graph, and the lines in the graph represent multi-dimensional data arrays that are interconnected between nodes, that is, tensors.
- the plaintext operator in the plaintext machine learning model has been replaced with the corresponding cryptographic operator to obtain the corresponding privacy machine learning model.
- a data flow graph with a mixture of plaintext operators and ciphertext operators can be generated.
- the data flow graph information corresponding to the model can be judged first to ensure that the original graph has not been modified, and the correct plaintext machine learning model execution can still be provided.
- the judging whether the first data flow graph is a subgraph of the second data flow graph may include: obtaining the first data flow graph and the second data flow graph The unique identifier corresponding to the node; the unique identifier corresponding to the node in the first data flow graph is formed into a first set; the unique identifier corresponding to the node in the second data flow graph is formed into a second set; based on the node identification increment rule, Determine whether the first set is a subset of the second set; when the first set is a subset of the second set, determine that the first data flow graph is the second data flow graph Subgraph.
- a node identifier can be added to each node in the data flow graph accordingly.
- the plaintext operator in the plaintext machine learning model is replaced with the corresponding cryptographic operator to obtain the corresponding privacy machine learning model.
- the node corresponding to the node in the data flow graph The identification needs to satisfy the incremental rule.
- the incremental rule can be understood as the data flow graph corresponding to the obtained privacy machine learning model (hereinafter referred to as " The corresponding node of the cryptographic operator in the new map is incrementally identified.
- the original graph includes 5 nodes.
- node identifiers 1, 2, 3, 4, and 5 for these 5 nodes. Since the plaintext operators corresponding to the 2 nodes in the original graph need to be replaced with the corresponding cryptographic operators After the replacement to obtain the new graph, the corresponding node identifiers of the cryptographic operators in the new graph should be 6, 7.
- the new graph obtained needs to be saved with the original graph.
- the original graph includes 5 nodes.
- the node identifiers in each graph can be formed into a set, and then it is determined whether the set corresponding to the node identifier in the original graph is a new graph
- the middle node identifies a subset of the corresponding set. If it is, it means that the original graph is a subgraph of the new graph, which can ensure that parts of the original graph have not been modified and still provide correct plaintext machine learning model execution.
- the set corresponding to the node identifiers in the original graph is not a subset of the set corresponding to the node identifiers in the new graph, it means that the original graph is not a subgraph of the new graph, and there is an abnormality in the plaintext operator replacement process in the plaintext machine learning model.
- the developer can be notified through a preset method, where the preset method may include sending information, sending out reminders, etc., which are not limited in this specification.
- the plaintext operator node information may include at least the node location identifier of the plaintext operator that needs to be replaced, and the cryptographic operator identifier corresponding to the plaintext operator, and the ciphertext operator node information may include at least the node location identifier of the cryptographic operator , Password operator identification.
- the matching result may include the successful matching of the plaintext operator node information and the ciphertext operator node information, and may also include the unsuccessful matching of the plaintext operator node information and the ciphertext operator node information.
- the plaintext operator node information can be matched with the ciphertext operator node information.
- the plaintext operator node information when it is determined that the first data flow graph is a subgraph of the second data flow graph, the plaintext operator node information can be matched with the ciphertext operator node information, so as to achieve the correctness of the data flow graph.
- the checksum Specifically, for example, in some implementation scenarios, the plaintext operator node information includes the IP address corresponding to the plaintext operator node that needs to be replaced in the original graph and the preset name of the cipher operator corresponding to the plaintext operator, and the ciphertext operator node The information includes the IP address corresponding to the cryptographic operator node in the new graph and the name of the cryptographic operator.
- the IP address corresponding to the node before and after the operator is replaced is unchanged, it can be determined based on the same IP address in the plaintext operator node information. Whether the name of the password operator set corresponding to the plaintext operator is consistent with the name of the password operator in the ciphertext operator node information, if the plaintext operator node information corresponding to the same IP address is preset to correspond to the plaintext operator The name of the cipher operator is consistent with the name of the cipher operator in the ciphertext operator node information, indicating that the matching is successful, and the result of matching the plaintext operator node information with the ciphertext operator node information is output.
- each node information can also include other information, the other information included in each node information can be matched in sequence during the matching process. When the information of each node is all the same, the matching is indicated. Success, otherwise the match is unsuccessful.
- the plaintext operator node information may include the IP address corresponding to the plaintext operator node that needs to be replaced in the original graph and the preset name of the cryptographic operator corresponding to the plaintext operator, as well as the preset The first characteristic information of the cryptographic operator corresponding to the plaintext operator.
- the ciphertext operator node information may also include some second characteristic information corresponding to the cryptographic operator.
- the feature information may include the generation time, location, and generation method of the operator.
- the process of matching the plaintext operator node information with the ciphertext operator node information may also include: calculating the similarity between the first feature information and the second feature information, according to the degree of acquaintance and a preset threshold. Relationship, to determine whether the plaintext operator node information matches the ciphertext operator node information.
- the name of the cryptographic operator corresponding to the plaintext operator preset in the plaintext operator node information can also be set. It is judged with the name of the cipher operator in the ciphertext operator node information. If the names are consistent, the matching is successful, and the result of matching the plaintext operator node information with the ciphertext operator node information is output. If the corresponding names in at least one node information are inconsistent, the matching is unsuccessful, and the result that the plaintext operator node information does not match the ciphertext operator node information is output. In this way, through multiple matches, the accuracy of the verification can be improved.
- the way of calculating the similarity can be through some methods known to those skilled in the art, such as Euclidean distance, Manhattan distance, etc., which are not limited in this specification.
- the preset threshold can be set according to the actual scene.
- the node information may also include the position of the operator in the stack.
- the node information can be stored in the stack in order, so the position of the operator in the stack can be recorded, so that the position in the stack can be matched accordingly to improve the verification accuracy. For example, in some implementation scenarios, after obtaining the node information in the original graph, you can save it in the stack in turn, and record the position of each node information in the stack.
- the matching method may also include other methods, which are not limited in this specification.
- the node information can also be stored in a database in the form of a table.
- the node information can also include information such as the location of the node information in the database, the name of the table corresponding to the node information in the database, and so on. The information is matched accordingly to obtain the matching result.
- the method of the foregoing embodiment can not only reuse the existing plaintext machine learning model to implement a private machine learning model, reduce development costs, and improve coding efficiency, but also can realize automated testing of the correctness of the data flow graph, thereby improving verification efficiency.
- the method of the above embodiment can be externally encapsulated into a corresponding interface (such as the validate_graph interface) when it is implemented, so that the external can directly call this interface to implement automated testing of the data flow graph.
- a corresponding interface such as the validate_graph interface
- the TensorFlow framework is taken as an example for description.
- a static optimizer (Static Pass) is encapsulated in the static optimization test component (Static Pass Tester), which can be used to save information during the implementation process and use the saved information to The data flow diagram is verified.
- Static Pass Tester static optimization test component
- the following information storage is based on static optimization test components. As shown in Figure 2, in this specific embodiment, the following steps may be included.
- the original graph can be understood as the first data flow graph corresponding to the preset plaintext machine learning model.
- the original reference can be provided for updating the graph.
- the original graph can be obtained by copying the data flow graph corresponding to the preset plaintext machine learning model.
- the TensorFlow framework may be used to generate the preset plaintext machine learning model, and then the data flow graph corresponding to the preset plaintext machine learning model can be saved.
- the secure multi-party computation operator can be understood as a cryptographic operator.
- the operator node stack can be understood as plaintext operator node information.
- the operator node stack that needs to be updated to a secure multi-party calculation operator can be understood as the plaintext operator node information that needs to be replaced with MPC op.
- op is the abbreviation of Operation.
- the original graph includes 5 nodes. Based on the data flow in the data flow graph corresponding to the preset plaintext machine learning model, it can be determined that there are 2 Tensorflow native ops that need to be replaced with MPC op. Then you can add these in the original graph.
- the two Tensorflow native ops are marked, and then the IP addresses corresponding to the marked two Tensorflow native ops and the preset MPC op name are stored in the stack in order, and the position information of the Tensorflow native op in the stack is correspondingly recorded.
- the two Tensorflow native ops are Tensorflow native op3 and Tensorflow native op4
- the node information corresponding to Tensorflow native op3 can be stored in position 1 of the stack
- the node information corresponding to Tensorflow native op4 can be stored in position 2 of the stack.
- the corresponding relationship between Tensorflow native op and MPC op can be preset.
- performing operator update and replacement can be understood as replacing the plaintext operator in the preset plaintext machine learning model with a cryptographic operator corresponding to the plaintext operator.
- the new graph refers to the second data flow graph corresponding to the private machine learning model obtained after the operator is updated and replaced.
- a static optimizer can be used to update and replace the op, thereby constructing a new graph.
- the new graph and the operator node stack of the safe multi-party calculation operator in the new graph can be saved.
- the preservation method is similar to that in steps (1) and (2), and will not be repeated here.
- a node identifier can be added to each node in the data flow graph.
- the node identifier needs to meet the incremental rule.
- the incremental rule can be understood as the incremental identification of the corresponding node of the MPC op in the obtained new graph on the basis of the node identification in the original graph.
- the original graph includes 5 nodes.
- the node identifiers in each graph can be formed into a set, and then it is determined whether the set corresponding to the node identifier in the original graph is the node identifier in the new graph Corresponding to a subset of the set, if it is, it means that the original graph is a subgraph of the new graph, that is, the original graph is consistent with the previous part of the new graph, so that it can ensure that the original graph has not been modified, and the correct plaintext machine learning model can still be provided implement. If not, it means that the original graph is not a subgraph of the new graph, that is, the original graph is inconsistent with the previous part of the new graph, which means that the data flow graph after the operator replacement is incorrect and the result of the verification failure is output.
- the elements in the stack can be compared in turn. If the Tensorflow native op and MPC op of one of the elements do not match, it is judged as a failure and the result of the verification failure is output. Otherwise, all matches are judged to be successful, and the result of successful verification is output.
- the comparison can be performed based on the same IP addresses of the nodes before and after the operator replacement. For the specific comparison process, please refer to the description of the above method, which will not be repeated.
- the execution result of the data flow graph can also be verified.
- FIG. 3 A specific embodiment is shown in FIG. 3, and the method may include the following steps.
- S12 Input the plaintext data into a session tester to obtain a plaintext execution result and a ciphertext execution result, where the session tester includes a first data flow graph and a second data flow graph;
- S16 Calculate the difference between the plaintext execution result and the decryption result, determine whether the difference is within a preset error range, and output the determination result.
- plaintext data can be understood as any data that has not been encrypted.
- the plaintext data can be input by the user through the interface, or it can be pre-stored in the server, which is not limited in this specification.
- the session tester may include a first data flow graph and a second data flow graph, which can be used to execute the data flow graph and return corresponding parameter information.
- the inputting the plaintext data into the session tester to obtain the plaintext execution result and the ciphertext execution result may include: inputting the plaintext data into the first data flow diagram included in the session tester , Obtain the plaintext execution result; encrypt the plaintext data, distribute the encrypted data to each multi-party secure computing process, and execute the second data included in the session tester based on the data in each multi-party secure computing process Flow graph to obtain the ciphertext execution result. For example, in some implementation scenarios, you can first encrypt the plaintext data, and then distribute the encrypted data to each data holder, and finally execute the second data flow diagram included in the session tester based on the data stored by each data holder To obtain the ciphertext execution result.
- the encryption of the plaintext data can be achieved by secret sharing, so that any data holder storing the sub-secret after the secret sharing cannot obtain the sub-secrets stored by other data holders, and only all data holders Only when the party's sub-secrets are combined can the encryption result be restored or decrypted.
- Secret sharing can include addition secret sharing, Sherman secret sharing, and so on.
- the native tf.Session (session executor) of the Tensorflow framework can be extended to obtain the SessionTester (session tester) that includes the original graph and the new graph.
- the SessionTester can include an execution interface (run interface) and a verification interface (validate_run interface).
- the run interface is used to obtain the execution result based on the data flow graph and the provided plaintext data
- the validate_run interface is used to verify the execution result and return the verification result. .
- the plaintext data input by the input interface can be received, and then the run interface can be executed based on the plaintext data and the original graph to obtain the plaintext parameters corresponding to the original graph.
- the SessionTester includes the original graph and the new graph
- the execution result can be obtained based on the data flow graph and the plaintext data successively, or the execution result can be obtained based on the data flow graph and the plaintext data at the same time.
- the manual does not limit this.
- the ciphertext parameters can be decrypted based on the validate_run interface to obtain the decryption parameters, and then the decryption parameters are compared with the plaintext parameters to achieve the execution result of the data flow graph Verification of correctness.
- the execution result of the data flow graph is usually digital. Therefore, when comparing the decryption parameter with the plaintext parameter, the error range can be preset. If the value of the decryption parameter and the value of the plaintext parameter are within the preset error range, It means that the execution result of the data flow graph is correct.
- the execution result of the data flow graph can also be of other types. If it is of other types, it can be converted into a digital type through a preset conversion method.
- the preset conversion method is not limited in this specification.
- a static optimizer and a session tester can be implemented by Python language.
- Python language can also be used to implement cryptographic operators, such as C language, C++ language, etc., which are not limited in this specification.
- This manual provides a node matching method.
- the data flow graph is obtained
- the existing plaintext machine learning model be reused to realize the privacy machine learning model, and the development cost can be reduced, but also can provide guarantee for the realization of automatic testing of the data flow graph and the correctness of the graph execution result.
- After obtaining the data flow graph information and node information by judging the corresponding data flow graph before and after the plaintext operator replacement, it can be ensured that the part of the original graph has not been modified, and the correct execution of the plaintext machine learning model can still be provided.
- automated testing of the correctness of the data flow graph and graph execution results can be realized, thereby improving the verification efficiency.
- one or more embodiments of this specification also provide a node matching device.
- the described devices may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc., which use the methods described in the embodiments of this specification, combined with necessary implementation hardware devices.
- the devices in one or more embodiments provided in the embodiments of this specification are as described in the following embodiments. Since the implementation scheme of the device to solve the problem is similar to the method, the implementation of the specific device in the embodiment of this specification can refer to the implementation of the foregoing method, and the repetition will not be repeated.
- unit or “module” can be a combination of software and/or hardware that implements a predetermined function.
- the devices described in the following embodiments are preferably implemented by software, implementation by hardware or a combination of software and hardware is also possible and conceived.
- FIG. 4 is a schematic diagram of the module structure of an embodiment of a node matching device provided in this specification.
- a node matching device provided in this specification may include: an information acquisition module 120 and a judgment module 122 ,Matching module 124.
- the information acquisition module 120 may be used to acquire data flow graph information and node information, where the data flow graph information includes a first data flow graph corresponding to a preset plaintext machine learning model and a second data flow corresponding to a privacy machine learning model Figure, the node information includes plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and ciphertext operator node information included in the second data flow graph;
- the judging module 122 can be used to judge whether the first data flow graph is a subgraph of the second data flow graph
- the matching module 124 may be used to match the plaintext operator node information with the ciphertext operator node information when determining that the first data flow graph is a subgraph of the second data flow graph, and output matching result.
- it may further include:
- the plaintext data acquisition module can be used to acquire plaintext data when the matching result is a successful match
- the execution result obtaining module may be used to input the plaintext data into the session tester to obtain the plaintext execution result and the ciphertext execution result, wherein the session tester includes a first data flow graph and a second data flow graph;
- the decryption module can be used to decrypt the ciphertext execution result to obtain the decryption result
- the result judgment module can be used to calculate the difference between the plaintext execution result and the decryption result, and judge whether the difference is within a preset error range, and output the judgment result.
- the execution result obtaining module may include:
- the plaintext execution result obtaining unit may be used to input the plaintext data into the first data flow graph included in the conversation tester to obtain the plaintext execution result;
- the ciphertext execution result obtaining unit may be used to encrypt the plaintext data, distribute the encrypted data to each multi-party secure computing process, and execute the session tester based on the data in each of the multi-party secure computing process includes The second data flow diagram to obtain the ciphertext execution result.
- the information acquisition module 120 may include:
- the first obtaining unit 1200 can obtain the optimized test component in the preset plaintext machine learning model, the optimized test component includes a static optimizer, and the optimized test component is used to save information during the node matching process and use the saved information to Data flow diagram for verification;
- the first saving unit 1202 may be configured to save, based on the optimization test component, the first data flow graph corresponding to the preset plaintext machine learning model and the plaintext operator that needs to be replaced with a cryptographic operator in the first data flow graph Node information;
- the model generation unit 1204 may be used to execute a static optimizer, and replace the plaintext operator in the preset plaintext machine learning model with a cryptographic operator corresponding to the plaintext operator to generate a privacy machine learning model;
- the second saving unit 1206 may be configured to save the second data flow graph corresponding to the privacy machine learning model and the ciphertext operator node information included in the second data flow graph based on the optimization test component;
- the information obtaining unit 1208 may be used to obtain data flow graph information and node information.
- the judgment module 122 may include:
- the second acquiring unit 1220 may be configured to acquire unique identifiers corresponding to nodes in the first data flow graph and the second data flow graph;
- the first forming unit 1222 may be used to form a first set of unique identifiers corresponding to nodes in the first data flow graph;
- the second forming unit 1224 may be used to form a second set of unique identifiers corresponding to nodes in the second data flow graph;
- the judging unit 1226 may be configured to judge whether the first set is a subset of the second set based on the node identification increment rule;
- the determining unit 1228 may be configured to determine that the first data flow graph is a subgraph of the second data flow graph when the first set is a subset of the second set.
- the plaintext operator node information includes at least the node location identifier of the plaintext operator that needs to be replaced, and the cryptographic operator corresponding to the plaintext operator.
- the ciphertext operator node information includes at least the node position identification of the cryptographic operator and the cryptographic operator identification.
- This specification provides a node matching device.
- the data flow graph is obtained
- the existing plaintext machine learning model be reused to realize the privacy machine learning model, and the development cost can be reduced, but also can provide guarantee for the realization of automatic testing of the data flow graph and the correctness of the graph execution result.
- After obtaining the data flow graph information and node information by judging the corresponding data flow graph before and after the plaintext operator replacement, it can be ensured that the part of the original graph has not been modified, and the correct execution of the plaintext machine learning model can still be provided.
- the automatic testing of the correctness of the data flow graph and the execution result of the graph can be realized, thereby improving the verification efficiency.
- the above-mentioned device may also include other implementation manners according to the description of the method embodiment, and for the specific implementation manner, refer to the description of the related method embodiment, which is not repeated here.
- This specification also provides an embodiment of a node matching device, which includes a processor and a memory for storing executable instructions of the processor.
- the implementation includes the following steps:
- the data flow graph information includes a first data flow graph corresponding to a preset plaintext machine learning model and a second data flow graph corresponding to a privacy machine learning model
- the node information includes all The plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and the ciphertext operator node information included in the second data flow graph;
- the first data flow graph is a subgraph of the second data flow graph
- matching the plaintext operator node information with the ciphertext operator node information and outputting a matching result.
- the above-mentioned equipment according to the description of the method or device embodiment may also include other implementation manners, such as determining well spacing information of adjacent wells, well spacing information splitting based on reserves, and well spacing splitting based on production. The information determines how well spacing is achieved.
- implementation manners such as determining well spacing information of adjacent wells, well spacing information splitting based on reserves, and well spacing splitting based on production. The information determines how well spacing is achieved.
- This specification also provides an embodiment of a node matching system, which includes at least one processor and a memory storing computer-executable instructions.
- the processor executes the instructions, the method described in any one or more of the foregoing embodiments is
- the steps include, for example, obtaining data flow graph information and node information, where the data flow graph information includes a first data flow graph corresponding to a preset plaintext machine learning model and a second data flow graph corresponding to a privacy machine learning model, so
- the node information includes plaintext operator node information that needs to be replaced with a cipher operator in the first data flow graph and ciphertext operator node information included in the second data flow graph; judging the first data flow graph Whether it is a subgraph of the second data flow graph; when it is determined that the first data flow graph is a subgraph of the second data flow graph, the plaintext operator node information is combined with the ciphertext operator node The information is matched, and the matching result is output.
- the system can be a single server
- FIG. 5 is a hardware structural block diagram of an embodiment of a node matching server provided in this specification.
- the server may be the node matching device or the node matching system in the foregoing embodiment.
- the server 10 may include one or more (only one is shown in the figure) processor 100 (the processor 100 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA),
- the memory 200 for storing data
- the transmission module 300 for communication functions.
- the server 10 may also include more or fewer components than shown in FIG. 5, for example, may also include other processing hardware, such as a database or multi-level cache, GPU, or have a configuration different from that shown in FIG.
- the memory 200 can be used to store software programs and modules of application software, such as program instructions/modules corresponding to the node matching method in the embodiment of this specification.
- the processor 100 executes various software programs and modules stored in the memory 200 by running the software programs and modules. Functional application and data processing.
- the memory 200 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory.
- the memory 200 may further include a memory remotely provided with respect to the processor 100, and these remote memories may be connected to a computer terminal through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
- the transmission module 300 is used to receive or send data via a network.
- the above-mentioned specific examples of the network may include a wireless network provided by a communication provider of a computer terminal.
- the transmission module 300 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station so as to communicate with the Internet.
- the transmission module 300 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.
- RF radio frequency
- the methods or devices described in the above embodiments provided in this specification can implement business logic through computer programs and are recorded on a storage medium, and the storage medium can be read and executed by a computer to achieve the effects of the solutions described in the embodiments of this specification.
- the storage medium may include a physical device for storing information, and the information is usually digitized and then stored in an electric, magnetic, or optical medium.
- the storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical methods to store information, such as a CD or DVD.
- devices that use electrical energy to store information such as various types of memory, such as RAM, ROM, etc.
- devices that use magnetic energy to store information such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk
- a device that uses optical methods to store information such as a CD or DVD.
- quantum memory graphene memory, and so on.
- the above node matching method or device embodiments provided in this specification can be implemented in a computer by a processor executing corresponding program instructions, such as using the c++ language of the windows operating system to be implemented on the PC side, linux system, or other such as using android,
- the iOS system programming language is implemented in smart terminals, and the processing logic based on quantum computers is implemented.
- the device, computer storage medium, and system described above in the specification may also include other implementation manners according to the description of the related method embodiments.
- specific implementation manners please refer to the description of the corresponding method embodiments, which will not be repeated here. .
- the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow).
- hardware improvements for example, improvements in circuit structures such as diodes, transistors, switches, etc.
- software improvements improvements in method flow.
- the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure.
- Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by the hardware entity module.
- a programmable logic device Programmable Logic Device, PLD
- PLD Programmable Logic Device
- FPGA Field Programmable Gate Array
- HDL Hardware Description Language
- ABEL Advanced Boolean Expression Language
- AHDL Altera Hardware Description Language
- HDCal JHDL
- Lava Lava
- Lola MyHDL
- PALASM RHDL
- VHDL Very-High-Speed Integrated Circuit Hardware Description Language
- Verilog Verilog
- the controller can be implemented in any suitable manner.
- the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the memory control logic.
- controllers in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded logic.
- the same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
- Part of the system, device, module or unit explained in the above embodiments may be implemented by a computer chip or entity, or implemented by a product with a certain function.
- a typical implementation device is a computer.
- the computer may be, for example, a personal computer, a tablet computer, a smart phone, and the like.
- the functions are divided into various modules and described separately.
- the functions of some modules can be implemented in the same one or more software and/or hardware, or the modules that implement the same function can be implemented by a combination of multiple sub-modules or sub-units, etc. .
- the device embodiments described above are merely illustrative.
- the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated. To another system, or some features can be ignored, or not implemented.
- the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
- These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
- the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
- These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
- the instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
- the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
- processors CPUs
- input/output interfaces network interfaces
- memory volatile and non-volatile memory
- the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
- RAM random access memory
- ROM read-only memory
- flash RAM flash memory
- Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
- the information can be computer-readable instructions, data structures, program modules, or other data.
- Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
- one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt computer programs implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
- computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (14)
- 一种节点匹配方法,其特征在于,包括:获取数据流图信息和节点信息,其中,所述数据流图信息包括预设明文机器学习模型对应的第一数据流图和隐私机器学习模型对应的第二数据流图,所述节点信息包括所述第一数据流图中需要替换为密码算子的明文算子节点信息和所述第二数据流图中包括的密文算子节点信息;判断所述第一数据流图是否为所述第二数据流图的子图;确定所述第一数据流图是所述第二数据流图的子图时,将所述明文算子节点信息与所述密文算子节点信息进行匹配,输出匹配结果。
- 根据权利要求1所述的方法,其特征在于,还包括:当所述匹配结果为匹配成功时,获取明文数据;将所述明文数据输入会话测试器,获得明文执行结果和密文执行结果,其中,所述会话测试器包括第一数据流图和第二数据流图;对所述密文执行结果进行解密,获得解密结果;计算所述明文执行结果与所述解密结果的差值,并判断所述差值是否在预设误差范围内,输出判断结果。
- 根据权利要求2所述的方法,其特征在于,所述将所述明文数据输入会话测试器,获得明文执行结果和密文执行结果,包括:将所述明文数据输入所述会话测试器包括的第一数据流图,获得明文执行结果;对所述明文数据进行加密,将加密后的数据分发到各个多方安全计算进程,基于所述各个多方安全计算进程中的数据,执行所述会话测试器包括的第二数据流图,获得密文执行结果。
- 根据权利要求1所述的方法,其特征在于,所述获取数据流图信息和节点信息,包括:获取预设明文机器学习模型中的优化测试组件,所述优化测试组件包括静态优化器,所述优化测试组件用于在节点匹配过程中保存信息,并利用保存信息对数据流图进行校验;基于所述优化测试组件,保存所述预设明文机器学习模型对应的第一数据流图和所述第一数据流图中需要替换为密码算子的明文算子节点信息;执行静态优化器,将所述预设明文机器学习模型中明文算子替换为所述明文算子对 应的密码算子,生成隐私机器学习模型;基于所述优化测试组件,保存所述隐私机器学习模型对应的第二数据流图和所述第二数据流图中包括的密文算子节点信息;获取数据流图信息和节点信息。
- 根据权利要求1所述的方法,其特征在于,所述判断所述第一数据流图是否为所述第二数据流图的子图,包括:获取所述第一数据流图和所述第二数据流图中节点对应的唯一标识;将所述第一数据流图中节点对应的唯一标识组成第一集合;将所述第二数据流图中节点对应的唯一标识组成第二集合;基于节点标识递增规则,判断所述第一集合是否是所述第二集合的子集;当所述第一集合是所述第二集合的子集时,确定所述第一数据流图是所述第二数据流图的子图。
- 根据权利要求1或4所述的方法,其特征在于,所述明文算子节点信息至少包括需要替换的明文算子的节点位置标识、与明文算子对应的密码算子标识;所述密文算子节点信息至少包括密码算子的节点位置标识、密码算子标识。
- 一种节点匹配装置,其特征在于,包括:信息获取模块,用于获取数据流图信息和节点信息,其中,所述数据流图信息包括预设明文机器学习模型对应的第一数据流图和隐私机器学习模型对应的第二数据流图,所述节点信息包括所述第一数据流图中需要替换为密码算子的明文算子节点信息和所述第二数据流图中包括的密文算子节点信息;判断模块,用于判断所述第一数据流图是否为所述第二数据流图的子图;匹配模块,用于确定所述第一数据流图是所述第二数据流图的子图时,将所述明文算子节点信息与所述密文算子节点信息进行匹配,输出匹配结果。
- 如权利要求7所述的装置,其特征在于,还包括:明文数据获取模块,用于当所述匹配结果为匹配成功时,获取明文数据;执行结果获得模块,用于将所述明文数据输入会话测试器,获得明文执行结果和密文执行结果,其中,所述会话测试器包括第一数据流图和第二数据流图;解密模块,用于对所述密文执行结果进行解密,获得解密结果;结果判断模块,用于计算所述明文执行结果与所述解密结果的差值,并判断所述差值是否在预设误差范围内,输出判断结果。
- 如权利要求8所述的装置,其特征在于,所述执行结果获得模块,包括:明文执行结果获得单元,用于将所述明文数据输入所述会话测试器包括的第一数据流图,获得明文执行结果;密文执行结果获得单元,用于对所述明文数据进行加密,将加密后的数据分发到各个多方安全计算进程,基于所述各个多方安全计算进程中的数据,执行所述会话测试器包括的第二数据流图,获得密文执行结果。
- 如权利要求7所述的装置,其特征在于,所述信息获取模块,包括:第一获取单元,用于获取预设明文机器学习模型中的优化测试组件,所述优化测试组件包括静态优化器,所述优化测试组件用于在节点匹配过程中保存信息,并利用保存信息对数据流图进行校验;第一保存单元,用于基于所述优化测试组件保存所述预设明文机器学习模型对应的第一数据流图和所述第一数据流图中需要替换为密码算子的明文算子节点信息;模型生成单元,用于执行静态优化器,将所述预设明文机器学习模型中明文算子替换为所述明文算子对应的密码算子,生成隐私机器学习模型;第二保存单元,用于基于所述优化测试组件保存所述隐私机器学习模型对应的第二数据流图和所述第二数据流图中包括的密文算子节点信息;信息获取单元,用于获取数据流图信息和节点信息。
- 如权利要求7所述的装置,其特征在于,所述判断模块,包括:第二获取单元,用于获取所述第一数据流图和所述第二数据流图中节点对应的唯一标识;第一组成单元,用于将所述第一数据流图中节点对应的唯一标识组成第一集合;第二组成单元,用于将所述第二数据流图中节点对应的唯一标识组成第二集合;判断单元,用于基于节点标识递增规则,判断所述第一集合是否是所述第二集合的子集;确定单元,用于当所述第一集合是所述第二集合的子集时,确定所述第一数据流图是所述第二数据流图的子图。
- 根据权利要求7或10所述的装置,其特征在于,所述明文算子节点信息至少包括需要替换的明文算子的节点位置标识、与明文算子对应的密码算子标识;所述密文算子节点信息至少包括密码算子的节点位置标识、密码算子标识。
- 一种节点匹配设备,其特征在于,包括处理器及用于存储处理器可执行指令的 存储器,所述指令被所述处理器执行时实现包括以下步骤:获取数据流图信息和节点信息,其中,所述数据流图信息包括预设明文机器学习模型对应的第一数据流图和隐私机器学习模型对应的第二数据流图,所述节点信息包括所述第一数据流图中需要替换为密码算子的明文算子节点信息和所述第二数据流图中包括的密文算子节点信息;判断所述第一数据流图是否为所述第二数据流图的子图;确定所述第一数据流图是所述第二数据流图的子图时,将所述明文算子节点信息与所述密文算子节点信息进行匹配,输出匹配结果。
- 一种节点匹配系统,其特征在于,包括至少一个处理器以及存储计算机可执行指令的存储器,所述处理器执行所述指令时实现权利要求1-6中任意一项所述方法的步骤。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2020/083639 WO2021203260A1 (zh) | 2020-04-08 | 2020-04-08 | 一种节点匹配方法、装置、设备及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2020/083639 WO2021203260A1 (zh) | 2020-04-08 | 2020-04-08 | 一种节点匹配方法、装置、设备及系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021203260A1 true WO2021203260A1 (zh) | 2021-10-14 |
Family
ID=78023829
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/083639 WO2021203260A1 (zh) | 2020-04-08 | 2020-04-08 | 一种节点匹配方法、装置、设备及系统 |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2021203260A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114185900A (zh) * | 2021-12-20 | 2022-03-15 | 平安付科技服务有限公司 | 业务数据处理方法、装置、计算机设备及存储介质 |
CN115185525A (zh) * | 2022-05-17 | 2022-10-14 | 贝壳找房(北京)科技有限公司 | 数据倾斜代码块定位方法、装置、设备、介质及程序产品 |
CN115774663A (zh) * | 2022-09-15 | 2023-03-10 | 江苏瑞蓝自动化设备集团有限公司 | 一种LabVIEW的测试系统的优化方法、装置、设备及存储介质 |
CN117077161A (zh) * | 2023-07-31 | 2023-11-17 | 上海交通大学 | 基于动态规划求解的隐私保护深度模型构建方法与系统 |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016048776A1 (en) * | 2014-09-26 | 2016-03-31 | Thomson Licensing | Key-private cryptosystems based on the quadratic residuosity |
CN108717514A (zh) * | 2018-05-21 | 2018-10-30 | 中国人民大学 | 一种机器学习中的数据隐私保护方法和系统 |
CN110033266A (zh) * | 2019-02-19 | 2019-07-19 | 阿里巴巴集团控股有限公司 | 区块链中实现隐私保护的方法、节点和存储介质 |
CN110059497A (zh) * | 2019-02-19 | 2019-07-26 | 阿里巴巴集团控股有限公司 | 区块链中实现隐私保护的方法、节点和存储介质 |
CN110750801A (zh) * | 2019-10-11 | 2020-02-04 | 矩阵元技术(深圳)有限公司 | 数据处理方法、装置、计算机设备和存储介质 |
CN111415013A (zh) * | 2020-03-20 | 2020-07-14 | 矩阵元技术(深圳)有限公司 | 隐私机器学习模型生成、训练方法、装置及电子设备 |
CN111414646A (zh) * | 2020-03-20 | 2020-07-14 | 矩阵元技术(深圳)有限公司 | 实现隐私保护的数据处理方法和装置 |
CN111428880A (zh) * | 2020-03-20 | 2020-07-17 | 矩阵元技术(深圳)有限公司 | 隐私机器学习实现方法、装置、设备及存储介质 |
CN111488277A (zh) * | 2020-04-08 | 2020-08-04 | 矩阵元技术(深圳)有限公司 | 一种节点匹配方法、装置、设备及系统 |
-
2020
- 2020-04-08 WO PCT/CN2020/083639 patent/WO2021203260A1/zh active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016048776A1 (en) * | 2014-09-26 | 2016-03-31 | Thomson Licensing | Key-private cryptosystems based on the quadratic residuosity |
CN108717514A (zh) * | 2018-05-21 | 2018-10-30 | 中国人民大学 | 一种机器学习中的数据隐私保护方法和系统 |
CN110033266A (zh) * | 2019-02-19 | 2019-07-19 | 阿里巴巴集团控股有限公司 | 区块链中实现隐私保护的方法、节点和存储介质 |
CN110059497A (zh) * | 2019-02-19 | 2019-07-26 | 阿里巴巴集团控股有限公司 | 区块链中实现隐私保护的方法、节点和存储介质 |
CN110750801A (zh) * | 2019-10-11 | 2020-02-04 | 矩阵元技术(深圳)有限公司 | 数据处理方法、装置、计算机设备和存储介质 |
CN111415013A (zh) * | 2020-03-20 | 2020-07-14 | 矩阵元技术(深圳)有限公司 | 隐私机器学习模型生成、训练方法、装置及电子设备 |
CN111414646A (zh) * | 2020-03-20 | 2020-07-14 | 矩阵元技术(深圳)有限公司 | 实现隐私保护的数据处理方法和装置 |
CN111428880A (zh) * | 2020-03-20 | 2020-07-17 | 矩阵元技术(深圳)有限公司 | 隐私机器学习实现方法、装置、设备及存储介质 |
CN111488277A (zh) * | 2020-04-08 | 2020-08-04 | 矩阵元技术(深圳)有限公司 | 一种节点匹配方法、装置、设备及系统 |
Non-Patent Citations (2)
Title |
---|
PAN YANG, XIAO-LIN GUI, JING YAO, JIAN-CAI LIN, FENG TIAN, XUE-JUN ZHANG: "Research on algorithms of data encryption scheme that supports homomorphic arithmetical operations", JOURNAL ON COMMUNICATIONS, RENMIN YOUDIAN CHUBANSHE, BEIJING, CN, vol. 36, no. 1, 1 January 2015 (2015-01-01), CN , pages 171 - 182, XP055856621, ISSN: 1000-436X, DOI: 10.11959/j.issn.1000-436x.2015019 * |
ZHOU TANPING, YANG HAIBING; YANG XIAOYUAN; HAN YILIANG: "A Fully Homomorphic Proxy Re-encryption Scheme Based on LWE", SICHUAN DAXUE XUEBAO (GONGCHENG KEXUE BAN), SICHUAN DAXUE, CHENGDU, CN, vol. 48, no. 1, 1 January 2016 (2016-01-01), CN , pages 99 - 105, XP055856624, ISSN: 1009-3087, DOI: 10.15961/j.jsuese.2016.01.015 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114185900A (zh) * | 2021-12-20 | 2022-03-15 | 平安付科技服务有限公司 | 业务数据处理方法、装置、计算机设备及存储介质 |
CN114185900B (zh) * | 2021-12-20 | 2024-04-09 | 平安付科技服务有限公司 | 业务数据处理方法、装置、计算机设备及存储介质 |
CN115185525A (zh) * | 2022-05-17 | 2022-10-14 | 贝壳找房(北京)科技有限公司 | 数据倾斜代码块定位方法、装置、设备、介质及程序产品 |
CN115774663A (zh) * | 2022-09-15 | 2023-03-10 | 江苏瑞蓝自动化设备集团有限公司 | 一种LabVIEW的测试系统的优化方法、装置、设备及存储介质 |
CN117077161A (zh) * | 2023-07-31 | 2023-11-17 | 上海交通大学 | 基于动态规划求解的隐私保护深度模型构建方法与系统 |
CN117077161B (zh) * | 2023-07-31 | 2024-05-03 | 上海交通大学 | 基于动态规划求解的隐私保护深度模型构建方法与系统 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021203260A1 (zh) | 一种节点匹配方法、装置、设备及系统 | |
TWI682304B (zh) | 基於圖結構模型的異常帳號防控方法、裝置以及設備 | |
JP6804668B2 (ja) | ブロックデータ検証方法および装置 | |
CN111488277B (zh) | 一种节点匹配方法、装置、设备及系统 | |
CN113159327B (zh) | 基于联邦学习系统的模型训练方法、装置、电子设备 | |
TWI745861B (zh) | 資料處理方法、裝置和電子設備 | |
CN106133537B (zh) | 一种fpga功能模块仿真验证方法及其系统 | |
CN109101415A (zh) | 基于数据库比对的接口测试方法、系统、设备和存储介质 | |
WO2021114585A1 (zh) | 模型训练方法、装置和电子设备 | |
WO2017020590A1 (zh) | 一种芯片验证方法和装置、设备、存储介质 | |
CN107483485A (zh) | 授权码的生成方法、授权方法、相关装置及终端设备 | |
WO2021017424A1 (zh) | 数据预处理方法、密文数据获取方法、装置和电子设备 | |
JP2018505506A (ja) | 機械ベースの命令編集 | |
US10747657B2 (en) | Methods, systems, apparatuses and devices for facilitating execution of test cases | |
TW201923647A (zh) | 可溯源的多方數據處理方法、裝置及設備 | |
CN108345453A (zh) | 代码生成方法、代码生成器及可读存储介质 | |
CN114329644B (zh) | 对逻辑系统设计进行加密仿真的方法、设备及存储介质 | |
CN112860587B (zh) | Ui自动测试方法和装置 | |
CN109858914A (zh) | 区块链数据验证方法、装置、计算机设备及可读存储介质 | |
CN116257303B (zh) | 一种数据安全处理的方法、装置、存储介质及电子设备 | |
US20160055287A1 (en) | Method for decomposing a hardware model and for accelerating formal verification of the hardware model | |
Pan et al. | A new reliability evaluation method for networks with imperfect vertices using BDD | |
WO2023020448A1 (zh) | 数据处理方法、装置和存储介质 | |
CN113469377B (zh) | 联邦学习审计方法和装置 | |
CN107291524A (zh) | 一种远程命令的处理方法和装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20929710 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20929710 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 22.02.2023) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20929710 Country of ref document: EP Kind code of ref document: A1 |