WO2021204271A1 - Data privacy protected joint training of service prediction model by two parties - Google Patents

Data privacy protected joint training of service prediction model by two parties Download PDF

Info

Publication number
WO2021204271A1
WO2021204271A1 PCT/CN2021/086273 CN2021086273W WO2021204271A1 WO 2021204271 A1 WO2021204271 A1 WO 2021204271A1 CN 2021086273 W CN2021086273 W CN 2021086273W WO 2021204271 A1 WO2021204271 A1 WO 2021204271A1
Authority
WO
WIPO (PCT)
Prior art keywords
parameter
party
fragment
segment
slice
Prior art date
Application number
PCT/CN2021/086273
Other languages
French (fr)
Chinese (zh)
Inventor
陈超超
王力
王磊
周俊
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021204271A1 publication Critical patent/WO2021204271A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/20Ensemble learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof

Definitions

  • One or more embodiments of this specification relate to the fields of data security and machine learning, specifically, to the joint training of business prediction models by both parties.
  • the data needed for machine learning often involves multiple fields.
  • the electronic payment platform owns the merchant's transaction flow data
  • the e-commerce platform stores the merchant's sales data
  • the banking institution owns the merchant's loan data.
  • Data often exists in the form of islands. Due to industry competition, data security, user privacy and other issues, data integration is facing great resistance. It is difficult to integrate data scattered on various platforms to train machine learning models. Under the premise of ensuring that data is not leaked, the use of multi-party data to jointly train machine learning models has become a major challenge at present.
  • Machine learning models include logistic regression models, linear regression models, and neural network models.
  • Logistic regression models can effectively perform tasks such as sample classification and prediction.
  • the linear regression model can effectively predict the regression value of the sample.
  • the neural network model can perform various prediction tasks through the combination of multiple layers of neurons.
  • the process of using the calculation between the feature data and the model parameter data to obtain the prediction result, and determining the gradient according to the prediction result, and then adjusting the model parameters In the case of multiple parties jointly training a machine learning model, how to perform the above-mentioned operations in each stage collaboratively without revealing the private data (including feature data and model parameter data) of each party is a practical problem to be solved. Therefore, it is hoped to provide an improved solution to ensure that the private data of each party is not leaked and ensure data security when the two parties jointly train the business prediction model.
  • One or more embodiments of this specification describe a method and device for jointly training a business prediction model by both parties, which ensure that data privacy is not leaked by means of parameter slicing in the iterative process, and ensure the security of private data in joint training.
  • a method for two parties to jointly train a business prediction model to protect data privacy includes a first party and a second party, and the first party stores first characteristic parts of a plurality of business objects.
  • the second party stores a second feature matrix X B formed by the second feature parts of the multiple business objects, and a label vector Y formed by label values.
  • the method is applied to the second party, and the method includes multiple iterations of performing model parameter updates.
  • Each iteration includes: based on the locally maintained first parameter second segment and the second parameter second segment, the second multiplication integral piece is calculated through local matrix multiplication and safe matrix multiplication with the first party, the second fragment is the first parameter for processing the first portion of the first characteristic parameter W a second portion of the fragment, the second parameter is a second feature of the second slice for the second part of the process
  • the second segment of the parameter part W B ;
  • the tag vector Y is secretly shared to obtain the second tag segment, and the second tag segment is subtracted based on the second multiplication and integration segment to obtain the first Two error fragments; locally calculating the product of the second error fragment and the second feature matrix X B to obtain the first part of the second gradient; using the second feature matrix X B and the first part of the first party
  • An error segment is multiplied by a security matrix to obtain the second segment of the second part of the second gradient, and receive the second segment of the second part of the first gradient from the first party; according to the first part of the second gradient And the second slice of the
  • the method before performing the model parameter update multiple iterations, the method further includes: initializing the second parameter part W B , and splitting it into the second parameter first segment and the second parameter second segment through secret sharing. receiving a first parameter from a first side portion of the first parameter W a secret sharing; fragment, retaining the second parameter of the second fragment, transmits the first fragment of the second parameter to the first party The second fragment.
  • the method further includes: sending a second segment of the first parameter updated in the last iteration to the first party, and receiving the update from the first party.
  • the party receives the updated second parameter first segment; the updated second parameter second segment in the last iteration is combined with the received second parameter first segment to obtain the service prediction model training After the second parameter part W B.
  • the business object includes one of the following: users, merchants, commodities, and events; the business prediction model is used to predict the classification or regression value of the business object.
  • the business prediction model is a linear regression model; wherein subtracting the second label fragments based on the second multiplication and integration fragments to obtain the second error fragments includes: calculating the first error fragments The difference between the squared integral slice and the second label slice is used as the second error slice.
  • the business prediction model is a logistic regression model; wherein subtracting the second label segment based on the second multiplying integral segment to obtain the second error segment includes: according to a sigmoid function In the Taylor expansion form of, a second prediction result segment is obtained based on the second multiplication-integral slice, and the difference between the second prediction result segment and the second label segment is calculated as the second error segment .
  • obtaining the second prediction result fragment based on the second multiplication integral piece includes: calculating the second multiplication according to the multi-order Taylor expansion form of the sigmoid function Multiply the multiplicity of the integral piece to obtain the multiplicity of the second slicing; using the second multiplier integral piece and the second slicing multiplicity, follow the first multiplier integral piece and the first multiplier piece in the first party. Perform multiple safe matrix multiplication operations for multiple times of one slice to obtain multiple second multifactorial integral slices; use the second multiplier integral slice, the second slice multiplier and multiple second multifactorial integral slices Slice, determining the second prediction result slice.
  • calculating the second multiplication-integral piece includes: using the second piece of the first parameter to perform a security matrix multiplication with the first feature matrix X A in the first party to obtain the first feature The second segment of the second processing result; locally calculating the product of the second feature matrix X B and the second segment of the second parameter to obtain the first processing result of the second feature; using the second feature matrix X B , and The first segment of the second parameter in the first party performs security matrix multiplication to obtain the second segment of the second processing result of the second feature; for the second segment of the second processing result of the first feature, the The first processing result of the second characteristic, and the second slices of the second processing result of the second characteristic are added to obtain the second multiplication-integral slice.
  • updating the second parameter of the second segment according to the first part of the second gradient and the second segment of the second part of the second gradient includes: changing the first part of the second gradient And the product of the sum of the second slice of the second part of the second gradient and the preset step length as the adjustment amount, and the second parameter second slice is updated by subtracting the adjustment amount.
  • a method for two parties to jointly train a business prediction model to protect data privacy includes a first party and a second party, and the first party stores the first feature part of a plurality of business objects.
  • the first feature matrix X A the second party stores a second feature matrix X B formed by the second feature parts of the multiple business objects, and a label vector Y formed by label values.
  • the method is applied to the second party, and the method includes multiple iterations of performing model parameter updates.
  • each iteration includes: based on the first segment of the first parameter maintained locally and the first segment of the second parameter, the first multiplication integral is calculated through the local matrix multiplication and the safe matrix multiplication with the second party sheet, the first parameter of the first fragment is a first fragment of a first parameter W a portion of the first feature processing section, a first fragment of the second parameter is a characteristic portion according to a second process
  • the first segment of the second parameter part W B the first tag segment that is secretly shared with the tag vector Y is received from the second party, and the first tag segment is segmented based on the first multiplication-integral segment
  • Subtract the slices to obtain the first error slice locally calculate the product of the first error slice and the first characteristic matrix X A to obtain the first part of the first gradient; use the first characteristic matrix X A to
  • the second error segment in the second party performs security matrix multiplication to obtain the first segment of the second part of the first gradient, and receives the first segment of the second part of the second gradient from the second party;
  • an apparatus for two parties to jointly train a business prediction model to protect data privacy includes a first party and a second party, and the first party stores a plurality of business objects that constitute the first characteristic part.
  • the second party stores a second feature matrix X B formed by the second feature parts of the multiple business objects, and a label vector Y formed by label values.
  • the device is deployed on the second party, and the device includes an iterative unit for performing model parameter update multiple times, and further includes: a multiplier-integral piece determination unit configured to perform a second piece based on the locally maintained first parameter And the second parameter second slice, through local matrix multiplication and the safe matrix multiplication operation with the first party, the second multiplication integral slice is calculated, and the first parameter second slice is used to process the first feature W a second portion of the first slice parameter portion, the second parameter is a second fragment of the second fragment processing the second parameter characteristic part W B of the second portion; fragments error determination unit, It is configured to secretly share the label vector Y to obtain a second label fragment, and subtract the second label fragment based on the second multiply integral fragment to obtain a second error fragment; determining unit configured to calculate the local error of the product of the second sheet and the second feature points X B matrix to obtain a first portion of the second gradient, and a matrix X B with the second feature, the first prescription
  • the first error segment performs security matrix multiplication to obtain the second segment
  • a device for two parties to jointly train a business prediction model to protect data privacy includes a first party and a second party, and the first party stores a plurality of business objects' first feature parts.
  • the device is deployed on the first party, and the device includes an iterative unit for performing model parameter update multiple iterations, and further includes: a multiplying-integral piece determination unit configured to be a first piece based on a locally maintained first parameter And the first segment of the second parameter, through the local matrix multiplication and the security matrix multiplication operation with the second party, the first multiplication-integral segment is calculated, and the first segment of the first parameter is used to process the first feature the first parameter W a portion of the first fragment, the second parameter is the first slice portion for processing the first portion of fragment W B of the second parameter characteristic of said second portion; fragments error determination unit, It is configured to receive, from the second party, a first label fragment that is secretly shared with the label vector Y, and subtract the first label fragment based on the first multiplication-integral fragment to obtain a first error score Slice; a gradient slice determination unit configured to locally calculate the product of the first error slice and the first feature matrix X A to obtain the first part of the first gradient, and use the first feature matrix X A
  • a computer-readable storage medium having a computer program stored thereon, and when the computer program is executed in a computer, the computer is caused to execute the method of the first aspect or the second aspect.
  • a computing device including a memory and a processor, the memory stores executable code, and when the processor executes the executable code, the method of the first aspect or the second aspect is implemented .
  • the two parties participating in the joint training each have a part of characteristic data.
  • the two parties In the iterative process of joint training, the two parties not only do not exchange the plaintext of feature data, but also split the model parameter part into parameter shards, and each only maintains the iterative update of the sharding parameters. The model will not be reconstructed until the end of the iteration. parameter.
  • all parties In the iterative process, all parties only maintain parameter shards and exchange some sharding results, and it is almost impossible to infer useful information about private data based on these sharding results. This greatly enhances the privacy data in the joint training process. safety.
  • Fig. 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification
  • Fig. 2 shows a schematic diagram of a process of joint training of a linear regression model by two parties according to an embodiment
  • Figure 3 shows part of the implementation process of the first sub-phase in an embodiment
  • FIG. 4 shows a schematic diagram of a process of joint training of a logistic regression model between two parties according to another embodiment
  • Fig. 5 shows a schematic block diagram of a joint training device deployed in a second party according to an embodiment
  • Fig. 6 shows a schematic block diagram of a joint training device deployed in a first party according to an embodiment.
  • the training process of a typical machine learning model includes a process of obtaining a prediction result from calculations between feature data and model parameter data, determining the gradient according to the prediction result, and then adjusting the model parameters according to the gradient.
  • the training data set used to train the machine learning model has n samples
  • the sample feature of each sample is expressed as x (x can be a vector)
  • the label is expressed as y
  • the training data set can be expressed as:
  • the predicted value of the sample can be obtained If the machine learning model is a linear regression model, the predicted value can be expressed as: If the machine learning model is a logistic regression model, the predicted value can be expressed as:
  • the obtained gradient can be expressed as:
  • the parameter w can be updated according to the gradient to achieve model training.
  • the training process includes several core operations: calculate the product xw of the sample feature x and the model parameter w, and the product xw is used to determine the predicted value pass through Obtain the prediction error E; then according to the product of the prediction error E and x, the gradient is obtained.
  • the inventor proposed that in the scenario where the two parties jointly train the machine learning model, the model parameters of each party should be disassembled into safe parameter fragments. With the help of secret sharing and safe matrix multiplication, the above operations are also disassembled accordingly.
  • the solution is a safe and secret sharding operation. Through the interaction and joint calculation of the results of the sharding operation by both parties, the above-mentioned operations are realized, thereby realizing safe collaborative training.
  • Figure 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification. As shown in Figure 1, the scenario of joint training between the two parties involves participant A and participant B, or called the first party and the second party. Each participant can be implemented as any device, platform, server or device cluster with computing and processing capabilities. Both parties must jointly train a business prediction model while protecting data privacy.
  • the first party A stores part of the features of n business objects in the training sample set, which is called the first feature part. Assuming that the first feature part of each business object is a d1-dimensional vector, then the first feature parts of n business objects constitute an n*d1-dimensional first feature matrix X A.
  • the second party B stores the second characteristic parts of the n business objects. Assuming that the second feature part of each business object is a d2-dimensional vector, then the second feature parts of n business objects constitute an n*d2-dimensional second feature matrix X B. It is assumed that the label values of n business objects are also stored in the second party, and the n label values constitute a label vector Y.
  • the above-mentioned first party A and second party B are electronic payment platforms and banking institutions, and the two parties need to jointly train a business prediction model to evaluate the user's credit rating.
  • the business object is the user.
  • Both parties can maintain part of the user's characteristic data.
  • the electronic payment platform maintains the user's electronic payment and transfer related characteristics, which constitutes the above-mentioned first characteristic matrix
  • the banking institution maintains the user's credit record related characteristics, which constitutes the above-mentioned second Feature matrix.
  • the banking institution also has a label Y for the user's credit rating.
  • the above-mentioned first party A and second party B are e-commerce platforms and electronic payment platforms, and the two parties need to jointly train a business prediction model to assess the merchant's fraud risk.
  • the business object is the merchant.
  • Both parties can maintain part of the characteristic data of the merchants respectively.
  • the e-commerce platform stores the sales data of sample merchants as part of the sample characteristics, and this part of the sample characteristics constitutes the above-mentioned first characteristic matrix; the electronic payment platform maintains the merchant's transaction flow data as another part of the sample Special, constitute the second characteristic matrix.
  • the electronic payment platform also maintains the label of the sample merchant (whether it is a fraudulent merchant or not), which constitutes a label vector Y.
  • the business object may also be other objects to be evaluated, such as commodities, interaction events (for example, transaction events, login events, click events, purchase events), and so on.
  • the participating parties may be different business parties that maintain different characteristic parts of the above-mentioned business objects.
  • the business prediction model may be a model that performs classification prediction or regression prediction for the corresponding business object.
  • the business object features maintained by both parties belong to private data.
  • plaintext exchanges are not allowed to protect the security of private data.
  • the first party A wants to train to obtain the model parameter part used to process the first feature part, called the first parameter part W A ;
  • the second party B wants to train to obtain the second parameter used to process the second feature part Part W B , these two parts of parameters together constitute a business prediction model.
  • the first party A and the second party B will initialize the first parameter parts W A and W A to be trained to be generated.
  • the second parameter part W B is secretly shared and disassembled into parameter fragments, so the first party obtains the first parameter first fragment ⁇ W A > 1 and the second parameter first fragment ⁇ W B > 1 , the second The party obtains the second segment of the first parameter ⁇ W A > 2 and the second segment of the second parameter ⁇ W B > 2 .
  • both parties obtain the encrypted fragments Z 1 , Z 2 of the product result of the total feature matrix X and the total parameter matrix W through the security matrix multiplication.
  • the label vector Y is secretly shared by the second party with the label, so that both parties obtain label fragments Y 1 and Y 2 respectively, so that the two parties respectively calculate the error fragments E 1 and E based on the multiplier and integral fragments and the label fragments they own 2 . Further, the two parties obtain the corresponding gradient fragments G 1 and G 2 through secret sharing and security matrix multiplication based on the error fragments and their respective feature matrices.
  • the first party uses its gradient segment G 1 to update its maintained parameter segments ⁇ W A > 1 and ⁇ W B > 1
  • the second party uses its gradient segment G 2 to update its maintained parameter segments ⁇ W A > 2 and ⁇ W B > 2 .
  • the two parties exchange their parameter fragments and perform parameter reconstruction. Therefore, the first party reconstructs the first parameter part after training based on the first parameter first fragment ⁇ W A > 1 maintained by itself and the second parameter second fragment ⁇ W A > 2 sent by the second party W a; second party based on a second parameter which is maintained by a second fragment ⁇ W B> 2 and the second parameter of the first party sends a first fragment ⁇ W B> 1, to give a second reconstructed training The parameter part W B.
  • Fig. 2 shows a schematic diagram of a process of joint training of a linear regression model by two parties according to an embodiment.
  • the data holding status of the first party A and the second party B in the scenario of FIG. 2 is the same as that of FIG. 1, and will not be repeated here.
  • the two parties jointly train a linear regression model as a business prediction model.
  • the first party A and the second party B initialize the model parameters and share secretly, each maintaining parameter slicing.
  • the first parameter may be initialized W A portion obtained by way of randomly generated.
  • the first party A secretly shares the above-mentioned first parameter part, that is, splits it into the first parameter first segment ⁇ W A > 1 and the first parameter second segment ⁇ W A > 2 , Hold the first segment of the first parameter ⁇ W A > 1 and send the second segment of the first parameter ⁇ W A > 2 to the second party B.
  • the second party B initializes the second parameter part W B for processing the second characteristic part.
  • the second parameter part W B can be initialized in a randomly generated manner.
  • the second party A secretly shares the above-mentioned second parameter part, and splits it into the second parameter first segment ⁇ W B > 1 and the second parameter second segment ⁇ W B > 2 , Holds the second parameter second fragment ⁇ W B > 2 and sends the second parameter first fragment ⁇ W B > 1 to the first party A.
  • steps S11-S12 and steps S13-S14 can be executed in parallel or in any order, which is not limited here.
  • the first party A maintains the first parameter first fragment ⁇ W A > 1 and the second parameter first fragment ⁇ W B > 1
  • the second party B maintains the first parameter The second segment ⁇ W A > 2 and the second parameter of the second segment ⁇ W B > 2 .
  • the number of iterations is a preset hyperparameter. In another embodiment, the number of iterations is not preset, but the iteration is stopped when a certain convergence condition is met.
  • the above convergence conditions may be, for example, that the error is low enough, the gradient is small enough, and so on.
  • Each iteration process can include 4 sub-phases: calculating the multiplication and integral slices ⁇ Z> 1 and ⁇ Z> 2 ; calculating the error slices ⁇ E> 1 and ⁇ E> 2 ; calculating the gradient G; updating the parameters.
  • step S21 the first party A and the second party B are each calculated based on the local matrix multiplication operation and the safe matrix multiplication operation of both parties to obtain the first multiplication integral piece ⁇ Z> 1 and the second multiplication integral sheet ⁇ Z> 2, such that the two fragments corresponding to a sum of the product of the total feature matrix X parameter W, i.e. equal to the first product of the first feature matrix X a W a portion of the first parameter multiplied, and The sum of the second product of the second feature matrix X B multiplied by the second parameter part W B.
  • Figure 3 shows a part of the implementation process of the first sub-phase in one embodiment.
  • step S211 the first party A locally calculates the product of the first feature matrix X A and the first segment of the first parameter ⁇ W A > 1 to obtain the first feature first processing result ⁇ Z A > 1 , that is :
  • step S212 the first party A uses the first feature matrix X A held by the first party A to perform a security matrix multiplication with the first parameter second slice ⁇ W A> 2 held by the second party B.
  • the secure matrix multiplication can be implemented by homomorphic encryption, secret sharing or other secure calculation methods, which is not limited.
  • the product of the first feature matrix X A and the second segment of the first parameter ⁇ W A > 2 is recorded as the first feature second processing result ⁇ Z A > 2 , namely:
  • ⁇ Z A > 2 X A ⁇ ⁇ W A > 2
  • the result of processing with local parameters is referred to as the first processing result
  • the result of processing with the other party's parameters through secure matrix multiplication is referred to as the second processing result.
  • the first party A obtains the first feature of the second processing result ⁇ Z A > 2 of the first fragment ⁇ Z A > 2 > 1
  • the second party B obtains the first feature of the second
  • the second segment of the processing result ⁇ Z A > 2 is ⁇ Z A > 2 > 2
  • the sum of the two segments is the second processing result of the first feature.
  • step S213 the second party B locally calculates the product of the second feature matrix X B and the second parameter second segment ⁇ W B > 2 to obtain the first processing result of the second feature ⁇ Z B > 1 , namely:
  • ⁇ Z B > 1 X B ⁇ ⁇ W B > 2
  • step S214 the second party B uses the second feature matrix X B held by the second party B to perform the security matrix multiplication with the second parameter first slice ⁇ W B> 1 held by the first party A, and the product is denoted as second The second processing result of the feature ⁇ Z B > 2 , namely:
  • ⁇ Z B > 2 X B ⁇ ⁇ W B > 1
  • the first party A obtains the first segment of the second feature second processing result ⁇ Z B > 2 ⁇ Z B > 2 > 1
  • the second party B obtains the second feature second processing
  • the second fragment of the result ⁇ Z B > 2 ⁇ Z B > 2 > 2 , the sum of the two fragments is the second processing result of the second feature.
  • step S215 the first party A adds up the pieces of the processing results obtained by the above calculations, that is, the first processing result of the first feature ⁇ Z A > 1 , the second processing result of the first feature
  • the first segment ⁇ Z A > 2 > 1 , the first segment of the second processing result of the second feature ⁇ Z B > 2 > 1 is added to obtain the first multiplied integral ⁇ Z> 1 , namely:
  • ⁇ Z> 1 ⁇ Z A > 1 + ⁇ Z A > 2 > 1 + ⁇ Z B > 2 > 1
  • step S216 the second party B adds up the pieces of each processing result obtained by it, that is, the second piece of the second processing result of the first feature ⁇ Z A > 2 > 2 ,
  • the first processing result of the second feature ⁇ Z B > 1 , and the second segment of the second processing result of the second feature ⁇ Z B > 2 > 2 are added to obtain the second multiplication and integral segment ⁇ Z> 2 , namely:
  • ⁇ Z> 2 ⁇ Z B > 1 + ⁇ Z A > 2 > 2 + ⁇ Z B > 2 > 2
  • the sum of the first multiplying integral piece ⁇ Z> 1 and the second multiplying integral piece ⁇ Z> 2 is the product of the total feature matrix X and the total parameter W, that is, the first feature matrix X A and the first parameter part
  • the sum of the first product of W A and the second product of the second feature matrix X B and the second parameter part W B is the product of the total feature matrix X and the total parameter W, that is, the first feature matrix X A and the first parameter part.
  • ⁇ Z> 1 + ⁇ Z> 2 ⁇ Z A > 1 + ⁇ Z A > 2 > 1 + ⁇ Z B > 2 > 1 + ⁇ Z B > 1 + ⁇ Z A > 2 > 2 + ⁇ Z B > 2 > 2
  • the first party A and the second party B have calculated the first multiplying integral piece ⁇ Z> 1 and the second multiplying integral piece ⁇ Z> 2 respectively .
  • the two parties jointly perform safety calculations, and obtain the first multiplying integral piece ⁇ Z> 1 and the second multiplying integral piece ⁇ Z> 2 respectively .
  • step S31 of the second sub-phase the second party secretly shares the label vector Y held by it, that is, splits it into the first label segment ⁇ Y> 1 and the second label segment ⁇ Y> 2 , and Hold the second label fragment ⁇ Y> 2 and send the first label fragment ⁇ Y> 1 to the first party A.
  • the sum of the two label fragments is the label vector, namely:
  • step S32 the second party B subtracts the second label segment ⁇ Y> 2 based on the second multiplier integration segment ⁇ Z> 2 to obtain the second error segment ⁇ E> 2 .
  • step S33 the first party A subtracts the first label segment ⁇ Y> 1 based on the first multiplier integration segment ⁇ Z> 1 to obtain the first error segment ⁇ E> 1 .
  • the prediction error It can be expressed as the difference between the product result X*W of the feature matrix and the model parameters and the label vector Y.
  • the product result obtained so far corresponds to the first multiplier integral piece ⁇ Z> 1 and the second multiplier integral piece ⁇ Z> 2 held by the first party A and the second party B respectively
  • the label vector Y corresponds to the first party A
  • the second party B may be integrated by the second sheet ⁇ Z> 2 by subtracting the second tag fragment ⁇ Y> 2, the second difference and the resulting fragment as a second error ⁇ E> 2, the first Party A can subtract the first label segment ⁇ Y> 1 from the first multiplication integral slice ⁇ Z> 1 , and use the obtained first difference value as the first error slice ⁇ E> 1 .
  • the sum of the first error segment ⁇ E> 1 and the second error segment ⁇ E> 2 is the product of the above-mentioned total feature matrix X and the total parameter W, and the difference between the label vector Y :
  • the first party A and the second party B have calculated the first error fragment ⁇ E> 1 and the second error fragment ⁇ E> 2 respectively .
  • the two parties jointly perform security calculations, and obtain the first error fragment ⁇ E> 1 and the second error fragment ⁇ E> 2 respectively .
  • the third sub-stage is entered, and the gradient G is calculated.
  • the gradient calculation involves the multiplication of the error vector and the feature matrix.
  • the error vector and the feature matrix are still distributed between the first party A and the second party B. Therefore, a piecewise calculation method is still needed to obtain each gradient piece.
  • step S41 the first party A local computing a first error fragment ⁇ E> permutation 1 ⁇ E> T 1 and the product of the first feature matrix X A to obtain a first portion of a first gradient ⁇ G A> 1 , namely:
  • step S42 the first party A uses the first feature matrix X A held by the first party A to perform a safety matrix multiplication with the second error slice ⁇ E> 2 held by the second party B.
  • Secure matrix multiplication can be implemented by homomorphic encryption, secret sharing or other secure calculation methods. Fragmentation product of the second error ⁇ E> 2 permutation ⁇ E> T 2 and the first feature matrix X A is referred to as a second portion of a first gradient ⁇ G A> 2, namely:
  • the first party A obtains the first segment of the first gradient second part ⁇ G A > 2 ⁇ G A > 2 > 1
  • the second party B obtains the first gradient second part
  • the second fragment of ⁇ G A > 2 ⁇ G A > 2 > 2 the sum of the two fragments is the second part of the first gradient.
  • step S43 the second local party B calculates a second error fragment ⁇ E> 2 permutation of ⁇ E> 2 T X B matrix with a second feature of the product, to obtain a first portion of a second gradient ⁇ G B> 1, i.e., :
  • step S44 the second party B uses the second feature matrix X B held by the second party B to perform a safety matrix multiplication with the first error slice ⁇ E> 1 held by the first party A.
  • Secure matrix multiplication can be implemented by homomorphic encryption, secret sharing or other secure calculation methods.
  • step S44 the second party B obtains the second part of the second gradient ⁇ G B > 2 ⁇ G B > 2 > 2 , and the first party A obtains the second part of the second gradient
  • the first fragment of ⁇ G B > 2 ⁇ G B > 2 > 1 the sum of the two fragments is the second part of the second gradient.
  • the parameter update phase includes the following steps.
  • step S51 the first portion of the first gradient of the first party A calculated according to step S41 ⁇ G A> 1 obtained in step S42 and the first slice ⁇ G A second portion of the first gradient> 2> 1, the first update One parameter first fragment ⁇ W A > 1 .
  • the product of the sum of the first part of the first gradient ⁇ G A > 1 and the first slice of the second part of the first gradient ⁇ G A > 2 > 1 and the preset step size ⁇ is used as the adjustment amount, and the Subtract the adjustment amount, update the first parameter, the first slice ⁇ W A > 1 , which can be expressed as:
  • step S52 the first party A updates the first segment of the second parameter ⁇ W B > 1 according to the first segment of the second part of the second gradient ⁇ G B > 2 > 1 obtained in step S44, which can mean for:
  • step S53 the second party B updates the first part of the second gradient ⁇ G B > 1 calculated in step S43 and the second segment of the second part of the second gradient ⁇ G B > 2 > 2 obtained in step S44.
  • the second segment with two parameters ⁇ W B > 2 is the second segment with two parameters ⁇ W B > 2 .
  • the product of the sum of the first part of the second gradient ⁇ G B > 1 and the second segment of the second part of the second gradient ⁇ G B > 2 > 2 and the preset step size ⁇ is used as the adjustment amount, and Subtract the adjustment amount and update the second parameter of the second segment ⁇ W B > 2 , which can be expressed as:
  • step S54 the second party B updates the first parameter and the second segment ⁇ W A > 2 according to the second segment ⁇ G A > 2 > 2 of the second part of the first gradient obtained in step S42, which can mean for:
  • the update of the first parameter part W A is jointly completed by both parties, where the first party A updates the first parameter first fragment ⁇ W A > 1 , and the second party B updates the first parameter second fragment ⁇ W A > 2 , the sum of the two parties' common update is:
  • the update of the second parameter part W B is jointly completed by both parties, where the second party B updates the second parameter second segment ⁇ W B > 2 , and the first party A updates the second parameter first segment ⁇ W B > 1 ,
  • the sum of the two parties’ updates is:
  • the model reconstruction phase is entered.
  • the first party A sends its iteratively maintained second parameter first fragment ⁇ W B > 1 to the second party B; the second party B will iteratively maintain the first parameter second fragment ⁇ W A > 2 is sent to the first party A.
  • the first party A reconstructs the first parameter part after training based on the first parameter first fragment ⁇ W A > 1 maintained by itself and the first parameter second fragment ⁇ W A > 2 sent by the second party W A.
  • the second parameter part after training is reconstructed W B.
  • the model parameters obtained were each portion W A and W B used to treat the corresponding characteristic portion.
  • the two parties not only do not exchange the plaintext of the feature data, but also split the model parameters into parameter shards, and each only maintains the iterative update of the sharding parameters.
  • the model will not be reconstructed until the end of the iteration. parameter.
  • all parties only maintain parameter shards and exchange some sharding results, and it is almost impossible to infer useful information about private data based on these sharding results. This greatly enhances the privacy data in the joint training process. safety.
  • the sigmoid function in order to facilitate linear calculation, can be expanded by Taylor Taylor.
  • the sigmod function 1/(1+e ⁇ x) can perform the following Taylor decomposition:
  • the gradient form can be obtained.
  • the gradient form is
  • Fig. 4 shows a schematic diagram of a process of joint training of a logistic regression model by two parties according to another embodiment.
  • the training process of Fig. 4 is basically the same as that of Fig. 2, except that in step S32 and step S33, when calculating the encryption error fragments, according to the Taylor expansion form of the sigmoid function, based on the first multiplying integral piece ⁇ Z> 1 and the second multiplying integral piece ⁇ Z> 2 Obtain the first part and the second part of the prediction result respectively, and then subtract correspondingly with the first label segment ⁇ Y> 1 and the second label segment ⁇ Y> 2 to obtain the first error segment ⁇ E> 1 and the second error slice ⁇ E> 2 .
  • the first party A calculates the first multiplier of the integral piece ⁇ Z> 1 to obtain the first piece of multiplicity ⁇ Z> 1 k
  • the first party A After the first party A obtains the first multiplying integral piece ⁇ Z> 1 , it needs to calculate ⁇ Z> 1 2 and ⁇ Z> 1 3 locally, and the second party B obtains the second multiplying integral piece ⁇ Z> 2 , Also need to calculate ⁇ Z> 2 2 and ⁇ Z> 2 3 locally.
  • the first party A uses ⁇ Z> 1 2 and the second party B's ⁇ Z> 2 to perform a safe matrix multiplication, and the two parties get the multifactorial respectively Integral piece ⁇ Z> 1 2 ⁇ ⁇ Z> 2 > 1 and multi-factorial integral piece ⁇ Z> 1 2 ⁇ ⁇ Z> 2 > 2
  • the first party A uses ⁇ Z> 1 and the second party B
  • the two parties get the multi-factorial integral piece ⁇ Z> 1 ⁇ ⁇ Z> 2 2 > 1 and the multi-factorial integral piece ⁇ Z> 1 ⁇ ⁇ Z> 2 2 > 2 .
  • the first party A can calculate ⁇ E> 1 by the following formula:
  • ⁇ E> 1 1/2+ ⁇ Z> 1 /4-( ⁇ Z> 1 3 +3 ⁇ Z> 1 2 ⁇ ⁇ Z> 2 > 1 +3 ⁇ Z> 1 ⁇ ⁇ Z> 2 2 > 1 )/48- ⁇ Y> 1 ;
  • the second party A calculates ⁇ E> 2 by the following formula:
  • ⁇ E> 2 ⁇ Z> 2 /4-( ⁇ Z> 1 3 +3 ⁇ Z> 1 2 ⁇ ⁇ Z> 2 > 2 +3 ⁇ Z> 1 ⁇ ⁇ Z> 2 2 > 2 )/ 48- ⁇ Y> 2 .
  • the first error fragment ⁇ E> 1 and the second error fragment ⁇ E> 2 can be calculated.
  • each neuron is connected to each neuron in the previous layer with different weights. Therefore, the output of each neuron in the previous layer can be regarded as feature data, and the feature data is distributed among the two sides; the connection weight can be regarded as the model parameter part, which is used to process the corresponding feature data in a linear combination. Therefore, the aforementioned training process can be applied to the parameter training of each neuron in the neural network to realize the joint safety training of both parties of the neural network model.
  • the training methods described above can be used.
  • this training method through the fragmented maintenance of parameters, high strength ensures that private data will not be leaked or reversed, and data security is ensured.
  • Fig. 5 shows a schematic block diagram of a joint training device deployed in a second party according to an embodiment.
  • the device 500 includes an iterative unit 510 for performing model parameter update multiple times.
  • the iteration unit 510 further includes:
  • the multiplying integral piece determining unit 511 is configured to calculate the second piece based on the locally maintained first parameter second piece and the second parameter second piece through local matrix multiplication and the safe matrix multiplication with the first party. Multiply the integral slice; wherein the second slice of the first parameter is the second slice used to process the first parameter part W A of the first characteristic part, and the second slice of the second parameter is used to process the first parameter part W A The second segment of the second parameter part W B of the two characteristic part.
  • the error segment determination unit 512 is configured to secretly share the tag vector Y to obtain a second tag segment, and subtract the second tag segment based on the second multiplication-integral segment to obtain a second tag segment. Error fragmentation.
  • Gradient fragmentation determination unit 513 configured to calculate the local error of the second sheet and the second partial product feature matrix X B to obtain a first portion of a second gradient; and with the second feature matrix X B, with the first The first error segment in one party performs a security matrix multiplication to obtain the second segment of the second part of the second gradient, and receives the second segment of the second part of the first gradient from the first party.
  • the parameter update unit 514 is configured to update the second parameter second slice according to the first part of the second gradient and the second slice of the second part of the second gradient; according to the second slice of the first part of the first gradient The first fragment, the second fragment is updated with the first parameter.
  • the above-mentioned apparatus 500 further includes an initialization unit 520 configured to initialize the second parameter part W B , and split it into a second parameter first segment and a second parameter second segment through secret sharing.
  • sheet retaining the second parameter of the second fragment, transmits the first fragment of the second parameter to the first party; receiving from the first party to the first parameter W a portion of the first secret sharing parameter Two slices.
  • the above-mentioned apparatus 500 further includes a parameter reconstruction unit 530, configured to: send the second segment of the first parameter updated in the last iteration to the first party, and send it from the first party.
  • a parameter reconstruction unit 530 configured to: send the second segment of the first parameter updated in the last iteration to the first party, and send it from the first party.
  • One party receives the updated first segment of the second parameter; combines the updated second segment of the second parameter in the last iteration with the received first segment of the second parameter to obtain the service prediction model The second parameter part W B after training.
  • the foregoing business objects include one of the following: users, merchants, commodities, and events; the business prediction model is used to predict the classification or regression value of the business objects.
  • the service prediction model is a linear regression model; at this time, the error segment determination unit 512 is configured to calculate the difference between the second multiplication-integral segment and the second label segment as the The second error fragment.
  • the business prediction model is a logistic regression model; at this time, the error segment determination unit 512 is configured to obtain a second prediction result based on the second multiplication and integration segment according to the Taylor expansion form of the sigmoid function Fragment, calculating the difference between the second prediction result fragment and the second label fragment as the second error fragment.
  • the multiplier-integral piece determining unit 511 is further configured to calculate the multiplier of the second multiplier-integral piece to obtain the second multiplier of the multiplier;
  • the slice and the second sharding multiplier, and the first multiplication integral slice and the first slicing multiplier in the first side perform multiple security matrix multiplication operations to obtain multiple second multifactorial integral slices
  • the error slice determination unit 512 is configured to use the second multiplier integral slice, the second slice multiplier and multiple second multifactorial integral slices according to the multi-order Taylor expansion form of the sigmoid function , Determining the second prediction result segment, and calculating the difference between the second prediction result segment and the second label segment as the second error segment.
  • the above-mentioned multiplying-integral piece determining unit 511 is specifically configured to: use the first parameter second piece to perform security matrix multiplication with the first feature matrix X A in the first party to obtain the first The second segment of the feature second processing result; the product of the second feature matrix X B and the second segment of the second parameter is locally calculated to obtain the second feature first processing result; using the second feature matrix X B , and Perform security matrix multiplication on the first segment of the second parameter in the first party to obtain the second segment of the second processing result of the second feature; for the second segment of the second processing result of the first feature, so According to the first processing result of the second characteristic, the second slices of the second processing result of the second characteristic are added to obtain the second multiplication-integral slice.
  • the above-mentioned parameter update unit 514 is configured to use the product of the sum of the first part of the second gradient and the second part of the second part of the second gradient and the preset step length as the adjustment amount, By subtracting the adjustment amount, the second segment of the second parameter is updated.
  • a device for two parties to jointly train a business prediction model can be deployed in the aforementioned first party, and the first party can be implemented as any device or platform with computing and processing capabilities. Or device cluster.
  • the first party stores the first feature matrix X A formed by the first feature parts of the multiple business objects;
  • the second party stores the second features formed by the second feature parts of the multiple business objects Matrix X B , and label vector Y composed of label values.
  • Fig. 6 shows a schematic block diagram of a joint training device deployed in a first party according to an embodiment.
  • the device 600 includes an iterative unit 610 for performing model parameter update multiple iterations.
  • the iteration unit 610 further includes:
  • the multiplying-integral piece determining unit 611 is configured to calculate the first piece based on the locally maintained first parameter first piece and the second parameter first piece through local matrix multiplication and the safe matrix multiplication with the second party. Multiply the integral slice; wherein the first parameter first slice is the first slice used to process the first parameter part W A of the first characteristic part, and the second parameter first slice is used to process the first parameter part W A The first segment of the second parameter part W B of the two characteristic part.
  • the error segment determination unit 612 receives the first tag segment secretly shared with the tag vector Y from the second party, and subtracts the first tag segment based on the first multiplication-integral segment, Obtain the first error fragment.
  • Gradient fragmentation determination unit 613 the local computing a product of said first error and the first fragment of the feature matrix X A, to obtain a first portion of a first gradient; and using said first feature matrix X A, with the second party Perform security matrix multiplication on the second error fragment in the second part to obtain the first fragment of the second part of the first gradient, and receive the first fragment of the second part of the second gradient from the second party.
  • the parameter updating unit 614 updates the first parameter first slice according to the first slice of the first part of the first gradient and the first slice of the second part of the first gradient; according to the first slice of the second part of the second gradient One slice, update the first slice with the second parameter.
  • the above-mentioned apparatus 600 further includes an initialization unit 620 configured to initialize the first parameter part W A , and split it into a first parameter first segment and a first parameter second segment through secret sharing.
  • the first segment of the first parameter is reserved, and the second segment of the first parameter is sent to the second party; the second parameter of the second parameter part W B secretly shared from the second party is received One shard.
  • the above-mentioned apparatus 600 further includes a parameter reconstruction unit 630, configured to: send the second segment of the second parameter updated in the last iteration to the second party, and send it from the first The two parties receive the updated first parameter second segment; the updated first parameter first segment in the last iteration and the received first parameter second segment are combined to obtain the service prediction model The first parameter part W A after training.
  • a parameter reconstruction unit 630 configured to: send the second segment of the second parameter updated in the last iteration to the second party, and send it from the first The two parties receive the updated first parameter second segment; the updated first parameter first segment in the last iteration and the received first parameter second segment are combined to obtain the service prediction model The first parameter part W A after training.
  • the foregoing business objects include one of the following: users, merchants, commodities, and events; the business prediction model is used to predict the classification or regression value of the business objects.
  • the service prediction model is a linear regression model; at this time, the error segment determination unit 612 is configured to calculate the difference between the first multiplication-integral segment and the first label segment as the The first error fragment.
  • the business prediction model is a logistic regression model; at this time, the error fragment determination unit 612 is configured to obtain the first prediction result based on the first multiplication and integration fragment according to the Taylor expansion form of the sigmoid function Fragmentation, calculating the difference between the one prediction result fragment and the first label fragment as the second error fragment.
  • the multiplication-integral piece determining unit 611 is further configured to calculate the multiplier of the first multiplier-integral piece to obtain the first multiplier of the multiplier;
  • the slice and the first multi-factorial multiplication, and the second multiplication integral slice and the second multiplication multiplier in the second party perform multiple security matrix multiplication operations to obtain multiple first multi-factorial integral slices
  • the error piece determination unit 612 is configured to use the first multiplier-integral piece, the first multiplier of the first piece and multiple first multi-factorial integral pieces according to the multi-order Taylor expansion form of the sigmoid function , Determine the second prediction result segment.
  • the above-mentioned multiplication-integral piece determining unit 611 is specifically configured to: use the first piece of the second parameter to perform a security matrix multiplication with the second feature matrix X B in the second party to obtain the second Feature the first segment of the second processing result; locally calculate the product of the first feature matrix X A and the first segment of the first parameter to obtain the first feature first processing result; use the first feature matrix X A , and Perform security matrix multiplication on the second segment of the first parameter in the second party to obtain the first segment of the second processing result of the first feature; for the first segment of the second processing result of the second feature, so According to the first processing result of the first characteristic, the first slices of the second processing result of the first characteristic are added to obtain the first multiplication-integral slice.
  • the aforementioned parameter update unit 614 is configured to use the product of the sum of the first part of the first gradient and the first part of the second part of the first gradient and the preset step length as the adjustment amount, The first segment of the first parameter is updated by subtracting the adjustment amount.
  • a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed in the computer, the computer is caused to execute the method described in conjunction with FIG. 2 to FIG. 4.
  • a computing device including a memory and a processor, the memory stores executable code, and when the processor executes the executable code, a combination of FIGS. 2 to 4 is provided. The method described.
  • the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof.
  • these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Mining & Analysis (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Artificial Intelligence (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Economics (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Provided are a method and apparatus for data privacy protected joint training of a service prediction model by two parties. Two parties each have a portion of feature data. In a model iteration process, the two parties obtain two product fragments of a product result of a total feature matrix X and a total parameter matrix W by means of security matrix multiplication. A second party with a label performs secret sharing on a label vector Y, so that the two parties obtain two label fragments. Hence, the two parties respectively calculate a corresponding error fragment according to the product fragment and label fragment held thereby. Then, the two parties obtain a corresponding gradient fragment on the basis of respective error fragments and feature matrices and by means of secret sharing and security matrix multiplication. Afterwards, a first party updates, by means of the gradient fragment thereof, a parameter fragment maintained thereby, and the second party updates, by means of the gradient fragment thereof, a parameter fragment maintained thereby. In this way, data privacy protected security joint training is implemented.

Description

保护数据隐私的双方联合训练业务预测模型Both parties jointly train business prediction models to protect data privacy 技术领域Technical field
本说明书一个或多个实施例涉及数据安全和机器学习领域,具体地,涉及双方联合训练业务预测模型。One or more embodiments of this specification relate to the fields of data security and machine learning, specifically, to the joint training of business prediction models by both parties.
背景技术Background technique
机器学习所需要的数据往往会涉及到多个领域。例如在基于机器学习的商户分类分析场景中,电子支付平台拥有商户的交易流水数据,电子商务平台存储有商户的销售数据,银行机构拥有商户的借贷数据。数据往往以孤岛的形式存在。由于行业竞争、数据安全、用户隐私等问题,数据整合面临着很大阻力,将分散在各个平台的数据整合在一起训练机器学习模型难以实现。在保证数据不泄露的前提下,使用多方数据联合训练机器学习模型变成目前的一大挑战。The data needed for machine learning often involves multiple fields. For example, in a business classification analysis scenario based on machine learning, the electronic payment platform owns the merchant's transaction flow data, the e-commerce platform stores the merchant's sales data, and the banking institution owns the merchant's loan data. Data often exists in the form of islands. Due to industry competition, data security, user privacy and other issues, data integration is facing great resistance. It is difficult to integrate data scattered on various platforms to train machine learning models. Under the premise of ensuring that data is not leaked, the use of multi-party data to jointly train machine learning models has become a major challenge at present.
常用的机器学习模型包括逻辑回归模型,线性回归模型,以及神经网络模型等。逻辑回归模型可以有效地执行样本分类预测等任务。线性回归模型可以有效地预测样本的回归值。神经网络模型可以通过多层神经元的组合,执行各种预测任务。以上这些模型的训练过程中,都会涉及利用特征数据与模型参数数据之间的运算得到预测结果,以及根据预测结果确定出梯度,进而调整模型参数的过程。在多方共同训练机器学习模型的情况下,如何在不泄露各方隐私数据(包括特征数据和模型参数数据)的情况下,协同进行上述各个阶段的运算,是实际要解决的问题。因此,希望提供改进的方案,在双方联合训练业务预测模型的情况下,保证各方的隐私数据不泄露,确保数据安全。Commonly used machine learning models include logistic regression models, linear regression models, and neural network models. Logistic regression models can effectively perform tasks such as sample classification and prediction. The linear regression model can effectively predict the regression value of the sample. The neural network model can perform various prediction tasks through the combination of multiple layers of neurons. In the training process of the above models, the process of using the calculation between the feature data and the model parameter data to obtain the prediction result, and determining the gradient according to the prediction result, and then adjusting the model parameters. In the case of multiple parties jointly training a machine learning model, how to perform the above-mentioned operations in each stage collaboratively without revealing the private data (including feature data and model parameter data) of each party is a practical problem to be solved. Therefore, it is hoped to provide an improved solution to ensure that the private data of each party is not leaked and ensure data security when the two parties jointly train the business prediction model.
发明内容Summary of the invention
本说明书一个或多个实施例描述了双方联合训练业务预测模型的方法和装置,其通过迭代过程中参数分片的方式,保证数据隐私不泄露,确保联合训练中隐私数据的安全。One or more embodiments of this specification describe a method and device for jointly training a business prediction model by both parties, which ensure that data privacy is not leaked by means of parameter slicing in the iterative process, and ensure the security of private data in joint training.
根据第一方面,提供了一种保护数据隐私的双方联合训练业务预测模型的方法,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y。所述方法应用于所述第二方,该方法包括多次迭代执行模型参数更新。每次迭代包括:基于本地维护的第一参数第二分片和第二参 数第二分片,通过本地矩阵乘法以及与所述第一方的安全矩阵乘法运算,计算得到第二乘积分片,第一参数第二分片是用于处理所述第一特征部分的第一参数部分W A的第二分片,第二参数第二分片是用于处理所述第二特征部分的第二参数部分W B的第二分片;对所述标签向量Y进行秘密分享,得到第二标签分片,并基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片;本地计算所述第二误差分片和第二特征矩阵X B的乘积,得到第二梯度第一部分;用所述第二特征矩阵X B,与所述第一方中的第一误差分片进行安全矩阵乘法,得到第二梯度第二部分的第二分片,并从所述第一方接收第一梯度第二部分的第二分片;根据所述第二梯度第一部分和所述第二梯度第二部分的第二分片,更新所述第二参数第二分片;根据所述第一梯度第一部分的第一分片,更新所述第一参数第二分片。 According to a first aspect, there is provided a method for two parties to jointly train a business prediction model to protect data privacy. The two parties include a first party and a second party, and the first party stores first characteristic parts of a plurality of business objects. A first feature matrix X A formed ; the second party stores a second feature matrix X B formed by the second feature parts of the multiple business objects, and a label vector Y formed by label values. The method is applied to the second party, and the method includes multiple iterations of performing model parameter updates. Each iteration includes: based on the locally maintained first parameter second segment and the second parameter second segment, the second multiplication integral piece is calculated through local matrix multiplication and safe matrix multiplication with the first party, the second fragment is the first parameter for processing the first portion of the first characteristic parameter W a second portion of the fragment, the second parameter is a second feature of the second slice for the second part of the process The second segment of the parameter part W B ; the tag vector Y is secretly shared to obtain the second tag segment, and the second tag segment is subtracted based on the second multiplication and integration segment to obtain the first Two error fragments; locally calculating the product of the second error fragment and the second feature matrix X B to obtain the first part of the second gradient; using the second feature matrix X B and the first part of the first party An error segment is multiplied by a security matrix to obtain the second segment of the second part of the second gradient, and receive the second segment of the second part of the first gradient from the first party; according to the first part of the second gradient And the second slice of the second part of the second gradient, update the second parameter second slice; according to the first slice of the first part of the first gradient, update the first parameter second slice .
在一个实施例中,在多次迭代执行模型参数更新之前,还包括:初始化所述第二参数部分W B,通过秘密分享将其拆分为第二参数第一分片和第二参数第二分片,保留所述第二参数第二分片,将所述第二参数第一分片发送给第一方;从第一方接收对所述第一参数部分W A秘密分享的第一参数第二分片。 In one embodiment, before performing the model parameter update multiple iterations, the method further includes: initializing the second parameter part W B , and splitting it into the second parameter first segment and the second parameter second segment through secret sharing. receiving a first parameter from a first side portion of the first parameter W a secret sharing; fragment, retaining the second parameter of the second fragment, transmits the first fragment of the second parameter to the first party The second fragment.
在一个实施例中,在多次迭代执行模型参数更新之后,还包括:将最后一次迭代中更新后的所述第一参数第二分片发送给所述第一方,并从所述第一方接收更新后的第二参数第一分片;将最后一次迭代中更新后的第二参数第二分片,和所接收的第二参数第一分片进行组合,得到所述业务预测模型训练后的第二参数部分W BIn an embodiment, after performing the model parameter update multiple iterations, the method further includes: sending a second segment of the first parameter updated in the last iteration to the first party, and receiving the update from the first party. The party receives the updated second parameter first segment; the updated second parameter second segment in the last iteration is combined with the received second parameter first segment to obtain the service prediction model training After the second parameter part W B.
在一个实施例中,所述业务对象包括以下之一:用户,商户,商品,事件;所述业务预测模型用于预测所述业务对象的分类或回归值。In an embodiment, the business object includes one of the following: users, merchants, commodities, and events; the business prediction model is used to predict the classification or regression value of the business object.
在一个实施例中,所述业务预测模型为线性回归模型;其中基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片,包括:计算所述第二乘积分片和所述第二标签分片的差值,作为所述第二误差分片。In one embodiment, the business prediction model is a linear regression model; wherein subtracting the second label fragments based on the second multiplication and integration fragments to obtain the second error fragments includes: calculating the first error fragments The difference between the squared integral slice and the second label slice is used as the second error slice.
在另一个实施例中,所述业务预测模型为逻辑回归模型;其中基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片,包括:根据sigmoid函数的泰勒展开形式,基于所述第二乘积分片得到第二预测结果分片,计算所述第二预测结果分片和所述第二标签分片的差值,作为所述第二误差分片。In another embodiment, the business prediction model is a logistic regression model; wherein subtracting the second label segment based on the second multiplying integral segment to obtain the second error segment includes: according to a sigmoid function In the Taylor expansion form of, a second prediction result segment is obtained based on the second multiplication-integral slice, and the difference between the second prediction result segment and the second label segment is calculated as the second error segment .
在一个具体的实施例中,根据sigmoid函数的泰勒展开形式,基于所述第二乘积分片得到第二预测结果分片,包括:根据sigmoid函数的多阶泰勒展开形式,计算所述第 二乘积分片的多次方,得到第二分片多次方;利用所述第二乘积分片与所述第二分片多次方,跟所述第一方中的第一乘积分片和第一分片多次方进行多次安全矩阵乘法运算,得到多个第二多阶乘积分片;利用所述第二乘积分片、所述第二分片多次方和多个第二多阶乘积分片,确定所述第二预测结果分片。In a specific embodiment, according to the Taylor expansion form of the sigmoid function, obtaining the second prediction result fragment based on the second multiplication integral piece includes: calculating the second multiplication according to the multi-order Taylor expansion form of the sigmoid function Multiply the multiplicity of the integral piece to obtain the multiplicity of the second slicing; using the second multiplier integral piece and the second slicing multiplicity, follow the first multiplier integral piece and the first multiplier piece in the first party. Perform multiple safe matrix multiplication operations for multiple times of one slice to obtain multiple second multifactorial integral slices; use the second multiplier integral slice, the second slice multiplier and multiple second multifactorial integral slices Slice, determining the second prediction result slice.
在一个实施例中,计算得到第二乘积分片,包括:用所述第一参数第二分片,与所述第一方中的第一特征矩阵X A进行安全矩阵乘法,得到第一特征第二处理结果的第二分片;本地计算第二特征矩阵X B与第二参数第二分片的乘积,得到第二特征第一处理结果;用所述第二特征矩阵X B,与所述第一方中的第二参数第一分片进行安全矩阵乘法,得到第二特征第二处理结果的第二分片;对所述第一特征第二处理结果的第二分片,所述第二特征第一处理结果,所述第二特征第二处理结果的第二分片进行加和,得到所述第二乘积分片。 In one embodiment, calculating the second multiplication-integral piece includes: using the second piece of the first parameter to perform a security matrix multiplication with the first feature matrix X A in the first party to obtain the first feature The second segment of the second processing result; locally calculating the product of the second feature matrix X B and the second segment of the second parameter to obtain the first processing result of the second feature; using the second feature matrix X B , and The first segment of the second parameter in the first party performs security matrix multiplication to obtain the second segment of the second processing result of the second feature; for the second segment of the second processing result of the first feature, the The first processing result of the second characteristic, and the second slices of the second processing result of the second characteristic are added to obtain the second multiplication-integral slice.
在一个实施例中,根据所述第二梯度第一部分和所述第二梯度第二部分的第二分片,更新所述第二参数第二分片,包括:将所述第二梯度第一部分和第二梯度第二部分的第二分片之和与预设步长的乘积作为调整量,通过减去所述调整量更新所述第二参数第二分片。In one embodiment, updating the second parameter of the second segment according to the first part of the second gradient and the second segment of the second part of the second gradient includes: changing the first part of the second gradient And the product of the sum of the second slice of the second part of the second gradient and the preset step length as the adjustment amount, and the second parameter second slice is updated by subtracting the adjustment amount.
根据第二方面,提供一种保护数据隐私的双方联合训练业务预测模型的方法,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y。所述方法应用于所述第二方,该方法包括多次迭代执行模型参数更新。其中,每次迭代包括:基于本地维护的第一参数第一分片和第二参数第一分片,通过本地矩阵乘法以及与所述第二方的安全矩阵乘法运算,计算得到第一乘积分片,第一参数第一分片是用于处理所述第一特征部分的第一参数部分W A的第一分片,第二参数第一分片是用于处理所述第二特征部分的第二参数部分W B的第一分片;从所述第二方接收对所述标签向量Y秘密分享的第一标签分片,并基于所述第一乘积分片对所述第一标签分片进行相减,得到第一误差分片;本地计算所述第一误差分片和第一特征矩阵X A的乘积,得到第一梯度第一部分;用所述第一特征矩阵X A,与所述第二方中的第二误差分片进行安全矩阵乘法,得到第一梯度第二部分的第一分片,并从所述第二方接收第二梯度第二部分的第一分片;根据所述第一梯度第一部分和所述第一梯度第二部分的第一分片,更新所述第一参数第一分片;根据所述第二梯度第二部分的第一分片,更新所述第二参数第一分片。 According to a second aspect, there is provided a method for two parties to jointly train a business prediction model to protect data privacy. The two parties include a first party and a second party, and the first party stores the first feature part of a plurality of business objects. The first feature matrix X A ; the second party stores a second feature matrix X B formed by the second feature parts of the multiple business objects, and a label vector Y formed by label values. The method is applied to the second party, and the method includes multiple iterations of performing model parameter updates. Wherein, each iteration includes: based on the first segment of the first parameter maintained locally and the first segment of the second parameter, the first multiplication integral is calculated through the local matrix multiplication and the safe matrix multiplication with the second party sheet, the first parameter of the first fragment is a first fragment of a first parameter W a portion of the first feature processing section, a first fragment of the second parameter is a characteristic portion according to a second process The first segment of the second parameter part W B ; the first tag segment that is secretly shared with the tag vector Y is received from the second party, and the first tag segment is segmented based on the first multiplication-integral segment Subtract the slices to obtain the first error slice; locally calculate the product of the first error slice and the first characteristic matrix X A to obtain the first part of the first gradient; use the first characteristic matrix X A to The second error segment in the second party performs security matrix multiplication to obtain the first segment of the second part of the first gradient, and receives the first segment of the second part of the second gradient from the second party; The first segment of the first part of the first gradient and the first segment of the second part of the first gradient update the first segment of the first parameter; update all the first segments according to the first segment of the second part of the second gradient The second parameter is the first fragment.
根据第三方面,提供一种保护数据隐私的双方联合训练业务预测模型的装置,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y。所述装置部署于所述第二方,该装置包括用于多次迭代执行模型参数更新的迭代单元,其进一步包括:乘积分片确定单元,配置为基于本地维护的第一参数第二分片和第二参数第二分片,通过本地矩阵乘法以及与所述第一方的安全矩阵乘法运算,计算得到第二乘积分片,第一参数第二分片是用于处理所述第一特征部分的第一参数部分W A的第二分片,第二参数第二分片是用于处理所述第二特征部分的第二参数部分W B的第二分片;误差分片确定单元,配置为对所述标签向量Y进行秘密分享,得到第二标签分片,并基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片;梯度分片确定单元,配置为本地计算所述第二误差分片和第二特征矩阵X B的乘积,得到第二梯度第一部分,以及用所述第二特征矩阵X B,与所述第一方中的第一误差分片进行安全矩阵乘法,得到第二梯度第二部分的第二分片,并从所述第一方接收第一梯度第二部分的第二分片;参数更新单元,配置为根据所述第二梯度第一部分和所述第二梯度第二部分的第二分片,更新所述第二参数第二分片,根据所述第一梯度第一部分的第一分片,更新所述第一参数第二分片。 According to a third aspect, there is provided an apparatus for two parties to jointly train a business prediction model to protect data privacy. The two parties include a first party and a second party, and the first party stores a plurality of business objects that constitute the first characteristic part. The first feature matrix X A ; the second party stores a second feature matrix X B formed by the second feature parts of the multiple business objects, and a label vector Y formed by label values. The device is deployed on the second party, and the device includes an iterative unit for performing model parameter update multiple times, and further includes: a multiplier-integral piece determination unit configured to perform a second piece based on the locally maintained first parameter And the second parameter second slice, through local matrix multiplication and the safe matrix multiplication operation with the first party, the second multiplication integral slice is calculated, and the first parameter second slice is used to process the first feature W a second portion of the first slice parameter portion, the second parameter is a second fragment of the second fragment processing the second parameter characteristic part W B of the second portion; fragments error determination unit, It is configured to secretly share the label vector Y to obtain a second label fragment, and subtract the second label fragment based on the second multiply integral fragment to obtain a second error fragment; determining unit configured to calculate the local error of the product of the second sheet and the second feature points X B matrix to obtain a first portion of the second gradient, and a matrix X B with the second feature, the first prescription The first error segment performs security matrix multiplication to obtain the second segment of the second part of the second gradient, and receives the second segment of the second part of the first gradient from the first party; the parameter update unit is configured to The second segment of the first part of the second gradient and the second segment of the second part of the second gradient, the second segment of the second parameter is updated, and the first segment of the first part of the first gradient is updated. The first parameter and the second fragment.
根据第四方面,提供一种保护数据隐私的双方联合训练业务预测模型的装置,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y。所述装置部署于所述第一方,该装置包括用于多次迭代执行模型参数更新的迭代单元,其进一步包括:乘积分片确定单元,配置为基于本地维护的第一参数第一分片和第二参数第一分片,通过本地矩阵乘法以及与所述第二方的安全矩阵乘法运算,计算得到第一乘积分片,第一参数第一分片是用于处理所述第一特征部分的第一参数部分W A的第一分片,第二参数第一分片是用于处理所述第二特征部分的第二参数部分W B的第一分片;误差分片确定单元,配置为从所述第二方接收对所述标签向量Y秘密分享的第一标签分片,并基于所述第一乘积分片对所述第一标签分片进行相减,得到第一误差分片;梯度分片确定单元,配置为本地计算所述第一误差分片和第一特征矩阵X A的乘积,得到第一梯度第一部分,以及用所述第一特征矩阵X A,与所述第二方中的第二误差分片进行安全矩阵乘法,得到第一梯度第二部分的第一分片,并从所述第二方接收第二梯度第二部分的第一分片;参数更新单元,配置为根据所述第一梯度第一部分和所述第一梯度第二部分的第一分片,更新所述第一参数第一分 片,根据所述第二梯度第二部分的第一分片,更新所述第二参数第一分片。 According to a fourth aspect, there is provided a device for two parties to jointly train a business prediction model to protect data privacy. The two parties include a first party and a second party, and the first party stores a plurality of business objects' first feature parts. The first feature matrix X A ; the second party stores a second feature matrix X B formed by the second feature parts of the multiple business objects, and a label vector Y formed by label values. The device is deployed on the first party, and the device includes an iterative unit for performing model parameter update multiple iterations, and further includes: a multiplying-integral piece determination unit configured to be a first piece based on a locally maintained first parameter And the first segment of the second parameter, through the local matrix multiplication and the security matrix multiplication operation with the second party, the first multiplication-integral segment is calculated, and the first segment of the first parameter is used to process the first feature the first parameter W a portion of the first fragment, the second parameter is the first slice portion for processing the first portion of fragment W B of the second parameter characteristic of said second portion; fragments error determination unit, It is configured to receive, from the second party, a first label fragment that is secretly shared with the label vector Y, and subtract the first label fragment based on the first multiplication-integral fragment to obtain a first error score Slice; a gradient slice determination unit configured to locally calculate the product of the first error slice and the first feature matrix X A to obtain the first part of the first gradient, and use the first feature matrix X A and the The second error segment in the second party performs the security matrix multiplication to obtain the first segment of the second part of the first gradient, and receives the first segment of the second part of the second gradient from the second party; parameter update Unit configured to update the first parameter first slice according to the first slice of the first part of the first gradient and the first slice of the second part of the first gradient, and according to the first slice of the second part of the second gradient Fragmentation, the first fragmentation of the second parameter is updated.
根据第五方面,提供了一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行第一方面或第二方面的方法。According to a fifth aspect, there is provided a computer-readable storage medium having a computer program stored thereon, and when the computer program is executed in a computer, the computer is caused to execute the method of the first aspect or the second aspect.
根据第六方面,提供了一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现第一方面或第二方面的方法。According to a sixth aspect, there is provided a computing device, including a memory and a processor, the memory stores executable code, and when the processor executes the executable code, the method of the first aspect or the second aspect is implemented .
根据本说明书实施例提供的方法和装置,参与联合训练的双方各自拥有一部分特征数据。在联合训练的迭代过程中,双方不仅不进行特征数据的明文交换,其模型参数部分也拆分为参数分片,各自只维护分片参数的迭代更新,直到迭代结束,才会重构得到模型参数。由于迭代过程中各方仅维护参数的分片,交换一些分片结果,而基于这些分片结果几乎不可能反推出隐私数据的有用信息,如此,极大地增强了联合训练过程中,隐私数据的安全性。According to the method and device provided in the embodiments of this specification, the two parties participating in the joint training each have a part of characteristic data. In the iterative process of joint training, the two parties not only do not exchange the plaintext of feature data, but also split the model parameter part into parameter shards, and each only maintains the iterative update of the sharding parameters. The model will not be reconstructed until the end of the iteration. parameter. In the iterative process, all parties only maintain parameter shards and exchange some sharding results, and it is almost impossible to infer useful information about private data based on these sharding results. This greatly enhances the privacy data in the joint training process. safety.
附图说明Description of the drawings
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍。下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments. The drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative work.
图1为本说明书披露的一个实施例的实施场景示意图;Fig. 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification;
图2示出根据一个实施例的双方联合训练线性回归模型的过程示意图;Fig. 2 shows a schematic diagram of a process of joint training of a linear regression model by two parties according to an embodiment;
图3示出在一个实施例中第一子阶段的部分实施过程;Figure 3 shows part of the implementation process of the first sub-phase in an embodiment;
图4示出根据另一个实施例的双方联合训练逻辑回归模型的过程示意图;4 shows a schematic diagram of a process of joint training of a logistic regression model between two parties according to another embodiment;
图5示出根据一个实施例的部署在第二方中的联合训练装置的示意性框图;Fig. 5 shows a schematic block diagram of a joint training device deployed in a second party according to an embodiment;
图6示出根据一个实施例的部署在第一方中的联合训练装置的示意性框图。Fig. 6 shows a schematic block diagram of a joint training device deployed in a first party according to an embodiment.
具体实施方式Detailed ways
下面结合附图,对本说明书提供的方案进行描述。The following describes the solutions provided in this specification with reference to the accompanying drawings.
如前所述,典型的机器学习模型的训练过程包括,利用特征数据与模型参数数据之间的运算得到预测结果,根据预测结果确定出梯度,进而根据梯度调整模型参数的过程。As mentioned above, the training process of a typical machine learning model includes a process of obtaining a prediction result from calculations between feature data and model parameter data, determining the gradient according to the prediction result, and then adjusting the model parameters according to the gradient.
具体地,假设用于训练机器学习模型的训练数据集有n个样本,每个样本的样本特 征表示为x(x可以是一个向量),标签表示为y,则该训练数据集可表示为:Specifically, assuming that the training data set used to train the machine learning model has n samples, the sample feature of each sample is expressed as x (x can be a vector), and the label is expressed as y, then the training data set can be expressed as:
Figure PCTCN2021086273-appb-000001
Figure PCTCN2021086273-appb-000001
通过各个样本的样本特征x与模型参数w的运算,可以得到对该样本的预测值
Figure PCTCN2021086273-appb-000002
如果机器学习模型为线性回归模型,预测值可表示为:
Figure PCTCN2021086273-appb-000003
如果机器学习模型为逻辑回归模型,预测值可表示为:
Figure PCTCN2021086273-appb-000004
Through the calculation of the sample feature x of each sample and the model parameter w, the predicted value of the sample can be obtained
Figure PCTCN2021086273-appb-000002
If the machine learning model is a linear regression model, the predicted value can be expressed as:
Figure PCTCN2021086273-appb-000003
If the machine learning model is a logistic regression model, the predicted value can be expressed as:
Figure PCTCN2021086273-appb-000004
在使用最大似然概率及随机梯度下降方式的情况下,得到的梯度可以表示为:In the case of using maximum likelihood probability and stochastic gradient descent, the obtained gradient can be expressed as:
Figure PCTCN2021086273-appb-000005
Figure PCTCN2021086273-appb-000005
其中,
Figure PCTCN2021086273-appb-000006
为预测值,y为标签值,上标T表示转置,x为特征;于是,可以根据该梯度,更新参数w,从而实现模型训练。 in,
Figure PCTCN2021086273-appb-000006
Is the predicted value, y is the label value, the superscript T is the transposition, and x is the feature; therefore, the parameter w can be updated according to the gradient to achieve model training.
从以上过程可以看到,训练过程包含几项核心的运算:计算样本特征x与模型参数w的乘积xw,该乘积xw用于确定出预测值
Figure PCTCN2021086273-appb-000007
通过
Figure PCTCN2021086273-appb-000008
得到预测误差E;然后根据预测误差E与x的乘积,得到梯度。 As can be seen from the above process, the training process includes several core operations: calculate the product xw of the sample feature x and the model parameter w, and the product xw is used to determine the predicted value
Figure PCTCN2021086273-appb-000007
pass through
Figure PCTCN2021086273-appb-000008
Obtain the prediction error E; then according to the product of the prediction error E and x, the gradient is obtained.
在单方独立训练模型的情况下,可以容易地进行上述的运算。但是在多方联合训练机器学习模型的情况下,同一样本的特征可能分布在不同参与方中,每个参与方维护模型的一部分参数,如何在不泄露各方明文数据的情况下,实施上述各项运算,是实现联合训练中数据隐私保护的核心挑战。In the case of a single-party independent training model, the above-mentioned calculations can be easily performed. However, in the case of multi-party joint training of machine learning models, the characteristics of the same sample may be distributed among different participants. Each participant maintains some of the parameters of the model. How to implement the above items without revealing the plaintext data of all parties Computation is the core challenge for realizing data privacy protection in joint training.
针对上述问题,发明人提出,在双方联合训练机器学习模型的场景下,将各方模型参数拆解为安全的参数分片,借助于秘密分享和安全矩阵乘法,将以上各项运算也相应拆解为安全而秘密的分片运算,通过双方对分片运算结果的交互和联合计算,实现上述各项运算,从而实现安全的协同训练。In response to the above problems, the inventor proposed that in the scenario where the two parties jointly train the machine learning model, the model parameters of each party should be disassembled into safe parameter fragments. With the help of secret sharing and safe matrix multiplication, the above operations are also disassembled accordingly. The solution is a safe and secret sharding operation. Through the interaction and joint calculation of the results of the sharding operation by both parties, the above-mentioned operations are realized, thereby realizing safe collaborative training.
图1为本说明书披露的一个实施例的实施场景示意图。如图1所示,双方联合训练的场景涉及参与方A和参与方B,或称为第一方和第二方。各个参与方可以实现为任何具有计算、处理能力的设备、平台、服务器或设备集群。双方要在保护数据隐私的情况下,联合训练一个业务预测模型。Figure 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification. As shown in Figure 1, the scenario of joint training between the two parties involves participant A and participant B, or called the first party and the second party. Each participant can be implemented as any device, platform, server or device cluster with computing and processing capabilities. Both parties must jointly train a business prediction model while protecting data privacy.
第一方A存储有训练样本集中n个业务对象的一部分特征,称为第一特征部分。假定每个业务对象的第一特征部分为d1维向量,那么n个业务对象的第一特征部分构成一个n*d1维的第一特征矩阵X A。第二方B存储有该n个业务对象的第二特征部分。假定每个业务对象的第二特征部分为d2维向量,那么n个业务对象的第二特征部分构成 一个n*d2维的第二特征矩阵X B。假定第二方中还存储有n个业务对象的标签值,n个标签值构成一个标签向量Y。 The first party A stores part of the features of n business objects in the training sample set, which is called the first feature part. Assuming that the first feature part of each business object is a d1-dimensional vector, then the first feature parts of n business objects constitute an n*d1-dimensional first feature matrix X A. The second party B stores the second characteristic parts of the n business objects. Assuming that the second feature part of each business object is a d2-dimensional vector, then the second feature parts of n business objects constitute an n*d2-dimensional second feature matrix X B. It is assumed that the label values of n business objects are also stored in the second party, and the n label values constitute a label vector Y.
在一个示例性场景中,上述第一方A和第二方B为电子支付平台和银行机构,双方需要联合训练一个业务预测模型,来评估用户的信用等级。此时,业务对象即为用户。双方可以各自维护用户的一部分特征数据,例如,电子支付平台维护用户的电子支付和转账相关特征,构成上述的第一特征矩阵;银行机构维护用户的信贷记录方面的相关特征,构成上述的第二特征矩阵。此外,银行机构还具有用户信用等级的标签Y。In an exemplary scenario, the above-mentioned first party A and second party B are electronic payment platforms and banking institutions, and the two parties need to jointly train a business prediction model to evaluate the user's credit rating. At this point, the business object is the user. Both parties can maintain part of the user's characteristic data. For example, the electronic payment platform maintains the user's electronic payment and transfer related characteristics, which constitutes the above-mentioned first characteristic matrix; the banking institution maintains the user's credit record related characteristics, which constitutes the above-mentioned second Feature matrix. In addition, the banking institution also has a label Y for the user's credit rating.
在另一个示例中,上述第一方A和第二方B为电子商务平台和电子支付平台,双方需要联合训练一个业务预测模型,来评估商户的欺诈风险。此时,业务对象即为商户。双方可以各自维护商户的一部分特征数据,例如,电子商务平台存储样本商户的销售数据作为一部分样本特征,该部分样本特征构成上述第一特征矩阵;电子支付平台维护商户的交易流水数据作为另一部分样本特,构成第二特征矩阵。电子支付平台还维护样本商户的标签(是或不是欺诈商户的标记),构成标签向量Y。In another example, the above-mentioned first party A and second party B are e-commerce platforms and electronic payment platforms, and the two parties need to jointly train a business prediction model to assess the merchant's fraud risk. At this time, the business object is the merchant. Both parties can maintain part of the characteristic data of the merchants respectively. For example, the e-commerce platform stores the sales data of sample merchants as part of the sample characteristics, and this part of the sample characteristics constitutes the above-mentioned first characteristic matrix; the electronic payment platform maintains the merchant's transaction flow data as another part of the sample Special, constitute the second characteristic matrix. The electronic payment platform also maintains the label of the sample merchant (whether it is a fraudulent merchant or not), which constitutes a label vector Y.
在其他场景示例中,业务对象还可以是待评估的其他对象,比如商品,交互事件(例如交易事件,登录事件,点击事件,购买事件),等等。相应的,参与方可以是维护有上述业务对象的不同特征部分的不同业务方。业务预测模型可以是针对相应业务对象进行分类预测或回归预测的模型。In other scenario examples, the business object may also be other objects to be evaluated, such as commodities, interaction events (for example, transaction events, login events, click events, purchase events), and so on. Correspondingly, the participating parties may be different business parties that maintain different characteristic parts of the above-mentioned business objects. The business prediction model may be a model that performs classification prediction or regression prediction for the corresponding business object.
需要理解,双方各自维护的业务对象特征属于隐私数据,在联合训练过程中,不可以进行明文交换,以保护隐私数据安全。并且,最终,第一方A希望训练得到用于处理第一特征部分的模型参数部分,称为第一参数部分W A;第二方B希望训练得到用于处理第二特征部分的第二参数部分W B,这两部分参数共同构成业务预测模型。 It needs to be understood that the business object features maintained by both parties belong to private data. During the joint training process, plaintext exchanges are not allowed to protect the security of private data. And, finally, the first party A wants to train to obtain the model parameter part used to process the first feature part, called the first parameter part W A ; the second party B wants to train to obtain the second parameter used to process the second feature part Part W B , these two parts of parameters together constitute a business prediction model.
为了在不泄露隐私数据的情况下进行模型的联合训练,根据本说明书实施例,如图1所示,第一方A和第二方B将初始化生成、有待训练的第一参数部分W A和第二参数部分W B进行秘密分享,拆解为参数分片,于是第一方得到第一参数第一分片<W A> 1和第二参数第一分片<W B> 1,第二方得到第一参数第二分片<W A> 2和第二参数第二分片<W B> 2In order to perform joint training of the model without leaking private data, according to the embodiment of this specification, as shown in FIG. 1, the first party A and the second party B will initialize the first parameter parts W A and W A to be trained to be generated. The second parameter part W B is secretly shared and disassembled into parameter fragments, so the first party obtains the first parameter first fragment <W A > 1 and the second parameter first fragment <W B > 1 , the second The party obtains the second segment of the first parameter <W A > 2 and the second segment of the second parameter <W B > 2 .
在模型迭代训练过程中,双方通过安全矩阵乘法,得到总的特征矩阵X与总的参数矩阵W的乘积结果的加密分片Z 1,Z 2。由具有标签的第二方对标签向量Y进行秘密分享,使得双方各自得到标签分片Y 1和Y 2,从而双方各自根据拥有的乘积分片和标签分 片计算出误差分片E 1和E 2。进一步地,双方基于误差分片和各自的特征矩阵,通过秘密分享和安全矩阵乘法,得到对应的梯度分片G 1和G 2。然后,第一方利用其梯度分片G 1,更新其维护的参数分片<W A> 1和<W B> 1,第二方利用其梯度分片G 2,更新其维护的参数分片<W A> 2和<W B> 2 In the iterative training process of the model, both parties obtain the encrypted fragments Z 1 , Z 2 of the product result of the total feature matrix X and the total parameter matrix W through the security matrix multiplication. The label vector Y is secretly shared by the second party with the label, so that both parties obtain label fragments Y 1 and Y 2 respectively, so that the two parties respectively calculate the error fragments E 1 and E based on the multiplier and integral fragments and the label fragments they own 2 . Further, the two parties obtain the corresponding gradient fragments G 1 and G 2 through secret sharing and security matrix multiplication based on the error fragments and their respective feature matrices. Then, the first party uses its gradient segment G 1 to update its maintained parameter segments <W A > 1 and <W B > 1 , and the second party uses its gradient segment G 2 to update its maintained parameter segments <W A > 2 and <W B > 2 .
直到整个迭代过程结束,双方交换其参数分片,进行参数重构。于是第一方基于其自身维护的第一参数第一分片<W A> 1和第二方发送的第一参数第二分片<W A> 2,重构得到训练后的第一参数部分W A;第二方基于其自身维护的第二参数第二分片<W B> 2和第一方发送的第二参数第一分片<W B> 1,重构得到训练后的第二参数部分W BUntil the end of the entire iterative process, the two parties exchange their parameter fragments and perform parameter reconstruction. Therefore, the first party reconstructs the first parameter part after training based on the first parameter first fragment <W A > 1 maintained by itself and the second parameter second fragment <W A > 2 sent by the second party W a; second party based on a second parameter which is maintained by a second fragment <W B> 2 and the second parameter of the first party sends a first fragment <W B> 1, to give a second reconstructed training The parameter part W B.
在整个训练过程中,双方不仅不进行特征数据的明文交换,其模型参数部分也拆分为参数分片,各自只维护分片参数的迭代更新,直到迭代结束,才会重构得到模型参数。如此,极大地增强了联合训练过程中,隐私数据的安全性。During the entire training process, not only did the two parties not exchange the feature data in plaintext, but the model parameters were also split into parameter shards, and each only maintained the iterative update of the sharding parameters. The model parameters would not be reconstructed until the end of the iteration. In this way, the security of private data in the joint training process is greatly enhanced.
下面描述双方联合进行模型训练的具体过程。The following describes the specific process of the two parties jointly conducting model training.
图2示出根据一个实施例的双方联合训练线性回归模型的过程示意图。图2场景中的第一方A和第二方B的数据持有状况与图1相同,不再赘述。在图2的场景中,双方联合训练一个线性回归模型作为业务预测模型。Fig. 2 shows a schematic diagram of a process of joint training of a linear regression model by two parties according to an embodiment. The data holding status of the first party A and the second party B in the scenario of FIG. 2 is the same as that of FIG. 1, and will not be repeated here. In the scenario in Figure 2, the two parties jointly train a linear regression model as a business prediction model.
首先,在模型初始化阶段,第一方A和第二方B对模型参数初始化,并进行秘密分享,各自维持参数分片。First, in the model initialization stage, the first party A and the second party B initialize the model parameters and share secretly, each maintaining parameter slicing.
具体地,在步骤S11,第一方A初始化用于处理第一特征部分的第一参数部分W A。该第一参数部分W A可以通过随机生成的方式初始化得到。然后,在S12,第一方A对上述第一参数部分进行秘密分享,即将其拆分为第一参数第一分片<W A> 1和第一参数第二分片<W A> 2,自己持有第一参数第一分片<W A> 1,将第一参数第二分片<W A> 2发送给第二方B。可以理解,两个参数分片之和为第一参数部分,即:W A=<W A> 1+<W A> 2Specifically, in step S11, the first party for processing the first initialization parameter A W A portion of the first feature section. The first parameter may be initialized W A portion obtained by way of randomly generated. Then, in S12, the first party A secretly shares the above-mentioned first parameter part, that is, splits it into the first parameter first segment <W A > 1 and the first parameter second segment <W A > 2 , Hold the first segment of the first parameter <W A > 1 and send the second segment of the first parameter <W A > 2 to the second party B. It can be understood that the sum of the two parameter fragments is the first parameter part, namely: W A =<W A > 1 +<W A > 2 .
相应地,在步骤S13,第二方B初始化用于处理第二特征部分的第二参数部分W B。该第二参数部分W B可以通过随机生成的方式初始化得到。然后,在S14,第二方A对上述第二参数部分进行秘密分享,将其拆分为第二参数第一分片<W B> 1和第二参数第二分片<W B> 2,自己持有第二参数第二分片<W B> 2,将第二参数第一分片<W B> 1发送给第一方A。相应的,这两个参数分片之和为第二参数部分,即:W B=<W B> 1+<W B> 2Correspondingly, in step S13, the second party B initializes the second parameter part W B for processing the second characteristic part. The second parameter part W B can be initialized in a randomly generated manner. Then, in S14, the second party A secretly shares the above-mentioned second parameter part, and splits it into the second parameter first segment <W B > 1 and the second parameter second segment <W B > 2 , Holds the second parameter second fragment <W B > 2 and sends the second parameter first fragment <W B > 1 to the first party A. Correspondingly, the sum of these two parameter fragments is the second parameter part, namely: W B =<W B > 1 +<W B > 2 .
需要理解,步骤S11-S12,以及步骤S13-S14之间,可以并行执行,或者以任意先后顺序执行,在此不做限定。It should be understood that steps S11-S12 and steps S13-S14 can be executed in parallel or in any order, which is not limited here.
在进行上述初始化和秘密分享之后,第一方A维持有第一参数第一分片<W A> 1和第二参数第一分片<W B> 1,第二方B维持有第一参数第二分片<W A> 2和第二参数第二分片<W B> 2After the above initialization and secret sharing, the first party A maintains the first parameter first fragment <W A > 1 and the second parameter first fragment <W B > 1 , and the second party B maintains the first parameter The second segment <W A > 2 and the second parameter of the second segment <W B > 2 .
接下来,进入模型迭代阶段,该阶段一般包含多次迭代过程。在一个实施例中,迭代次数为预先设定的超参数。在另一实施例中,迭代次数并不预先设定,而是在满足一定收敛条件时,停止迭代。上述收敛条件例如可以是,误差足够低,梯度足够小,等等。Next, enter the model iteration stage, which generally includes multiple iterations. In one embodiment, the number of iterations is a preset hyperparameter. In another embodiment, the number of iterations is not preset, but the iteration is stopped when a certain convergence condition is met. The above convergence conditions may be, for example, that the error is low enough, the gradient is small enough, and so on.
每次迭代过程可以包括4个子阶段:计算乘积分片<Z> 1和<Z> 2;计算误差分片<E> 1和<E> 2;计算梯度G;更新参数。下面分别描述各个子阶段的具体执行方式。 Each iteration process can include 4 sub-phases: calculating the multiplication and integral slices <Z> 1 and <Z>2; calculating the error slices <E> 1 and <E>2; calculating the gradient G; updating the parameters. The following describes the specific implementation of each sub-phase.
在第一子阶段,在步骤S21,第一方A和第二方B各自基于本地矩阵乘法运算以及双方的安全矩阵乘法运算,分别计算得到第一乘积分片<Z> 1和第二乘积分片<Z> 2,使得两个分片之和对应于总特征矩阵X与总参数W的乘积,也即等于第一特征矩阵X A与第一参数部分W A相乘的第一乘积、和第二特征矩阵X B与第二参数部分W B相乘的第二乘积之和。 In the first sub-stage, in step S21, the first party A and the second party B are each calculated based on the local matrix multiplication operation and the safe matrix multiplication operation of both parties to obtain the first multiplication integral piece <Z> 1 and the second multiplication integral sheet <Z> 2, such that the two fragments corresponding to a sum of the product of the total feature matrix X parameter W, i.e. equal to the first product of the first feature matrix X a W a portion of the first parameter multiplied, and The sum of the second product of the second feature matrix X B multiplied by the second parameter part W B.
图3示出在一个实施例中第一子阶段的部分实施过程。Figure 3 shows a part of the implementation process of the first sub-phase in one embodiment.
具体地,在步骤S211,第一方A本地计算第一特征矩阵X A与第一参数第一分片<W A> 1的乘积,得到第一特征第一处理结果<Z A> 1,即: Specifically, in step S211, the first party A locally calculates the product of the first feature matrix X A and the first segment of the first parameter <W A > 1 to obtain the first feature first processing result <Z A > 1 , that is :
<Z A> 1=X A ˙<W A> 1 <Z A > 1 = X A ˙ <W A > 1
在步骤S212,第一方A用其持有的第一特征矩阵X A,与第二方B持有的第一参数第二分片<W A> 2进行安全矩阵乘法。安全矩阵乘法可以采用同态加密、秘密分享或采用其他安全计算方式实现,对此不作限定。第一特征矩阵X A与第一参数第二分片<W A> 2的乘积记为第一特征第二处理结果<Z A> 2,即: In step S212, the first party A uses the first feature matrix X A held by the first party A to perform a security matrix multiplication with the first parameter second slice <W A> 2 held by the second party B. The secure matrix multiplication can be implemented by homomorphic encryption, secret sharing or other secure calculation methods, which is not limited. The product of the first feature matrix X A and the second segment of the first parameter <W A > 2 is recorded as the first feature second processing result <Z A > 2 , namely:
<Z A> 2=X A ˙<W A> 2 <Z A > 2 = X A ˙ <W A > 2
在本文上下文中,将用本地参数处理的结果称为第一处理结果,将通过安全矩阵乘法采用对方参数进行处理的结果称为第二处理结果。In the context of this article, the result of processing with local parameters is referred to as the first processing result, and the result of processing with the other party's parameters through secure matrix multiplication is referred to as the second processing result.
则通过步骤S212的安全矩阵乘法,第一方A得到第一特征第二处理结果<Z A> 2的第一分片<<Z A> 2> 1,第二方B得到第一特征第二处理结果<Z A> 2的第二分片<<Z A> 2> 2,两个分片之和为第一特征第二处理结果。 Then through the security matrix multiplication in step S212, the first party A obtains the first feature of the second processing result <Z A > 2 of the first fragment <<Z A > 2 > 1 , and the second party B obtains the first feature of the second The second segment of the processing result <Z A > 2 is <<Z A > 2 > 2 , and the sum of the two segments is the second processing result of the first feature.
在步骤S213,第二方B本地计算第二特征矩阵X B与第二参数第二分片<W B> 2的乘 积,得到第二特征第一处理结果<Z B> 1,即: In step S213, the second party B locally calculates the product of the second feature matrix X B and the second parameter second segment <W B > 2 to obtain the first processing result of the second feature <Z B > 1 , namely:
<Z B> 1=X B ˙<W B> 2 <Z B > 1 = X B ˙ <W B > 2
在步骤S214,第二方B用其持有的第二特征矩阵X B,与第一方A持有的第二参数第一分片<W B> 1进行安全矩阵乘法,乘积记为第二特征第二处理结果<Z B> 2,即: In step S214, the second party B uses the second feature matrix X B held by the second party B to perform the security matrix multiplication with the second parameter first slice <W B> 1 held by the first party A, and the product is denoted as second The second processing result of the feature <Z B > 2 , namely:
<Z B> 2=X B ˙<W B> 1 <Z B > 2 = X B ˙ <W B > 1
通过步骤S214的安全矩阵乘法,第一方A得到第二特征第二处理结果<Z B> 2的第一分片<<Z B> 2> 1,第二方B得到第二特征第二处理结果<Z B> 2的第二分片<<Z B> 2> 2,两个分片之和为第二特征第二处理结果。 Through the security matrix multiplication in step S214, the first party A obtains the first segment of the second feature second processing result <Z B > 2 <<Z B > 2 > 1 , and the second party B obtains the second feature second processing The second fragment of the result <Z B > 2 <<Z B > 2 > 2 , the sum of the two fragments is the second processing result of the second feature.
需要理解,以上的各个步骤S211-S214,可以以任意的先后顺序执行。It should be understood that the above steps S211-S214 can be performed in any order.
然后,在步骤S215,第一方A对以上运算得到的各个处理结果的分片进行加和,也就是,对第一特征第一处理结果<Z A> 1,第一特征第二处理结果的第一分片<<Z A> 2> 1,第二特征第二处理结果的第一分片<<Z B> 2> 1进行加和,得到第一乘积分片<Z> 1,即: Then, in step S215, the first party A adds up the pieces of the processing results obtained by the above calculations, that is, the first processing result of the first feature <Z A > 1 , the second processing result of the first feature The first segment <<Z A > 2 > 1 , the first segment of the second processing result of the second feature <<Z B > 2 > 1 is added to obtain the first multiplied integral <Z> 1 , namely:
<Z> 1=<Z A> 1+<<Z A> 2> 1+<<Z B> 2> 1 <Z> 1 =<Z A > 1 +<<Z A > 2 > 1 +<<Z B > 2 > 1
相应地,在步骤S216,第二方B对其得到的各个处理结果的分片进行加和,也就是,对第一特征第二处理结果的第二分片<<Z A> 2> 2,第二特征第一处理结果<Z B> 1,第二特征第二处理结果的第二分片<<Z B> 2> 2进行加和,得到第二乘积分片<Z> 2,即: Correspondingly, in step S216, the second party B adds up the pieces of each processing result obtained by it, that is, the second piece of the second processing result of the first feature <<Z A > 2 > 2 , The first processing result of the second feature <Z B > 1 , and the second segment of the second processing result of the second feature <<Z B > 2 > 2 are added to obtain the second multiplication and integral segment <Z> 2 , namely:
<Z> 2=<Z B> 1+<<Z A> 2> 2+<<Z B> 2> 2 <Z> 2 =<Z B > 1 +<<Z A > 2 > 2 +<<Z B > 2 > 2
可以验证,第一乘积分片<Z> 1和第二乘积分片<Z> 2之和,为总特征矩阵X与总参数W的乘积,即为第一特征矩阵X A与第一参数部分W A相乘的第一乘积,和第二特征矩阵X B与第二参数部分W B相乘的第二乘积之和: It can be verified that the sum of the first multiplying integral piece <Z> 1 and the second multiplying integral piece <Z> 2 is the product of the total feature matrix X and the total parameter W, that is, the first feature matrix X A and the first parameter part The sum of the first product of W A and the second product of the second feature matrix X B and the second parameter part W B :
<Z> 1+<Z> 2=<Z A> 1+<<Z A> 2> 1+<<Z B> 2> 1+<Z B> 1+<<Z A> 2> 2+<<Z B> 2> 2 <Z> 1 +<Z> 2 =<Z A > 1 +<<Z A > 2 > 1 +<<Z B > 2 > 1 +<Z B > 1 +<<Z A > 2 > 2 +<<Z B > 2 > 2
=<Z A> 1+(<<Z A> 2> 1+<<Z A> 2> 2)+<Z B> 1+(<<Z B> 2> 1+<<Z B> 2> 2) =<Z A > 1 +(<<Z A > 2 > 1 +<<Z A > 2 > 2 )+<Z B > 1 +(<<Z B > 2 > 1 +<<Z B > 2 > 2 )
=X A ˙<W A> 1+X A ˙<W A> 2+X B ˙<W B> 1+X B ˙<W B> 2 =X A ˙ <W A > 1 +X A ˙ <W A > 2 +X B ˙ <W B > 1 +X B ˙ <W B > 2
=X A ˙W A+X B ˙W B =X A ˙ W A +X B ˙ W B
至此第一方A和第二方B分别计算得到了第一乘积分片<Z> 1和第二乘积分片<Z> 2。如此,在迭代的第一子阶段,双方共同进行安全计算,分别得到了第一乘积分片<Z> 1 和第二乘积分片<Z> 2So far, the first party A and the second party B have calculated the first multiplying integral piece <Z> 1 and the second multiplying integral piece <Z> 2 respectively . In this way, in the first sub-stage of the iteration, the two parties jointly perform safety calculations, and obtain the first multiplying integral piece <Z> 1 and the second multiplying integral piece <Z> 2 respectively .
于是,进入第二子阶段,计算误差分片<E> 1和<E> 2Then, enter the second sub-phase, calculate the error fragments <E> 1 and <E> 2 .
在第二子阶段的步骤S31,第二方对其持有的标签向量Y进行秘密分享,即将其拆分为第一标签分片<Y> 1和第二标签分片<Y> 2,自己持有第二标签分片<Y> 2,将第一标签分片<Y> 1发送给第一方A。可以理解,两个标签分片之和为标签向量,即: In step S31 of the second sub-phase, the second party secretly shares the label vector Y held by it, that is, splits it into the first label segment <Y> 1 and the second label segment <Y> 2 , and Hold the second label fragment <Y> 2 and send the first label fragment <Y> 1 to the first party A. It can be understood that the sum of the two label fragments is the label vector, namely:
Y=<Y> 1+<Y> 2Y=<Y> 1 +<Y> 2 .
然后在步骤S32,第二方B基于第二乘积分片<Z> 2对第二标签分片<Y> 2进行相减,得到第二误差分片<E> 2。并且,在步骤S33,第一方A基于第一乘积分片<Z> 1对第一标签分片<Y> 1进行相减,得到第一误差分片<E> 1Then in step S32, the second party B subtracts the second label segment <Y> 2 based on the second multiplier integration segment <Z> 2 to obtain the second error segment <E> 2 . In addition, in step S33, the first party A subtracts the first label segment <Y> 1 based on the first multiplier integration segment <Z> 1 to obtain the first error segment <E> 1 .
在图2所示的线性回归模型的场景下,预测值
Figure PCTCN2021086273-appb-000009
因此,预测误差
Figure PCTCN2021086273-appb-000010
可表示为,特征矩阵与模型参数的乘积结果X*W,与标签向量Y的差值。而目前获得的乘积结果对应于第一方A和第二方B分别持有的第一乘积分片<Z> 1和第二乘积分片<Z> 2,标签向量Y对应于第一方A和第二方B分别持有的第一标签分片<Y> 1和第二标签分片<Y> 2。因此,第二方B可以将第二乘积分片<Z> 2减去第二标签分片<Y> 2,并将得到的第二差值作为第二误差分片<E> 2,第一方A可以将第一乘积分片<Z> 1减去第一标签分片<Y> 1,并将得到的第一差值作为第一误差分片<E> 1In the scenario of the linear regression model shown in Figure 2, the predicted value
Figure PCTCN2021086273-appb-000009
Therefore, the prediction error
Figure PCTCN2021086273-appb-000010
It can be expressed as the difference between the product result X*W of the feature matrix and the model parameters and the label vector Y. The product result obtained so far corresponds to the first multiplier integral piece <Z> 1 and the second multiplier integral piece <Z> 2 held by the first party A and the second party B respectively, and the label vector Y corresponds to the first party A The first label fragment <Y> 1 and the second label fragment <Y> 2 held by the second party B respectively. Thus, the second party B may be integrated by the second sheet <Z> 2 by subtracting the second tag fragment <Y> 2, the second difference and the resulting fragment as a second error <E> 2, the first Party A can subtract the first label segment <Y> 1 from the first multiplication integral slice <Z> 1 , and use the obtained first difference value as the first error slice <E> 1 .
可以验证,第一误差分片<E> 1和第二误差分片<E> 2之和,为上述总特征矩阵X和总参数W之间的乘积结果,与标签向量Y之间的差值: It can be verified that the sum of the first error segment <E> 1 and the second error segment <E> 2 is the product of the above-mentioned total feature matrix X and the total parameter W, and the difference between the label vector Y :
<E> 1+<E> 2=<Z> 1-<Y> 1+<Z> 2-<Y> 2 <E> 1 +<E> 2 =<Z> 1 -<Y> 1 +<Z> 2 -<Y> 2
=(<Z> 1+<Z> 2)-(<Y> 1+<Y> 2) =(<Z> 1 +<Z> 2 )-(<Y> 1 +<Y> 2 )
=X*W-Y=X*W-Y
至此第一方A和第二方B分别计算得到了第一误差分片<E> 1和第二误差分片<E> 2。如此,在迭代的第二子阶段,双方共同进行安全计算,分别得到了第一误差分片<E> 1和第二误差分片<E> 2So far, the first party A and the second party B have calculated the first error fragment <E> 1 and the second error fragment <E> 2 respectively . In this way, in the second sub-stage of the iteration, the two parties jointly perform security calculations, and obtain the first error fragment <E> 1 and the second error fragment <E> 2 respectively .
于是,进入第三子阶段,计算梯度G。根据之前的公式(1),梯度计算涉及误差向量与特征矩阵的相乘。然而,误差向量和特征矩阵依然分布在第一方A和第二方B双方之间,因此,仍需采用分片计算的方式,得到各个梯度分片。Therefore, the third sub-stage is entered, and the gradient G is calculated. According to the previous formula (1), the gradient calculation involves the multiplication of the error vector and the feature matrix. However, the error vector and the feature matrix are still distributed between the first party A and the second party B. Therefore, a piecewise calculation method is still needed to obtain each gradient piece.
具体地,在步骤S41,第一方A本地计算第一误差分片<E> 1的转置<E> 1 T与第一特 征矩阵X A的乘积,得到第一梯度第一部分<G A> 1,即: Specifically, in step S41, the first party A local computing a first error fragment <E> permutation 1 <E> T 1 and the product of the first feature matrix X A to obtain a first portion of a first gradient <G A> 1 , namely:
<G A> 1=<E> 1 X A <G A > 1 =<E> 1 X A
在步骤S42,第一方A用其持有的第一特征矩阵X A,与第二方B持有的第二误差分片<E> 2进行安全矩阵乘法。安全矩阵乘法可以采用同态加密、秘密分享或采用其他安全计算方式实现。第二误差分片<E> 2的转置<E> 2 T与第一特征矩阵X A的乘积记为第一梯度第二部分<G A> 2,即: In step S42, the first party A uses the first feature matrix X A held by the first party A to perform a safety matrix multiplication with the second error slice <E> 2 held by the second party B. Secure matrix multiplication can be implemented by homomorphic encryption, secret sharing or other secure calculation methods. Fragmentation product of the second error <E> 2 permutation <E> T 2 and the first feature matrix X A is referred to as a second portion of a first gradient <G A> 2, namely:
<G A> 2=<E> 2 X A <G A > 2 =<E> 2 X A
则通过步骤S42的安全矩阵乘法,第一方A得到第一梯度第二部分<G A> 2的第一分片<<G A> 2> 1,第二方B得到第一梯度第二部分<G A> 2的第二分片<<G A> 2> 2,两个分片之和为第一梯度第二部分。 Then through the safe matrix multiplication of step S42, the first party A obtains the first segment of the first gradient second part <G A > 2 <<G A > 2 > 1 , and the second party B obtains the first gradient second part The second fragment of <G A > 2 <<G A > 2 > 2 , the sum of the two fragments is the second part of the first gradient.
在步骤S43,第二方B本地计算第二误差分片<E> 2的转置<E> 2 T与第二特征矩阵X B的乘积,得到第二梯度第一部分<G B> 1,即: In step S43, the second local party B calculates a second error fragment <E> 2 permutation of <E> 2 T X B matrix with a second feature of the product, to obtain a first portion of a second gradient <G B> 1, i.e., :
<G B> 1=<E> 2 X B <G B > 1 =<E> 2 X B
在步骤S44,第二方B用其持有的第二特征矩阵X B,与第一方A持有的第一误差分片<E> 1进行安全矩阵乘法。安全矩阵乘法可以采用同态加密、秘密分享或采用其他安全计算方式实现。第一误差分片<E> 1的转置<E> 1 T与第二特征矩阵X B的乘积记为第二梯度第二部分<G B> 2,即: In step S44, the second party B uses the second feature matrix X B held by the second party B to perform a safety matrix multiplication with the first error slice <E> 1 held by the first party A. Secure matrix multiplication can be implemented by homomorphic encryption, secret sharing or other secure calculation methods. The first fragment error <E> permutation 1 <E> T 1 and the second feature matrix X B product referred to as a second gradient of the second portion <G B> 2, namely:
<G B> 2=<E> 1 X B <G B > 2 =<E> 1 X B
则通过步骤S44的安全矩阵乘法,第二方B得到第二梯度第二部分<G B> 2的第二分片<<G B> 2> 2,第一方A得到第二梯度第二部分<G B> 2的第一分片<<G B> 2> 1,两个分片之和为第二梯度第二部分。 Then through the safety matrix multiplication of step S44, the second party B obtains the second part of the second gradient <G B > 2 <<G B > 2 > 2 , and the first party A obtains the second part of the second gradient The first fragment of <G B > 2 <<G B > 2 > 1 , the sum of the two fragments is the second part of the second gradient.
需要理解,以上的各个步骤S41-S44,可以以任意的先后顺序执行。It should be understood that the above steps S41-S44 can be performed in any order.
至此,实现了对于梯度分片的计算。接着,进入迭代的第四子阶段,参数更新。在该阶段中,各方根据自己得到的梯度分片,更新自己维护的参数分片。参数更新阶段包括以下步骤。So far, the calculation of gradient slicing is realized. Then, enter the fourth sub-phase of the iteration, parameter update. In this stage, each party updates the parameter shards maintained by themselves according to the gradient shards obtained by themselves. The parameter update phase includes the following steps.
在步骤S51,第一方A根据步骤S41计算的第一梯度第一部分<G A> 1和步骤S42得到的第一梯度第二部分的第一分片<<G A> 2> 1,更新第一参数第一分片<W A> 1In step S51, the first portion of the first gradient of the first party A calculated according to step S41 <G A> 1 obtained in step S42 and the first slice << G A second portion of the first gradient>2> 1, the first update One parameter first fragment <W A > 1 .
具体地,将第一梯度第一部分<G A> 1和第一梯度第二部分的第一分片<<G A> 2> 1之和与预设步长α的乘积,作为调整量,通过减去该调整量,更新第一参数第一分片<W A> 1,这可以表示为: Specifically, the product of the sum of the first part of the first gradient <G A > 1 and the first slice of the second part of the first gradient <<G A > 2 > 1 and the preset step size α is used as the adjustment amount, and the Subtract the adjustment amount, update the first parameter, the first slice <W A > 1 , which can be expressed as:
<W A> 1←<W A> 1-α(<G A> 1+<<G A> 2> 1) <W A > 1 ←<W A > 1 -α(<G A > 1 +<<G A > 2 > 1 )
在步骤S52,第一方A根据步骤S44得到的第二梯度第二部分的第一分片<<G B> 2> 1,更新第二参数第一分片<W B> 1,这可以表示为: In step S52, the first party A updates the first segment of the second parameter <W B > 1 according to the first segment of the second part of the second gradient <<G B > 2 > 1 obtained in step S44, which can mean for:
<W B> 1←<W B> 1-α<<G B> 2> 1 <W B > 1 ←<W B > 1 -α<<G B > 2 > 1
在步骤S53,第二方B根据步骤S43计算的第二梯度第一部分<G B> 1和步骤S44得到的第二梯度第二部分的第二分片<<G B> 2> 2,更新第二参数第二分片<W B> 2In step S53, the second party B updates the first part of the second gradient <G B > 1 calculated in step S43 and the second segment of the second part of the second gradient <<G B > 2 > 2 obtained in step S44. The second segment with two parameters <W B > 2 .
具体地,将第二梯度第一部分<G B> 1和第二梯度第二部分的第二分片<<G B> 2> 2之和与预设步长α的乘积,作为调整量,通过减去该调整量,更新第二参数第二分片<W B> 2,这可以表示为: Specifically, the product of the sum of the first part of the second gradient <G B > 1 and the second segment of the second part of the second gradient <<G B > 2 > 2 and the preset step size α is used as the adjustment amount, and Subtract the adjustment amount and update the second parameter of the second segment <W B > 2 , which can be expressed as:
<W B> 2←<W B> 2-α(<G B> 1+<<G B> 2> 2) <W B > 2 ←<W B > 2 -α(<G B > 1 +<<G B > 2 > 2 )
在步骤S54,第二方B根据步骤S42得到的第一梯度第二部分的第二分片<<G A> 2> 2,更新第一参数第二分片<W A> 2,这可以表示为: In step S54, the second party B updates the first parameter and the second segment <W A > 2 according to the second segment <<G A > 2 > 2 of the second part of the first gradient obtained in step S42, which can mean for:
<W A> 2←<W A> 2-α<<G A> 2> 2 <W A > 2 ←<W A > 2 -α<<G A > 2 > 2
可以理解,以上的步骤S51-S54之间,可以以任意的先后顺序执行,或者并行执行。It can be understood that the above steps S51-S54 can be executed in any order, or executed in parallel.
可以看到,对于第一参数部分W A的更新由双方共同完成,其中第一方A更新第一参数第一分片<W A> 1,第二方B更新第一参数第二分片<W A> 2,两方共同更新的总和为: It can be seen that the update of the first parameter part W A is jointly completed by both parties, where the first party A updates the first parameter first fragment <W A > 1 , and the second party B updates the first parameter second fragment < W A > 2 , the sum of the two parties' common update is:
<G A> 1+<<G A> 2> 1+<<G A> 2> 2=<G A> 1+<G A> 2 <G A > 1 +<<G A > 2 > 1 +<<G A > 2 > 2 =<G A > 1 +<G A > 2
=<E> 1 X A+<E> 2 X A =<E> 1 X A +<E> 2 X A
=E X A =E X A
即,误差向量(的转置)与第一特征矩阵X A的乘积。 That is, the product of (transpose of) the error vector and the first feature matrix X A.
对于第二参数部分W B的更新由双方共同完成,其中第二方B更新第二参数第二分片<W B> 2,第一方A更新第二参数第一分片<W B> 1,两方共同更新的总和为: The update of the second parameter part W B is jointly completed by both parties, where the second party B updates the second parameter second segment <W B > 2 , and the first party A updates the second parameter first segment <W B > 1 , The sum of the two parties’ updates is:
<G B> 1+<<G B> 2> 2+<<G B> 2> 1=<G B> 1+<G B> 2 <G B > 1 +<<G B > 2 > 2 +<<G B > 2 > 1 =<G B > 1 +<G B > 2
=<E> 1 X B+<E> 2 X B =<E> 1 X B +<E> 2 X B
=E X B =E X B
即,误差向量(的转置)与第二特征矩阵X B的乘积。 That is, the product of the error vector (transpose of) and the second feature matrix X B.
但是,在每轮迭代后,双方无需交换更新后的参数分片,而是继续进行下一轮迭代,也就是回到步骤S21,基于更新后的参数分片,再次执行第一子阶段。如此,在迭代过程中,任意一方都不具有完整的模型参数,也不交换特征矩阵的明文信息,高强度确保了隐私数据的安全。However, after each round of iteration, the two parties do not need to exchange updated parameter fragments, but continue to the next iteration, that is, return to step S21, and execute the first sub-phase again based on the updated parameter fragments. In this way, in the iterative process, neither party has complete model parameters, nor does it exchange the plaintext information of the feature matrix, which ensures the security of private data with high strength.
直到整个迭代过程结束,例如达到了预设迭代次数,或达到了预定收敛条件,进入模型重构阶段。Until the end of the entire iteration process, for example, the preset number of iterations is reached, or the predetermined convergence condition is reached, the model reconstruction phase is entered.
在模型重构阶段,第一方A将其迭代维护的第二参数第一分片<W B> 1发送给第二方B;第二方B将其迭代维护的第一参数第二分片<W A> 2发送给第一方A。 In the model reconstruction phase, the first party A sends its iteratively maintained second parameter first fragment <W B > 1 to the second party B; the second party B will iteratively maintain the first parameter second fragment <W A > 2 is sent to the first party A.
第一方A基于其自身维护的第一参数第一分片<W A> 1和第二方发送的第一参数第二分片<W A> 2,重构得到训练后的第一参数部分W AThe first party A reconstructs the first parameter part after training based on the first parameter first fragment <W A > 1 maintained by itself and the first parameter second fragment <W A > 2 sent by the second party W A.
第二方B基于其自身维护的第二参数第二分片<W B> 2和第一方发送的第二参数第一分片<W B> 1,重构得到训练后的第二参数部分W BBased on the second parameter second fragment <W B > 2 maintained by the second party itself and the second parameter first fragment <W B > 1 sent by the first party, the second parameter part after training is reconstructed W B.
至此,第一方A和第二方B共同完成了线性回归模型的训练,分别各自得到了用于处理其对应特征部分的模型参数部分W A和W BThus, the first party the second party A and B have completed the training linear regression model, the model parameters obtained were each portion W A and W B used to treat the corresponding characteristic portion.
回顾整个训练过程可以看到,双方不仅不进行特征数据的明文交换,其模型参数部分也拆分为参数分片,各自只维护分片参数的迭代更新,直到迭代结束,才会重构得到模型参数。由于迭代过程中各方仅维护参数的分片,交换一些分片结果,而基于这些分片结果几乎不可能反推出隐私数据的有用信息,如此,极大地增强了联合训练过程中,隐私数据的安全性。Looking back at the entire training process, it can be seen that the two parties not only do not exchange the plaintext of the feature data, but also split the model parameters into parameter shards, and each only maintains the iterative update of the sharding parameters. The model will not be reconstructed until the end of the iteration. parameter. In the iterative process, all parties only maintain parameter shards and exchange some sharding results, and it is almost impossible to infer useful information about private data based on these sharding results. This greatly enhances the privacy data in the joint training process. safety.
以上结合图2线性回归模型的联合训练进行了详细描述。下面描述逻辑回归模型的场景。本领域技术人员了解,在使用逻辑回归模型作为业务预测模型的情况下,预测值可表示为:
Figure PCTCN2021086273-appb-000011
可以看到,逻辑回归模型的预测值是基于非线性的sigmoid函数的,而非线性函数不利于秘密分享等安全计算。 The joint training of the linear regression model in Figure 2 is described in detail above. The following describes the scenario of the logistic regression model. Those skilled in the art understand that when a logistic regression model is used as a business prediction model, the predicted value can be expressed as:
Figure PCTCN2021086273-appb-000011
It can be seen that the predicted value of the logistic regression model is based on the non-linear sigmoid function, and the non-linear function is not conducive to secure calculations such as secret sharing.
因此,在逻辑回归模型的情况下,为了便于进行线性计算,可以将其中的sigmoid 函数进行泰勒Taylor展开。具体的,sigmod函数1/(1+e^x)可以进行以下泰勒分解:Therefore, in the case of a logistic regression model, in order to facilitate linear calculation, the sigmoid function can be expanded by Taylor Taylor. Specifically, the sigmod function 1/(1+e^x) can perform the following Taylor decomposition:
Figure PCTCN2021086273-appb-000012
Figure PCTCN2021086273-appb-000012
相应的,逻辑回归预测值可以展开为:Correspondingly, the predicted value of logistic regression can be expanded into:
Figure PCTCN2021086273-appb-000013
Figure PCTCN2021086273-appb-000013
将以上预测值展开式代入公式(1)中可以得到梯度的形式,比如1阶展开下,梯度形式为Substituting the above predicted value expansion into formula (1), the gradient form can be obtained. For example, under the first-order expansion, the gradient form is
Figure PCTCN2021086273-appb-000014
Figure PCTCN2021086273-appb-000014
三阶展开的梯度形式为The gradient form of the third-order expansion is
Figure PCTCN2021086273-appb-000015
Figure PCTCN2021086273-appb-000015
如此,通过泰勒Taylor展开,将逻辑回归的预测值转换成了可以使用同态加密的方案。于是,可对图2所示的方案过程稍作修改,使得训练过程适用于逻辑回归模型。In this way, through Taylor Taylor expansion, the predicted value of logistic regression is converted into a scheme that can use homomorphic encryption. Therefore, the program process shown in Figure 2 can be slightly modified to make the training process suitable for the logistic regression model.
图4示出根据另一个实施例的双方联合训练逻辑回归模型的过程示意图。图4的训练过程与图2基本相同,只是在步骤S32和步骤S33,计算加密误差分片时,根据sigmoid函数的泰勒展开形式,基于第一乘积分片<Z> 1和第二乘积分片<Z> 2分别得到预测结果的第一部分和第二部分,再与第一标签分片<Y> 1和第二标签分片<Y> 2对应相减,得到第一误差分片<E> 1和第二误差分片<E> 2Fig. 4 shows a schematic diagram of a process of joint training of a logistic regression model by two parties according to another embodiment. The training process of Fig. 4 is basically the same as that of Fig. 2, except that in step S32 and step S33, when calculating the encryption error fragments, according to the Taylor expansion form of the sigmoid function, based on the first multiplying integral piece <Z> 1 and the second multiplying integral piece <Z> 2 Obtain the first part and the second part of the prediction result respectively, and then subtract correspondingly with the first label segment <Y> 1 and the second label segment <Y> 2 to obtain the first error segment <E> 1 and the second error slice <E> 2 .
在采用1阶泰勒展开的情况下,根据公式(4),预测结果可以表示为:0.5+0.25(<Z> 1+<Z> 2),相应可以将预测结果拆分为第一部分0.25+0.25<Z> 1和第二部分0.25+0.25<Z> 2,进而得到第一误差分片<E> 1=0.25+0.25<Z> 1-<Y> 1和第二误差分片<E> 2=0.25+0.25<Z> 2-<Y> 2。可以理解,对于其中0.5的还分还可以有其他方式,如-0.1+0.6,或0+0.5等。因此,可以得到逻辑回归下的近似误差向量的误差分片。 In the case of using the first-order Taylor expansion, according to formula (4), the prediction result can be expressed as: 0.5+0.25(<Z> 1 +<Z> 2 ), and the prediction result can be split into the first part 0.25+0.25 accordingly <Z> 1 and the second part 0.25+0.25<Z> 2 , and then get the first error segment <E> 1 =0.25+0.25<Z> 1 -<Y> 1 and the second error segment <E> 2 =0.25+0.25<Z> 2 -<Y> 2 . It can be understood that there can be other ways to divide 0.5 among them, such as -0.1+0.6, or 0+0.5. Therefore, the error fragments of the approximate error vector under logistic regression can be obtained.
其他训练步骤均与图2相同。The other training steps are the same as in Figure 2.
在采用多阶泰勒展开的情况下,还需要进一步得到wx的多阶计算结果,即多阶乘积结果Z k的乘积分片。具体地,首先,根据sigmoid函数的多阶泰勒展开形式,第一方A计算第一乘积分片<Z> 1的多次方,得到第一分片多次方{<Z> 1 k|k>2,k∈N*}(其中k为多阶泰勒展开的阶数),第二方B计算第二乘积分片<Z> 1的多次方,得到第二分片多次方{<Z> 2 k|k>2,k∈N*};接着,第一方A利用第一乘积分片<Z> 1和第一分片 多次方中的一部分{<Z> 1 k-1|k>2,k∈N*},与第二方B中的第二乘积分片<Z> 2和第二分片多次方中的一部分{<Z> 2 k-1|k>2,k∈N*}进行多次的安全矩阵乘法,由此,第一方A得到多次矩阵乘法结果对应的多个第一多阶乘积分片,第二方B得到该多次矩阵乘法结果对应的多个第二多阶乘积分片;然后,第一方A根据第一乘积分片<Z> 1、第一分片多次方{<Z> 1 k|k>2,k∈N*}和多个第一多阶乘积分片,确定针对预测结果的第一部分,再从中减去第一标签分片<Y> 1,得到第一误差分片<E> 1,第二方B根据第二乘积分片<Z> 2、第二分片多次方{<Z> 2 k|k>2,k∈N*}和多个第二多阶乘积分片,确定针对预测结果的第二部分,再从中减去第二标签分片<Y> 2,得到第二误差分片<E> 2In the case of adopting the multi-order Taylor expansion, it is also necessary to further obtain the multi-order calculation result of wx, that is, the multiplication-integral piece of the multi-order product result Z k. Specifically, first, according to the multi-order Taylor expansion form of the sigmoid function, the first party A calculates the first multiplier of the integral piece <Z> 1 to obtain the first piece of multiplicity {<Z> 1 k |k >2, k∈N*} (where k is the order of multi-order Taylor expansion), the second party B calculates the second multiplier integral piece <Z> the multiplicity of 1 , and obtains the second multiplicity of shard {<Z> 2 k |k>2, k∈N*}; then, the first party A uses the first multiplication integral piece <Z> 1 and a part of the first piece multiplier {<Z> 1 k-1 |k>2, k∈N*}, and the second multiplication integral piece <Z> 2 in the second party B and a part of the second multiplication square {<Z> 2 k-1 |k>2 ,K∈N*} perform multiple safe matrix multiplications, thus, the first party A obtains multiple first multifactorial integral pieces corresponding to the multiple matrix multiplication results, and the second party B obtains the multiple matrix multiplication results corresponding to Multiple second multi-factorial integral pieces of; then, the first party A according to the first multiplier integral piece <Z> 1 , the first multiple of the first piece {<Z> 1 k |k>2, k∈N*} And multiple first multi-factorial integral slices, determine the first part of the prediction result, and then subtract the first label slice <Y> 1 from it to obtain the first error slice <E> 1 , and the second party B according to the second Multiply the integral piece <Z> 2 , the second slicing multiplicity {<Z> 2 k |k>2, k∈N*} and multiple second multi-factorial integral pieces to determine the second part of the prediction result, Then subtract the second label segment <Y> 2 from it to obtain the second error segment <E> 2 .
具体的,例如采用3阶展开的情况下,即k=3,根据3阶泰勒展开式:Specifically, for example, when the third-order expansion is adopted, that is, k=3, according to the third-order Taylor expansion:
(<Z> 1+<Z> 2) 3=<Z> 1 3+3<Z> 1 <Z> 2+3<Z> 1 ˙<Z> 2 2+<Z> 2 3, (<Z> 1 +<Z> 2 ) 3 =<Z> 1 3 +3<Z> 1 <Z> 2 +3<Z> 1 ˙ <Z> 2 2 +<Z> 2 3 ,
第一方A在得到第一乘积分片<Z> 1后,还需本地计算<Z> 1 2和<Z> 1 3,第二方B在得到第二乘积分片<Z> 2后,还需本地计算<Z> 2 2和<Z> 2 3,然后,第一方A利用<Z> 1 2与第二方B中的<Z> 2进行安全矩阵乘法,两方分别得到多阶乘积分片<<Z> 1 <Z> 2> 1和多阶乘积分片<<Z> 1 <Z> 2> 2,并且,第一方A利用<Z> 1与第二方B中的<Z> 2 2进行安全矩阵乘法,两方分别得到多阶乘积分片<<Z> 1 ˙<Z> 2 2> 1和多阶乘积分片<<Z> 1 ˙<Z> 2 2> 2After the first party A obtains the first multiplying integral piece <Z> 1 , it needs to calculate <Z> 1 2 and <Z> 1 3 locally, and the second party B obtains the second multiplying integral piece <Z> 2 , Also need to calculate <Z> 2 2 and <Z> 2 3 locally. Then, the first party A uses <Z> 1 2 and the second party B's <Z> 2 to perform a safe matrix multiplication, and the two parties get the multifactorial respectively Integral piece <<Z> 1 <Z> 2 > 1 and multi-factorial integral piece <<Z> 1 <Z> 2 > 2 , and the first party A uses <Z> 1 and the second party B In <Z> 2 2 for safe matrix multiplication, the two parties get the multi-factorial integral piece<<Z> 1 ˙ <Z> 2 2 > 1 and the multi-factorial integral piece<<Z> 1 ˙ <Z> 2 2 > 2 .
进一步地,第一方A可以通过下式计算出<E> 1Further, the first party A can calculate <E> 1 by the following formula:
<E> 1=1/2+<Z> 1/4-(<Z> 1 3+3<<Z> 1 <Z> 2> 1+3<<Z> 1 ˙<Z> 2 2> 1)/48-<Y> 1<E> 1 =1/2+<Z> 1 /4-(<Z> 1 3 +3<<Z> 1 <Z> 2 > 1 +3<<Z> 1 ˙ <Z> 2 2 > 1 )/48-<Y>1;
第二方A通过下式计算出<E> 2The second party A calculates <E> 2 by the following formula:
<E> 2=<Z> 2/4-(<Z> 1 3+3<<Z> 1 <Z> 2> 2+3<<Z> 1 ˙<Z> 2 2> 2)/48-<Y> 2<E> 2 =<Z> 2 /4-(<Z> 1 3 +3<<Z> 1 <Z> 2 > 2 +3<<Z> 1 ˙ <Z> 2 2 > 2 )/ 48-<Y> 2 .
如此,可以实现在多阶泰勒展开的情况下,计算出第一误差分片<E> 1和第二误差分片<E> 2In this way, in the case of multi-order Taylor expansion, the first error fragment <E> 1 and the second error fragment <E> 2 can be calculated.
可以理解,泰勒展开的阶数越高,结果越准确,但是计算的复杂度越高。如此,对于用逻辑回归模型实现的业务预测模型,通过以上描述的方式,实现保护数据隐私的双方联合训练。It can be understood that the higher the order of Taylor expansion, the more accurate the result, but the higher the computational complexity. In this way, for the business prediction model implemented by the logistic regression model, the two-party joint training to protect data privacy can be realized through the method described above.
以上训练方式也适用于通过神经网络实现的业务预测模型。对于典型的前馈全连接神经网络而言,每个神经元与其前一层的各个神经元以不同的权重相连接。于是,前一层各个神经元的输出可视为特征数据,特征数据分布于双方之中;连接权重可视为 模型参数部分,用于以线性组合的方式处理对应的特征数据。从而,可将前述训练过程应用于神经网络中每个神经元的参数训练,实现神经网络模型的双方联合安全训练。The above training methods are also applicable to business prediction models implemented by neural networks. For a typical feedforward fully connected neural network, each neuron is connected to each neuron in the previous layer with different weights. Therefore, the output of each neuron in the previous layer can be regarded as feature data, and the feature data is distributed among the two sides; the connection weight can be regarded as the model parameter part, which is used to process the corresponding feature data in a linear combination. Therefore, the aforementioned training process can be applied to the parameter training of each neuron in the neural network to realize the joint safety training of both parties of the neural network model.
总体而言,对于各种以特征数据与模型参数之间的线性组合为基础的业务预测模型,都可以采用以上描述的训练方式。在该训练方式中,通过参数的分片维护,高强度确保了隐私数据不会被泄露或反推,保证了数据安全。In general, for various business prediction models based on linear combinations of feature data and model parameters, the training methods described above can be used. In this training method, through the fragmented maintenance of parameters, high strength ensures that private data will not be leaked or reversed, and data security is ensured.
根据另一方面的实施例,提供了一种保护数据隐私的双方联合训练业务预测模型的装置,第二方可以实现为任何具有计算、处理能力的设备、平台或设备集群。图5示出根据一个实施例的部署在第二方中的联合训练装置的示意性框图。如图5所示,该装置500包括迭代单元510,用于多次迭代执行模型参数更新。该迭代单元510进一步包括:According to another embodiment, there is provided an apparatus for both parties to jointly train a business prediction model to protect data privacy. The second party can be implemented as any device, platform or device cluster with computing and processing capabilities. Fig. 5 shows a schematic block diagram of a joint training device deployed in a second party according to an embodiment. As shown in FIG. 5, the device 500 includes an iterative unit 510 for performing model parameter update multiple times. The iteration unit 510 further includes:
乘积分片确定单元511,配置为基于本地维护的第一参数第二分片和第二参数第二分片,通过本地矩阵乘法以及与所述第一方的安全矩阵乘法运算,计算得到第二乘积分片;其中,第一参数第二分片是用于处理所述第一特征部分的第一参数部分W A的第二分片,第二参数第二分片是用于处理所述第二特征部分的第二参数部分W B的第二分片。 The multiplying integral piece determining unit 511 is configured to calculate the second piece based on the locally maintained first parameter second piece and the second parameter second piece through local matrix multiplication and the safe matrix multiplication with the first party. Multiply the integral slice; wherein the second slice of the first parameter is the second slice used to process the first parameter part W A of the first characteristic part, and the second slice of the second parameter is used to process the first parameter part W A The second segment of the second parameter part W B of the two characteristic part.
误差分片确定单元512,配置为对所述标签向量Y进行秘密分享,得到第二标签分片,并基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片。The error segment determination unit 512 is configured to secretly share the tag vector Y to obtain a second tag segment, and subtract the second tag segment based on the second multiplication-integral segment to obtain a second tag segment. Error fragmentation.
梯度分片确定单元513,配置为本地计算所述第二误差分片和第二特征矩阵X B的乘积,得到第二梯度第一部分;以及用所述第二特征矩阵X B,与所述第一方中的第一误差分片进行安全矩阵乘法,得到第二梯度第二部分的第二分片,并从所述第一方接收第一梯度第二部分的第二分片。 Gradient fragmentation determination unit 513, configured to calculate the local error of the second sheet and the second partial product feature matrix X B to obtain a first portion of a second gradient; and with the second feature matrix X B, with the first The first error segment in one party performs a security matrix multiplication to obtain the second segment of the second part of the second gradient, and receives the second segment of the second part of the first gradient from the first party.
参数更新单元514,配置为根据所述第二梯度第一部分和所述第二梯度第二部分的第二分片,更新所述第二参数第二分片;根据所述第一梯度第一部分的第一分片,更新所述第一参数第二分片。The parameter update unit 514 is configured to update the second parameter second slice according to the first part of the second gradient and the second slice of the second part of the second gradient; according to the second slice of the first part of the first gradient The first fragment, the second fragment is updated with the first parameter.
在一个实施例中,上述装置500还包括初始化单元520,配置为:初始化所述第二参数部分W B,通过秘密分享将其拆分为第二参数第一分片和第二参数第二分片,保留所述第二参数第二分片,将所述第二参数第一分片发送给第一方;从第一方接收对所述第一参数部分W A秘密分享的第一参数第二分片。 In one embodiment, the above-mentioned apparatus 500 further includes an initialization unit 520 configured to initialize the second parameter part W B , and split it into a second parameter first segment and a second parameter second segment through secret sharing. sheet, retaining the second parameter of the second fragment, transmits the first fragment of the second parameter to the first party; receiving from the first party to the first parameter W a portion of the first secret sharing parameter Two slices.
在一个实施例中,上述装置500还包括参数重构单元530,配置为:将最后一次迭代中更新后的所述第一参数第二分片发送给所述第一方,并从所述第一方接收更新后 的第二参数第一分片;将最后一次迭代中更新后的第二参数第二分片,和所接收的第二参数第一分片进行组合,得到所述业务预测模型训练后的第二参数部分W BIn an embodiment, the above-mentioned apparatus 500 further includes a parameter reconstruction unit 530, configured to: send the second segment of the first parameter updated in the last iteration to the first party, and send it from the first party. One party receives the updated first segment of the second parameter; combines the updated second segment of the second parameter in the last iteration with the received first segment of the second parameter to obtain the service prediction model The second parameter part W B after training.
在不同实施例中,前述业务对象包括以下之一:用户,商户,商品,事件;所述业务预测模型用于预测所述业务对象的分类或回归值。In different embodiments, the foregoing business objects include one of the following: users, merchants, commodities, and events; the business prediction model is used to predict the classification or regression value of the business objects.
在一个实施例中,所述业务预测模型为线性回归模型;此时,误差分片确定单元512配置为,计算所述第二乘积分片和所述第二标签分片的差值,作为所述第二误差分片。In one embodiment, the service prediction model is a linear regression model; at this time, the error segment determination unit 512 is configured to calculate the difference between the second multiplication-integral segment and the second label segment as the The second error fragment.
在另一实施例中,所述业务预测模型为逻辑回归模型;此时,误差分片确定单元512配置为,根据sigmoid函数的泰勒展开形式,基于所述第二乘积分片得到第二预测结果分片,计算所述第二预测结果分片和所述第二标签分片的差值,作为所述第二误差分片。In another embodiment, the business prediction model is a logistic regression model; at this time, the error segment determination unit 512 is configured to obtain a second prediction result based on the second multiplication and integration segment according to the Taylor expansion form of the sigmoid function Fragment, calculating the difference between the second prediction result fragment and the second label fragment as the second error fragment.
进一步的,在一个具体的实施例中,乘积分片确定单元511还配置为,计算所述第二乘积分片的多次方,得到第二分片多次方;利用所述第二乘积分片与所述第二分片多次方,跟所述第一方中的第一乘积分片和第一分片多次方进行多次安全矩阵乘法运算,得到多个第二多阶乘积分片;相应地,误差分片确定单元512配置为,根据sigmoid函数的多阶泰勒展开形式,利用所述第二乘积分片、所述第二分片多次方和多个第二多阶乘积分片,确定所述第二预测结果分片,计算所述第二预测结果分片和所述第二标签分片的差值,作为所述第二误差分片。Further, in a specific embodiment, the multiplier-integral piece determining unit 511 is further configured to calculate the multiplier of the second multiplier-integral piece to obtain the second multiplier of the multiplier; The slice and the second sharding multiplier, and the first multiplication integral slice and the first slicing multiplier in the first side perform multiple security matrix multiplication operations to obtain multiple second multifactorial integral slices Correspondingly, the error slice determination unit 512 is configured to use the second multiplier integral slice, the second slice multiplier and multiple second multifactorial integral slices according to the multi-order Taylor expansion form of the sigmoid function , Determining the second prediction result segment, and calculating the difference between the second prediction result segment and the second label segment as the second error segment.
在一个实施例中,上述乘积分片确定单元511具体配置为:用所述第一参数第二分片,与所述第一方中的第一特征矩阵X A进行安全矩阵乘法,得到第一特征第二处理结果的第二分片;本地计算第二特征矩阵X B与第二参数第二分片的乘积,得到第二特征第一处理结果;用所述第二特征矩阵X B,与所述第一方中的第二参数第一分片进行安全矩阵乘法,得到第二特征第二处理结果的第二分片;对所述第一特征第二处理结果的第二分片,所述第二特征第一处理结果,所述第二特征第二处理结果的第二分片进行加和,得到所述第二乘积分片。 In one embodiment, the above-mentioned multiplying-integral piece determining unit 511 is specifically configured to: use the first parameter second piece to perform security matrix multiplication with the first feature matrix X A in the first party to obtain the first The second segment of the feature second processing result; the product of the second feature matrix X B and the second segment of the second parameter is locally calculated to obtain the second feature first processing result; using the second feature matrix X B , and Perform security matrix multiplication on the first segment of the second parameter in the first party to obtain the second segment of the second processing result of the second feature; for the second segment of the second processing result of the first feature, so According to the first processing result of the second characteristic, the second slices of the second processing result of the second characteristic are added to obtain the second multiplication-integral slice.
在一个具体的实施例中,上述参数更新单元514配置为,将所述第二梯度第一部分和第二梯度第二部分的第二分片之和与预设步长的乘积,作为调整量,通过减去所述调整量,更新所述第二参数第二分片。In a specific embodiment, the above-mentioned parameter update unit 514 is configured to use the product of the sum of the first part of the second gradient and the second part of the second part of the second gradient and the preset step length as the adjustment amount, By subtracting the adjustment amount, the second segment of the second parameter is updated.
根据又一方面的实施例,提供了一种双方联合训练业务预测模型的装置,该装 置可以部署在前述的第一方中,该第一方可以实现为任何具有计算、处理能力的设备、平台或设备集群。如前所述,第一方中存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y。图6示出根据一个实施例的部署在第一方中的联合训练装置的示意性框图。如图6所示,该装置600包括迭代单元610,用于多次迭代执行模型参数更新。该迭代单元610进一步包括: According to another embodiment, there is provided a device for two parties to jointly train a business prediction model. The device can be deployed in the aforementioned first party, and the first party can be implemented as any device or platform with computing and processing capabilities. Or device cluster. As mentioned above, the first party stores the first feature matrix X A formed by the first feature parts of the multiple business objects; the second party stores the second features formed by the second feature parts of the multiple business objects Matrix X B , and label vector Y composed of label values. Fig. 6 shows a schematic block diagram of a joint training device deployed in a first party according to an embodiment. As shown in Fig. 6, the device 600 includes an iterative unit 610 for performing model parameter update multiple iterations. The iteration unit 610 further includes:
乘积分片确定单元611,配置为基于本地维护的第一参数第一分片和第二参数第一分片,通过本地矩阵乘法以及与所述第二方的安全矩阵乘法运算,计算得到第一乘积分片;其中,第一参数第一分片是用于处理所述第一特征部分的第一参数部分W A的第一分片,第二参数第一分片是用于处理所述第二特征部分的第二参数部分W B的第一分片。 The multiplying-integral piece determining unit 611 is configured to calculate the first piece based on the locally maintained first parameter first piece and the second parameter first piece through local matrix multiplication and the safe matrix multiplication with the second party. Multiply the integral slice; wherein the first parameter first slice is the first slice used to process the first parameter part W A of the first characteristic part, and the second parameter first slice is used to process the first parameter part W A The first segment of the second parameter part W B of the two characteristic part.
误差分片确定单元612,从所述第二方接收对所述标签向量Y秘密分享的第一标签分片,并基于所述第一乘积分片对所述第一标签分片进行相减,得到第一误差分片。The error segment determination unit 612 receives the first tag segment secretly shared with the tag vector Y from the second party, and subtracts the first tag segment based on the first multiplication-integral segment, Obtain the first error fragment.
梯度分片确定单元613,本地计算所述第一误差分片和第一特征矩阵X A的乘积,得到第一梯度第一部分;以及用所述第一特征矩阵X A,与所述第二方中的第二误差分片进行安全矩阵乘法,得到第一梯度第二部分的第一分片,并从所述第二方接收第二梯度第二部分的第一分片。 Gradient fragmentation determination unit 613, the local computing a product of said first error and the first fragment of the feature matrix X A, to obtain a first portion of a first gradient; and using said first feature matrix X A, with the second party Perform security matrix multiplication on the second error fragment in the second part to obtain the first fragment of the second part of the first gradient, and receive the first fragment of the second part of the second gradient from the second party.
参数更新单元614,根据所述第一梯度第一部分和所述第一梯度第二部分的第一分片,更新所述第一参数第一分片;根据所述第二梯度第二部分的第一分片,更新所述第二参数第一分片。The parameter updating unit 614 updates the first parameter first slice according to the first slice of the first part of the first gradient and the first slice of the second part of the first gradient; according to the first slice of the second part of the second gradient One slice, update the first slice with the second parameter.
在一个实施例中,上述装置600还包括初始化单元620,配置为:初始化所述第一参数部分W A,通过秘密分享将其拆分为第一参数第一分片和第一参数第二分片,保留所述第一参数第一分片,将所述第一参数第二分片发送给第二方;从第二方接收对所述第二参数部分W B秘密分享的第二参数第一分片。 In one embodiment, the above-mentioned apparatus 600 further includes an initialization unit 620 configured to initialize the first parameter part W A , and split it into a first parameter first segment and a first parameter second segment through secret sharing. The first segment of the first parameter is reserved, and the second segment of the first parameter is sent to the second party; the second parameter of the second parameter part W B secretly shared from the second party is received One shard.
在一个实施例中,上述装置600还包括参数重构单元630,配置为:将最后一次迭代中更新后的所述第二参数第二分片发送给所述第二方,并从所述第二方接收更新后的第一参数第二分片;将最后一次迭代中更新后的第一参数第一分片,和所接收的第一参数第二分片进行组合,得到所述业务预测模型训练后的第一参数部分W AIn one embodiment, the above-mentioned apparatus 600 further includes a parameter reconstruction unit 630, configured to: send the second segment of the second parameter updated in the last iteration to the second party, and send it from the first The two parties receive the updated first parameter second segment; the updated first parameter first segment in the last iteration and the received first parameter second segment are combined to obtain the service prediction model The first parameter part W A after training.
在不同实施例中,前述业务对象包括以下之一:用户,商户,商品,事件;所述业务预测模型用于预测所述业务对象的分类或回归值。In different embodiments, the foregoing business objects include one of the following: users, merchants, commodities, and events; the business prediction model is used to predict the classification or regression value of the business objects.
在一个实施例中,所述业务预测模型为线性回归模型;此时,误差分片确定单元612配置为,计算所述第一乘积分片和所述第一标签分片的差值,作为所述第一误差分片。In one embodiment, the service prediction model is a linear regression model; at this time, the error segment determination unit 612 is configured to calculate the difference between the first multiplication-integral segment and the first label segment as the The first error fragment.
在另一实施例中,所述业务预测模型为逻辑回归模型;此时,误差分片确定单元612配置为,根据sigmoid函数的泰勒展开形式,基于所述第一乘积分片得到第一预测结果分片,计算所述一预测结果分片和所述第一标签分片的差值,作为所述第二误差分片。In another embodiment, the business prediction model is a logistic regression model; at this time, the error fragment determination unit 612 is configured to obtain the first prediction result based on the first multiplication and integration fragment according to the Taylor expansion form of the sigmoid function Fragmentation, calculating the difference between the one prediction result fragment and the first label fragment as the second error fragment.
进一步的,在一个具体的实施例中,乘积分片确定单元611还配置为,计算所述第一乘积分片的多次方,得到第一分片多次方;利用所述第一乘积分片与所述第一分片多次方,跟所述第二方中的第二乘积分片和第二分片多次方进行多次安全矩阵乘法运算,得到多个第一多阶乘积分片;相应地,误差分片确定单元612配置为,根据sigmoid函数的多阶泰勒展开形式,利用所述第一乘积分片、所述第一分片多次方和多个第一多阶乘积分片,确定所述第二预测结果分片。Further, in a specific embodiment, the multiplication-integral piece determining unit 611 is further configured to calculate the multiplier of the first multiplier-integral piece to obtain the first multiplier of the multiplier; The slice and the first multi-factorial multiplication, and the second multiplication integral slice and the second multiplication multiplier in the second party perform multiple security matrix multiplication operations to obtain multiple first multi-factorial integral slices Correspondingly, the error piece determination unit 612 is configured to use the first multiplier-integral piece, the first multiplier of the first piece and multiple first multi-factorial integral pieces according to the multi-order Taylor expansion form of the sigmoid function , Determine the second prediction result segment.
在一个实施例中,上述乘积分片确定单元611具体配置为:用所述第二参数第一分片,与所述第二方中的第二特征矩阵X B进行安全矩阵乘法,得到第二特征第二处理结果的第一分片;本地计算第一特征矩阵X A与第一参数第一分片的乘积,得到第一特征第一处理结果;用所述第一特征矩阵X A,与所述第二方中的第一参数第二分片进行安全矩阵乘法,得到第一特征第二处理结果的第一分片;对所述第二特征第二处理结果的第一分片,所述第一特征第一处理结果,所述第一特征第二处理结果的第一分片进行加和,得到所述第一乘积分片。 In one embodiment, the above-mentioned multiplication-integral piece determining unit 611 is specifically configured to: use the first piece of the second parameter to perform a security matrix multiplication with the second feature matrix X B in the second party to obtain the second Feature the first segment of the second processing result; locally calculate the product of the first feature matrix X A and the first segment of the first parameter to obtain the first feature first processing result; use the first feature matrix X A , and Perform security matrix multiplication on the second segment of the first parameter in the second party to obtain the first segment of the second processing result of the first feature; for the first segment of the second processing result of the second feature, so According to the first processing result of the first characteristic, the first slices of the second processing result of the first characteristic are added to obtain the first multiplication-integral slice.
在一个具体的实施例中,上述参数更新单元614配置为,将所述第一梯度第一部分和第一梯度第二部分的第一分片之和与预设步长的乘积,作为调整量,通过减去所述调整量,更新所述第一参数第一分片。In a specific embodiment, the aforementioned parameter update unit 614 is configured to use the product of the sum of the first part of the first gradient and the first part of the second part of the first gradient and the preset step length as the adjustment amount, The first segment of the first parameter is updated by subtracting the adjustment amount.
通过以上部署在第一方和第二方中的装置,实现双方的保护数据隐私的安全联合训练。Through the above devices deployed in the first party and the second party, the security joint training of the two parties to protect data privacy is realized.
根据另一方面的实施例,还提供一种计算机可读存储介质,其上存储有计算机程序。当所述计算机程序在计算机中执行时,令计算机执行结合图2到图4所描述方法。According to another embodiment, there is also provided a computer-readable storage medium on which a computer program is stored. When the computer program is executed in the computer, the computer is caused to execute the method described in conjunction with FIG. 2 to FIG. 4.
根据再一方面的实施例,还提供一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现结合图2到图4所 述的方法。According to an embodiment of still another aspect, there is also provided a computing device, including a memory and a processor, the memory stores executable code, and when the processor executes the executable code, a combination of FIGS. 2 to 4 is provided. The method described.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。Those skilled in the art should be aware that, in one or more of the above examples, the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof. When implemented by software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的技术方案的基础之上,所做的任何修改、等同替换、改进等,均应包括在本发明的保护范围之内。The specific embodiments described above further describe the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention. The protection scope, any modification, equivalent replacement, improvement, etc. made on the basis of the technical solution of the present invention shall be included in the protection scope of the present invention.

Claims (20)

  1. 一种保护数据隐私的双方联合训练业务预测模型的方法,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y;所述方法应用于所述第二方,该方法包括,多次迭代执行模型参数更新,其中每次迭代包括: A method for two parties to jointly train a business prediction model to protect data privacy. The two parties include a first party and a second party. The first party stores a first feature matrix X composed of first feature parts of multiple business objects. A ; the second party stores a second feature matrix X B composed of the second feature parts of the multiple business objects, and a label vector Y composed of label values; the method is applied to the second party, the The method includes performing model parameter update multiple iterations, where each iteration includes:
    基于本地维护的第一参数第二分片和第二参数第二分片,通过本地矩阵乘法以及与所述第一方的安全矩阵乘法运算,计算得到第二乘积分片;其中,第一参数第二分片是用于处理所述第一特征部分的第一参数部分W A的第二分片,第二参数第二分片是用于处理所述第二特征部分的第二参数部分W B的第二分片; Based on the locally maintained first parameter second slice and the second parameter second slice, the second multiplication integral slice is calculated through the local matrix multiplication and the safe matrix multiplication with the first party; wherein, the first parameter The second slice is the second slice used to process the first parameter part W A of the first characteristic part, and the second parameter second slice is the second parameter part W A used to process the second characteristic part. The second fragment of B;
    对所述标签向量Y进行秘密分享,得到第二标签分片,并基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片;Performing secret sharing on the label vector Y to obtain a second label fragment, and subtracting the second label fragment based on the second multiplying integral fragment to obtain a second error fragment;
    本地计算所述第二误差分片和第二特征矩阵X B的乘积,得到第二梯度第一部分;以及用所述第二特征矩阵X B,与所述第一方中的第一误差分片进行安全矩阵乘法,得到第二梯度第二部分的第二分片,并从所述第一方接收第一梯度第二部分的第二分片; The local computing fragmentation product of the second error and second characteristic X B matrix to obtain a first portion of a second gradient; and with the second feature matrix X B, the error of the first fragment of a first prescription Performing security matrix multiplication to obtain the second fragment of the second part of the second gradient, and receiving the second fragment of the second part of the first gradient from the first party;
    根据所述第二梯度第一部分和所述第二梯度第二部分的第二分片,更新所述第二参数第二分片;根据所述第一梯度第二部分的第二分片,更新所述第一参数第二分片。According to the second slice of the first part of the second gradient and the second slice of the second part of the second gradient, update the second parameter second slice; according to the second slice of the second part of the first gradient, update The first parameter is the second fragment.
  2. 根据权利要求1所述的方法,在多次迭代执行模型参数更新之前,还包括:The method according to claim 1, before performing model parameter update multiple iterations, further comprising:
    初始化所述第二参数部分W B,通过秘密分享将其拆分为第二参数第一分片和第二参数第二分片,保留所述第二参数第二分片,将所述第二参数第一分片发送给第一方; Initialize the second parameter part W B , split it into a second parameter first fragment and a second parameter second fragment through secret sharing, retain the second parameter second fragment, and divide the second parameter The first fragment of the parameter is sent to the first party;
    从第一方接收对所述第一参数部分W A秘密分享的第一参数第二分片。 Receiving a first secret parameter sharing part W A second fragment of the first parameter from the first party.
  3. 根据权利要求1所述的方法,在多次迭代执行模型参数更新之后,还包括:The method according to claim 1, after performing model parameter update multiple iterations, further comprising:
    将最后一次迭代中更新后的所述第一参数第二分片发送给所述第一方,并从所述第一方接收更新后的第二参数第一分片;Sending the updated second segment of the first parameter in the last iteration to the first party, and receiving the updated first segment of the second parameter from the first party;
    将最后一次迭代中更新后的第二参数第二分片,和所接收的第二参数第一分片进行组合,得到所述业务预测模型训练后的第二参数部分W BCombine the updated second parameter second segment in the last iteration with the received second parameter first segment to obtain the second parameter part W B after the service prediction model is trained.
  4. 根据权利要求1所述的方法,其中,所述业务对象包括以下之一:用户,商户,商品,事件;所述业务预测模型用于预测所述业务对象的分类或回归值。The method according to claim 1, wherein the business object includes one of the following: users, merchants, commodities, and events; and the business prediction model is used to predict the classification or regression value of the business object.
  5. 根据权利要求1所述的方法,其中,所述业务预测模型为线性回归模型;其中基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片,包括:The method according to claim 1, wherein the business prediction model is a linear regression model; wherein the second label fragment is subtracted based on the second multiplier integral fragment to obtain a second error fragment, comprising :
    计算所述第二乘积分片和所述第二标签分片的差值,作为所述第二误差分片。Calculate the difference between the second multiplication-integral slice and the second label slice as the second error slice.
  6. 根据权利要求1所述的方法,其中,所述业务预测模型为逻辑回归模型;其中基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片,包括:The method according to claim 1, wherein the business prediction model is a logistic regression model; wherein the second label fragment is subtracted based on the second multiplier integral fragment to obtain a second error fragment, comprising :
    根据sigmoid函数的泰勒展开形式,基于所述第二乘积分片得到第二预测结果分片,计算所述第二预测结果分片和所述第二标签分片的差值,作为所述第二误差分片。According to the Taylor expansion form of the sigmoid function, a second prediction result segment is obtained based on the second multiplication and integration slice, and the difference between the second prediction result segment and the second label segment is calculated as the second Error fragmentation.
  7. 根据权利要求6所述的方法,其中,在得到第二误差分片之前,所述方法还包括:The method according to claim 6, wherein, before obtaining the second error fragment, the method further comprises:
    计算所述第二乘积分片的多次方,得到第二分片多次方;Calculate the multiplicity of the second multiplication integral slice to obtain the multiplicity of the second slice;
    利用所述第二乘积分片与所述第二分片多次方,跟所述第一方中的第一乘积分片和第一分片多次方进行多次安全矩阵乘法运算,得到多个第二多阶乘积分片;Using the second multiplication-integration piece and the second multiplication factor of the slicing, multiple safe matrix multiplication operations are performed with the first multiplication/integration piece and the first multiplication factor of the first party to obtain the multiplication Second multifactorial integral piece;
    其中,基于所述第二乘积分片得到第二预测结果分片,包括:Wherein, obtaining the second prediction result fragment based on the second multiplying integral fragment includes:
    根据sigmoid函数的多阶泰勒展开形式,利用所述第二乘积分片、所述第二分片多次方和多个第二多阶乘积分片,确定所述第二预测结果分片。According to the multi-order Taylor expansion form of the sigmoid function, the second prediction result fragment is determined by using the second multiplier integral piece, the second multiplier of the second fragment and multiple second multifactorial integral pieces.
  8. 根据权利要求1所述的方法,其中,计算得到第二乘积分片,包括:The method according to claim 1, wherein calculating the second multiplying integral piece comprises:
    用所述第一参数第二分片,与所述第一方中的第一特征矩阵X A进行安全矩阵乘法,得到第一特征第二处理结果的第二分片; Use the first parameter second segment to perform security matrix multiplication with the first feature matrix X A in the first party to obtain the second segment of the first feature second processing result;
    本地计算第二特征矩阵X B与第二参数第二分片的乘积,得到第二特征第一处理结果; Locally calculating the product of the second feature matrix X B and the second segment of the second parameter to obtain the first processing result of the second feature;
    用所述第二特征矩阵X B,与所述第一方中的第二参数第一分片进行安全矩阵乘法,得到第二特征第二处理结果的第二分片; Use the second feature matrix X B to perform a security matrix multiplication with the first segment of the second parameter in the first party to obtain the second segment of the second processing result of the second feature;
    对所述第一特征第二处理结果的第二分片,所述第二特征第一处理结果,所述第二特征第二处理结果的第二分片进行加和,得到所述第二乘积分片。The second segment of the second processing result of the first feature, the first processing result of the second feature, and the second segment of the second processing result of the second feature are added to obtain the second multiplication Integral piece.
  9. 根据权利要求1所述的方法,其中,根据所述第二梯度第一部分和所述第二梯度第二部分的第二分片,更新所述第二参数第二分片,包括:The method according to claim 1, wherein updating the second parameter second slice according to the first part of the second gradient and the second slice of the second part of the second gradient comprises:
    将所述第二梯度第一部分和第二梯度第二部分的第二分片之和与预设步长的乘积,作为调整量,通过减去所述调整量,更新所述第二参数第二分片。The product of the sum of the first part of the second gradient and the second part of the second part of the second gradient and the preset step length is used as the adjustment amount, and the second parameter is updated by subtracting the adjustment amount. Fragmentation.
  10. 一种保护数据隐私的双方联合训练业务预测模型的方法,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y;所述方法应用于所述第二方,该方法包括,多次迭代执行模型参数更新,其中每次迭代包括: A method for two parties to jointly train a business prediction model to protect data privacy. The two parties include a first party and a second party. The first party stores a first feature matrix X composed of first feature parts of multiple business objects. A ; the second party stores a second feature matrix X B composed of the second feature parts of the multiple business objects, and a label vector Y composed of label values; the method is applied to the second party, the The method includes performing model parameter update multiple iterations, where each iteration includes:
    基于本地维护的第一参数第一分片和第二参数第一分片,通过本地矩阵乘法以及与 所述第二方的安全矩阵乘法运算,计算得到第一乘积分片;其中,第一参数第一分片是用于处理所述第一特征部分的第一参数部分W A的第一分片,第二参数第一分片是用于处理所述第二特征部分的第二参数部分W B的第一分片; Based on the first segment of the first parameter maintained locally and the first segment of the second parameter, the first multiplication-integral segment is calculated through the local matrix multiplication and the security matrix multiplication with the second party; wherein, the first parameter The first slice is the first slice used to process the first parameter part W A of the first characteristic part, and the second parameter first slice is the second parameter part W A used to process the second characteristic part. The first fragment of B;
    从所述第二方接收对所述标签向量Y秘密分享的第一标签分片,并基于所述第一乘积分片对所述第一标签分片进行相减,得到第一误差分片;Receiving, from the second party, a first label fragment secretly shared with the label vector Y, and subtracting the first label fragment based on the first multiplication-integral fragment to obtain a first error fragment;
    本地计算所述第一误差分片和第一特征矩阵X A的乘积,得到第一梯度第一部分;以及用所述第一特征矩阵X A,与所述第二方中的第二误差分片进行安全矩阵乘法,得到第一梯度第二部分的第一分片,并从所述第二方接收第二梯度第二部分的第一分片; The product of the first local computing error and the first slice of the feature matrix X A, to obtain a first portion of a first gradient; and using said first feature matrix X A, and the second error of the second party fragment Performing security matrix multiplication to obtain the first fragment of the second part of the first gradient, and receiving the first fragment of the second part of the second gradient from the second party;
    根据所述第一梯度第一部分和所述第一梯度第二部分的第一分片,更新所述第一参数第一分片;根据所述第二梯度第二部分的第一分片,更新所述第二参数第一分片。According to the first slice of the first part of the first gradient and the first slice of the second part of the first gradient, update the first slice of the first parameter; according to the first slice of the second part of the second gradient, update The second parameter is the first fragment.
  11. 根据权利要求10所述的方法,在多次迭代执行模型参数更新之前,还包括:The method according to claim 10, before performing the model parameter update for multiple iterations, further comprising:
    初始化所述第一参数部分W A,通过秘密分享将其拆分为第一参数第一分片和第一参数第二分片,保留所述第一参数第一分片,将所述第一参数第二分片发送给第二方; Initializing the first parameter part W A, a secret shared by a first parameter which is split into a first slice and a second slice of the first parameter, the first parameter of the first retention fragments, the first The second fragment of the parameter is sent to the second party;
    从第二方接收对所述第二参数部分W B秘密分享的第二参数第一分片。 Receive the first fragment of the second parameter secretly shared with the second parameter part W B from the second party.
  12. 根据权利要求10所述的方法,在多次迭代执行模型参数更新之后,还包括:The method according to claim 10, after performing model parameter update for multiple iterations, further comprising:
    将最后一次迭代中更新后的所述第二参数第二分片发送给所述第二方,并从所述第二方接收更新后的第一参数第二分片;Sending the updated second segment of the second parameter in the last iteration to the second party, and receiving the updated second segment of the first parameter from the second party;
    将最后一次迭代中更新后的第一参数第一分片,和所接收的第一参数第二分片进行组合,得到所述业务预测模型训练后的第一参数部分W AThe updated after the last iteration of the first slice of the first parameter, the first parameter and the second slice the received combination parameters to obtain the first portion of the rear of the train traffic prediction model W A.
  13. 根据权利要求10所述的方法,其中,计算得到第一乘积分片,包括:The method according to claim 10, wherein the calculation to obtain the first multiplication-integral piece comprises:
    用所述第二参数第一分片,与所述第二方中的第二特征矩阵X B进行安全矩阵乘法,得到第二特征第二处理结果的第一分片; Use the first segment with the second parameter to perform a security matrix multiplication with the second feature matrix X B in the second party to obtain the first segment with the second processing result of the second feature;
    本地计算第一特征矩阵X A与第一参数第一分片的乘积,得到第一特征第一处理结果; Locally calculating the product of the first feature matrix X A and the first segment of the first parameter to obtain the first processing result of the first feature;
    用所述第一特征矩阵X A,与所述第二方中的第一参数第二分片进行安全矩阵乘法,得到第一特征第二处理结果的第一分片; Perform a security matrix multiplication with the first feature matrix X A and the second segment of the first parameter in the second party to obtain the first segment of the second processing result of the first feature;
    对所述第二特征第二处理结果的第一分片,所述第一特征第一处理结果,所述第一特征第二处理结果的第一分片进行加和,得到所述第一乘积分片。The first segment of the second processing result of the second feature, the first processing result of the first feature, and the first segment of the second processing result of the first feature are added to obtain the first multiplication Integral piece.
  14. 根据权利要求10所述的方法,其中,根据所述第一梯度第一部分和所述第一梯度第二部分的第一分片,更新所述第一参数第一分片,包括:The method according to claim 10, wherein updating the first parameter first slice according to the first slice of the first part of the first gradient and the first slice of the second part of the first gradient comprises:
    将所述第一梯度第一部分和第一梯度第二部分的第一分片之和与预设步长的乘积, 作为调整量,通过减去所述调整量,更新所述第一参数第一分片。Take the product of the sum of the first part of the first part of the first gradient and the first part of the second part of the first gradient and the preset step length as the adjustment amount, and update the first parameter first by subtracting the adjustment amount. Fragmentation.
  15. 一种保护数据隐私的双方联合训练业务预测模型的装置,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标签值构成的标签向量Y;所述装置部署于所述第二方,该装置包括,用于多次迭代执行模型参数更新的迭代单元,其进一步包括: A device for two parties to jointly train a business prediction model to protect data privacy. The two parties include a first party and a second party. The first party stores a first feature matrix X composed of first feature parts of multiple business objects. A ; the second party stores a second feature matrix X B composed of the second feature parts of the multiple business objects, and a label vector Y composed of tag values; the device is deployed on the second party, the The device includes an iterative unit for performing model parameter update multiple times, and further includes:
    乘积分片确定单元,配置为基于本地维护的第一参数第二分片和第二参数第二分片,通过本地矩阵乘法以及与所述第一方的安全矩阵乘法运算,计算得到第二乘积分片;其中,第一参数第二分片是用于处理所述第一特征部分的第一参数部分W A的第二分片,第二参数第二分片是用于处理所述第二特征部分的第二参数部分W B的第二分片; The multiplication-integral piece determining unit is configured to calculate the second multiplication based on the locally maintained first parameter second piece and the second parameter second piece through the local matrix multiplication and the safe matrix multiplication with the first party Integral slice; wherein the second slice of the first parameter is the second slice used to process the first parameter part W A of the first characteristic part, and the second slice of the second parameter is used to process the second The second segment of the second parameter part W B of the characteristic part;
    误差分片确定单元,配置为对所述标签向量Y进行秘密分享,得到第二标签分片,并基于所述第二乘积分片对所述第二标签分片进行相减,得到第二误差分片;The error fragment determination unit is configured to secretly share the tag vector Y to obtain a second tag fragment, and subtract the second tag fragment based on the second multiplier and integral fragment to obtain a second error Fragmentation;
    梯度分片确定单元,配置为本地计算所述第二误差分片和第二特征矩阵X B的乘积,得到第二梯度第一部分;以及用所述第二特征矩阵X B,与所述第一方中的第一误差分片进行安全矩阵乘法,得到第二梯度第二部分的第二分片,并从所述第一方接收第一梯度第二部分的第二分片; Gradient fragmentation determination unit configured to calculate a product of said second local error and a second fragment of the feature matrix X B, to give the first portion of the second gradient; and with the second feature matrix X B, the first Perform security matrix multiplication on the first error segment in the square to obtain the second segment of the second part of the second gradient, and receive the second segment of the second part of the first gradient from the first party;
    参数更新单元,配置为根据所述第二梯度第一部分和所述第二梯度第二部分的第二分片,更新所述第二参数第二分片;根据所述第一梯度第二部分的第二分片,更新所述第一参数第二分片。The parameter update unit is configured to update the second parameter second slice according to the first part of the second gradient and the second slice of the second part of the second gradient; according to the second slice of the second part of the first gradient The second fragment, the second fragment is updated with the first parameter.
  16. 根据权利要求15所述的装置,还包括初始化单元,配置为:The device according to claim 15, further comprising an initialization unit configured to:
    初始化所述第二参数部分W B,通过秘密分享将其拆分为第二参数第一分片和第二参数第二分片,保留所述第二参数第二分片,将所述第二参数第一分片发送给第一方; Initialize the second parameter part W B , split it into a second parameter first fragment and a second parameter second fragment through secret sharing, retain the second parameter second fragment, and divide the second parameter The first fragment of the parameter is sent to the first party;
    从第一方接收对所述第一参数部分W A秘密分享的第一参数第二分片。 Receiving a first secret parameter sharing part W A second fragment of the first parameter from the first party.
  17. 根据权利要求15所述的装置,还包括参数重构单元,配置为:The device according to claim 15, further comprising a parameter reconstruction unit configured to:
    将最后一次迭代中更新后的所述第一参数第二分片发送给所述第一方,并从所述第一方接收更新后的第二参数第一分片;Sending the updated second segment of the first parameter in the last iteration to the first party, and receiving the updated first segment of the second parameter from the first party;
    将最后一次迭代中更新后的第二参数第二分片,和所接收的第二参数第一分片进行组合,得到所述业务预测模型训练后的第二参数部分W BCombine the updated second parameter second segment in the last iteration with the received second parameter first segment to obtain the second parameter part W B after the service prediction model is trained.
  18. 一种保护数据隐私的双方联合训练业务预测模型的装置,所述双方包括第一方和第二方,所述第一方存储有多个业务对象的第一特征部分构成的第一特征矩阵X A;所述第二方存储有所述多个业务对象的第二特征部分构成的第二特征矩阵X B,以及标 签值构成的标签向量Y;所述装置部署于所述第一方,该装置包括,用于多次迭代执行模型参数更新的迭代单元,其进一步包括: A device for protecting data privacy by two parties jointly training a business prediction model, the two parties including a first party and a second party, and the first party stores a first feature matrix X composed of first feature parts of multiple business objects A ; the second party stores a second feature matrix X B composed of the second feature parts of the multiple business objects, and a label vector Y composed of tag values; the device is deployed on the first party, the The device includes an iterative unit for performing model parameter update multiple times, and further includes:
    乘积分片确定单元,配置为基于本地维护的第一参数第一分片和第二参数第一分片,通过本地矩阵乘法以及与所述第二方的安全矩阵乘法运算,计算得到第一乘积分片;其中,第一参数第一分片是用于处理所述第一特征部分的第一参数部分W A的第一分片,第二参数第一分片是用于处理所述第二特征部分的第二参数部分W B的第一分片; The multiplication-integral piece determination unit is configured to calculate the first multiplication based on the locally maintained first parameter first piece and the second parameter first piece through local matrix multiplication and a safe matrix multiplication operation with the second party. Integral slices; wherein, the first parameter first slice is used to process the first parameter part W A of the first characteristic part, and the second parameter first slice is used to process the second The first segment of the second parameter part W B of the characteristic part;
    误差分片确定单元,配置为从所述第二方接收对所述标签向量Y秘密分享的第一标签分片,并基于所述第一乘积分片对所述第一标签分片进行相减,得到第一误差分片;An error fragment determination unit, configured to receive a first tag fragment secretly shared with the tag vector Y from the second party, and to subtract the first tag fragment based on the first multiplication-integral fragment , Get the first error fragment;
    梯度分片确定单元,配置为本地计算所述第一误差分片和第一特征矩阵X A的乘积,得到第一梯度第一部分;以及用所述第一特征矩阵X A,与所述第二方中的第二误差分片进行安全矩阵乘法,得到第一梯度第二部分的第一分片,并从所述第二方接收第二梯度第二部分的第一分片; Gradient fragmentation determination unit configured to calculate a product of said first local error fragment and a first feature matrix X A to obtain a first portion of a first gradient; and using said first feature matrix X A, and the second Perform security matrix multiplication on the second error segment in the square to obtain the first segment of the second part of the first gradient, and receive the first segment of the second part of the second gradient from the second party;
    参数更新单元,配置为根据所述第一梯度第一部分和所述第一梯度第二部分的第一分片,更新所述第一参数第一分片;根据所述第二梯度第二部分的第一分片,更新所述第二参数第一分片。The parameter update unit is configured to update the first parameter first slice according to the first slice of the first part of the first gradient and the first slice of the second part of the first gradient; according to the first slice of the second part of the second gradient The first fragment, the first fragment of the second parameter is updated.
  19. 一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行权利要求1-14中任一项的所述的方法。A computer-readable storage medium with a computer program stored thereon, and when the computer program is executed in a computer, the computer is caused to execute the method of any one of claims 1-14.
  20. 一种计算设备,包括存储器和处理器,其特征在于,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现权利要求1-14中任一项所述的方法。A computing device, comprising a memory and a processor, characterized in that executable code is stored in the memory, and when the processor executes the executable code, the method described in any one of claims 1-14 is implemented. method.
PCT/CN2021/086273 2020-04-10 2021-04-09 Data privacy protected joint training of service prediction model by two parties WO2021204271A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010276696.6A CN111178549B (en) 2020-04-10 2020-04-10 Method and device for protecting business prediction model of data privacy joint training by two parties
CN202010276696.6 2020-04-10

Publications (1)

Publication Number Publication Date
WO2021204271A1 true WO2021204271A1 (en) 2021-10-14

Family

ID=70658436

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/086273 WO2021204271A1 (en) 2020-04-10 2021-04-09 Data privacy protected joint training of service prediction model by two parties

Country Status (2)

Country Link
CN (1) CN111178549B (en)
WO (1) WO2021204271A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114827308A (en) * 2022-04-15 2022-07-29 支付宝(杭州)信息技术有限公司 Model training data transmission method, device, equipment and readable medium
CN114880693A (en) * 2022-07-08 2022-08-09 蓝象智联(杭州)科技有限公司 Method and device for generating activation function, electronic equipment and readable medium
CN116092683A (en) * 2023-04-12 2023-05-09 深圳达实旗云健康科技有限公司 Cross-medical institution disease prediction method without original data out of domain
CN116187433A (en) * 2023-04-28 2023-05-30 蓝象智联(杭州)科技有限公司 Federal quasi-newton training method and device based on secret sharing and storage medium
CN117725621A (en) * 2024-02-08 2024-03-19 腾讯科技(深圳)有限公司 Data processing method, device, equipment and readable storage medium

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111178549B (en) * 2020-04-10 2020-07-07 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties
CN111475854B (en) * 2020-06-24 2020-10-20 支付宝(杭州)信息技术有限公司 Collaborative computing method and system for protecting data privacy of two parties
CN111783129A (en) * 2020-07-24 2020-10-16 支付宝(杭州)信息技术有限公司 Data processing method and system for protecting privacy
CN111639367B (en) * 2020-07-31 2020-11-17 支付宝(杭州)信息技术有限公司 Tree model-based two-party combined classification method, device, equipment and medium
CN112182644B (en) * 2020-09-11 2023-05-12 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN112926064B (en) * 2021-02-08 2021-10-22 华控清交信息科技(北京)有限公司 Model training method and device, data processing system and electronic equipment
CN112800466B (en) * 2021-02-10 2022-04-22 支付宝(杭州)信息技术有限公司 Data processing method and device based on privacy protection and server
CN113094739B (en) * 2021-03-05 2022-04-22 支付宝(杭州)信息技术有限公司 Data processing method and device based on privacy protection and server
CN117574381A (en) * 2021-08-05 2024-02-20 好心情健康产业集团有限公司 Physical examination user privacy protection method, device and system
CN114239811B (en) * 2021-12-21 2024-05-31 支付宝(杭州)信息技术有限公司 Multiparty joint convolution processing method, device and system based on privacy protection
CN114884645B (en) * 2022-07-11 2022-09-09 华控清交信息科技(北京)有限公司 Privacy calculation method and device and readable storage medium
CN115719094B (en) * 2023-01-06 2023-04-28 腾讯科技(深圳)有限公司 Model training method, device, equipment and storage medium based on federal learning

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165515A (en) * 2018-08-10 2019-01-08 深圳前海微众银行股份有限公司 Model parameter acquisition methods, system and readable storage medium storing program for executing based on federation's study
US20190042897A1 (en) * 2017-08-03 2019-02-07 Gyrfalcon Technology Inc. Two-dimensional Symbols For Machine Learning Of Written Chinese Language Using "pinyin" Letters
CN110472439A (en) * 2019-08-09 2019-11-19 阿里巴巴集团控股有限公司 Model parameter determines method, apparatus and electronic equipment
CN110555525A (en) * 2019-08-09 2019-12-10 阿里巴巴集团控股有限公司 Model parameter determination method and device and electronic equipment
CN110728375A (en) * 2019-10-16 2020-01-24 支付宝(杭州)信息技术有限公司 Method and device for training logistic regression model by combining multiple computing units
CN111160573A (en) * 2020-04-01 2020-05-15 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties
CN111178549A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10216954B2 (en) * 2016-06-27 2019-02-26 International Business Machines Corporation Privacy detection of a mobile application program
CN109189825B (en) * 2018-08-10 2022-03-15 深圳前海微众银行股份有限公司 Federated learning modeling method, server and medium for horizontal data segmentation
CN110929886B (en) * 2019-12-06 2022-03-22 支付宝(杭州)信息技术有限公司 Model training and predicting method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190042897A1 (en) * 2017-08-03 2019-02-07 Gyrfalcon Technology Inc. Two-dimensional Symbols For Machine Learning Of Written Chinese Language Using "pinyin" Letters
CN109165515A (en) * 2018-08-10 2019-01-08 深圳前海微众银行股份有限公司 Model parameter acquisition methods, system and readable storage medium storing program for executing based on federation's study
CN110472439A (en) * 2019-08-09 2019-11-19 阿里巴巴集团控股有限公司 Model parameter determines method, apparatus and electronic equipment
CN110555525A (en) * 2019-08-09 2019-12-10 阿里巴巴集团控股有限公司 Model parameter determination method and device and electronic equipment
CN110728375A (en) * 2019-10-16 2020-01-24 支付宝(杭州)信息技术有限公司 Method and device for training logistic regression model by combining multiple computing units
CN111160573A (en) * 2020-04-01 2020-05-15 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties
CN111178549A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114827308A (en) * 2022-04-15 2022-07-29 支付宝(杭州)信息技术有限公司 Model training data transmission method, device, equipment and readable medium
CN114827308B (en) * 2022-04-15 2023-11-17 支付宝(杭州)信息技术有限公司 Model training data transmission method, device, equipment and readable medium
CN114880693A (en) * 2022-07-08 2022-08-09 蓝象智联(杭州)科技有限公司 Method and device for generating activation function, electronic equipment and readable medium
CN114880693B (en) * 2022-07-08 2022-11-18 蓝象智联(杭州)科技有限公司 Method and device for generating activation function, electronic equipment and readable medium
CN116092683A (en) * 2023-04-12 2023-05-09 深圳达实旗云健康科技有限公司 Cross-medical institution disease prediction method without original data out of domain
CN116092683B (en) * 2023-04-12 2023-06-23 深圳达实旗云健康科技有限公司 Cross-medical institution disease prediction method without original data out of domain
CN116187433A (en) * 2023-04-28 2023-05-30 蓝象智联(杭州)科技有限公司 Federal quasi-newton training method and device based on secret sharing and storage medium
CN116187433B (en) * 2023-04-28 2023-09-29 蓝象智联(杭州)科技有限公司 Federal quasi-newton training method and device based on secret sharing and storage medium
CN117725621A (en) * 2024-02-08 2024-03-19 腾讯科技(深圳)有限公司 Data processing method, device, equipment and readable storage medium
CN117725621B (en) * 2024-02-08 2024-05-28 腾讯科技(深圳)有限公司 Data processing method, device, equipment and readable storage medium

Also Published As

Publication number Publication date
CN111178549B (en) 2020-07-07
CN111178549A (en) 2020-05-19

Similar Documents

Publication Publication Date Title
WO2021204271A1 (en) Data privacy protected joint training of service prediction model by two parties
WO2021197035A1 (en) Method and device for jointly training service prediction model by two parties for protecting data privacy
CN111177791B (en) Method and device for protecting business prediction model of data privacy joint training by two parties
CN111241570B (en) Method and device for protecting business prediction model of data privacy joint training by two parties
WO2021197037A1 (en) Method and apparatus for jointly performing data processing by two parties
CN108712260B (en) Multi-party deep learning computing agent method for protecting privacy in cloud environment
US20220092216A1 (en) Privacy-preserving machine learning in the three-server model
CN112989368B (en) Method and device for processing private data by combining multiple parties
WO2021082633A1 (en) Multi-party joint neural network training method and apparatus for achieving security defense
CN112541593B (en) Method and device for jointly training business model based on privacy protection
CN113516256B (en) Third-party-free federal learning method and system based on secret sharing and homomorphic encryption
CN111738361B (en) Joint training method and device for business model
US20210209247A1 (en) Privacy-preserving machine learning in the three-server model
CN112199702A (en) Privacy protection method, storage medium and system based on federal learning
CN111177768A (en) Method and device for protecting business prediction model of data privacy joint training by two parties
CN114547643B (en) Linear regression longitudinal federal learning method based on homomorphic encryption
WO2020156004A1 (en) Model training method, apparatus and system
CN112799708B (en) Method and system for jointly updating business model
CN113407987B (en) Method and device for determining effective value of service data characteristic for protecting privacy
CN111737755A (en) Joint training method and device for business model
CN112068866B (en) Method and device for updating business model
Keshri et al. When rumors create chaos in e-commerce
US20230325718A1 (en) Method and apparatus for joint training logistic regression model
Scheliga et al. Dropout is not all you need to prevent gradient leakage
CN113051586A (en) Federal modeling system and method, and federal model prediction method, medium, and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21785314

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21785314

Country of ref document: EP

Kind code of ref document: A1