WO2023077627A1 - Blockchain-based privacy protection scheme aggregation method and apparatus - Google Patents

Blockchain-based privacy protection scheme aggregation method and apparatus Download PDF

Info

Publication number
WO2023077627A1
WO2023077627A1 PCT/CN2021/139191 CN2021139191W WO2023077627A1 WO 2023077627 A1 WO2023077627 A1 WO 2023077627A1 CN 2021139191 W CN2021139191 W CN 2021139191W WO 2023077627 A1 WO2023077627 A1 WO 2023077627A1
Authority
WO
WIPO (PCT)
Prior art keywords
scheme
aggregation
gradient
ciphertext
client
Prior art date
Application number
PCT/CN2021/139191
Other languages
French (fr)
Chinese (zh)
Inventor
苗银宾
刘紫腾
童秋云
郑玮
范瑞彬
张开翔
李辉忠
李成博
Original Assignee
深圳前海微众银行股份有限公司
西安电子科技大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司, 西安电子科技大学 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2023077627A1 publication Critical patent/WO2023077627A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Definitions

  • the present application relates to the field of network technology, and in particular to a blockchain-based privacy protection scheme aggregation method and device.
  • each client uses the local data set to train the local scheme, and obtains the local scheme gradient after training, and can aggregate the local scheme gradients of each client to obtain the optimized global scheme gradient, and each client according to the global scheme gradient Train local programs to improve the effect of local program training.
  • the aggregation process of the solution gradient is set in the blockchain, and the blockchain receives the local solution gradients uploaded by each client, and aggregates the local solution gradients uploaded by each client to obtain the global Program gradient.
  • the blockchain node sends the global solution gradient to each client, so that each client can further optimize the local solution according to the global solution gradient.
  • Embodiments of the present application provide a blockchain-based privacy protection scheme aggregation method and device, which are used to reduce the computational overhead of blockchain nodes and improve the accuracy of global scheme gradients.
  • the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method, the method comprising:
  • the blockchain system receives the local scheme gradient ciphertext uploaded by each client; the blockchain system sends the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate all
  • the local scheme gradient ciphertext of each client is aggregated to obtain the global scheme gradient ciphertext; the blockchain system determines the global scheme gradient based on the aggregation result of the aggregation task performed by the aggregation server and the verification server
  • Ciphertext the block chain system sends the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used for the client to train the local scheme.
  • the blockchain system sends the aggregation task to the aggregation server and the verification server, obtains the aggregation results uploaded by the aggregation server and the verification server respectively, and verifies the aggregation results uploaded by the aggregation server and the verification server , determine the correct global scheme gradient ciphertext, and send the correct global scheme gradient ciphertext to each client, so that the client can train the local scheme through the correct global scheme gradient ciphertext.
  • This application can reduce the computing overhead of the blockchain.
  • sending the aggregation task to the aggregation server and the verification server through a smart contract includes: sending the aggregation task to the aggregation server by the blockchain system through the smart contract;
  • the block chain system receives the first aggregation task result of executing the aggregation task uploaded by the aggregation server;
  • the first task aggregation result contains the first global scheme gradient ciphertext;
  • the block chain system passes The smart contract publicly audits the gradient ciphertext of the first global scheme;
  • the blockchain system receives the verification request from the verification server, and sends the aggregation task to the verification server through the smart contract .
  • the blockchain system sends the aggregation task to the aggregation server through the smart contract, and after receiving the first aggregation task result uploaded by the aggregation server, encrypts the gradient of the first global scheme in the first aggregation task result. If the verification server challenges the aggregation task, the blockchain system will send the aggregation task to the verification server through the smart contract, and obtain the second global scheme gradient encryption in the second aggregation task result of the verification server. arts.
  • the correct global scheme gradient ciphertext is determined according to the first global scheme gradient ciphertext of the aggregation server and the second global scheme gradient ciphertext of the verification server, that is, the challenge verification mechanism of the global scheme gradient ciphertext is added to obtain multiple Global scheme gradient ciphertext, select the most reliable global scheme gradient ciphertext from the multiple global scheme gradient ciphertexts and send it to each client, improve the accuracy of the global scheme gradient ciphertext, and improve the performance of the client's local scheme training accuracy.
  • the blockchain system determines the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server, including: if the blockchain system does not receive To the second aggregation task result of executing the aggregation task uploaded by the verification server, the first global scheme gradient ciphertext is determined as the global scheme gradient ciphertext; if the blockchain system receives The second aggregation task result determines the global scheme gradient ciphertext according to the first aggregation task result and the second aggregation task result.
  • the verification server does not initiate a verification challenge
  • the first global scheme gradient ciphertext in the first aggregation task result of the aggregation server is used as the global scheme gradient ciphertext.
  • the blockchain system determines the global scheme gradient ciphertext based on the aggregation result of the aggregation task performed by the aggregation server and the verification server, including: the blockchain system uses the The smart contract compares whether the gradient ciphertext of the first global scheme and the gradient ciphertext of the second global scheme are the same, and the gradient ciphertext of the first global scheme is included in the first aggregation task result obtained by the aggregation server executing the aggregation task , the second global scheme gradient ciphertext is included in the second aggregation task result obtained by the verification server executing the aggregation task; if different, the blockchain system obtains a divergent instruction, and the divergent instruction is all In the state corresponding to each instruction in the second aggregation task result, an instruction that diverges from the state corresponding to each instruction in the first aggregation task result; the blockchain system forwards the divergent instruction through the smart contract The state corresponding to an instruction is used as the initial state, execute the divergent instruction
  • the global scheme gradient ciphertext obtained by the aggregation server and the verification server is accurate; when the first global scheme gradient When the ciphertext is different from the second global scheme gradient ciphertext, there is an incorrect global scheme gradient ciphertext in the aggregation result of the aggregation server/verification server.
  • the blockchain system can determine the instruction that diverges from the states corresponding to the instructions in the second aggregation task result through the smart contract, that is, the divergence instruction, and use the divergence
  • the state corresponding to the previous instruction of the instruction is taken as the initial state, execute the divergent instruction, obtain the corresponding state of the divergent instruction in the blockchain system, compare the corresponding state of the divergent instruction in the blockchain system with the verification service of the divergent instruction Whether the corresponding state in the end is consistent, if they are consistent, it is considered that the result of the second aggregation task uploaded by the verification server is correct, that is, the gradient ciphertext of the second global scheme is correct, and the gradient of the first global scheme uploaded by the aggregation server is correct.
  • the aggregation task also includes a standard scheme; the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through aggregation rules to obtain the global scheme gradient ciphertext, including:
  • the gradient ciphertext of the standard scheme is obtained
  • the local scheme gradient ciphertext of any client determine the cosine similarity between the local scheme gradient ciphertext of the client and the standard scheme gradient ciphertext; when the cosine similarity satisfies the set condition, according to the client.
  • the gradient ciphertext of the local scheme of the client and the cosine similarity determine the aggregation sub-item of the client, and update the accumulated results of the aggregated clients based on the aggregation sub-item of the client, until the aggregation of each client ends; through the The client calculates the cumulative result to obtain the gradient ciphertext of the global scheme.
  • the standard data set can be obtained by the aggregation server in a professional authority, and the standard solution can be determined based on the type and characteristics of the client's local solution. Then the standard scheme gradient ciphertext obtained according to the standard scheme and the standard data set is a representative positive (accurate) scheme gradient ciphertext with the local scheme of the client. Then, according to the cosine similarity between the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme, it is determined whether the gradient ciphertext of the local scheme of the client is aggregated, which can improve the accuracy of the aggregation result.
  • the cosine similarity between the gradient ciphertext of the local scheme uploaded by the client and the gradient ciphertext of the standard scheme will not meet the set conditions.
  • the aggregation of the gradient ciphertext of the local scheme can prevent the inaccuracy of the gradient ciphertext of the global scheme caused by malicious poisoning attacks on the client.
  • determining the cosine similarity between the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme includes: making the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme according to the same Fragmentation rules for fragmentation, respectively gradient components, n is the scheme gradient length, k is the gradient component length; for The vth component at the same component position in the first gradient component determines the sub-cosine similarity between the vth component of the client's local scheme gradient ciphertext and the vth component of the standard scheme gradient ciphertext; sub-cosine similarity of each gradient component to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
  • the scheme gradient can be obtained by fragmentation according to the encryption capability k of the encryption algorithm a gradient component. In this way, the normal execution of encryption is guaranteed.
  • the components of the gradient ciphertext of the local scheme and the corresponding components of the gradient ciphertext of the standard scheme can be calculated for the cosine similarity of the ciphertext, and the sub-cosine similarity corresponding to the position component can be obtained, and the The sub-cosine similarity of each gradient component is summed to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
  • the cosine similarity satisfies a set condition, including: performing deformation based on the cosine similarity to obtain the first constant and the second constant, and according to the ciphertext comparison rule and the first constant and the second constant Determining a first variable and a second variable, the ciphertext comparison rule is used to obtain a plaintext comparison result of the ciphertext under ciphertext; and according to the ciphertext comparison rule, determine A comparison result of two variables; determining that the comparison result is not equal to the second constant.
  • the cosine similarity is the difference between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme. Therefore, in order to obtain the comparison result of the cosine similarity between the gradient plaintext of the client’s local scheme and the gradient cipher plaintext of the standard scheme, and the set conditions, the cosine similarity of the ciphertext under the plaintext condition is obtained through the above ciphertext comparison rules.
  • the comparison result of the condition, under the ciphertext condition ensures the accuracy of the plaintext calculation result.
  • the client's local scheme gradient ciphertext and the cosine similarity determine the aggregation sub-item of the client, and update the accumulated result of the aggregated client based on the client's aggregation sub-item, including: The product of the local scheme gradient ciphertext of the client and the cosine similarity corresponding to the client is used as a first aggregation subitem; the cosine similarity corresponding to the client is used as a second aggregation subitem; the accumulating the first aggregation sub-item with the first accumulation result, and updating the first accumulation result; adding the second aggregation sub-item with the second accumulation result, and updating the second accumulation result;
  • the cumulative result is calculated by the client to obtain the global scheme gradient ciphertext, including:
  • a global scheme gradient ciphertext is obtained according to the product of the second random vector/first random vector and the encryption calculation result.
  • the aggregation server determines the first random vector and the second random vector, and multiplies the first random vector and the second random vector by the first cumulative result and the second cumulative result respectively to obtain the first product and the second product .
  • the aggregation server sends the first product and the second product to the client, and based on the client's private key, the client decrypts the first product and the second product to obtain the first decryption result and the second decryption result.
  • the client further divides the first decryption result and the second decryption result to obtain the global scheme gradient * (first random vector/second random vector).
  • the client encrypts the global scheme gradient * (first random vector/second random vector) according to the public key, and sends the result to the aggregation server, and the aggregation server sends the encrypted global scheme gradient * (first random vector/second random vector) Two random vectors) multiplied by (second random vector/first random vector) to obtain the global scheme gradient ciphertext.
  • the global scheme gradient can be obtained through the division rule calculation on the client side, and the security of information transmission between the aggregation server and the client can be guaranteed, that is, the global scheme gradient ciphertext transmitted between the aggregation server and the client can be guaranteed security.
  • the scheme gradient ciphertext is obtained by encrypting the scheme gradient through the CKKS homomorphic encryption algorithm.
  • the CKKS homomorphic encryption algorithm can guarantee the data privacy of the program gradient transmission between the client, the server and the blockchain system, and the calculation amount is small, and the obtained ciphertext is small, which can save encryption resources and ciphertext transmission resources .
  • the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation device, which includes:
  • the transceiver module is used to receive the gradient ciphertext of the local scheme uploaded by each client;
  • the transceiver module is also used to send the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through the aggregation rule to obtain the global scheme Gradient ciphertext;
  • a processing module configured to determine the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server;
  • the transceiver module is further configured to deliver the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used by the client to train the local scheme.
  • the embodiment of the present application also provides a computing device, including: a memory for storing programs; a processor for invoking the programs stored in the memory, and executing various methods according to the first aspect according to the obtained programs. methods described in Possible Designs.
  • the embodiment of the present application also provides a computer-readable non-volatile storage medium, including a computer-readable program, and when the computer reads and executes the computer-readable program, the computer executes the computer-readable program according to the first aspect.
  • a computer-readable non-volatile storage medium including a computer-readable program
  • the computer executes the computer-readable program according to the first aspect.
  • FIG. 1 is a schematic diagram of the architecture of a blockchain-based privacy protection scheme aggregation provided by an embodiment of the present application
  • FIG. 2 is a schematic flow diagram of a blockchain-based privacy protection scheme aggregation method provided by an embodiment of the present application
  • FIG. 3 is a schematic flowchart of a cosine similarity calculation method provided in an embodiment of the present application
  • FIG. 4 is a schematic flow diagram of a blockchain-based privacy protection scheme aggregation method provided by an embodiment of the present application
  • Fig. 5 is a schematic flow diagram of a block chain-based privacy protection scheme aggregation method provided by the embodiment of the application;
  • FIG. 6 is a schematic diagram of a block chain-based privacy protection scheme aggregation device provided by an embodiment of the present application.
  • Fig. 1 is the system architecture of a blockchain-based privacy protection scheme aggregation provided by the embodiment of the present application.
  • Multiple clients (Z is a positive integer greater than 0) 101 upload the local scheme gradient ciphertext to the blockchain system 102.
  • the blockchain system 102 generates an aggregation task according to the gradient ciphertext of the local scheme uploaded by multiple clients 101, and sends it to the aggregation server 103.
  • the aggregation server 103 aggregates the local scheme gradient ciphertext uploaded by multiple clients 101 according to the aggregation task to obtain the aggregation task result, and uploads the aggregation task result to the blockchain system 102 .
  • the blockchain system 102 conducts a public review of the aggregation task result, receives the verification request from the verification server 104, and sends the aggregation task to the verification server 104.
  • the verification server 104 aggregates the local scheme gradient ciphertext uploaded by multiple clients 101 according to the aggregation task to obtain the aggregation task result, and uploads the aggregation task result to the blockchain system 102 .
  • the blockchain system 102 may also send the aggregation task to the aggregation server 103 and the verification server 104 respectively, and obtain the first aggregation task result uploaded by the aggregation server 103 and the second aggregation task result uploaded by the verification server 104 .
  • the block chain system 102 includes the aggregation task result of the aggregation server 103 and the aggregation task result of the verification server 104.
  • the aggregation task result contains the gradient ciphertext of the global scheme.
  • the aggregation task result and the aggregation task result of the verification server 104 are verified, and the correct global scheme gradient ciphertext is obtained, and the correct global scheme gradient ciphertext is sent to multiple clients 101 respectively, so that multiple clients 101
  • the global scheme gradient ciphertext is trained on the local scheme.
  • the embodiment of this application provides a flow of a blockchain-based privacy protection scheme aggregation method, as shown in Figure 2, including:
  • Step 201 the blockchain system receives the local scheme gradient ciphertext uploaded by each client;
  • the gradient ciphertext of the local scheme uploaded by the client is encrypted according to the gradient of the local scheme of the client, and the gradient of the local scheme is obtained through training of the local scheme.
  • the client node computes the i-th round local solution gradient:
  • the client local scheme training method here is just an example, and the client local scheme training may also be a training method of a neural network image binary classification scheme, etc., which are not specifically limited.
  • Step 202 the blockchain system sends the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through the aggregation rule to obtain the global Scheme gradient ciphertext;
  • Step 203 the blockchain system determines the global scheme gradient ciphertext based on the aggregation results of the aggregation task performed by the aggregation server and the verification server;
  • Step 204 the blockchain system sends the global scheme gradient ciphertext to each client, and the global scheme gradient ciphertext is decrypted and used by the client to train the local scheme.
  • the blockchain system sends the aggregation task to the aggregation server and the verification server, obtains the aggregation results uploaded by the aggregation server and the verification server respectively, and verifies the aggregation results uploaded by the aggregation server and the verification server , determine the correct global scheme gradient ciphertext, and send the correct global scheme gradient ciphertext to each client, so that the client can train the local scheme through the correct global scheme gradient ciphertext.
  • This application can reduce the computing overhead of the blockchain.
  • the correct global solution gradient can also be obtained by verifying the aggregation results of the aggregation server and the verification server, so as to improve the accuracy of the global solution gradient calculation.
  • the embodiment of the present application provides a block chain-based privacy protection scheme aggregation method, which sends the aggregation task to the aggregation server and the verification server through the smart contract, including: the block chain system uses the smart The contract sends the aggregation task to the aggregation server; the blockchain system receives the first aggregation task result uploaded by the aggregation server to execute the aggregation task; the aggregation result of the first task includes The gradient ciphertext of the first global scheme; the blockchain system publicly audits the gradient ciphertext of the first global scheme through the smart contract; the blockchain system receives the verification request from the verification server, and passes the The smart contract sends the aggregation task to the verification server.
  • the blockchain system when the blockchain system delivers the aggregation task, it can also send the aggregation task to the aggregation server first, and after the aggregation server returns the aggregation task result, the aggregation task result will be publicly audited. If there is a verification request from the verification server, the global scheme gradient ciphertext in the aggregation task result of the aggregation server will be sent to each client. If a verification request from the verification server is received, the aggregation task will be sent to the verification server. Get the aggregation task result of the verification server.
  • here is a method for determining the aggregation server: when the blockchain system aggregates the privacy protection scheme in the first round, it first initializes an empty set for the aggregation server as a collection of aggregation servers that can perform aggregation tasks. The aggregation server judges the calculation consumption of executing the aggregation task and the reward for completing the aggregation task. If an aggregation server determines that the calculation consumption is less than the reward, it will add the aggregation server to the aggregation server set. If the calculation consumption is greater than or equal to the reward, then Ignore the aggregation server, and finally obtain the aggregation server set containing at least one aggregation server. Subsequently, when the blockchain system aggregates the privacy protection scheme in the i-th round, it can directly select an aggregation server from the aggregation server set to perform the aggregation task.
  • the embodiment of the present application provides a blockchain-based aggregation method for privacy protection schemes.
  • the blockchain system determines the global scheme based on the aggregation results of the aggregation tasks performed by the aggregation server and the verification server.
  • Gradient ciphertext including: if the block chain system does not receive the second aggregation task result of executing the aggregation task uploaded by the verification server, then determine the gradient ciphertext of the first global scheme as the Global scheme gradient ciphertext; if the blockchain system receives the second aggregation task result, it determines the global scheme gradient ciphertext according to the first aggregation task result and the second aggregation task result.
  • the blockchain system if it does not receive the second aggregation task result uploaded by the verification server to execute the aggregation task, it will use the gradient ciphertext of the first global scheme in the first aggregation task result uploaded by the aggregation server as the global Scheme gradient ciphertext, if the blockchain system receives the second aggregation task result, arbitrate the global scheme gradient ciphertext from the first aggregation task result and the second aggregation task result.
  • An embodiment of the present application provides an arbitration method for a blockchain system, wherein the blockchain system determines the gradient ciphertext of the global scheme based on the aggregation results of the aggregation task performed by the aggregation server and the verification server, Including: the blockchain system compares whether the gradient ciphertext of the first global scheme and the gradient ciphertext of the second global scheme are the same through the smart contract, and the gradient ciphertext of the first global scheme is included in the aggregation server execution In the first aggregation task result obtained by the aggregation task, the second global scheme gradient ciphertext is included in the second aggregation task result obtained by the verification server executing the aggregation task; if different, the blockchain The system obtains a divergent instruction, and the divergent instruction is an instruction that diverges from the state corresponding to each instruction in the first aggregation task result among the states corresponding to the instructions in the second aggregation task result; the blockchain system Through the smart contract, the state corresponding to the previous instruction
  • the blockchain system determines the divergent instruction by comparing the corresponding state of each instruction in the result of the first aggregation task with the corresponding state of each instruction in the result of the second aggregation task, and takes the state corresponding to the previous instruction of the divergent instruction as the initial state,
  • the blockchain system obtains the corresponding state of the divergent instruction under the execution of the blockchain system, and compares whether the corresponding state of the divergent instruction in the server and the corresponding state of the instruction in the blockchain system are the same, if they are the same , then it is determined that the global scheme gradient ciphertext corresponding to the divergent instruction of the server is the correct global gradient ciphertext sent to each client.
  • the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method, the aggregation task also includes a standard scheme; the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through aggregation rules Thereby obtaining the gradient ciphertext of the global scheme includes: obtaining the gradient ciphertext of the standard scheme according to the standard scheme and the standard data set; The cosine similarity of the gradient ciphertext of the standard scheme; when the cosine similarity satisfies the set condition, determine the aggregation subitem of the client according to the gradient ciphertext of the local scheme of the client and the cosine similarity, and Updating the accumulated results of the aggregated clients based on the aggregated sub-items of the clients until the aggregation of each client is completed; calculating the accumulated results by the clients to obtain the global scheme gradient ciphertext.
  • the aggregation task includes the standard scheme, the aggregation rules and the gradient ciphertext of each client's local scheme.
  • the aggregation server or the verification server is based on the standard scheme (determined based on the local scheme of the client, which can be the same type of scheme as the local scheme) and the standard data set (which can be obtained by the aggregation server or the verification server from a professional authoritative database.
  • the representative data can also be representative forward (correct, untampered data) obtained by other data acquisition channels to obtain the standard scheme gradient ciphertext.
  • the local scheme gradient ciphertext of each client to be aggregated can be screened according to the standard scheme gradient ciphertext, that is, the cosine similarity between the standard scheme gradient ciphertext and the local scheme gradient ciphertext of each client is calculated, if the cosine similarity If the set conditions are not met, it is considered that the difference between the gradient ciphertext of the client’s local scheme corresponding to the cosine similarity and the gradient ciphertext of the standard scheme is too large, and the client is likely to be tampered with. Not aggregated, as such, prevents client tampering attacks from affecting all clients' local schemes.
  • the local scheme gradient ciphertext of each client whose cosine similarity satisfies the set conditions is aggregated, and the local scheme gradient ciphertext of each client corresponds to an aggregation sub-item.
  • the aggregation sub-items of each client Items are accumulated until each client is aggregated to obtain the cumulative result; the cumulative result is calculated by the client to obtain the global scheme gradient ciphertext.
  • the set condition that the cosine similarity satisfies may be greater than 0, which is only an example here and does not limit the specific implementation of the solution.
  • the standard scheme and the local scheme of the client are more suitable for other similarity calculation methods, the aggregated gradient ciphertext of the local scheme of the client can be screened through other similarities.
  • the setting condition of similarity is suitable change.
  • An embodiment of the present application provides a method for calculating cosine similarity of ciphertexts.
  • Determining the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme includes: calculating the gradient of the local scheme of the client The ciphertext and the gradient ciphertext of the standard scheme are fragmented according to the same fragmentation rules, and respectively obtained gradient components, n is the scheme gradient length, k is the gradient component length; for The vth component at the same component position in the first gradient component determines the sub-cosine similarity between the vth component of the client's local scheme gradient ciphertext and the vth component of the standard scheme gradient ciphertext; sub-cosine similarity of each gradient component to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
  • the calculation of the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme can be obtained according to the sub-cosine similarity between the gradient ciphertext components of the client's local scheme and the corresponding gradient ciphertext components of the standard scheme .
  • a calculation method of cosine similarity is provided here: the i-th round scheme gradient ciphertext is the normalized The gradient components of the i-th round of schemes are obtained after encryption respectively, and the The i-th round scheme gradient component is obtained by segmenting the i-th round scheme gradient with a length of n in length k; the standardized formula satisfies:
  • g i represents the program gradient of the i-th round, Indicates the standardized scheme gradient,
  • Represents the i-th round local scheme gradient ciphertext component Represents the gradient ciphertext component of the i-th round of the standard scheme, Enc Indicates the cosine similarity between the i-th round local scheme gradient ciphertext component and the i-th round standard scheme gradient ciphertext component, m is the length of the scheme gradient component;
  • the CS i represents the i-th round cosine similarity between the i-th round of local scheme gradient ciphertext and the i-th round of standard scheme gradient ciphertext of the client.
  • Step 301 assign 1 to v, assign Enc(0,PK l ) to y;
  • l represents the l-th client among the clients.
  • Step 302. Calculate the i-th round of local scheme gradient ciphertext components and the i-th round standard gradient ciphertext component The product of , and the result of the product is used as the first intermediate ciphertext, where, Indicates the i-th round of local scheme gradient ciphertext for client l The vth component of ;
  • Step 303 assigning 1 to u, performing a circular left shift operation on the first intermediate ciphertext, and obtaining the ciphertext in which each item of the plaintext corresponding to the first intermediate ciphertext is cyclically shifted to the left by one bit, as the second intermediate ciphertext;
  • Step 304 adding the first intermediate ciphertext and the second intermediate ciphertext, and assigning the value to the first intermediate ciphertext
  • Step 305 cyclically shifting the second intermediate ciphertext to the left, and assigning it to the second intermediate ciphertext
  • Step 306 determine whether u is less than m, if so, assign u+1 to u, and execute step 304 (so, for each client's local scheme gradient ciphertext component, it is equivalent to circularly shifting m-1 times to the left, and the final first intermediate ciphertext Multiply the final first intermediate ciphertext with Enc(1, PK l ), and assign it to the first intermediate ciphertext (equivalent to ), add the first intermediate ciphertext to y, and assign it to y (equivalent to ), execute step 307;
  • Step 307 judging whether v is less than If so, assign v+1 to v, execute the second step, otherwise, execute step 308;
  • Step 308 return y(CS i ).
  • the embodiment of the present application provides a method for comparing cosine similarity of ciphertext, the cosine similarity meets the set conditions, including: performing deformation based on the cosine similarity to obtain the first constant and the second constant, comparing the ciphertext
  • the rule and the first constant and the second constant determine the first variable and the second variable
  • the ciphertext comparison rule is used to obtain the plaintext comparison result of the ciphertext under the ciphertext; and according to the ciphertext
  • a comparison rule determination is based on a comparison result of the first variable and the second variable; determining that the comparison result is not equal to the second constant.
  • the cosine similarity is the cosine similarity of the scheme gradient ciphertext
  • the comparison result of the cosine similarity corresponding to the scheme gradient plaintext of the scheme gradient ciphertext can be obtained through the ciphertext comparison rule.
  • the cosine similarity comparison method of ciphertexts includes: whether the cosine similarity between the gradient ciphertext of the local scheme of each client and the gradient ciphertext of the standard scheme is greater than 0 and satisfies the following judgment methods, including:
  • x represents the first variable
  • y represents the second variable
  • a 0 represents the third variable
  • b 0 represents the fourth variable
  • PK is the public key of the client; according to the following formula, for the third variable and the The fourth variable to iterate over:
  • q represents the number of iterations, the value range is [0,d-1], d represents a positive integer, the larger d is, the more accurate the result is; whether xa d is equal to Enc(1/2,PK l ), if so, cosine
  • the similarity is less than 0, if not, the cosine similarity is greater than or equal to 0. That is to say, because the value range of the cosine similarity is [-1,1], in order to meet the conditions of the cosine similarity comparison method, by performing [CS i +Enc(1,PK)] ⁇ Enc( 1/2, PK) calculation, so that the value of the cosine similarity is [0,1].
  • the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method, which determines the aggregation sub-items of the client according to the client's local scheme gradient ciphertext and the cosine similarity, and based on the client Aggregation subkeys on the client side update the aggregated results of the client side, including:
  • the product of the local scheme gradient ciphertext of the client and the cosine similarity is used as a first aggregation subitem; the cosine similarity corresponding to the client is used as a second aggregation subitem; the first aggregation accumulating subitems with the first cumulative result, and updating the first cumulative result; adding the second aggregation subitem with the second cumulative result, updating the second cumulative result; calculating the cumulative result through the client
  • Obtaining the gradient ciphertext of the global scheme includes: determining a first random vector and a second random vector, obtaining the first product of the product of the first random vector and the first accumulation result, obtaining the second random vector and the the second product of the product of the second accumulation result; send the first product and the second product to the client; based on the private key of the client, decrypt the first product to obtain the second product a decryption result, and decrypt the second product to obtain a second decryption result, and obtain a calculation result by combining the first
  • the first accumulation result is the accumulation sum of the products of the local scheme gradient ciphertext of each client and the corresponding cosine similarity
  • the second accumulation result is the accumulation sum of the corresponding cosine similarity of each client.
  • the aggregation server determines the first random vector and the second random vector, respectively multiplies the first random vector with the first cumulative result to obtain the first product, multiplies the second random vector with the second cumulative result to obtain the second product, and The first product and the second product are sent to the client.
  • the client decrypts the first product and the second product according to the private key to obtain the corresponding first decryption result and the second decryption result, and calculates the value of the first decryption result/second decryption result, which is the global solution gradient* (the first random vector/the second random vector), further the client encrypts the global scheme gradient*(the first random vector/the second random vector) with the public key, obtains the encrypted result, and returns the result to aggregate server.
  • the aggregation server multiplies the encrypted global scheme gradient*(first random vector/second random vector) by (second random vector/first random vector) to obtain the global scheme gradient ciphertext.
  • the embodiment of this application provides a block chain-based privacy protection scheme aggregation method flow, as shown in Figure 4, including:
  • Step 401 the server generates two random real numbers S, C, and assigns 0 to S, C;.
  • Step 402 assign 1 to l;.
  • Step 403 using the ciphertext cosine similarity calculation rules (such as the method flow in the above-mentioned figure 3), calculate the gradient ciphertext of the i-th client node in the i-th round of the local scheme and the gradient ciphertext of the i-th round standard scheme The i-th cosine similarity of
  • Step 404 using the ciphertext comparison rule (such as the cosine similarity comparison method of the above-mentioned ciphertext), compare the i-th round cosine similarity of the lth client and Enc(0,PK l ), judge whether the comparison result is equal to the i-th round cosine similarity of the l-th client If yes, execute step 405 , otherwise, execute step 412 .
  • the ciphertext comparison rule such as the cosine similarity comparison method of the above-mentioned ciphertext
  • Step 405 calculate the i-th round cosine similarity of the l-th client and the gradient ciphertext of the i-th round of the local scheme of the l-th client The product of , add the result of the product to S, and assign the sum to S;.
  • Step 406 the i-th round cosine similarity of the l-th client Add to C, and assign the sum to C;.
  • Step 407 judge whether l is less than or equal to f, if so, assign l+1 to l, and execute step 403 , otherwise, execute step 408 .
  • f is the number of clients participating in scheme gradient aggregation.
  • PK l' is the public key of client l'.
  • Step 409 the client l' runs the ciphertext division rule and uses the private key SK l' to decrypt S' and C' to obtain d 1 and d 2 , and the client l' uses the public key PK l' to encrypt d 1 /d 2 to obtain r, send r to the server.
  • Step 411 the server uploads the i-th round of global scheme gradient ciphertext c i to the blockchain system.
  • Step 412 the server discards the i-th round of local scheme gradient ciphertext Cosine similarity with the corresponding i-th round
  • the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method flow, as shown in Figure 5, including:
  • Step 501 privacy protection scheme aggregation system initialization:
  • the CKKS encryption system Construct the CKKS encryption system to generate the public key PK l and private key SK l for the lth client node for gradient encryption of their respective local schemes, where the value range of l is [1, f], and f represents the client node total.
  • the CKKS encryption system can be set in the additional encryption server based on the system architecture shown in Figure 1, or it can be set in the client, or in the smart contract of the blockchain system, etc.
  • the CKKS encryption system is specifically The setting position is not limited.
  • Each client node initializes a local scheme, and the smart contract initializes a standard scheme.
  • Step 502 the client trains the local scheme, and obtains the i-th round of local scheme gradients.
  • the client node executes the stochastic gradient descent method to train the local solution to generate the local solution gradient; for example, the client node calculates the i-th round of the local solution gradient:
  • Step 503 the client encrypts the i-th round of local scheme gradient to obtain the i-th round of local scheme gradient ciphertext.
  • the client node sends the i-th round of local scheme gradients to the CKKS (homomorphic encryption algorithm) encryption system for encryption.
  • CKKS homomorphic encryption algorithm
  • the lth client node will normalize the i-th round of local scheme gradient Divided into fragments
  • Enc( ⁇ ) indicates the CKKS encryption algorithm, Indicates a round down operation.
  • Step 504 the client uploads the i-th round of local scheme gradient ciphertext to the blockchain system.
  • Step 505. The blockchain system receives the i-th round of local scheme gradient ciphertext uploaded by each client, and uses the smart contract to perform the i-th round of local scheme gradient ciphertext, standard scheme, aggregation rules, and aggregation tasks uploaded by each client.
  • Step 506 the blockchain system sends the aggregation task to the aggregation server through the smart contract, and the aggregation server gives the mortgage incentive value for executing the aggregation task.
  • the blockchain system can initialize an empty set through the smart contract, and add the aggregation server whose calculation consumption is less than the reward incentive value to the empty set to obtain an executable aggregation task A collection of aggregation servers.
  • the blockchain system sends the aggregation task to an aggregation server in the aggregation server set through the smart contract.
  • Step 507 The aggregation server collects the standard data set according to the aggregation task, calculates the gradient of the i-th round of the standard scheme according to the standard scheme in the aggregation task, and encrypts the gradient of the i-th round of the standard scheme through the CKKS encryption system to obtain the gradient of the i-th round of the standard scheme ciphertext.
  • the aggregation server calculates the i-th round of standard solutions:
  • Step 508 the aggregation server aggregates the local scheme gradient ciphertext of each client according to the local scheme gradient ciphertext of each client in the aggregation task and the aggregation rules, as shown in the process steps in Figure 4 to obtain the global scheme gradient ciphertext, the aggregation server according to The global scheme gradient ciphertext c i (the first global scheme gradient ciphertext) and the state corresponding to each instruction in the aggregation process generate the first aggregation task result, and upload the first aggregation task result to the blockchain system.
  • the global scheme gradient ciphertext c i the first global scheme gradient ciphertext
  • the state corresponding to each instruction in the aggregation process generate the first aggregation task result, and upload the first aggregation task result to the blockchain system.
  • Step 509 the blockchain system conducts a public audit of the first aggregation task result obtained by the aggregation server.
  • Step 510 the blockchain system receives the verification request and the mortgage incentive value from the verification server.
  • Step 511 the blockchain system sends the aggregation task to the verification server.
  • Step 512 verify that the server collects the standard data set according to the aggregation task, calculates the i-th round of the standard solution gradient according to the standard solution in the aggregation task, and encrypts the i-th round of the standard solution gradient through the CKKS encryption system to obtain the i-th round of the standard solution gradient ciphertext.
  • the verification server calculates the i-th round of the standard scheme:
  • Step 513 verify that the server aggregates the local scheme gradient ciphertext of each client according to the local scheme gradient ciphertext of each client in the aggregation task and the aggregation rules, as shown in the process steps in Figure 4 to obtain the global scheme gradient ciphertext, and verify that the server according to The global scheme gradient ciphertext c i (the second global scheme gradient ciphertext) and the state corresponding to each instruction in the aggregation process generate a second aggregation task result, and upload the second aggregation task result to the blockchain system.
  • the global scheme gradient ciphertext c i the second global scheme gradient ciphertext
  • Step 514 the blockchain system determines the global scheme gradient ciphertext from the first aggregation task result and the second aggregation task result through the smart contract.
  • the blockchain system obtains the gradient ciphertext of the first global scheme in the result of the first aggregation task and the gradient ciphertext of the second global scheme in the result of the second aggregation task, and compares the gradient ciphertext of the first global scheme through the smart contract. Whether the text and the gradient ciphertext of the second global scheme are the same.
  • the blockchain system determines from the state corresponding to each instruction in the second aggregation task result the instruction (difference instruction) that diverges from the state corresponding to each instruction in the first aggregation task result through the smart contract, and through the smart contract Take the state corresponding to the previous instruction of the divergent instruction as the initial state, execute the divergent instruction, and obtain the corresponding state of the divergent instruction in the blockchain system, if the corresponding state of the divergent instruction in the blockchain system is the same as the divergent instruction If the corresponding states in the task results are the same, it is determined that the second global scheme gradient ciphertext is the global scheme gradient ciphertext. If the corresponding state of the divergent instruction in the blockchain system is different from the corresponding state of the divergent instruction in the second aggregation task result, it is determined that the first global scheme gradient ciphertext is the global scheme gradient ciphertext.
  • Step 515 If it is determined that the second global scheme gradient ciphertext is the global scheme gradient ciphertext, give the verification server a reward incentive value, and give the aggregation server a deduction mortgage incentive value. If it is determined that the first global scheme gradient ciphertext is the global scheme gradient ciphertext, the aggregation server will be rewarded with an incentive value, and the verification server will be given a deduction of mortgage incentive value.
  • Step 516 the blockchain system sends the gradient ciphertext of the global scheme to each client.
  • Step 517 the client receives the gradient ciphertext of the global scheme, and trains the local scheme according to the gradient ciphertext of the global scheme.
  • the client node calculates the i+1th round of local solutions:
  • step 506 and step 511 can be executed at the same time.
  • step 507 and step 508 can be executed simultaneously with step 512 and step 513, or can be executed successively.
  • Step 512 And step 513 may be executed before step 507 and step 508, and step 509 and step 510 may not be executed.
  • FIG. 6 is a schematic diagram of a blockchain-based privacy protection scheme aggregation device provided in the embodiment of the application, as shown in FIG. 6 ,include:
  • the transceiver module 601 is configured to receive the local scheme gradient ciphertext uploaded by each client;
  • the transceiver module 601 is also used to send the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the gradient ciphertexts of the local schemes of the clients through aggregation rules to obtain the global Scheme gradient ciphertext;
  • a processing module 602 configured to determine the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server;
  • the transceiving module 601 is further configured to deliver the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used by the client to train the local scheme.
  • the transceiver module 601 is specifically configured to deliver the aggregation task to the aggregation server through the smart contract; receive the first aggregation task uploaded by the aggregation server to perform the aggregation task Result; the first task aggregation result contains the first global scheme gradient ciphertext; through the smart contract, the first global scheme gradient ciphertext is publicly audited; receiving the verification server verification request, through the smart The contract sends the aggregation task to the verification server.
  • the processing module 602 is specifically configured to, if the second aggregation task result uploaded by the verification server for executing the aggregation task is not received, determine the first global scheme gradient ciphertext as the The global scheme gradient ciphertext; if the second aggregation task result is received, determine the global scheme gradient ciphertext according to the first aggregation task result and the second aggregation task result.
  • the processing module 602 is specifically configured to compare whether the gradient ciphertext of the first global scheme and the gradient ciphertext of the second global scheme are the same through the smart contract, and the gradient ciphertext of the first global scheme is included in the In the first aggregation task result obtained by the aggregation server executing the aggregation task, the second global scheme gradient ciphertext is included in the second aggregation task result obtained by the verification server executing the aggregation task; if different, The blockchain system acquires a divergent instruction, and the divergent instruction is an instruction that diverges from the states corresponding to the instructions in the first aggregation task result among the states corresponding to the instructions in the second aggregation task result; The smart contract takes the state corresponding to the previous instruction of the divergent instruction as the initial state, executes the divergent instruction, and obtains the corresponding state of the divergent instruction in the blockchain system; if the divergent instruction is in the If the corresponding state in the blockchain system is the same as the corresponding state of
  • the processing module 602 is specifically configured to obtain the standard scheme gradient ciphertext according to the standard scheme and the standard data set; for any client's local scheme gradient ciphertext, determine the local scheme gradient ciphertext of the client.
  • the cosine similarity between the text and the standard scheme gradient ciphertext when the cosine similarity satisfies the set condition, determine the client's aggregater according to the client's local scheme gradient ciphertext and the cosine similarity item, and update the accumulated results of the aggregated clients based on the aggregated sub-items of the client until the aggregation of each client ends; calculate the accumulated results by any client to obtain the global scheme gradient ciphertext.
  • the processing module 602 is specifically configured to include: fragmenting the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme according to the same fragmentation rule, and obtaining gradient components, n is the scheme gradient length, k is the gradient component length; for The vth component at the same component position in the first gradient component determines the sub-cosine similarity between the vth component of the client's local scheme gradient ciphertext and the vth component of the standard scheme gradient ciphertext; sub-cosine similarity of each gradient component to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
  • the processing module 602 is specifically configured to satisfy the set condition for the cosine similarity, including: performing deformation based on the cosine similarity to obtain the first constant and the second constant, according to the ciphertext comparison rule and the The first constant and the second constant determine the first variable and the second variable, and the ciphertext comparison rule is used to obtain the plaintext comparison result of the ciphertext under ciphertext; and determine based on the ciphertext comparison rule A comparison result of the first variable and the second variable; determining that the comparison result is not equal to the second constant.
  • the processing module 602 is specifically configured to use the product of the client's local scheme gradient ciphertext and the cosine similarity as the first aggregation subitem; use the cosine similarity corresponding to the client As the second aggregation sub-item; add the first aggregation sub-item and the first accumulation result, and update the first accumulation result; add the second aggregation sub-item and the second accumulation result, and update the second aggregation sub-item Cumulative results; the cumulative results are calculated by any client to obtain the gradient ciphertext of the global scheme, including:
  • a global scheme gradient ciphertext is obtained according to the product of the second random vector/first random vector and the encryption calculation result.
  • the scheme gradient ciphertext is obtained by encrypting the scheme gradient through the CKKS homomorphic encryption algorithm.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Provided in the embodiments of the present application are a blockchain-based privacy protection scheme aggregation method and apparatus. The method comprises: a blockchain system receiving local scheme gradient ciphertext uploaded by each client; the blockchain system issuing an aggregation task to an aggregation server and a verification server by means of a smart contract, wherein the aggregation task is used for aggregating the local scheme gradient ciphertext of each client by means of an aggregation rule, so as to acquire global scheme gradient ciphertext; the blockchain system determining the global scheme gradient ciphertext on the basis of aggregation results of the aggregation server and the verification server executing the aggregation task; and the blockchain system issuing the global scheme gradient ciphertext to each client, wherein after being decrypted, the global scheme gradient ciphertext is used by the client to train a local scheme. The method is used for reducing the calculation overheads of a blockchain node, and improving the accuracy of a global scheme gradient.

Description

一种基于区块链的隐私保护方案聚合方法及装置A blockchain-based privacy protection scheme aggregation method and device
相关申请的交叉引用Cross References to Related Applications
本申请要求在2021年11月03日提交中国专利局、申请号为202111297395.2、申请名称为“一种基于区块链的隐私保护方案聚合方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application submitted to the China Patent Office on November 03, 2021, with the application number 202111297395.2 and the application name "A Method and Device for Aggregating Privacy Protection Schemes Based on Blockchain", the entire content of which Incorporated in this application by reference.
技术领域technical field
本申请涉及网络技术领域,尤其涉及一种基于区块链的隐私保护方案聚合方法及装置。The present application relates to the field of network technology, and in particular to a blockchain-based privacy protection scheme aggregation method and device.
背景技术Background technique
近年来,随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技(Fintech)转变,但由于金融行业的安全性、实时性要求,也对技术提出更高的要求。而由于区块链所基于的密码学技术和去中心化思想使链上的历史信息无法被篡改的优势,区块链技术也在金融行业有着普遍应用。In recent years, with the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually transforming into Fintech. However, due to the security and real-time requirements of the financial industry, there are also requirements higher requirement. Due to the cryptography technology and decentralization idea on which the blockchain is based, the historical information on the chain cannot be tampered with, and the blockchain technology is also widely used in the financial industry.
现有隐私保护方案中:各客户端利用本地数据集训练本地方案,得到各自训练后的本地方案梯度,可以将各客户端的本地方案梯度聚合获取优化的全局方案梯度,各客户端根据全局方案梯度训练本地方案,提升本地方案训练的效果。其中,为了避免单点失效问题,将方案梯度的聚合过程设置在区块链中,由区块链接收各客户端上传的本地方案梯度,并对各客户端上传的本地方案梯度进行聚合获取全局方案梯度。区块链节点将全局方案梯度下发至各客户端,使得各客户端可以根据全局方案梯度进一步优化本地方案。该过程虽然应用了区块链的密码学技术和去中心化思想使方案梯度信息不会泄露和被篡改,但是也相应的大大增加了区块链节点的计算压力。In the existing privacy protection scheme: each client uses the local data set to train the local scheme, and obtains the local scheme gradient after training, and can aggregate the local scheme gradients of each client to obtain the optimized global scheme gradient, and each client according to the global scheme gradient Train local programs to improve the effect of local program training. Among them, in order to avoid the single-point failure problem, the aggregation process of the solution gradient is set in the blockchain, and the blockchain receives the local solution gradients uploaded by each client, and aggregates the local solution gradients uploaded by each client to obtain the global Program gradient. The blockchain node sends the global solution gradient to each client, so that each client can further optimize the local solution according to the global solution gradient. Although this process applies blockchain cryptography technology and decentralization ideas so that the scheme gradient information will not be leaked or tampered with, it also greatly increases the computational pressure on blockchain nodes.
因此,现在亟需一种基于区块链的隐私保护方案聚合方法及装置,用于 降低区块链节点计算开销,提高全局方案梯度的准确性。Therefore, there is an urgent need for a blockchain-based privacy protection scheme aggregation method and device to reduce the computational overhead of blockchain nodes and improve the accuracy of the global scheme gradient.
发明内容Contents of the invention
本申请实施例提供一种基于区块链的隐私保护方案聚合方法及装置,用于降低区块链节点计算开销,提高全局方案梯度的准确性。Embodiments of the present application provide a blockchain-based privacy protection scheme aggregation method and device, which are used to reduce the computational overhead of blockchain nodes and improve the accuracy of global scheme gradients.
第一方面,本申请实施例提供一种基于区块链的隐私保护方案聚合方法,该方法包括:In the first aspect, the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method, the method comprising:
区块链系统接收各客户端上传的本地方案梯度密文;所述区块链系统通过智能合约将聚合任务下发至聚合服务端和验证服务端,所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文;所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文;所述区块链系统将所述全局方案梯度密文下发至各客户端,所述全局方案梯度密文解密后用于客户端对本地方案进行训练。The blockchain system receives the local scheme gradient ciphertext uploaded by each client; the blockchain system sends the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate all The local scheme gradient ciphertext of each client is aggregated to obtain the global scheme gradient ciphertext; the blockchain system determines the global scheme gradient based on the aggregation result of the aggregation task performed by the aggregation server and the verification server Ciphertext: the block chain system sends the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used for the client to train the local scheme.
上述方法中,区块链系统将聚合任务下发至聚合服务端和验证服务器,分别获取聚合服务端和验证服务端上传的聚合结果,并对聚合服务端和验证服务端上传的聚合结果进行验证,确定正确的全局方案梯度密文,将正确的全局方案梯度密文下发至各客户端,以使得客户端通过正确的全局方案梯度密文对本地方案进行训练。如此,相比于现有技术中在区块链中进行聚合来说。本申请可以降低区块链的计算开销。还可以通过对聚合服务端和验证服务端的聚合结果进行验证获取正确的全局方案梯度,提高全局方案梯度计算的准确性。可选的,通过智能合约将所述聚合任务下发至聚合服务端和验证服务端,包括:所述区块链系统通过所述智能合约将所述聚合任务下发至所述聚合服务端;所述区块链系统接收所述聚合服务端上传的执行所述聚合任务的第一聚合任务结果;所述第一任务聚合结果中包含第一全局方案梯度密文;所述区块链系统通过所述智能合约将所述第一全局方案梯度密文公开审计;所述区块链系统接收所述验证服务端验证请求,通过所述智能合约将所 述聚合任务下发至所述验证服务端。In the above method, the blockchain system sends the aggregation task to the aggregation server and the verification server, obtains the aggregation results uploaded by the aggregation server and the verification server respectively, and verifies the aggregation results uploaded by the aggregation server and the verification server , determine the correct global scheme gradient ciphertext, and send the correct global scheme gradient ciphertext to each client, so that the client can train the local scheme through the correct global scheme gradient ciphertext. In this way, compared to the aggregation in the blockchain in the prior art. This application can reduce the computing overhead of the blockchain. The correct global solution gradient can also be obtained by verifying the aggregation results of the aggregation server and the verification server, so as to improve the accuracy of the global solution gradient calculation. Optionally, sending the aggregation task to the aggregation server and the verification server through a smart contract includes: sending the aggregation task to the aggregation server by the blockchain system through the smart contract; The block chain system receives the first aggregation task result of executing the aggregation task uploaded by the aggregation server; the first task aggregation result contains the first global scheme gradient ciphertext; the block chain system passes The smart contract publicly audits the gradient ciphertext of the first global scheme; the blockchain system receives the verification request from the verification server, and sends the aggregation task to the verification server through the smart contract .
上述方法中,区块链系统通过智能合约将聚合任务下发至聚合服务端,并在接收聚合服务端上传的第一聚合任务结果后,将第一聚合任务结果中的第一全局方案梯度密文进行公开审计,若验证服务端挑战该聚合任务,则区块链系统通过智能合约将该聚合任务下发至验证服务端,获取验证服务端的第二聚合任务结果中的第二全局方案梯度密文。如此,根据聚合服务端的第一全局方案梯度密文和验证服务端的第二全局方案梯度密文确定正确的全局方案梯度密文,即,增加全局方案梯度密文的挑战验证机制,以获取多个全局方案梯度密文,从该多个全局方案梯度密文中选取可靠性最高的全局方案梯度密文下发至各客户端,提高全局方案梯度密文的准确度,以及提高客户端本地方案训练的准确性。In the above method, the blockchain system sends the aggregation task to the aggregation server through the smart contract, and after receiving the first aggregation task result uploaded by the aggregation server, encrypts the gradient of the first global scheme in the first aggregation task result. If the verification server challenges the aggregation task, the blockchain system will send the aggregation task to the verification server through the smart contract, and obtain the second global scheme gradient encryption in the second aggregation task result of the verification server. arts. In this way, the correct global scheme gradient ciphertext is determined according to the first global scheme gradient ciphertext of the aggregation server and the second global scheme gradient ciphertext of the verification server, that is, the challenge verification mechanism of the global scheme gradient ciphertext is added to obtain multiple Global scheme gradient ciphertext, select the most reliable global scheme gradient ciphertext from the multiple global scheme gradient ciphertexts and send it to each client, improve the accuracy of the global scheme gradient ciphertext, and improve the performance of the client's local scheme training accuracy.
可选的,所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文,包括:所述区块链系统若未接收到所述验证服务端上传的执行所述聚合任务的第二聚合任务结果,则将所述第一全局方案梯度密文确定为所述全局方案梯度密文;所述区块链系统若接收到所述第二聚合任务结果,则根据所述第一聚合任务结果和所述第二聚合任务结果,确定出全局方案梯度密文。Optionally, the blockchain system determines the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server, including: if the blockchain system does not receive To the second aggregation task result of executing the aggregation task uploaded by the verification server, the first global scheme gradient ciphertext is determined as the global scheme gradient ciphertext; if the blockchain system receives The second aggregation task result determines the global scheme gradient ciphertext according to the first aggregation task result and the second aggregation task result.
上述方法中,若验证服务端没有发起验证挑战,则以聚合服务端的第一聚合任务结果中的第一全局方案梯度密文作为全局方案梯度密文。In the above method, if the verification server does not initiate a verification challenge, the first global scheme gradient ciphertext in the first aggregation task result of the aggregation server is used as the global scheme gradient ciphertext.
可选的,所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文,包括:所述区块链系统通过所述智能合约比较第一全局方案梯度密文和第二全局方案梯度密文是否相同,所述第一全局方案梯度密文包含于所述聚合服务端执行所述聚合任务得到的第一聚合任务结果中,所述第二全局方案梯度密文包含于所述验证服务端执行所述聚合任务得到的第二聚合任务结果中;若不同,所述区块链系统获取分歧指令,所述分歧指令为所述第二聚合任务结果中各指令对应的状态中,与所述第一聚合任务结果中各指令对应的状态产生分歧的指令;所述 区块链系统通过所述智能合约以所述分歧指令前一指令对应的状态作为初始状态,执行所述分歧指令,获取所述分歧指令在所述区块链系统中对应的状态;若所述分歧指令在所述区块链系统中对应的状态与所述分歧指令在所述第二聚合任务结果中对应的状态相同,则确定所述第二全局方案梯度密文是所述全局方案梯度密文。Optionally, the blockchain system determines the global scheme gradient ciphertext based on the aggregation result of the aggregation task performed by the aggregation server and the verification server, including: the blockchain system uses the The smart contract compares whether the gradient ciphertext of the first global scheme and the gradient ciphertext of the second global scheme are the same, and the gradient ciphertext of the first global scheme is included in the first aggregation task result obtained by the aggregation server executing the aggregation task , the second global scheme gradient ciphertext is included in the second aggregation task result obtained by the verification server executing the aggregation task; if different, the blockchain system obtains a divergent instruction, and the divergent instruction is all In the state corresponding to each instruction in the second aggregation task result, an instruction that diverges from the state corresponding to each instruction in the first aggregation task result; the blockchain system forwards the divergent instruction through the smart contract The state corresponding to an instruction is used as the initial state, execute the divergent instruction, and obtain the corresponding state of the divergent instruction in the blockchain system; if the corresponding state of the divergent instruction in the blockchain system is the same as the If the states corresponding to the divergence instructions in the second aggregation task result are the same, then it is determined that the second global scheme gradient ciphertext is the global scheme gradient ciphertext.
上述方法中,当第一全局方案梯度密文和第二全局方案梯度密文相同时,则可以认为聚合服务端和验证服务端获取的全局方案梯度密文是准确的;当第一全局方案梯度密文和第二全局方案梯度密文不相同时,则聚合服务端/验证服务端的聚合结果中存在错误的全局方案梯度密文。对聚合服务端和验证服务端的聚合结果进行验证:聚合服务端上传的第一聚合任务结果中包含各指令对应的状态,以及验证服务端上传的第二聚合任务结果中包含各指令对应的状态,则区块链系统通过智能合约可以从第二聚合任务结果中各指令对应的状态中确定出与第一聚合任务结果中各指令对应的状态产生分歧的指令,即,分歧指令,并以该分歧指令前一指令对应的状态作为初始状态,执行该分歧指令,获取该分歧指令在区块链系统中对应的状态,比较该分歧指令在区块链系统中对应的状态和该分歧指令在验证服务端中对应的状态是否一致,若一致,则认为验证服务端上传的第二聚合任务结果是正确的,即,第二全局方案梯度密文是正确的,聚合服务端上传的第一全局方案梯度密文是准确性低的。如此,增加了全局方案梯度密文的多方执行,多结果比较验证的机制,提高全局方案梯度密文的准确性。In the above method, when the first global scheme gradient ciphertext is the same as the second global scheme gradient ciphertext, it can be considered that the global scheme gradient ciphertext obtained by the aggregation server and the verification server is accurate; when the first global scheme gradient When the ciphertext is different from the second global scheme gradient ciphertext, there is an incorrect global scheme gradient ciphertext in the aggregation result of the aggregation server/verification server. Verify the aggregation results of the aggregation server and the verification server: the first aggregation task result uploaded by the aggregation server includes the status corresponding to each instruction, and the second aggregation task result uploaded by the verification server includes the status corresponding to each instruction, Then the blockchain system can determine the instruction that diverges from the states corresponding to the instructions in the second aggregation task result through the smart contract, that is, the divergence instruction, and use the divergence The state corresponding to the previous instruction of the instruction is taken as the initial state, execute the divergent instruction, obtain the corresponding state of the divergent instruction in the blockchain system, compare the corresponding state of the divergent instruction in the blockchain system with the verification service of the divergent instruction Whether the corresponding state in the end is consistent, if they are consistent, it is considered that the result of the second aggregation task uploaded by the verification server is correct, that is, the gradient ciphertext of the second global scheme is correct, and the gradient of the first global scheme uploaded by the aggregation server is correct. Ciphertext is less accurate. In this way, the multi-party execution of the global scheme gradient ciphertext and the mechanism of multi-result comparison and verification are added to improve the accuracy of the global scheme gradient ciphertext.
可选的,所述聚合任务中还包含标准方案;所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文,包括:Optionally, the aggregation task also includes a standard scheme; the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through aggregation rules to obtain the global scheme gradient ciphertext, including:
根据所述标准方案和标准数据集,得到标准方案梯度密文;According to the standard scheme and the standard data set, the gradient ciphertext of the standard scheme is obtained;
针对任一客户端的本地方案梯度密文,确定所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度;在所述余弦相似度满足设定条件时,根据所述客户端的本地方案梯度密文和所述余弦相似度,确定所述客 户端的聚合子项,并基于所述客户端的聚合子项更新已聚合客户端的累积结果,直至各客户端均聚合结束;通过所述客户端计算所述累积结果得到全局方案梯度密文。For the local scheme gradient ciphertext of any client, determine the cosine similarity between the local scheme gradient ciphertext of the client and the standard scheme gradient ciphertext; when the cosine similarity satisfies the set condition, according to the client The gradient ciphertext of the local scheme of the client and the cosine similarity, determine the aggregation sub-item of the client, and update the accumulated results of the aggregated clients based on the aggregation sub-item of the client, until the aggregation of each client ends; through the The client calculates the cumulative result to obtain the gradient ciphertext of the global scheme.
上述方法中,标准数据集可以是聚合服务端在专业权威机构获取的,标准方案可以是基于客户端本地方案类型和特征确定的。则根据标准方案和标准数据集得到的标准方案梯度密文为具有客户端本地方案的代表性的正向(准确)的方案梯度密文。则根据客户端的本地方案梯度密文和标准方案梯度密文的余弦相似度确定该客户端的本地方案梯度密文是否进行聚合,可以提高聚合结果的准确性。换句话说,若客户端被攻击,本地方案被篡改,该客户端上传的本地方案梯度密文与标准方案梯度密文的余弦相似度则会不符合设定条件,相应的,不对该客户端的本地方案梯度密文进行聚合,可以防止客户端发生被恶意投毒攻击导致的全局方案梯度密文不准确的情况。In the above method, the standard data set can be obtained by the aggregation server in a professional authority, and the standard solution can be determined based on the type and characteristics of the client's local solution. Then the standard scheme gradient ciphertext obtained according to the standard scheme and the standard data set is a representative positive (accurate) scheme gradient ciphertext with the local scheme of the client. Then, according to the cosine similarity between the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme, it is determined whether the gradient ciphertext of the local scheme of the client is aggregated, which can improve the accuracy of the aggregation result. In other words, if the client is attacked and the local scheme is tampered with, the cosine similarity between the gradient ciphertext of the local scheme uploaded by the client and the gradient ciphertext of the standard scheme will not meet the set conditions. The aggregation of the gradient ciphertext of the local scheme can prevent the inaccuracy of the gradient ciphertext of the global scheme caused by malicious poisoning attacks on the client.
可选的,确定所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度,包括:将所述客户端的本地方案梯度密文与所述标准方案梯度密文按照相同的分片规则进行分片,分别得到
Figure PCTCN2021139191-appb-000001
个梯度分量,n为方案梯度长度,k为梯度分量长度;针对
Figure PCTCN2021139191-appb-000002
个梯度分量中处于同一分量位置的第v分量,确定所述客户端的本地方案梯度密文的第v分量与所述标准方案梯度密文的第v分量的子余弦相似度;根据
Figure PCTCN2021139191-appb-000003
个梯度分量的子余弦相似度,得到所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度。 Optionally, determining the cosine similarity between the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme includes: making the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme according to the same Fragmentation rules for fragmentation, respectively
Figure PCTCN2021139191-appb-000001
gradient components, n is the scheme gradient length, k is the gradient component length; for
Figure PCTCN2021139191-appb-000002
The vth component at the same component position in the first gradient component determines the sub-cosine similarity between the vth component of the client's local scheme gradient ciphertext and the vth component of the standard scheme gradient ciphertext;
Figure PCTCN2021139191-appb-000003
sub-cosine similarity of each gradient component to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
上述方法中,若方案梯度长度较长,不能一次加密,则可以根据加密算法的加密能力k,将方案梯度进行分片获取
Figure PCTCN2021139191-appb-000004
个梯度分量。如此,保证加密的正常执行。相应的,在计算余弦相似度时,则可以将本地方案梯度密文的分量和标准方案梯度密文的对应分量进行密文余弦相似度计算,获取该位置分量对应的子余弦相似度,将
Figure PCTCN2021139191-appb-000005
个梯度分量的子余弦相似度作和得到客户端的本地方案梯度密文与标准方案梯度密文的余弦相似度。 In the above method, if the length of the scheme gradient is too long to be encrypted at one time, the scheme gradient can be obtained by fragmentation according to the encryption capability k of the encryption algorithm
Figure PCTCN2021139191-appb-000004
a gradient component. In this way, the normal execution of encryption is guaranteed. Correspondingly, when calculating the cosine similarity, the components of the gradient ciphertext of the local scheme and the corresponding components of the gradient ciphertext of the standard scheme can be calculated for the cosine similarity of the ciphertext, and the sub-cosine similarity corresponding to the position component can be obtained, and the
Figure PCTCN2021139191-appb-000005
The sub-cosine similarity of each gradient component is summed to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
可选的,所述余弦相似度满足设定条件,包括:基于所述余弦相似度进 行变形获取第一常量和第二常量,根据密文比较规则和所述第一常量和所述第二常量确定第一变量与第二变量,所述密文比较规则用于在密文下获取所述密文的明文比较结果;并根据所述密文比较规则确定基于所述第一变量与所述第二变量的比较结果;确定所述比较结果不等于所述第二常量。Optionally, the cosine similarity satisfies a set condition, including: performing deformation based on the cosine similarity to obtain the first constant and the second constant, and according to the ciphertext comparison rule and the first constant and the second constant Determining a first variable and a second variable, the ciphertext comparison rule is used to obtain a plaintext comparison result of the ciphertext under ciphertext; and according to the ciphertext comparison rule, determine A comparison result of two variables; determining that the comparison result is not equal to the second constant.
上述方法中,由于余弦相似度是客户端的本地方案梯度密文与标准方案梯度密文的。因此,为了获取客户端的本地方案梯度明文与标准方案梯度密明文的余弦相似度与设定条件的比较结果,通过上述密文比较规则获取该密文在明文条件下的余弦相似度是否符合设定条件的比较结果,在密文条件下,保证明文计算结果的准确性。In the above method, since the cosine similarity is the difference between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme. Therefore, in order to obtain the comparison result of the cosine similarity between the gradient plaintext of the client’s local scheme and the gradient cipher plaintext of the standard scheme, and the set conditions, the cosine similarity of the ciphertext under the plaintext condition is obtained through the above ciphertext comparison rules. The comparison result of the condition, under the ciphertext condition, ensures the accuracy of the plaintext calculation result.
可选的,根据所述客户端的本地方案梯度密文和所述余弦相似度,确定所述客户端的聚合子项,并基于所述客户端的聚合子项更新已聚合客户端的累积结果,包括:将所述客户端的本地方案梯度密文和所述客户端对应的余弦相似度的乘积作为第一聚合子项;将所述客户端对应的所述余弦相似度作为第二聚合子项;将所述第一聚合子项与第一累积结果累加,更新所述第一累积结果;将所述第二聚合子项与第二累积结果累加,更新所述第二累积结果;Optionally, according to the client's local scheme gradient ciphertext and the cosine similarity, determine the aggregation sub-item of the client, and update the accumulated result of the aggregated client based on the client's aggregation sub-item, including: The product of the local scheme gradient ciphertext of the client and the cosine similarity corresponding to the client is used as a first aggregation subitem; the cosine similarity corresponding to the client is used as a second aggregation subitem; the accumulating the first aggregation sub-item with the first accumulation result, and updating the first accumulation result; adding the second aggregation sub-item with the second accumulation result, and updating the second accumulation result;
通过所述客户端计算所述累积结果得到全局方案梯度密文,包括:The cumulative result is calculated by the client to obtain the global scheme gradient ciphertext, including:
确定第一随机向量和第二随机向量,获取所述第一随机向量与所述第一累积结果的乘积的第一乘积,获取所述第二随机向量与所述第二累积结果的乘积的第二乘积;determining a first random vector and a second random vector, obtaining a first product of a product of the first random vector and the first cumulative result, and obtaining a first product of a product of the second random vector and the second cumulative result double product;
将所述第一乘积和所述第二乘积发送至所述客户端;sending the first product and the second product to the client;
基于所述客户端的私钥,对所述第一乘积进行解密,得到第一解密结果,并对所述第二乘积进行解密,得到第二解密结果,将所述第一解密结果/所述第二解密结果得到计算结果;Based on the private key of the client, decrypt the first product to obtain a first decryption result, and decrypt the second product to obtain a second decryption result, and calculate the first decryption result/the first decryption result Two decryption results to obtain calculation results;
基于所述客户端的公钥对所述计算结果加密,得到加密计算结果;Encrypting the calculation result based on the public key of the client to obtain an encrypted calculation result;
根据所述第二随机向量/第一随机向量与所述加密计算结果的乘积得到全局方案梯度密文。A global scheme gradient ciphertext is obtained according to the product of the second random vector/first random vector and the encryption calculation result.
上述方法中,聚合服务端确定第一随机向量和第二随机向量,将第一随机向量和第二随机向量分别与第一累积结果和第二累积结果相乘,得到第一乘积和第二乘积。聚合服务端将第一乘积和第二乘积发送至客户端,基于该客户端的私钥,该客户端对所述第一乘积和第二乘积进行解密,得到第一解密结果和第二解密结果。如此,得到明文的第一解密结果(但实际仍然是明文的第一累积结果与第一随机向量的乘积)和第二解密结果(但实际仍然是明文的第二累积结果与第二随机向量的乘积),该客户端进一步将第一解密结果和第二解密结果进行除法运算,得到全局方案梯度*(第一随机向量/第二随机向量)。该客户端根据公钥对全局方案梯度*(第一随机向量/第二随机向量)加密,并将结果发送至聚合服务端,聚合服务端将加密的全局方案梯度*(第一随机向量/第二随机向量)乘以(第二随机向量/第一随机向量)得到全局方案梯度密文。如此,即可以通过客户端进行除法规则运算获取全局方案梯度,又可以保证聚合服务端与客户端之间信息传输的安全性,即,保证聚合服务端和客户端间传输的全局方案梯度密文的安全性。另外,通过设置第一随机向量和第二随机向量分别与第一累积结果和第二累积结果相乘,使得即使客户端将第一累积结果和第二累积结果解密,也仍然不能获得全局方案梯度的明文,进一步保证全局方案梯度的安全保密性。In the above method, the aggregation server determines the first random vector and the second random vector, and multiplies the first random vector and the second random vector by the first cumulative result and the second cumulative result respectively to obtain the first product and the second product . The aggregation server sends the first product and the second product to the client, and based on the client's private key, the client decrypts the first product and the second product to obtain the first decryption result and the second decryption result. In this way, the first decryption result of the plaintext (but actually still the product of the first accumulation result of the plaintext and the first random vector) and the second decryption result (but actually still the product of the second accumulation result of the plaintext and the second random vector) product), the client further divides the first decryption result and the second decryption result to obtain the global scheme gradient * (first random vector/second random vector). The client encrypts the global scheme gradient * (first random vector/second random vector) according to the public key, and sends the result to the aggregation server, and the aggregation server sends the encrypted global scheme gradient * (first random vector/second random vector) Two random vectors) multiplied by (second random vector/first random vector) to obtain the global scheme gradient ciphertext. In this way, the global scheme gradient can be obtained through the division rule calculation on the client side, and the security of information transmission between the aggregation server and the client can be guaranteed, that is, the global scheme gradient ciphertext transmitted between the aggregation server and the client can be guaranteed security. In addition, by setting the first random vector and the second random vector to be multiplied by the first cumulative result and the second cumulative result respectively, even if the client decrypts the first cumulative result and the second cumulative result, the global scheme gradient cannot be obtained The plaintext of , further guarantees the security and confidentiality of the global scheme gradient.
可选的,方案梯度密文为通过CKKS同态加密算法对方案梯度进行加密得到的。Optionally, the scheme gradient ciphertext is obtained by encrypting the scheme gradient through the CKKS homomorphic encryption algorithm.
上述方法中,CKKS同态加密算法可以保证客户端、服务端和区块链系统间方案梯度传输的数据隐私,且计算量较小,得到的密文小,可以节约加密资源和密文传输资源。In the above method, the CKKS homomorphic encryption algorithm can guarantee the data privacy of the program gradient transmission between the client, the server and the blockchain system, and the calculation amount is small, and the obtained ciphertext is small, which can save encryption resources and ciphertext transmission resources .
第二方面,本申请实施例提供一种基于区块链的隐私保护方案聚合装置,该装置包括:In the second aspect, the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation device, which includes:
收发模块,用于接收各客户端上传的本地方案梯度密文;The transceiver module is used to receive the gradient ciphertext of the local scheme uploaded by each client;
所述收发模块还用于,通过智能合约将聚合任务下发至聚合服务端和验证服务端,所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度 密文聚合从而获取全局方案梯度密文;The transceiver module is also used to send the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through the aggregation rule to obtain the global scheme Gradient ciphertext;
处理模块,用于基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文;A processing module, configured to determine the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server;
所述收发模块还用于,将所述全局方案梯度密文下发至各客户端,所述全局方案梯度密文解密后用于客户端对本地方案进行训练。The transceiver module is further configured to deliver the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used by the client to train the local scheme.
第三方面,本申请实施例还提供一种计算设备,包括:存储器,用于存储程序;处理器,用于调用所述存储器中存储的程序,按照获得的程序执行如第一方面的各种可能的设计中所述的方法。In the third aspect, the embodiment of the present application also provides a computing device, including: a memory for storing programs; a processor for invoking the programs stored in the memory, and executing various methods according to the first aspect according to the obtained programs. methods described in Possible Designs.
第四方面,本申请实施例还提供一种计算机可读非易失性存储介质,包括计算机可读程序,当计算机读取并执行所述计算机可读程序时,使得计算机执行如第一方面的各种可能的设计中所述的方法。In the fourth aspect, the embodiment of the present application also provides a computer-readable non-volatile storage medium, including a computer-readable program, and when the computer reads and executes the computer-readable program, the computer executes the computer-readable program according to the first aspect. Various possible designs are described in the method.
本申请的这些实现方式或其他实现方式在以下实施例的描述中会更加简明易懂。These implementation manners or other implementation manners of the present application will be more concise and understandable in the description of the following embodiments.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings that need to be used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For Those skilled in the art can also obtain other drawings based on these drawings without any creative effort.
图1为本申请实施例提供的一种基于区块链的隐私保护方案聚合的架构示意图;FIG. 1 is a schematic diagram of the architecture of a blockchain-based privacy protection scheme aggregation provided by an embodiment of the present application;
图2为本申请实施例提供的一种基于区块链的隐私保护方案聚合方法的流程示意图;FIG. 2 is a schematic flow diagram of a blockchain-based privacy protection scheme aggregation method provided by an embodiment of the present application;
图3为本申请实施例提供的一种余弦相似度计算方法的流程示意图;FIG. 3 is a schematic flowchart of a cosine similarity calculation method provided in an embodiment of the present application;
图4为本申请实施例提供的一种基于区块链的隐私保护方案聚合方法的流程示意图;FIG. 4 is a schematic flow diagram of a blockchain-based privacy protection scheme aggregation method provided by an embodiment of the present application;
图5为本申请实施例提供的一种基于区块链的隐私保护方案聚合方法的 流程示意图;Fig. 5 is a schematic flow diagram of a block chain-based privacy protection scheme aggregation method provided by the embodiment of the application;
图6为本申请实施例提供的一种基于区块链的隐私保护方案聚合装置示意图。FIG. 6 is a schematic diagram of a block chain-based privacy protection scheme aggregation device provided by an embodiment of the present application.
具体实施方式Detailed ways
为了使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请作进一步地详细描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本申请保护的范围。In order to make the purpose, technical solution and advantages of the application clearer, the application will be further described in detail below in conjunction with the accompanying drawings. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.
图1为本申请实施例提供的一种基于区块链的隐私保护方案聚合的系统架构,多个客户端(Z为大于0的正整数)101将本地方案梯度密文上传至区块链系统102。区块链系统102根据多个客户端101上传的本地方案梯度密文生成聚合任务,下发至聚合服务端103。聚合服务端103根据聚合任务将多个客户端101上传的本地方案梯度密文聚合获取聚合任务结果,将聚合任务结果上传至区块链系统102。区块链系统102将该聚合任务结果进行公审,接收到验证服务端104的验证请求,将聚合任务下发至验证服务端104。验证服务端104根据聚合任务对多个客户端101上传的本地方案梯度密文聚合获取聚合任务结果,将聚合任务结果上传至区块链系统102。这里也可以是区块链系统102将聚合任务分别下发至聚合服务端103和验证服务端104,获取聚合服务端103上传的第一聚合任务结果和验证服务端104上传的第二聚合任务结果。此时,区块链系统102中包含聚合服务端103的聚合任务结果和验证服务端104的聚合任务结果,聚合任务结果中包含全局方案梯度密文,区块链系统102对聚合服务端103的聚合任务结果和验证服务端104的聚合任务结果进行验证,获取正确的全局方案梯度密文,将该正确的全局方案梯度密文分别下发至多个客户端101,使得多个客户端101根据该全局方案梯度密文对本地方案进行训练。Fig. 1 is the system architecture of a blockchain-based privacy protection scheme aggregation provided by the embodiment of the present application. Multiple clients (Z is a positive integer greater than 0) 101 upload the local scheme gradient ciphertext to the blockchain system 102. The blockchain system 102 generates an aggregation task according to the gradient ciphertext of the local scheme uploaded by multiple clients 101, and sends it to the aggregation server 103. The aggregation server 103 aggregates the local scheme gradient ciphertext uploaded by multiple clients 101 according to the aggregation task to obtain the aggregation task result, and uploads the aggregation task result to the blockchain system 102 . The blockchain system 102 conducts a public review of the aggregation task result, receives the verification request from the verification server 104, and sends the aggregation task to the verification server 104. The verification server 104 aggregates the local scheme gradient ciphertext uploaded by multiple clients 101 according to the aggregation task to obtain the aggregation task result, and uploads the aggregation task result to the blockchain system 102 . Here, the blockchain system 102 may also send the aggregation task to the aggregation server 103 and the verification server 104 respectively, and obtain the first aggregation task result uploaded by the aggregation server 103 and the second aggregation task result uploaded by the verification server 104 . At this time, the block chain system 102 includes the aggregation task result of the aggregation server 103 and the aggregation task result of the verification server 104. The aggregation task result contains the gradient ciphertext of the global scheme. The aggregation task result and the aggregation task result of the verification server 104 are verified, and the correct global scheme gradient ciphertext is obtained, and the correct global scheme gradient ciphertext is sent to multiple clients 101 respectively, so that multiple clients 101 The global scheme gradient ciphertext is trained on the local scheme.
基于此,本申请实施例提供了一种基于区块链的隐私保护方案聚合方法的流程,如图2所示,包括:Based on this, the embodiment of this application provides a flow of a blockchain-based privacy protection scheme aggregation method, as shown in Figure 2, including:
步骤201、区块链系统接收各客户端上传的本地方案梯度密文; Step 201, the blockchain system receives the local scheme gradient ciphertext uploaded by each client;
此处,客户端上传的本地方案梯度密文是根据该客户端的本地方案梯度加密获得的,本地方案梯度是本地方案训练获取的。Here, the gradient ciphertext of the local scheme uploaded by the client is encrypted according to the gradient of the local scheme of the client, and the gradient of the local scheme is obtained through training of the local scheme.
在一种示例中,客户端节点计算第i轮本地方案梯度:In one example, the client node computes the i-th round local solution gradient:
Figure PCTCN2021139191-appb-000006
Figure PCTCN2021139191-appb-000006
其中,
Figure PCTCN2021139191-appb-000007
表示第l个客户端节点第i轮本地方案梯度,
Figure PCTCN2021139191-appb-000008
表示求导操作,L(·)表示损失函数,D l表示第l个客户端节点的本地数据。这里的客户端本地方案训练方法只是一种示例,客户端本地方案训练还可以是神经网络的图像二分类方案的训练方法等等,具体不做限定。 in,
Figure PCTCN2021139191-appb-000007
Indicates the i-th round local solution gradient of the l-th client node,
Figure PCTCN2021139191-appb-000008
Indicates the derivation operation, L( ) indicates the loss function, and D l indicates the local data of the lth client node. The client local scheme training method here is just an example, and the client local scheme training may also be a training method of a neural network image binary classification scheme, etc., which are not specifically limited.
步骤202、所述区块链系统通过智能合约将聚合任务下发至聚合服务端和验证服务端,所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文; Step 202, the blockchain system sends the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through the aggregation rule to obtain the global Scheme gradient ciphertext;
步骤203、所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文; Step 203, the blockchain system determines the global scheme gradient ciphertext based on the aggregation results of the aggregation task performed by the aggregation server and the verification server;
步骤204、所述区块链系统将所述全局方案梯度密文下发至各客户端,所述全局方案梯度密文解密后用于客户端对本地方案进行训练。 Step 204, the blockchain system sends the global scheme gradient ciphertext to each client, and the global scheme gradient ciphertext is decrypted and used by the client to train the local scheme.
上述方法中,区块链系统将聚合任务下发至聚合服务端和验证服务器,分别获取聚合服务端和验证服务端上传的聚合结果,并对聚合服务端和验证服务端上传的聚合结果进行验证,确定正确的全局方案梯度密文,将正确的全局方案梯度密文下发至各客户端,以使得客户端通过正确的全局方案梯度密文对本地方案进行训练。如此,相比于现有技术中在区块链中进行聚合来说。本申请可以降低区块链的计算开销。还可以通过对聚合服务端和验证服务端的聚合结果进行验证获取正确的全局方案梯度,提高全局方案梯度计算的准确性。In the above method, the blockchain system sends the aggregation task to the aggregation server and the verification server, obtains the aggregation results uploaded by the aggregation server and the verification server respectively, and verifies the aggregation results uploaded by the aggregation server and the verification server , determine the correct global scheme gradient ciphertext, and send the correct global scheme gradient ciphertext to each client, so that the client can train the local scheme through the correct global scheme gradient ciphertext. In this way, compared to the aggregation in the blockchain in the prior art. This application can reduce the computing overhead of the blockchain. The correct global solution gradient can also be obtained by verifying the aggregation results of the aggregation server and the verification server, so as to improve the accuracy of the global solution gradient calculation.
本申请实施例提供了一种基于区块链的隐私保护方案聚合方法,通过智 能合约将所述聚合任务下发至聚合服务端和验证服务端,包括:所述区块链系统通过所述智能合约将所述聚合任务下发至所述聚合服务端;所述区块链系统接收所述聚合服务端上传的执行所述聚合任务的第一聚合任务结果;所述第一任务聚合结果中包含第一全局方案梯度密文;所述区块链系统通过所述智能合约将所述第一全局方案梯度密文公开审计;所述区块链系统接收所述验证服务端验证请求,通过所述智能合约将所述聚合任务下发至所述验证服务端。也就是说,区块链系统下发聚合任务时,还可以是先将聚合任务下发至聚合服务端,在聚合服务端返回聚合任务结果后,对该聚合任务结果进行公开审计,若未接收的到验证服务端的验证请求,则将聚合服务端的聚合任务结果中的全局方案梯度密文下发至各客户端,若是接收到验证服务端的验证请求,则将聚合任务下发至该验证服务端获取该验证服务端的聚合任务结果。The embodiment of the present application provides a block chain-based privacy protection scheme aggregation method, which sends the aggregation task to the aggregation server and the verification server through the smart contract, including: the block chain system uses the smart The contract sends the aggregation task to the aggregation server; the blockchain system receives the first aggregation task result uploaded by the aggregation server to execute the aggregation task; the aggregation result of the first task includes The gradient ciphertext of the first global scheme; the blockchain system publicly audits the gradient ciphertext of the first global scheme through the smart contract; the blockchain system receives the verification request from the verification server, and passes the The smart contract sends the aggregation task to the verification server. That is to say, when the blockchain system delivers the aggregation task, it can also send the aggregation task to the aggregation server first, and after the aggregation server returns the aggregation task result, the aggregation task result will be publicly audited. If there is a verification request from the verification server, the global scheme gradient ciphertext in the aggregation task result of the aggregation server will be sent to each client. If a verification request from the verification server is received, the aggregation task will be sent to the verification server. Get the aggregation task result of the verification server.
另外,这里提供一种聚合服务端的确定方法:区块链系统在第一轮进行隐私保护方案聚合时,针对聚合服务端先初始化一个空集,作为可以执行聚合任务的聚合服务端集合,多个聚合服务端判断执行聚合任务的计算消耗和完成聚合任务的奖励,若一个聚合服务端判定计算消耗小于奖励,则将该聚合服务端添加到该聚合服务端集合,若计算消耗大于等于奖励,则忽略该聚合服务端,最后获取包含至少一个聚合服务端的聚合服务端集合。后续,区块链系统在第i轮进行隐私保护方案聚合时,可以直接从聚合服务端集合中选择一个聚合服务端执行聚合任务。In addition, here is a method for determining the aggregation server: when the blockchain system aggregates the privacy protection scheme in the first round, it first initializes an empty set for the aggregation server as a collection of aggregation servers that can perform aggregation tasks. The aggregation server judges the calculation consumption of executing the aggregation task and the reward for completing the aggregation task. If an aggregation server determines that the calculation consumption is less than the reward, it will add the aggregation server to the aggregation server set. If the calculation consumption is greater than or equal to the reward, then Ignore the aggregation server, and finally obtain the aggregation server set containing at least one aggregation server. Subsequently, when the blockchain system aggregates the privacy protection scheme in the i-th round, it can directly select an aggregation server from the aggregation server set to perform the aggregation task.
本申请实施例提供了一种基于区块链的隐私保护方案聚合方法,所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文,包括:所述区块链系统若未接收到所述验证服务端上传的执行所述聚合任务的第二聚合任务结果,则将所述第一全局方案梯度密文确定为所述全局方案梯度密文;所述区块链系统若接收到所述第二聚合任务结果,则根据所述第一聚合任务结果和所述第二聚合任务结果,确定出全局方案梯度密文。也就是说,区块链系统若未接收到验证服务端上 传的执行聚合任务的第二聚合任务结果,则将聚合服务端上传的第一聚合任务结果中的第一全局方案梯度密文作为全局方案梯度密文,若区块链系统接收到第二聚合任务结果,从第一聚合任务结果和第二聚合任务结果中仲裁出全局方案梯度密文。The embodiment of the present application provides a blockchain-based aggregation method for privacy protection schemes. The blockchain system determines the global scheme based on the aggregation results of the aggregation tasks performed by the aggregation server and the verification server. Gradient ciphertext, including: if the block chain system does not receive the second aggregation task result of executing the aggregation task uploaded by the verification server, then determine the gradient ciphertext of the first global scheme as the Global scheme gradient ciphertext; if the blockchain system receives the second aggregation task result, it determines the global scheme gradient ciphertext according to the first aggregation task result and the second aggregation task result. That is to say, if the blockchain system does not receive the second aggregation task result uploaded by the verification server to execute the aggregation task, it will use the gradient ciphertext of the first global scheme in the first aggregation task result uploaded by the aggregation server as the global Scheme gradient ciphertext, if the blockchain system receives the second aggregation task result, arbitrate the global scheme gradient ciphertext from the first aggregation task result and the second aggregation task result.
本申请实施例提供了一种区块链系统仲裁方法,所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文,包括:所述区块链系统通过所述智能合约比较第一全局方案梯度密文和第二全局方案梯度密文是否相同,所述第一全局方案梯度密文包含于所述聚合服务端执行所述聚合任务得到的第一聚合任务结果中,所述第二全局方案梯度密文包含于所述验证服务端执行所述聚合任务得到的第二聚合任务结果中;若不同,所述区块链系统获取分歧指令,所述分歧指令为所述第二聚合任务结果中各指令对应的状态中,与所述第一聚合任务结果中各指令对应的状态产生分歧的指令;所述区块链系统通过所述智能合约以所述分歧指令前一指令对应的状态作为初始状态,执行所述分歧指令,获取所述分歧指令在所述区块链系统中对应的状态;若所述分歧指令在所述区块链系统中对应的状态与所述分歧指令在所述第二聚合任务结果中对应的状态相同,则确定所述第二全局方案梯度密文是所述全局方案梯度密文。也就是说,区块链系统通过比较第一聚合任务结果中各指令对应状态和第二聚合任务结果中各指令对应状态确定出分歧指令,以分歧指令的前一指令对应的状态作为初始状态,执行分歧指令,区块链系统获取该分歧指令在区块链系统执行下的指令对应状态,比较分歧指令在服务端中指令对应的状态和在区块链系统的指令对应状态是否相同,若相同,则确定该服务端的该分歧指令对应的全局方案梯度密文为下发至各客户端的正确的全局梯度密文。An embodiment of the present application provides an arbitration method for a blockchain system, wherein the blockchain system determines the gradient ciphertext of the global scheme based on the aggregation results of the aggregation task performed by the aggregation server and the verification server, Including: the blockchain system compares whether the gradient ciphertext of the first global scheme and the gradient ciphertext of the second global scheme are the same through the smart contract, and the gradient ciphertext of the first global scheme is included in the aggregation server execution In the first aggregation task result obtained by the aggregation task, the second global scheme gradient ciphertext is included in the second aggregation task result obtained by the verification server executing the aggregation task; if different, the blockchain The system obtains a divergent instruction, and the divergent instruction is an instruction that diverges from the state corresponding to each instruction in the first aggregation task result among the states corresponding to the instructions in the second aggregation task result; the blockchain system Through the smart contract, the state corresponding to the previous instruction of the divergent instruction is used as the initial state, and the divergent instruction is executed to obtain the corresponding state of the divergent instruction in the blockchain system; if the divergent instruction is in the If the corresponding state in the blockchain system is the same as the corresponding state of the divergent instruction in the second aggregation task result, then it is determined that the second global scheme gradient ciphertext is the global scheme gradient ciphertext. That is to say, the blockchain system determines the divergent instruction by comparing the corresponding state of each instruction in the result of the first aggregation task with the corresponding state of each instruction in the result of the second aggregation task, and takes the state corresponding to the previous instruction of the divergent instruction as the initial state, To execute the divergent instruction, the blockchain system obtains the corresponding state of the divergent instruction under the execution of the blockchain system, and compares whether the corresponding state of the divergent instruction in the server and the corresponding state of the instruction in the blockchain system are the same, if they are the same , then it is determined that the global scheme gradient ciphertext corresponding to the divergent instruction of the server is the correct global gradient ciphertext sent to each client.
本申请实施例提供了一种基于区块链的隐私保护方案聚合方法,所述聚合任务中还包含标准方案;所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文,包括:根据所述标准方案和标准数据集,得到标准方案梯度密文;针对任一客户端的本地方案梯 度密文,确定所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度;在所述余弦相似度满足设定条件时,根据所述客户端的本地方案梯度密文和所述余弦相似度,确定所述客户端的聚合子项,并基于所述客户端的聚合子项更新已聚合客户端的累积结果,直至各客户端均聚合结束;通过所述客户端计算所述累积结果得到全局方案梯度密文。The embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method, the aggregation task also includes a standard scheme; the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through aggregation rules Thereby obtaining the gradient ciphertext of the global scheme includes: obtaining the gradient ciphertext of the standard scheme according to the standard scheme and the standard data set; The cosine similarity of the gradient ciphertext of the standard scheme; when the cosine similarity satisfies the set condition, determine the aggregation subitem of the client according to the gradient ciphertext of the local scheme of the client and the cosine similarity, and Updating the accumulated results of the aggregated clients based on the aggregated sub-items of the clients until the aggregation of each client is completed; calculating the accumulated results by the clients to obtain the global scheme gradient ciphertext.
也就是说,聚合服务端或验证服务端在接收聚合任务后,聚合任务中包含标准方案、聚合规则和各客户端的本地方案梯度密文。聚合服务端或验证服务端根据标准方案(基于客户端本地方案确定的,可以是与本地方案相同类型的方案)和标准数据集(可以是聚合服务端或验证服务端从专业权威数据库获取的具有代表性的数据,也可以是其它数据获取渠道获取的具有代表性的正向(正确的、未被篡改过的数据))得到标准方案梯度密文。如此,可以根据标准方案梯度密文对待聚合的各客户端的本地方案梯度密文进行筛选,即,计算标准方案梯度密文分别与各客户端的本地方案梯度密文的余弦相似度,若余弦相似度不满足设定条件,则认为该余弦相似度对应的客户端本地方案梯度密文与标准方案梯度密文的差距过大,该客户端大概率被篡改攻击,则该客户端的本地方案梯度密文不予聚合,如此,防止客户端篡改攻击影响到所有客户端的本地方案。That is to say, after the aggregation server or verification server receives the aggregation task, the aggregation task includes the standard scheme, the aggregation rules and the gradient ciphertext of each client's local scheme. The aggregation server or the verification server is based on the standard scheme (determined based on the local scheme of the client, which can be the same type of scheme as the local scheme) and the standard data set (which can be obtained by the aggregation server or the verification server from a professional authoritative database. The representative data can also be representative forward (correct, untampered data) obtained by other data acquisition channels to obtain the standard scheme gradient ciphertext. In this way, the local scheme gradient ciphertext of each client to be aggregated can be screened according to the standard scheme gradient ciphertext, that is, the cosine similarity between the standard scheme gradient ciphertext and the local scheme gradient ciphertext of each client is calculated, if the cosine similarity If the set conditions are not met, it is considered that the difference between the gradient ciphertext of the client’s local scheme corresponding to the cosine similarity and the gradient ciphertext of the standard scheme is too large, and the client is likely to be tampered with. Not aggregated, as such, prevents client tampering attacks from affecting all clients' local schemes.
其中,对各余弦相似度满足设定条件的客户端的本地方案梯度密文,进行聚合,每个客户端的本地方案梯度密文对应一个聚合子项,在进行聚合过程中,将各客户端的聚合子项累积,直至各客户端均聚合结束,得到累计结果;通过所述客户端计算所述累积结果得到全局方案梯度密文。Among them, the local scheme gradient ciphertext of each client whose cosine similarity satisfies the set conditions is aggregated, and the local scheme gradient ciphertext of each client corresponds to an aggregation sub-item. During the aggregation process, the aggregation sub-items of each client Items are accumulated until each client is aggregated to obtain the cumulative result; the cumulative result is calculated by the client to obtain the global scheme gradient ciphertext.
在一种示例中,余弦相似度满足的设定条件可以为,大于0,此处只是一种示例,并不对方案的具体实施做限制。如,若标准方案和客户端本地方案更适用于其他相似度计算方式,则可以通过其他相似度对聚合的客户端本地方案梯度密文进行筛选,相应的,相似度的设定条件适配性的改变。In an example, the set condition that the cosine similarity satisfies may be greater than 0, which is only an example here and does not limit the specific implementation of the solution. For example, if the standard scheme and the local scheme of the client are more suitable for other similarity calculation methods, the aggregated gradient ciphertext of the local scheme of the client can be screened through other similarities. Correspondingly, the setting condition of similarity is suitable change.
本申请实施例提供了一种密文的余弦相似度计算方法,确定所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度,包括:将所述 客户端的本地方案梯度密文与所述标准方案梯度密文按照相同的分片规则进行分片,分别得到
Figure PCTCN2021139191-appb-000009
个梯度分量,n为方案梯度长度,k为梯度分量长度;针对
Figure PCTCN2021139191-appb-000010
个梯度分量中处于同一分量位置的第v分量,确定所述客户端的本地方案梯度密文的第v分量与所述标准方案梯度密文的第v分量的子余弦相似度;根据
Figure PCTCN2021139191-appb-000011
个梯度分量的子余弦相似度,得到所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度。也就是说,计算客户端的本地方案梯度密文与标准方案梯度密文的余弦相似度,可以是根据客户端的本地方案梯度密文分量与对应的标准方案梯度密文分量的子余弦相似度获取的。具体的,这里提供了一种余弦相似度的计算方法:第i轮方案梯度密文为对标准化后的
Figure PCTCN2021139191-appb-000012
个第i轮方案梯度分量分别加密后获取的,所述
Figure PCTCN2021139191-appb-000013
个第i轮方案梯度分量为对长度为n的第i轮方案梯度以k长度进行分片获取的;标准化公式满足: An embodiment of the present application provides a method for calculating cosine similarity of ciphertexts. Determining the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme includes: calculating the gradient of the local scheme of the client The ciphertext and the gradient ciphertext of the standard scheme are fragmented according to the same fragmentation rules, and respectively obtained
Figure PCTCN2021139191-appb-000009
gradient components, n is the scheme gradient length, k is the gradient component length; for
Figure PCTCN2021139191-appb-000010
The vth component at the same component position in the first gradient component determines the sub-cosine similarity between the vth component of the client's local scheme gradient ciphertext and the vth component of the standard scheme gradient ciphertext;
Figure PCTCN2021139191-appb-000011
sub-cosine similarity of each gradient component to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme. That is to say, the calculation of the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme can be obtained according to the sub-cosine similarity between the gradient ciphertext components of the client's local scheme and the corresponding gradient ciphertext components of the standard scheme . Specifically, a calculation method of cosine similarity is provided here: the i-th round scheme gradient ciphertext is the normalized
Figure PCTCN2021139191-appb-000012
The gradient components of the i-th round of schemes are obtained after encryption respectively, and the
Figure PCTCN2021139191-appb-000013
The i-th round scheme gradient component is obtained by segmenting the i-th round scheme gradient with a length of n in length k; the standardized formula satisfies:
Figure PCTCN2021139191-appb-000014
Figure PCTCN2021139191-appb-000014
其中,g i表示第i轮方案梯度,
Figure PCTCN2021139191-appb-000015
表示标准化后的方案梯度,|·|表示向量模;第i轮本地方案梯度密文分量与对应第i轮标准方案梯度密文分量的余弦相似度计算规则满足如下方式:
Figure PCTCN2021139191-appb-000016
Figure PCTCN2021139191-appb-000017
Among them, g i represents the program gradient of the i-th round,
Figure PCTCN2021139191-appb-000015
Indicates the standardized scheme gradient, |·| indicates the vector modulus; the cosine similarity calculation rule between the i-th round local scheme gradient ciphertext component and the i-th standard scheme gradient ciphertext component satisfies the following method:
Figure PCTCN2021139191-appb-000016
Figure PCTCN2021139191-appb-000017
Figure PCTCN2021139191-appb-000018
Figure PCTCN2021139191-appb-000019
Figure PCTCN2021139191-appb-000018
Figure PCTCN2021139191-appb-000019
其中,
Figure PCTCN2021139191-appb-000020
表示所述第i轮本地方案梯度密文分量,
Figure PCTCN2021139191-appb-000021
表示所述第i轮标准方案梯度密文分量,Enc
Figure PCTCN2021139191-appb-000022
表示所述第i轮本地方案梯度密文分量和所述第i轮标准方案梯度密文分量的余弦相似度,m为方案梯度分量长度; in,
Figure PCTCN2021139191-appb-000020
Represents the i-th round local scheme gradient ciphertext component,
Figure PCTCN2021139191-appb-000021
Represents the gradient ciphertext component of the i-th round of the standard scheme, Enc
Figure PCTCN2021139191-appb-000022
Indicates the cosine similarity between the i-th round local scheme gradient ciphertext component and the i-th round standard scheme gradient ciphertext component, m is the length of the scheme gradient component;
第i轮本地方案梯度密文与对应第i轮标准方案梯度密文的余弦相似度计算规则满足如下方式:The calculation rules of the cosine similarity between the i-th round local scheme gradient ciphertext and the i-th standard scheme gradient ciphertext satisfy the following method:
Figure PCTCN2021139191-appb-000023
Figure PCTCN2021139191-appb-000023
其中,所述CS i表示所述客户端第i轮本地方案梯度密文与第i轮标准方案梯度密文的第i轮余弦相似度。 Wherein, the CS i represents the i-th round cosine similarity between the i-th round of local scheme gradient ciphertext and the i-th round of standard scheme gradient ciphertext of the client.
基于上述方法,本申请实施例提供了一种余弦相似度计算方法流程,如图3所示,包括:Based on the above method, the embodiment of the present application provides a cosine similarity calculation method flow, as shown in Figure 3, including:
步骤301、将1赋值给v,将Enc(0,PK l)赋值给y; Step 301, assign 1 to v, assign Enc(0,PK l ) to y;
此处,l表示各客户端中的第l个客户端。Here, l represents the l-th client among the clients.
步骤302、计算第i轮本地方案梯度密文分量
Figure PCTCN2021139191-appb-000024
与第i轮标准梯度密文分量
Figure PCTCN2021139191-appb-000025
的乘积,将乘积结果作为第一中间密文,其中,
Figure PCTCN2021139191-appb-000026
表示客户端l的第i轮本地方案梯度密文
Figure PCTCN2021139191-appb-000027
的第v分量; Step 302. Calculate the i-th round of local scheme gradient ciphertext components
Figure PCTCN2021139191-appb-000024
and the i-th round standard gradient ciphertext component
Figure PCTCN2021139191-appb-000025
The product of , and the result of the product is used as the first intermediate ciphertext, where,
Figure PCTCN2021139191-appb-000026
Indicates the i-th round of local scheme gradient ciphertext for client l
Figure PCTCN2021139191-appb-000027
The vth component of ;
在上述公式中,
Figure PCTCN2021139191-appb-000028
表示所述第i轮本地方案梯度密文分量,
Figure PCTCN2021139191-appb-000029
表示所述第i轮标准方案梯度密文分量。 In the above formula,
Figure PCTCN2021139191-appb-000028
Represents the i-th round local scheme gradient ciphertext component,
Figure PCTCN2021139191-appb-000029
Indicates the i-th round standard scheme gradient ciphertext component.
步骤303、将1赋值给u,对第一中间密文进行循环左移操作,得到将第一中间密文所对应的明文每一项都循环左移一位后的密文,作为第二中间密文;Step 303, assigning 1 to u, performing a circular left shift operation on the first intermediate ciphertext, and obtaining the ciphertext in which each item of the plaintext corresponding to the first intermediate ciphertext is cyclically shifted to the left by one bit, as the second intermediate ciphertext;
步骤304、将第一中间密文和第二中间密文相加,赋值给第一中间密文;Step 304, adding the first intermediate ciphertext and the second intermediate ciphertext, and assigning the value to the first intermediate ciphertext;
步骤305、将第二中间密文循环左移,赋值给第二中间密文;Step 305, cyclically shifting the second intermediate ciphertext to the left, and assigning it to the second intermediate ciphertext;
步骤306、判断u是否小于m,若是,将u+1赋值给u,执行步骤304(如此,针对每个客户端的本地方案梯度密文分量,相当于循环左移m-1次,
Figure PCTCN2021139191-appb-000030
Figure PCTCN2021139191-appb-000031
Figure PCTCN2021139191-appb-000032
且最终的第一中间密文
Figure PCTCN2021139191-appb-000033
Figure PCTCN2021139191-appb-000034
Figure PCTCN2021139191-appb-000035
将最终的第一中间密文与Enc(1,PK l)相乘,赋值给第一中间密文(相当于
Figure PCTCN2021139191-appb-000036
Figure PCTCN2021139191-appb-000037
),将第一中间密文与y相加,赋值给y(相当于
Figure PCTCN2021139191-appb-000038
Figure PCTCN2021139191-appb-000039
),执行步骤307; Step 306, determine whether u is less than m, if so, assign u+1 to u, and execute step 304 (so, for each client's local scheme gradient ciphertext component, it is equivalent to circularly shifting m-1 times to the left,
Figure PCTCN2021139191-appb-000030
Figure PCTCN2021139191-appb-000031
Figure PCTCN2021139191-appb-000032
and the final first intermediate ciphertext
Figure PCTCN2021139191-appb-000033
Figure PCTCN2021139191-appb-000034
Figure PCTCN2021139191-appb-000035
Multiply the final first intermediate ciphertext with Enc(1, PK l ), and assign it to the first intermediate ciphertext (equivalent to
Figure PCTCN2021139191-appb-000036
Figure PCTCN2021139191-appb-000037
), add the first intermediate ciphertext to y, and assign it to y (equivalent to
Figure PCTCN2021139191-appb-000038
Figure PCTCN2021139191-appb-000039
), execute step 307;
步骤307、判断v是否小于
Figure PCTCN2021139191-appb-000040
若是,将v+1赋值给v,执行第二步,否则,执行步骤308; Step 307, judging whether v is less than
Figure PCTCN2021139191-appb-000040
If so, assign v+1 to v, execute the second step, otherwise, execute step 308;
步骤308、返回y(CS i)。 Step 308, return y(CS i ).
本申请实施例提供了一种密文的余弦相似度比较方法,所述余弦相似度满足设定条件,包括:基于所述余弦相似度进行变形获取第一常量和第二常量,根据密文比较规则和所述第一常量和所述第二常量确定第一变量与第二变量,所述密文比较规则用于在密文下获取所述密文的明文比较结果;并根据所述密文比较规则确定基于所述第一变量与所述第二变量的比较结果;确定所述比较结果不等于所述第二常量。也就是说,由于余弦相似度是方案梯度密文的余弦相似度,因此,可以通过密文比较规则获取该方案梯度密文的方案梯度明文对应的余弦相似度的比较结果。The embodiment of the present application provides a method for comparing cosine similarity of ciphertext, the cosine similarity meets the set conditions, including: performing deformation based on the cosine similarity to obtain the first constant and the second constant, comparing the ciphertext The rule and the first constant and the second constant determine the first variable and the second variable, and the ciphertext comparison rule is used to obtain the plaintext comparison result of the ciphertext under the ciphertext; and according to the ciphertext A comparison rule determination is based on a comparison result of the first variable and the second variable; determining that the comparison result is not equal to the second constant. That is to say, since the cosine similarity is the cosine similarity of the scheme gradient ciphertext, the comparison result of the cosine similarity corresponding to the scheme gradient plaintext of the scheme gradient ciphertext can be obtained through the ciphertext comparison rule.
具体的,在一种示例中,密文的余弦相似度比较方法包括:所述各客户 端的本地方案梯度密文与标准方案梯度密文的余弦相似度是否大于0满足如下判断方式,包括:Specifically, in an example, the cosine similarity comparison method of ciphertexts includes: whether the cosine similarity between the gradient ciphertext of the local scheme of each client and the gradient ciphertext of the standard scheme is greater than 0 and satisfies the following judgment methods, including:
a=[CS i+Enc(1,PK)]×Enc(1/2,PK), a=[CS i +Enc(1,PK)]×Enc(1/2,PK),
b=Enc(1/2,PK);b=Enc(1/2,PK);
x=(a+b)/2,y=(a-b)/2,a 0=y,b 0=y-1 x=(a+b)/2, y=(ab)/2, a 0 =y, b 0 =y-1
其中,x表示第一变量,y表示第二变量,a 0表示第三变量,b 0表示第四变量,PK是所述客户端的公钥;按照下式,对所述第三变量和所述第四变量进行迭代: Wherein, x represents the first variable, y represents the second variable, a 0 represents the third variable, b 0 represents the fourth variable, and PK is the public key of the client; according to the following formula, for the third variable and the The fourth variable to iterate over:
Figure PCTCN2021139191-appb-000041
Figure PCTCN2021139191-appb-000041
其中,q表示迭代次数,取值范围为[0,d-1],d表示一个正整数,d越大,结果越准确;x-a d是否等于Enc(1/2,PK l),若是,余弦相似度小于0,若否,余弦相似度大于等于0。也就是说,因为余弦相似度的取值范围为[-1,1],为了符合余弦相似度比较方法的条件,通过对余弦相似度进行[CS i+Enc(1,PK)]×Enc(1/2,PK)计算,使得余弦相似度取值在[0,1]。若[CS i+Enc(1,PK)]×Enc(1/2,PK)<Enc(1/2,PK),则该余弦相似度小于0,该小于0的余弦相似度对应的客户端的本地方案被篡改,该客户端的本地方案梯度密文相应被篡改,则不对该客户端的本地方案梯度密文聚合。 Among them, q represents the number of iterations, the value range is [0,d-1], d represents a positive integer, the larger d is, the more accurate the result is; whether xa d is equal to Enc(1/2,PK l ), if so, cosine The similarity is less than 0, if not, the cosine similarity is greater than or equal to 0. That is to say, because the value range of the cosine similarity is [-1,1], in order to meet the conditions of the cosine similarity comparison method, by performing [CS i +Enc(1,PK)]×Enc( 1/2, PK) calculation, so that the value of the cosine similarity is [0,1]. If [CS i +Enc(1,PK)]×Enc(1/2,PK)<Enc(1/2,PK), the cosine similarity is less than 0, and the cosine similarity less than 0 corresponds to the If the local scheme is tampered with, and the gradient ciphertext of the local scheme of the client is tampered with accordingly, the gradient ciphertext of the local scheme of the client will not be aggregated.
本申请实施例提供了一种基于区块链的隐私保护方案聚合方法,根据所述客户端的本地方案梯度密文和所述余弦相似度,确定所述客户端的聚合子项,并基于所述客户端的聚合子项更新已聚合客户端的累积结果,包括:The embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method, which determines the aggregation sub-items of the client according to the client's local scheme gradient ciphertext and the cosine similarity, and based on the client Aggregation subkeys on the client side update the aggregated results of the client side, including:
将所述客户端的本地方案梯度密文和所述余弦相似度的乘积作为第一聚合子项;将所述客户端对应的所述余弦相似度作为第二聚合子项;将所述第一聚合子项与第一累积结果累加,更新所述第一累积结果;将所述第二聚合子项与第二累积结果累加,更新所述第二累积结果;通过所述客户端计算所述累积结果得到全局方案梯度密文,包括:确定第一随机向量和第二随机向量,获取所述第一随机向量与所述第一累积结果的乘积的第一乘积,获取所述第二随机向量与所述第二累积结果的乘积的第二乘积;将所述第一乘积和 所述第二乘积发送至所述客户端;基于所述客户端的私钥,对所述第一乘积进行解密,得到第一解密结果,并对所述第二乘积进行解密,得到第二解密结果,将所述第一解密结果/所述第二解密结果得到计算结果;基于所述客户端的公钥对所述计算结果加密,得到加密计算结果;根据所述第二随机向量/第一随机向量与所述加密计算结果的乘积得到全局方案梯度密文。也就是说,第一累积结果为各客户端的本地方案梯度密文和对应的余弦相似度的乘积的累积和,第二累积结果为各客户端对应的余弦相似度的累积和。聚合服务端确定第一随机向量和第二随机向量,分别将第一随机向量与第一累积结果相乘获得第一乘积,将第二随机向量与第二累积结论相乘获得第二乘积,将第一乘积和第二乘积发送至该客户端。该客户端根据私钥分别对第一乘积和第二乘积解密获取对应的第一解密结果和第二解密结果,并计算第一解密结果/第二解密结果的值,该值为全局方案梯度*(第一随机向量/第二随机向量),进一步该客户端通过公钥对该全局方案梯度*(第一随机向量/第二随机向量)进行加密,获得加密后的结果,将该结果返回至聚合服务端。聚合服务端将该加密的全局方案梯度*(第一随机向量/第二随机向量)乘以(第二随机向量/第一随机向量)得到全局方案梯度密文。The product of the local scheme gradient ciphertext of the client and the cosine similarity is used as a first aggregation subitem; the cosine similarity corresponding to the client is used as a second aggregation subitem; the first aggregation accumulating subitems with the first cumulative result, and updating the first cumulative result; adding the second aggregation subitem with the second cumulative result, updating the second cumulative result; calculating the cumulative result through the client Obtaining the gradient ciphertext of the global scheme includes: determining a first random vector and a second random vector, obtaining the first product of the product of the first random vector and the first accumulation result, obtaining the second random vector and the the second product of the product of the second accumulation result; send the first product and the second product to the client; based on the private key of the client, decrypt the first product to obtain the second product a decryption result, and decrypt the second product to obtain a second decryption result, and obtain a calculation result by combining the first decryption result/the second decryption result; based on the public key of the client, the calculation result Encrypt to obtain an encrypted calculation result; obtain a global scheme gradient ciphertext according to the product of the second random vector/first random vector and the encrypted calculation result. That is to say, the first accumulation result is the accumulation sum of the products of the local scheme gradient ciphertext of each client and the corresponding cosine similarity, and the second accumulation result is the accumulation sum of the corresponding cosine similarity of each client. The aggregation server determines the first random vector and the second random vector, respectively multiplies the first random vector with the first cumulative result to obtain the first product, multiplies the second random vector with the second cumulative result to obtain the second product, and The first product and the second product are sent to the client. The client decrypts the first product and the second product according to the private key to obtain the corresponding first decryption result and the second decryption result, and calculates the value of the first decryption result/second decryption result, which is the global solution gradient* (the first random vector/the second random vector), further the client encrypts the global scheme gradient*(the first random vector/the second random vector) with the public key, obtains the encrypted result, and returns the result to aggregate server. The aggregation server multiplies the encrypted global scheme gradient*(first random vector/second random vector) by (second random vector/first random vector) to obtain the global scheme gradient ciphertext.
基于上述方法,本申请实施例提供了一种基于区块链的隐私保护方案聚合方法流程,如图4所示,包括:Based on the above method, the embodiment of this application provides a block chain-based privacy protection scheme aggregation method flow, as shown in Figure 4, including:
步骤401、服务端生成两个随机实数S,C,将0赋值给S,C;。 Step 401, the server generates two random real numbers S, C, and assigns 0 to S, C;.
步骤402、将1赋值给l;。 Step 402, assign 1 to l;.
步骤403、利用密文余弦相似度计算规则(如上述图3中的方法流程),计算第l个客户端节点第i轮本地方案梯度密文
Figure PCTCN2021139191-appb-000042
与第i轮标准方案梯度密文
Figure PCTCN2021139191-appb-000043
的第i轮余弦相似度
Figure PCTCN2021139191-appb-000044
 Step 403, using the ciphertext cosine similarity calculation rules (such as the method flow in the above-mentioned figure 3), calculate the gradient ciphertext of the i-th client node in the i-th round of the local scheme
Figure PCTCN2021139191-appb-000042
and the gradient ciphertext of the i-th round standard scheme
Figure PCTCN2021139191-appb-000043
The i-th cosine similarity of
Figure PCTCN2021139191-appb-000044
步骤404、利用密文比较规则(如上述密文的余弦相似度比较方法),比较第l个客户端第i轮余弦相似度
Figure PCTCN2021139191-appb-000045
和Enc(0,PK l),判断比较结果是否等于第l个客户端第i轮余弦相似度
Figure PCTCN2021139191-appb-000046
若是,执行步骤405,否则,执行步骤412。 Step 404, using the ciphertext comparison rule (such as the cosine similarity comparison method of the above-mentioned ciphertext), compare the i-th round cosine similarity of the lth client
Figure PCTCN2021139191-appb-000045
and Enc(0,PK l ), judge whether the comparison result is equal to the i-th round cosine similarity of the l-th client
Figure PCTCN2021139191-appb-000046
If yes, execute step 405 , otherwise, execute step 412 .
步骤405、计算第l个客户端第i轮余弦相似度
Figure PCTCN2021139191-appb-000047
和第l个客户端第i轮本地 方案梯度密文
Figure PCTCN2021139191-appb-000048
的乘积,将乘积结果与S相加,将和赋值给S;。 Step 405, calculate the i-th round cosine similarity of the l-th client
Figure PCTCN2021139191-appb-000047
and the gradient ciphertext of the i-th round of the local scheme of the l-th client
Figure PCTCN2021139191-appb-000048
The product of , add the result of the product to S, and assign the sum to S;.
步骤406、将第l个客户端第i轮余弦相似度
Figure PCTCN2021139191-appb-000049
与C相加,将和赋值给C;。 Step 406, the i-th round cosine similarity of the l-th client
Figure PCTCN2021139191-appb-000049
Add to C, and assign the sum to C;.
步骤407、判断l是否小于等于f,若是,将l+1赋值给l,执行步骤403,否则,执行步骤408。 Step 407 , judge whether l is less than or equal to f, if so, assign l+1 to l, and execute step 403 , otherwise, execute step 408 .
此处,f为参与方案梯度聚合的客户端数量。Here, f is the number of clients participating in scheme gradient aggregation.
步骤408、服务端将S(第一累积结果)和C(第二累积结果)分别与第一随机向量h 1和第二随机向量h 2相乘得到S′=S×Enc(h 1,PK l′)(第一乘积)和C′=C×Enc(h 2,PK l′)(第二乘积),随机选取一个客户端l′,将作为S′和C′发送至客户端l′。PK l′为客户端l′的公钥。 Step 408, the server multiplies S (the first cumulative result) and C (the second cumulative result) by the first random vector h 1 and the second random vector h 2 respectively to obtain S′=S×Enc(h 1 ,PK l′ )(first product) and C′=C×Enc(h 2 ,PK l′ )(second product), randomly select a client l′, and send it to client l′ as S′ and C′ . PK l' is the public key of client l'.
步骤409、客户端l′运行密文除法规则使用私钥SK l′对S′和C′解密得到d 1和d 2,客户端l′使用公钥PK l′对d 1/d 2加密得到r,将r发送至该服务端。 Step 409, the client l' runs the ciphertext division rule and uses the private key SK l' to decrypt S' and C' to obtain d 1 and d 2 , and the client l' uses the public key PK l' to encrypt d 1 /d 2 to obtain r, send r to the server.
步骤410、服务端计算第i轮全局方案梯度密文c i=r×Enc(h 2/h 1,PK l′)。 Step 410, the server calculates the i-th round global scheme gradient ciphertext c i =r×Enc(h 2 /h 1 , PK l′ ).
步骤411、服务端将第i轮全局方案梯度密文c i上传至区块链系统。 Step 411, the server uploads the i-th round of global scheme gradient ciphertext c i to the blockchain system.
步骤412、服务端丢弃第i轮本地方案梯度密文
Figure PCTCN2021139191-appb-000050
与对应的第i轮余弦相似度
Figure PCTCN2021139191-appb-000051
 Step 412, the server discards the i-th round of local scheme gradient ciphertext
Figure PCTCN2021139191-appb-000050
Cosine similarity with the corresponding i-th round
Figure PCTCN2021139191-appb-000051
基于上述方法流程,本申请实施例提供了一种基于区块链的隐私保护方案聚合方法流程,如图5所示,包括:Based on the above method flow, the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation method flow, as shown in Figure 5, including:
步骤501、隐私保护方案聚合系统初始化:Step 501, privacy protection scheme aggregation system initialization:
构建CKKS加密系统,为第l个客户端节点生成用于各自本地方案梯度加密的公钥PK l和私钥SK l,其中,l的取值范围为[1,f],f表示客户端节点的总数。其中,CKKS加密系统可以设置在基于图1所示的系统架构中另外添加的加密服务端中,也可以设置在客户端中,或者区块链系统的智能合约中等等,这里对CKKS加密系统具体设置位置不做限定。每个客户端节点初始化一个本地方案,智能合约初始化一个标准方案。 Construct the CKKS encryption system to generate the public key PK l and private key SK l for the lth client node for gradient encryption of their respective local schemes, where the value range of l is [1, f], and f represents the client node total. Among them, the CKKS encryption system can be set in the additional encryption server based on the system architecture shown in Figure 1, or it can be set in the client, or in the smart contract of the blockchain system, etc. Here, the CKKS encryption system is specifically The setting position is not limited. Each client node initializes a local scheme, and the smart contract initializes a standard scheme.
步骤502、客户端训练本地方案,得到第i轮本地方案梯度。Step 502, the client trains the local scheme, and obtains the i-th round of local scheme gradients.
此处,在一种示例中,客户端节点执行随机梯度下降方法训练本地方案,生成本地方案梯度;如,客户端节点计算第i轮本地方案梯度:Here, in an example, the client node executes the stochastic gradient descent method to train the local solution to generate the local solution gradient; for example, the client node calculates the i-th round of the local solution gradient:
Figure PCTCN2021139191-appb-000052
Figure PCTCN2021139191-appb-000052
其中,
Figure PCTCN2021139191-appb-000053
表示第l个客户端节点第i轮本地方案梯度,
Figure PCTCN2021139191-appb-000054
表示求导操作,L(·)表示损失函数,D l表示第l个客户端节点的本地数据。 in,
Figure PCTCN2021139191-appb-000053
Indicates the i-th round local solution gradient of the l-th client node,
Figure PCTCN2021139191-appb-000054
Indicates the derivation operation, L( ) indicates the loss function, and D l indicates the local data of the lth client node.
步骤503、客户端加密第i轮本地方案梯度获得第i轮本地方案梯度密文。Step 503, the client encrypts the i-th round of local scheme gradient to obtain the i-th round of local scheme gradient ciphertext.
此处,在一种示例中,客户端节点将第i轮本地方案梯度发送给CKKS(同态加密算法)加密系统进行加密。需要说明的是,为了便于后续流程步骤中密文余弦相似度的计算,这里对客户端的第i轮本地方案梯度进行标准化:Here, in an example, the client node sends the i-th round of local scheme gradients to the CKKS (homomorphic encryption algorithm) encryption system for encryption. It should be noted that, in order to facilitate the calculation of the ciphertext cosine similarity in subsequent process steps, the i-th round of the local scheme gradient of the client is standardized here:
Figure PCTCN2021139191-appb-000055
Figure PCTCN2021139191-appb-000055
其中,
Figure PCTCN2021139191-appb-000056
表示第l个客户端节点标准化后的第i轮本地方案梯度,|·|表示向量模操作。 in,
Figure PCTCN2021139191-appb-000056
Indicates the i-th round of local solution gradient after normalization of the l-th client node, and |·| represents the vector modulo operation.
基于CKKS同态加密算法的性质,即,可加密数据长度k,对第i轮本地方案梯度进行分片,第l个客户端节点将标准化后的第i轮本地方案梯度
Figure PCTCN2021139191-appb-000057
分为
Figure PCTCN2021139191-appb-000058
个片段
Figure PCTCN2021139191-appb-000059
利用CKKS加密算法对每个分片结果进行加密,得到第i轮本地方案梯度密文
Figure PCTCN2021139191-appb-000060
Figure PCTCN2021139191-appb-000061
其中,
Figure PCTCN2021139191-appb-000062
表示向上取整操作,Enc(·)表示CKKS加密算法,
Figure PCTCN2021139191-appb-000063
表示向下取整操作。 Based on the properties of the CKKS homomorphic encryption algorithm, that is, the length of the encrypted data is k, and the i-th round of local scheme gradient is segmented, the lth client node will normalize the i-th round of local scheme gradient
Figure PCTCN2021139191-appb-000057
Divided into
Figure PCTCN2021139191-appb-000058
fragments
Figure PCTCN2021139191-appb-000059
Use the CKKS encryption algorithm to encrypt the results of each fragment to obtain the i-th round of local scheme gradient ciphertext
Figure PCTCN2021139191-appb-000060
Figure PCTCN2021139191-appb-000061
in,
Figure PCTCN2021139191-appb-000062
Indicates the upward rounding operation, Enc(·) indicates the CKKS encryption algorithm,
Figure PCTCN2021139191-appb-000063
Indicates a round down operation.
步骤504、客户端将第i轮本地方案梯度密文上传至区块链系统。Step 504, the client uploads the i-th round of local scheme gradient ciphertext to the blockchain system.
步骤505、区块链系统接收各客户端上传的第i轮本地方案梯度密文,通过智能合约根据各客户端上传的第i轮本地方案梯度密文、标准方案、聚合规则、执行聚合任务的抵押激励值、完成聚合任务的奖励激励值、智能合约地址生成聚合任务。Step 505. The blockchain system receives the i-th round of local scheme gradient ciphertext uploaded by each client, and uses the smart contract to perform the i-th round of local scheme gradient ciphertext, standard scheme, aggregation rules, and aggregation tasks uploaded by each client. Mortgage incentive value, reward incentive value for completing the aggregation task, smart contract address generation aggregation task.
步骤506、区块链系统通过智能合约将聚合任务下发至聚合服务端,且聚合服务端给出执行该聚合任务的抵押激励值。Step 506, the blockchain system sends the aggregation task to the aggregation server through the smart contract, and the aggregation server gives the mortgage incentive value for executing the aggregation task.
此处,通过针对服务端执行聚合任务设置抵押激励值和奖励激励值的激励机制,即可以提高服务端的执行聚合任务的积极性,又可以提高服务端执行聚合任务获取结果的准确性。Here, by setting the incentive mechanism of staking incentive value and reward incentive value for the server to perform the aggregation task, it can not only improve the enthusiasm of the server to execute the aggregation task, but also improve the accuracy of the result obtained by the server to execute the aggregation task.
另外,若是对第1轮本地方案梯度密文进行聚合,则区块链系统可以通过智能合约初始化一个空集,将计算消耗小于奖励激励值的聚合服务端添加到该空集中得到可执行聚合任务的聚合服务端集合。区块链系统通过智能合约将聚合任务下发至该聚合服务端集合中的一个聚合服务端中。In addition, if the gradient ciphertext of the first round of the local scheme is aggregated, the blockchain system can initialize an empty set through the smart contract, and add the aggregation server whose calculation consumption is less than the reward incentive value to the empty set to obtain an executable aggregation task A collection of aggregation servers. The blockchain system sends the aggregation task to an aggregation server in the aggregation server set through the smart contract.
步骤507、聚合服务端根据聚合任务采集标准数据集,根据聚合任务中的标准方案计算第i轮标准方案梯度,通过CKKS加密系统对该第i轮标准方案梯度进行加密获取第i轮标准方案梯度密文。Step 507: The aggregation server collects the standard data set according to the aggregation task, calculates the gradient of the i-th round of the standard scheme according to the standard scheme in the aggregation task, and encrypts the gradient of the i-th round of the standard scheme through the CKKS encryption system to obtain the gradient of the i-th round of the standard scheme ciphertext.
此处,在一种示例中,聚合服务端计算第i轮标准方案:Here, in an example, the aggregation server calculates the i-th round of standard solutions:
Figure PCTCN2021139191-appb-000064
Figure PCTCN2021139191-appb-000064
其中,
Figure PCTCN2021139191-appb-000065
表示第i轮标准方案,α表示方案学习率;利用随机梯度下降公式,计算第i轮标准方案梯度
Figure PCTCN2021139191-appb-000066
进一步利用CKKS加密算法将第i轮标准方案梯度
Figure PCTCN2021139191-appb-000067
加密为第i轮标准方案梯度密文
Figure PCTCN2021139191-appb-000068
in,
Figure PCTCN2021139191-appb-000065
Indicates the standard scheme of the i-th round, and α represents the learning rate of the scheme; use the stochastic gradient descent formula to calculate the gradient of the i-th round of the standard scheme
Figure PCTCN2021139191-appb-000066
Further use the CKKS encryption algorithm to convert the i-th round standard scheme gradient
Figure PCTCN2021139191-appb-000067
Encrypted to the i-th round standard scheme gradient ciphertext
Figure PCTCN2021139191-appb-000068
步骤508、聚合服务端根据聚合任务中的各客户端的本地方案梯度密文和聚合规则聚合各客户端的本地方案梯度密文,如图4中的流程步骤获取全局方案梯度密文,聚合服务端根据全局方案梯度密文c i(第一全局方案梯度密文)和该聚合过程中各指令对应的状态生成第一聚合任务结果,并将该第一聚合任务结果上传至区块链系统。 Step 508, the aggregation server aggregates the local scheme gradient ciphertext of each client according to the local scheme gradient ciphertext of each client in the aggregation task and the aggregation rules, as shown in the process steps in Figure 4 to obtain the global scheme gradient ciphertext, the aggregation server according to The global scheme gradient ciphertext c i (the first global scheme gradient ciphertext) and the state corresponding to each instruction in the aggregation process generate the first aggregation task result, and upload the first aggregation task result to the blockchain system.
步骤509、区块链系统将该聚合服务端获得的该第一聚合任务结果进行公开审计。Step 509, the blockchain system conducts a public audit of the first aggregation task result obtained by the aggregation server.
步骤510、区块链系统接收验证服务端的验证请求和抵押激励值。Step 510, the blockchain system receives the verification request and the mortgage incentive value from the verification server.
步骤511、区块链系统将聚合任务下发至验证服务端。Step 511, the blockchain system sends the aggregation task to the verification server.
步骤512、验证服务端根据聚合任务采集标准数据集,根据聚合任务中的标准方案计算第i轮标准方案梯度,通过CKKS加密系统对该第i轮标准方案梯度进行加密获取第i轮标准方案梯度密文。Step 512, verify that the server collects the standard data set according to the aggregation task, calculates the i-th round of the standard solution gradient according to the standard solution in the aggregation task, and encrypts the i-th round of the standard solution gradient through the CKKS encryption system to obtain the i-th round of the standard solution gradient ciphertext.
此处,在一种示例中,验证服务端计算第i轮标准方案:Here, in an example, the verification server calculates the i-th round of the standard scheme:
Figure PCTCN2021139191-appb-000069
Figure PCTCN2021139191-appb-000069
其中,
Figure PCTCN2021139191-appb-000070
表示第i轮标准方案,α表示方案学习率;利用随机梯度下降公 式,计算第i轮标准方案梯度
Figure PCTCN2021139191-appb-000071
进一步利用CKKS加密算法将第i轮标准方案梯度
Figure PCTCN2021139191-appb-000072
加密为第i轮标准方案梯度密文
Figure PCTCN2021139191-appb-000073
in,
Figure PCTCN2021139191-appb-000070
Indicates the standard scheme of the i-th round, and α represents the learning rate of the scheme; use the stochastic gradient descent formula to calculate the gradient of the i-th round of the standard scheme
Figure PCTCN2021139191-appb-000071
Further use the CKKS encryption algorithm to convert the i-th round standard scheme gradient
Figure PCTCN2021139191-appb-000072
Encrypted to the i-th round standard scheme gradient ciphertext
Figure PCTCN2021139191-appb-000073
步骤513、验证服务端根据聚合任务中的各客户端的本地方案梯度密文和聚合规则聚合各客户端的本地方案梯度密文,如图4中的流程步骤获取全局方案梯度密文,验证服务端根据全局方案梯度密文c i(第二全局方案梯度密文)和该聚合过程中各指令对应的状态生成第二聚合任务结果,并将该第二聚合任务结果上传至区块链系统。 Step 513, verify that the server aggregates the local scheme gradient ciphertext of each client according to the local scheme gradient ciphertext of each client in the aggregation task and the aggregation rules, as shown in the process steps in Figure 4 to obtain the global scheme gradient ciphertext, and verify that the server according to The global scheme gradient ciphertext c i (the second global scheme gradient ciphertext) and the state corresponding to each instruction in the aggregation process generate a second aggregation task result, and upload the second aggregation task result to the blockchain system.
步骤514、区块链系统通过智能合约从第一聚合任务结果和第二聚合任务结果中确定出全局方案梯度密文。Step 514, the blockchain system determines the global scheme gradient ciphertext from the first aggregation task result and the second aggregation task result through the smart contract.
此处,区块链系统获取第一聚合任务结果中的第一全局方案梯度密文和第二聚合任务结果中的第二全局方案梯度密文,通过所述智能合约比较第一全局方案梯度密文和第二全局方案梯度密文是否相同。Here, the blockchain system obtains the gradient ciphertext of the first global scheme in the result of the first aggregation task and the gradient ciphertext of the second global scheme in the result of the second aggregation task, and compares the gradient ciphertext of the first global scheme through the smart contract. Whether the text and the gradient ciphertext of the second global scheme are the same.
若不同,区块链系统通过智能合约从第二聚合任务结果的各指令对应的状态中确定出与第一聚合任务结果中各指令对应的状态产生分歧的指令(分歧指令),并通过智能合约以该分歧指令前一指令对应的状态作为初始状态,执行分歧指令,获取分歧指令在区块链系统中对应的状态,若分歧指令在区块链系统中对应的状态与分歧指令在第二聚合任务结果中对应的状态相同,则确定第二全局方案梯度密文是全局方案梯度密文。若分歧指令在区块链系统中对应的状态与分歧指令在第二聚合任务结果中对应的状态不同,则确定第一全局方案梯度密文是全局方案梯度密文。If they are different, the blockchain system determines from the state corresponding to each instruction in the second aggregation task result the instruction (difference instruction) that diverges from the state corresponding to each instruction in the first aggregation task result through the smart contract, and through the smart contract Take the state corresponding to the previous instruction of the divergent instruction as the initial state, execute the divergent instruction, and obtain the corresponding state of the divergent instruction in the blockchain system, if the corresponding state of the divergent instruction in the blockchain system is the same as the divergent instruction If the corresponding states in the task results are the same, it is determined that the second global scheme gradient ciphertext is the global scheme gradient ciphertext. If the corresponding state of the divergent instruction in the blockchain system is different from the corresponding state of the divergent instruction in the second aggregation task result, it is determined that the first global scheme gradient ciphertext is the global scheme gradient ciphertext.
步骤515、若确定第二全局方案梯度密文是全局方案梯度密文,则给予验证服务端奖励激励值,并给予聚合服务端扣除抵押激励值。若确定第一全局方案梯度密文是全局方案梯度密文,则给予聚合服务端奖励激励值,并给予验证服务端扣除抵押激励值。Step 515: If it is determined that the second global scheme gradient ciphertext is the global scheme gradient ciphertext, give the verification server a reward incentive value, and give the aggregation server a deduction mortgage incentive value. If it is determined that the first global scheme gradient ciphertext is the global scheme gradient ciphertext, the aggregation server will be rewarded with an incentive value, and the verification server will be given a deduction of mortgage incentive value.
步骤516、区块链系统将全局方案梯度密文下发至各客户端。Step 516, the blockchain system sends the gradient ciphertext of the global scheme to each client.
步骤517、客户端接收全局方案梯度密文,并根据全局方案梯度密文对本地方案进行训练。Step 517, the client receives the gradient ciphertext of the global scheme, and trains the local scheme according to the gradient ciphertext of the global scheme.
客户端节点计算第i+1轮本地方案:The client node calculates the i+1th round of local solutions:
Figure PCTCN2021139191-appb-000074
Figure PCTCN2021139191-appb-000074
其中,
Figure PCTCN2021139191-appb-000075
表示第l个客户端节点第i+1轮本地方案,α表示方案学习率,g i表示第i轮全局方案梯度;利用随机梯度下降公式,客户端节点对第i轮全局方案梯度进行局部训练,得到相应客户端节点第i+1轮本地方案梯度;计算每个客户端节点第i+1轮本地方案与相应第i轮本地方案的差,判断所有客户端节点对应的计算结果差值是否均小于给定的阈值,若是,则训练结束,否则,将i+1赋值给i,重复步骤503-步骤517。 in,
Figure PCTCN2021139191-appb-000075
Represents the i+1 round local scheme of the lth client node, α represents the scheme learning rate, g i represents the i-th round global scheme gradient; using the stochastic gradient descent formula, the client node performs local training on the i-th round global scheme gradient , get the gradient of the corresponding client node's i+1 local scheme; calculate the difference between each client node's i+1 local scheme and the corresponding i-th local scheme, and judge whether the difference of the calculation results corresponding to all client nodes is are less than a given threshold, if so, the training ends, otherwise, assign i+1 to i, and repeat steps 503-517.
需要说明的是,上述方法流程步骤并不唯一,如,步骤506和步骤511可以同时执行,则相应的,步骤507和步骤508与步骤512和步骤513可以同时执行,也可以先后执行,步骤512和步骤513可以在步骤507和步骤508之前执行,步骤509和步骤510可以不执行。It should be noted that the process steps of the above method are not unique. For example, step 506 and step 511 can be executed at the same time. Correspondingly, step 507 and step 508 can be executed simultaneously with step 512 and step 513, or can be executed successively. Step 512 And step 513 may be executed before step 507 and step 508, and step 509 and step 510 may not be executed.
基于同样的构思,本申请实施例提供一种基于区块链的隐私保护方案聚合装置,图6为本申请实施例提供的一种基于区块链的隐私保护方案聚合装置示意图,如图6示,包括:Based on the same idea, the embodiment of the present application provides a blockchain-based privacy protection scheme aggregation device, and FIG. 6 is a schematic diagram of a blockchain-based privacy protection scheme aggregation device provided in the embodiment of the application, as shown in FIG. 6 ,include:
收发模块601,用于接收各客户端上传的本地方案梯度密文;The transceiver module 601 is configured to receive the local scheme gradient ciphertext uploaded by each client;
所述收发模块601还用于,通过智能合约将聚合任务下发至聚合服务端和验证服务端,所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文;The transceiver module 601 is also used to send the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the gradient ciphertexts of the local schemes of the clients through aggregation rules to obtain the global Scheme gradient ciphertext;
处理模块602,用于基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文;A processing module 602, configured to determine the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server;
所述收发模块601还用于,将所述全局方案梯度密文下发至各客户端,所述全局方案梯度密文解密后用于客户端对本地方案进行训练。The transceiving module 601 is further configured to deliver the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used by the client to train the local scheme.
可选的,所述收发模块601具体用于,通过所述智能合约将所述聚合任务下发至所述聚合服务端;接收所述聚合服务端上传的执行所述聚合任务的第一聚合任务结果;所述第一任务聚合结果中包含第一全局方案梯度密文;通过所述智能合约将所述第一全局方案梯度密文公开审计;接收所述验证服 务端验证请求,通过所述智能合约将所述聚合任务下发至所述验证服务端。Optionally, the transceiver module 601 is specifically configured to deliver the aggregation task to the aggregation server through the smart contract; receive the first aggregation task uploaded by the aggregation server to perform the aggregation task Result; the first task aggregation result contains the first global scheme gradient ciphertext; through the smart contract, the first global scheme gradient ciphertext is publicly audited; receiving the verification server verification request, through the smart The contract sends the aggregation task to the verification server.
可选的,所述处理模块602具体用于,若未接收到所述验证服务端上传的执行所述聚合任务的第二聚合任务结果,则将所述第一全局方案梯度密文确定为所述全局方案梯度密文;若接收到所述第二聚合任务结果,则根据所述第一聚合任务结果和所述第二聚合任务结果,确定出全局方案梯度密文。Optionally, the processing module 602 is specifically configured to, if the second aggregation task result uploaded by the verification server for executing the aggregation task is not received, determine the first global scheme gradient ciphertext as the The global scheme gradient ciphertext; if the second aggregation task result is received, determine the global scheme gradient ciphertext according to the first aggregation task result and the second aggregation task result.
可选的,所述处理模块602具体用于,通过所述智能合约比较第一全局方案梯度密文和第二全局方案梯度密文是否相同,所述第一全局方案梯度密文包含于所述聚合服务端执行所述聚合任务得到的第一聚合任务结果中,所述第二全局方案梯度密文包含于所述验证服务端执行所述聚合任务得到的第二聚合任务结果中;若不同,所述区块链系统获取分歧指令,所述分歧指令为所述第二聚合任务结果中各指令对应的状态中,与所述第一聚合任务结果中各指令对应的状态产生分歧的指令;通过所述智能合约以所述分歧指令前一指令对应的状态作为初始状态,执行所述分歧指令,获取所述分歧指令在所述区块链系统中对应的状态;若所述分歧指令在所述区块链系统中对应的状态与所述分歧指令在所述第二聚合任务结果中对应的状态相同,则确定所述第二全局方案梯度密文是所述全局方案梯度密文。Optionally, the processing module 602 is specifically configured to compare whether the gradient ciphertext of the first global scheme and the gradient ciphertext of the second global scheme are the same through the smart contract, and the gradient ciphertext of the first global scheme is included in the In the first aggregation task result obtained by the aggregation server executing the aggregation task, the second global scheme gradient ciphertext is included in the second aggregation task result obtained by the verification server executing the aggregation task; if different, The blockchain system acquires a divergent instruction, and the divergent instruction is an instruction that diverges from the states corresponding to the instructions in the first aggregation task result among the states corresponding to the instructions in the second aggregation task result; The smart contract takes the state corresponding to the previous instruction of the divergent instruction as the initial state, executes the divergent instruction, and obtains the corresponding state of the divergent instruction in the blockchain system; if the divergent instruction is in the If the corresponding state in the blockchain system is the same as the corresponding state of the divergent instruction in the second aggregation task result, then it is determined that the second global scheme gradient ciphertext is the global scheme gradient ciphertext.
可选的,所述处理模块602具体用于,根据所述标准方案和标准数据集,得到标准方案梯度密文;针对任一客户端的本地方案梯度密文,确定所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度;在所述余弦相似度满足设定条件时,根据所述客户端的本地方案梯度密文和所述余弦相似度,确定所述客户端的聚合子项,并基于所述客户端的聚合子项更新已聚合客户端的累积结果,直至各客户端均聚合结束;通过任一客户端计算所述累积结果得到全局方案梯度密文。Optionally, the processing module 602 is specifically configured to obtain the standard scheme gradient ciphertext according to the standard scheme and the standard data set; for any client's local scheme gradient ciphertext, determine the local scheme gradient ciphertext of the client. The cosine similarity between the text and the standard scheme gradient ciphertext; when the cosine similarity satisfies the set condition, determine the client's aggregater according to the client's local scheme gradient ciphertext and the cosine similarity item, and update the accumulated results of the aggregated clients based on the aggregated sub-items of the client until the aggregation of each client ends; calculate the accumulated results by any client to obtain the global scheme gradient ciphertext.
可选的,所述处理模块602具体用于,包括:将所述客户端的本地方案梯度密文与所述标准方案梯度密文按照相同的分片规则进行分片,分别得到
Figure PCTCN2021139191-appb-000076
个梯度分量,n为方案梯度长度,k为梯度分量长度;针对
Figure PCTCN2021139191-appb-000077
个梯度分量中处于同一分量位置的第v分量,确定所述客户端的本地方案梯度密文的 第v分量与所述标准方案梯度密文的第v分量的子余弦相似度;根据
Figure PCTCN2021139191-appb-000078
个梯度分量的子余弦相似度,得到所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度。 Optionally, the processing module 602 is specifically configured to include: fragmenting the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme according to the same fragmentation rule, and obtaining
Figure PCTCN2021139191-appb-000076
gradient components, n is the scheme gradient length, k is the gradient component length; for
Figure PCTCN2021139191-appb-000077
The vth component at the same component position in the first gradient component determines the sub-cosine similarity between the vth component of the client's local scheme gradient ciphertext and the vth component of the standard scheme gradient ciphertext;
Figure PCTCN2021139191-appb-000078
sub-cosine similarity of each gradient component to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
可选的,所述处理模块602具体用于,所述余弦相似度满足设定条件,包括:基于所述余弦相似度进行变形获取第一常量和第二常量,根据密文比较规则和所述第一常量和所述第二常量确定第一变量与第二变量,所述密文比较规则用于在密文下获取所述密文的明文比较结果;并根据所述密文比较规则确定基于所述第一变量与所述第二变量的比较结果;确定所述比较结果不等于所述第二常量。Optionally, the processing module 602 is specifically configured to satisfy the set condition for the cosine similarity, including: performing deformation based on the cosine similarity to obtain the first constant and the second constant, according to the ciphertext comparison rule and the The first constant and the second constant determine the first variable and the second variable, and the ciphertext comparison rule is used to obtain the plaintext comparison result of the ciphertext under ciphertext; and determine based on the ciphertext comparison rule A comparison result of the first variable and the second variable; determining that the comparison result is not equal to the second constant.
可选的,所述处理模块602具体用于,将所述客户端的本地方案梯度密文和所述余弦相似度的乘积作为第一聚合子项;将所述客户端对应的所述余弦相似度作为第二聚合子项;将所述第一聚合子项与第一累积结果累加,更新所述第一累积结果;将所述第二聚合子项与第二累积结果累加,更新所述第二累积结果;通过任一客户端计算所述累积结果得到全局方案梯度密文,包括:Optionally, the processing module 602 is specifically configured to use the product of the client's local scheme gradient ciphertext and the cosine similarity as the first aggregation subitem; use the cosine similarity corresponding to the client As the second aggregation sub-item; add the first aggregation sub-item and the first accumulation result, and update the first accumulation result; add the second aggregation sub-item and the second accumulation result, and update the second aggregation sub-item Cumulative results; the cumulative results are calculated by any client to obtain the gradient ciphertext of the global scheme, including:
确定第一随机向量和第二随机向量,获取所述第一随机向量与所述第一累积结果的乘积的第一乘积,获取所述第二随机向量与所述第二累积结果的乘积的第二乘积;determining a first random vector and a second random vector, obtaining a first product of a product of the first random vector and the first cumulative result, and obtaining a first product of a product of the second random vector and the second cumulative result double product;
将所述第一乘积和所述第二乘积发送至所述客户端;sending the first product and the second product to the client;
基于所述客户端的私钥,对所述第一乘积进行解密,得到第一解密结果,并对所述第二乘积进行解密,得到第二解密结果,将所述第一解密结果/所述第二解密结果得到计算结果;Based on the private key of the client, decrypt the first product to obtain a first decryption result, and decrypt the second product to obtain a second decryption result, and calculate the first decryption result/the first decryption result Two decryption results to obtain calculation results;
基于所述客户端的公钥对所述计算结果加密,得到加密计算结果;Encrypting the calculation result based on the public key of the client to obtain an encrypted calculation result;
根据所述第二随机向量/第一随机向量与所述加密计算结果的乘积得到全局方案梯度密文。A global scheme gradient ciphertext is obtained according to the product of the second random vector/first random vector and the encryption calculation result.
可选的,方案梯度密文为通过CKKS同态加密算法对方案梯度进行加密得到的。Optionally, the scheme gradient ciphertext is obtained by encrypting the scheme gradient through the CKKS homomorphic encryption algorithm.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (10)

  1. 一种基于区块链的隐私保护方案聚合方法,其特征在于,所述方法包括:A block chain-based privacy protection scheme aggregation method, characterized in that the method comprises:
    区块链系统接收各客户端上传的本地方案梯度密文;The blockchain system receives the local scheme gradient ciphertext uploaded by each client;
    所述区块链系统通过智能合约将聚合任务下发至聚合服务端和验证服务端,所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文;The blockchain system sends the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the local scheme gradient ciphertexts of the clients through the aggregation rules to obtain the global scheme gradient ciphertext. arts;
    所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文;The blockchain system determines the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server;
    所述区块链系统将所述全局方案梯度密文下发至各客户端,所述全局方案梯度密文解密后用于客户端对本地方案进行训练。The blockchain system sends the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used by the client to train the local scheme.
  2. 如权利要求1中所述的方法,其特征在于,通过智能合约将所述聚合任务下发至聚合服务端和验证服务端,包括:The method according to claim 1, wherein the aggregation task is delivered to the aggregation server and the verification server through a smart contract, including:
    所述区块链系统通过所述智能合约将所述聚合任务下发至所述聚合服务端;The blockchain system sends the aggregation task to the aggregation server through the smart contract;
    所述区块链系统接收所述聚合服务端上传的执行所述聚合任务的第一聚合任务结果;所述第一任务聚合结果中包含第一全局方案梯度密文;The block chain system receives the first aggregation task result of executing the aggregation task uploaded by the aggregation server; the first task aggregation result includes the first global scheme gradient ciphertext;
    所述区块链系统通过所述智能合约将所述第一全局方案梯度密文公开审计;The blockchain system publicly audits the gradient ciphertext of the first global scheme through the smart contract;
    所述区块链系统接收所述验证服务端验证请求,通过所述智能合约将所述聚合任务下发至所述验证服务端。The blockchain system receives the verification request from the verification server, and sends the aggregation task to the verification server through the smart contract.
  3. 如权利要求2中所述的方法,其特征在于,所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文,包括:The method according to claim 2, wherein the block chain system determines the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server, including :
    所述区块链系统若未接收到所述验证服务端上传的执行所述聚合任务的第二聚合任务结果,则将所述第一全局方案梯度密文确定为所述全局方案梯 度密文;If the blockchain system does not receive the second aggregation task result uploaded by the verification server for executing the aggregation task, then determine the first global scheme gradient ciphertext as the global scheme gradient ciphertext;
    所述区块链系统若接收到所述第二聚合任务结果,则根据所述第一聚合任务结果和所述第二聚合任务结果,确定出全局方案梯度密文。If the blockchain system receives the second aggregation task result, it determines the global scheme gradient ciphertext according to the first aggregation task result and the second aggregation task result.
  4. 如权利要求1中所述的方法,其特征在于,所述区块链系统基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文,包括:The method according to claim 1, wherein the block chain system determines the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server, including :
    所述区块链系统通过所述智能合约比较第一全局方案梯度密文和第二全局方案梯度密文是否相同,所述第一全局方案梯度密文包含于所述聚合服务端执行所述聚合任务得到的第一聚合任务结果中,所述第二全局方案梯度密文包含于所述验证服务端执行所述聚合任务得到的第二聚合任务结果中;The blockchain system compares whether the gradient ciphertext of the first global scheme and the gradient ciphertext of the second global scheme are the same through the smart contract, and the gradient ciphertext of the first global scheme is included in the aggregation server to perform the aggregation In the first aggregation task result obtained by the task, the second global scheme gradient ciphertext is included in the second aggregation task result obtained by the verification server executing the aggregation task;
    若不同,所述区块链系统获取分歧指令,所述分歧指令为所述第二聚合任务结果中各指令对应的状态中,与所述第一聚合任务结果中各指令对应的状态产生分歧的指令;If they are different, the blockchain system acquires a divergent instruction, and the divergent instruction is the state corresponding to each instruction in the second aggregation task result, which diverges from the state corresponding to each instruction in the first aggregation task result instruction;
    所述区块链系统通过所述智能合约以所述分歧指令前一指令对应的状态作为初始状态,执行所述分歧指令,获取所述分歧指令在所述区块链系统中对应的状态;The blockchain system uses the state corresponding to the previous instruction of the divergent instruction as the initial state through the smart contract, executes the divergent instruction, and obtains the corresponding state of the divergent instruction in the blockchain system;
    若所述分歧指令在所述区块链系统中对应的状态与所述分歧指令在所述第二聚合任务结果中对应的状态相同,则确定所述第二全局方案梯度密文是所述全局方案梯度密文。If the corresponding state of the divergent instruction in the blockchain system is the same as the corresponding state of the divergent instruction in the second aggregation task result, it is determined that the gradient ciphertext of the second global scheme is the global Scheme gradient ciphertext.
  5. 如权利要求1至4任一项中所述的方法,其特征在于,所述聚合任务中还包含标准方案;所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文,包括:The method according to any one of claims 1 to 4, wherein the aggregation task also includes a standard scheme; the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through an aggregation rule In order to obtain the gradient ciphertext of the global scheme, including:
    根据所述标准方案和标准数据集,得到标准方案梯度密文;According to the standard scheme and the standard data set, the gradient ciphertext of the standard scheme is obtained;
    针对任一客户端的本地方案梯度密文,确定所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度;在所述余弦相似度满足设定条件时,根据所述客户端的本地方案梯度密文和所述余弦相似度,确定所述客户端的聚合子项,并基于所述客户端的聚合子项更新已聚合客户端的累积结 果,直至各客户端均聚合结束;For the local scheme gradient ciphertext of any client, determine the cosine similarity between the local scheme gradient ciphertext of the client and the standard scheme gradient ciphertext; when the cosine similarity satisfies the set condition, according to the client The gradient ciphertext of the local scheme of the client and the cosine similarity, determine the aggregation sub-item of the client, and update the cumulative result of the aggregated client based on the aggregation sub-item of the client, until the aggregation of each client ends;
    通过所述客户端计算所述累积结果得到全局方案梯度密文。The client calculates the cumulative result to obtain a global scheme gradient ciphertext.
  6. 如权利要求5中所述的方法,其特征在于,确定所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度,包括:The method according to claim 5, wherein determining the cosine similarity between the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme comprises:
    将所述客户端的本地方案梯度密文与所述标准方案梯度密文按照相同的分片规则进行分片,分别得到
    Figure PCTCN2021139191-appb-100001
    个梯度分量,n为方案梯度长度,k为梯度分量长度;     Segment the gradient ciphertext of the local scheme of the client and the gradient ciphertext of the standard scheme according to the same fragmentation rule, and obtain
    Figure PCTCN2021139191-appb-100001
    Gradient components, n is the scheme gradient length, k is the gradient component length;
    针对
    Figure PCTCN2021139191-appb-100002
    个梯度分量中处于同一分量位置的第v分量,确定所述客户端的本地方案梯度密文的第v分量与所述标准方案梯度密文的第v分量的子余弦相似度;     against
    Figure PCTCN2021139191-appb-100002
    The vth component at the same component position in the first gradient component determines the sub-cosine similarity between the vth component of the local scheme gradient ciphertext of the client and the vth component of the standard scheme gradient ciphertext;
    根据
    Figure PCTCN2021139191-appb-100003
    个梯度分量的子余弦相似度,得到所述客户端的本地方案梯度密文与所述标准方案梯度密文的余弦相似度。     according to
    Figure PCTCN2021139191-appb-100003
    sub-cosine similarity of each gradient component to obtain the cosine similarity between the gradient ciphertext of the client's local scheme and the gradient ciphertext of the standard scheme.
  7. 如权利要求5中所述的方法,其特征在于,所述余弦相似度满足设定条件,包括:The method according to claim 5, wherein the cosine similarity satisfies a set condition, including:
    基于所述余弦相似度进行变形获取第一常量和第二常量,根据密文比较规则和所述第一常量和所述第二常量确定第一变量与第二变量,所述密文比较规则用于在密文下获取所述密文的明文比较结果;Perform deformation based on the cosine similarity to obtain the first constant and the second constant, and determine the first variable and the second variable according to the ciphertext comparison rule and the first constant and the second constant, and the ciphertext comparison rule uses Obtain the plaintext comparison result of the ciphertext under the ciphertext;
    并根据所述密文比较规则确定基于所述第一变量与所述第二变量的比较结果;and determining a comparison result based on the first variable and the second variable according to the ciphertext comparison rule;
    确定所述比较结果不等于所述第二常量。It is determined that the comparison result is not equal to the second constant.
  8. 如权利要求5中所述的方法,其特征在于,根据所述客户端的本地方案梯度密文和所述客户端对应的余弦相似度,确定所述客户端的聚合子项,并基于所述客户端的聚合子项更新已聚合客户端的累积结果,包括:The method according to claim 5, characterized in that, according to the client's local scheme gradient ciphertext and the corresponding cosine similarity of the client, determine the aggregation sub-item of the client, and based on the client's Aggregation subitems update the cumulative results of aggregated clients, including:
    将所述客户端的本地方案梯度密文和所述余弦相似度的乘积作为第一聚合子项;taking the product of the client's local scheme gradient ciphertext and the cosine similarity as the first aggregation sub-item;
    将所述客户端对应的所述余弦相似度作为第二聚合子项;using the cosine similarity corresponding to the client as a second aggregation sub-item;
    将所述第一聚合子项与第一累积结果累加,更新所述第一累积结果;accumulating the first aggregation subitem with a first accumulation result, and updating the first accumulation result;
    将所述第二聚合子项与第二累积结果累加,更新所述第二累积结果;accumulating the second aggregation subitem with a second accumulation result, and updating the second accumulation result;
    通过所述客户端计算所述累积结果得到全局方案梯度密文,包括:The cumulative result is calculated by the client to obtain the global scheme gradient ciphertext, including:
    确定第一随机向量和第二随机向量,获取所述第一随机向量与所述第一累积结果的乘积的第一乘积,获取所述第二随机向量与所述第二累积结果的乘积的第二乘积;determining a first random vector and a second random vector, obtaining a first product of a product of the first random vector and the first cumulative result, and obtaining a first product of a product of the second random vector and the second cumulative result double product;
    将所述第一乘积和所述第二乘积发送至所述客户端;sending the first product and the second product to the client;
    基于所述客户端的私钥,对所述第一乘积进行解密,得到第一解密结果,并对所述第二乘积进行解密,得到第二解密结果,将所述第一解密结果/所述第二解密结果得到计算结果;Based on the private key of the client, decrypt the first product to obtain a first decryption result, and decrypt the second product to obtain a second decryption result, and calculate the first decryption result/the first decryption result Two decryption results to obtain calculation results;
    基于所述客户端的公钥对所述计算结果加密,得到加密计算结果;Encrypting the calculation result based on the public key of the client to obtain an encrypted calculation result;
    根据所述第二随机向量/第一随机向量与所述加密计算结果的乘积得到全局方案梯度密文。A global scheme gradient ciphertext is obtained according to the product of the second random vector/first random vector and the encryption calculation result.
  9. 如权利要求1-8中任一项所述的方法,其特征在于,方案梯度密文为通过CKKS同态加密算法对方案梯度进行加密得到的。The method according to any one of claims 1-8, characterized in that the scheme gradient ciphertext is obtained by encrypting the scheme gradient through the CKKS homomorphic encryption algorithm.
  10. 一种基于区块链的隐私保护方案聚合装置,其特征在于,所述装置包括:A block chain-based privacy protection scheme aggregation device, characterized in that the device comprises:
    收发模块,用于接收各客户端上传的本地方案梯度密文;The transceiver module is used to receive the gradient ciphertext of the local scheme uploaded by each client;
    所述收发模块还用于,通过智能合约将聚合任务下发至聚合服务端和验证服务端,所述聚合任务用于通过聚合规则将所述各客户端的本地方案梯度密文聚合从而获取全局方案梯度密文;The transceiver module is also used to send the aggregation task to the aggregation server and the verification server through the smart contract, and the aggregation task is used to aggregate the local scheme gradient ciphertext of each client through the aggregation rule to obtain the global scheme Gradient ciphertext;
    处理模块,用于基于所述聚合服务端和所述验证服务端执行所述聚合任务的聚合结果,确定出全局方案梯度密文;A processing module, configured to determine the gradient ciphertext of the global scheme based on the aggregation result of the aggregation task performed by the aggregation server and the verification server;
    所述收发模块还用于,将所述全局方案梯度密文下发至各客户端,所述全局方案梯度密文解密后用于客户端对本地方案进行训练。The transceiver module is further configured to deliver the gradient ciphertext of the global scheme to each client, and the gradient ciphertext of the global scheme is decrypted and used by the client to train the local scheme.
PCT/CN2021/139191 2021-11-03 2021-12-17 Blockchain-based privacy protection scheme aggregation method and apparatus WO2023077627A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111297395.2A CN114143311B (en) 2021-11-03 2021-11-03 Privacy protection scheme aggregation method and device based on block chain
CN202111297395.2 2021-11-03

Publications (1)

Publication Number Publication Date
WO2023077627A1 true WO2023077627A1 (en) 2023-05-11

Family

ID=80392553

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/139191 WO2023077627A1 (en) 2021-11-03 2021-12-17 Blockchain-based privacy protection scheme aggregation method and apparatus

Country Status (2)

Country Link
CN (1) CN114143311B (en)
WO (1) WO2023077627A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117094420A (en) * 2023-10-20 2023-11-21 浙江大学 Model training method, device, power prediction method, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111552986A (en) * 2020-07-10 2020-08-18 鹏城实验室 Block chain-based federal modeling method, device, equipment and storage medium
CN111563265A (en) * 2020-04-27 2020-08-21 电子科技大学 Distributed deep learning method based on privacy protection
US20200394552A1 (en) * 2019-06-12 2020-12-17 International Business Machines Corporation Aggregated maching learning verification for database
CN113095510A (en) * 2021-04-14 2021-07-09 深圳前海微众银行股份有限公司 Block chain-based federal learning method and device
CN113111124A (en) * 2021-03-24 2021-07-13 广州大学 Block chain-based federal learning data auditing system and method

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10289816B1 (en) * 2018-06-08 2019-05-14 Gsfm Llc Methods, systems, and devices for an encrypted and obfuscated algorithm in a computing environment
US20200366459A1 (en) * 2019-05-17 2020-11-19 International Business Machines Corporation Searching Over Encrypted Model and Encrypted Data Using Secure Single-and Multi-Party Learning Based on Encrypted Data
CN111368319B (en) * 2020-03-04 2022-04-19 西安电子科技大学 Block chain-based data security access method in federated learning environment
US11552785B2 (en) * 2020-04-02 2023-01-10 Epidaurus Health, Inc. Methods and systems for a synchronized distributed data structure for federated machine learning
CN112199702A (en) * 2020-10-16 2021-01-08 鹏城实验室 Privacy protection method, storage medium and system based on federal learning
CN112685783B (en) * 2021-01-05 2024-02-27 西安电子科技大学 Data sharing method supporting privacy protection in financial permission blockchain
CN113051590B (en) * 2021-03-19 2024-03-26 华为技术有限公司 Data processing method and related equipment
CN113159745B (en) * 2021-03-23 2023-06-16 西安电子科技大学 Block chain transaction privacy protection method based on full homomorphism
CN113467927A (en) * 2021-05-20 2021-10-01 杭州趣链科技有限公司 Block chain based trusted participant federated learning method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200394552A1 (en) * 2019-06-12 2020-12-17 International Business Machines Corporation Aggregated maching learning verification for database
CN111563265A (en) * 2020-04-27 2020-08-21 电子科技大学 Distributed deep learning method based on privacy protection
CN111552986A (en) * 2020-07-10 2020-08-18 鹏城实验室 Block chain-based federal modeling method, device, equipment and storage medium
CN113111124A (en) * 2021-03-24 2021-07-13 广州大学 Block chain-based federal learning data auditing system and method
CN113095510A (en) * 2021-04-14 2021-07-09 深圳前海微众银行股份有限公司 Block chain-based federal learning method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117094420A (en) * 2023-10-20 2023-11-21 浙江大学 Model training method, device, power prediction method, equipment and medium
CN117094420B (en) * 2023-10-20 2024-02-06 浙江大学 Model training method, device, power prediction method, equipment and medium

Also Published As

Publication number Publication date
CN114143311B (en) 2023-04-07
CN114143311A (en) 2022-03-04

Similar Documents

Publication Publication Date Title
US11552797B2 (en) Multi-party threshold authenticated encryption
JP7033120B2 (en) Methods and systems for quantum key distribution based on trusted computing
CN113095510B (en) Federal learning method and device based on block chain
JP7499852B2 (en) Random Node Selection for Permissioned Blockchains
US20180337775A1 (en) Cryptographic key-generation with application to data deduplication
CN111066285A (en) Method for recovering public key based on SM2 signature
JP2022547876A (en) System and method for message signing
US20200074548A1 (en) Systems and methods for calculating consensus data on a decentralized peer-to-peer network using distributed ledger
CN110770776A (en) Method and apparatus for providing transaction data to blockchain system for processing
WO2014112550A1 (en) Tampering detection device, tampering detection method, and program
US11575501B2 (en) Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator
US20140146964A1 (en) Authenticated encryption method using working blocks
CN115037477A (en) Block chain-based federated learning privacy protection method
Newman et al. Spectrum: High-bandwidth anonymous broadcast
US20230237437A1 (en) Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing
CN111080296A (en) Verification method and device based on block chain system
Dai et al. NTRU modular lattice signature scheme on CUDA GPUs
WO2023077627A1 (en) Blockchain-based privacy protection scheme aggregation method and apparatus
Tsaloli et al. DEVA: Decentralized, verifiable secure aggregation for privacy-preserving learning
Shao-hui et al. Public auditing for ensuring cloud data storage security with zero knowledge Privacy
Newman et al. Spectrum: High-Bandwidth Anonymous Broadcast with Malicious Security.
CN112487464A (en) Encrypted data sharing method and device based on block chain
WO2013153628A1 (en) Calculation processing system and calculation result authentication method
CN110570309A (en) Method and system for replacing leader of blockchain network
Fan et al. Hashing garbled circuits for free

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21963133

Country of ref document: EP

Kind code of ref document: A1