阅读说明：本技术 一种数据处理方法、装置和用于数据处理的装置 (Data processing method and device and data processing device ) 是由 陈智隆 王国赛 何昊青 于 2021-08-23 设计创作，主要内容包括：本发明实施例提供一种数据处理方法、装置和用于数据处理的装置。其中的方法包括：接收密文计算任务,所述密文计算任务包括最小二乘估计,所述最小二乘估计用于对指定的矩阵和向量求解向量x,使得min-(x)||y-Ax||-(2)；其中,m≥n,矩阵A为密文数据；基于密文,对所述矩阵A进行QR分解,得到矩阵分解结果,所述矩阵分解结果包括矩阵和矩阵使得其中,Q为正交矩阵,R为上三角矩阵；利用所述矩阵分解结果,基于密文进行最小二乘估计,得到向量x的解。本发明实施例可以在保证数据隐私安全的基础上,提高最小二乘估计的计算效率。(The embodiment of the invention provides a data processing method and device and a device for data processing. The method comprises the following steps: receiving a ciphertext computation task, the ciphertext computation task comprising a least squares estimate, the least squares estimate to be used for a given matrix Sum vector Solve the vector x such that min x ||y‑Ax|| 2 (ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data; based on the ciphertext, carrying out QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrix Sum matrix So that Wherein the content of the first and second substances, q is an orthogonal matrix, and R is an upper triangular matrix; and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x. The embodiment of the invention can improve the calculation efficiency of least square estimation on the basis of ensuring the data privacy safety.)

1. A data processing method for use in a multi-party secure computing system, the method comprising:

receiving a ciphertext computation task, the ciphertext computation task comprising a least squares estimate, the least squares estimate to be used for a given matrixSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data;

based on the ciphertext, carrying out QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix;

and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

2. The method according to claim 1, wherein the performing QR decomposition on the matrix a based on the ciphertext to obtain a matrix decomposition result comprises:

based on the ciphertext, carrying out QR decomposition on the matrix A according to the updated QR decomposition algorithm to obtain a matrix decomposition result; wherein, the updated QR decomposition algorithm carries out one-step root-opening operation in each iteration of the original QR decomposition algorithmAnd combining the one-step division operation q ═ a/r into one-step target operation

3. The method of claim 2, wherein the calculating is performed by

Selecting t₀Is the initial value of the iteration;

initialization s₀＝s×t₀，h₀＝0.5t₀；

Performing the following iterative operation, wherein the iterative times are z: r is_i＝1.5-s_i-1×h_i-1；s_i＝s_i-1×r_i；h_i＝h_i-1×r_i；

When z times overlapAfter the execution of the substitute operation is completed, the substitute operation is obtainedIs calculated to be 2h_z。

4. The method of claim 1, wherein the using the matrix decomposition result to perform least squares estimation based on ciphertext to obtain a solution of a vector x comprises:

let Q be [ Q ]₁ Q₂]Based on the matrix decomposition result, the solution min_x||y-Ax||₂Conversion to solution

Solving upper trigonometric equation set based on ciphertextA solution to the vector x is obtained.

5. The method of claim 1, wherein the ciphertext computation task comprises a linear regression computation, the matrix A comprises ciphertext data of at least two parties, the vector y comprises a prediction tag corresponding to the ciphertext data, and a solution of the vector x is a weight of each feature corresponding to the prediction tag of the linear regression.

6. The method of claim 1, wherein the ciphertext computation task comprises estimation of the communication signal, wherein the matrix A is a channel encryption matrix, wherein the vector y is an encoded signal obtained by encrypting an original signal based on the matrix A, and wherein a solution of the vector x is the estimated original signal.

7. A data processing apparatus for use in a multi-party secure computing system, the apparatus comprising:

a task receiving module for receiving a ciphertext computing task, the task receiving module receiving the ciphertext computing taskThe ciphertext computation task includes a least squares estimation that is used to pair the specified matricesSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data;

a matrix decomposition module for performing QR decomposition on the matrix A based on the ciphertext to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix;

and the result calculation module is used for performing least square estimation on the basis of the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

8. The apparatus of claim 7, wherein the matrix decomposition module is specifically configured to:

based on the ciphertext, carrying out QR decomposition on the matrix A according to the updated QR decomposition algorithm to obtain a matrix decomposition result; wherein, the updated QR decomposition algorithm carries out one-step root-opening operation in each iteration of the original QR decomposition algorithmAnd combining the one-step division operation q ═ a/r into one-step target operation

9. The apparatus of claim 8, further comprising: an iterative computation module for computingThe iterative computation module comprises:

a selection submodule for selecting t₀Is the initial value of the iteration;

an initialization submodule for initializing s₀＝s×t₀，h₀＝0.5t₀；

The iteration submodule is used for executing the following iteration operation, and the iteration number is z: r is_i＝1.5-s_i-1×h_i-1；s_i＝s_i-1×r_i；h_i＝h_i-1×r_i；

A result obtaining submodule for obtaining the result after the z-times iterative operation is finishedIs calculated to be 2h_z。

10. The apparatus of claim 7, wherein the result calculation module comprises:

a computation conversion submodule for making Q ═ Q₁ Q₂]Based on the matrix decomposition result, the solution min_x||y-Ax||₂Conversion to solution

An equation solving submodule for solving the upper trigonometric equation set based on the ciphertextA solution to the vector x is obtained.

11. The apparatus of claim 7, wherein the ciphertext computation task comprises a linear regression computation, wherein the matrix A comprises ciphertext data of at least two parties, wherein the vector y comprises a prediction tag corresponding to the ciphertext data, and wherein a solution of the vector x is a weight of each feature corresponding to the prediction tag of the linear regression.

12. The apparatus of claim 7, wherein the ciphertext computation task comprises estimation of the communication signal, the matrix A is a channel encryption matrix, the vector y is an encoded signal obtained by encrypting an original signal based on the matrix A, and a solution of the vector x is the estimated original signal.

13. An apparatus for data processing, for use in a multi-party secure computing system, the apparatus comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing the data processing method of any of claims 1 to 6.

14. A machine-readable medium having stored thereon instructions, which when executed by one or more processors, cause an apparatus to perform the data processing method of any of claims 1 to 6.

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a data processing method and apparatus, and an apparatus for data processing.

Background

Least squares estimation, meaning given matrixWhere m is greater than or equal to n, vectorSolution min_x||y-Ax||₂I.e. to solveThe two-norm of y-Ax (residual) is minimized.

Least squares estimation is widely used in various computational scenarios, such as linear regression, communication signal estimation, and so on. However, when the data in the matrix a relates to sensitive information of user identity confidentiality, account security and individual privacy, the information can bring serious harm to the life of the user once leaked.

Disclosure of Invention

The embodiment of the invention provides a data processing method and device and a data processing device, which can improve the calculation efficiency of least square estimation on the basis of ensuring the data privacy safety.

In order to solve the above problem, an embodiment of the present invention discloses a data processing method for a multi-party secure computing system, where the method includes:

receiving a ciphertext computation task, the ciphertext computation task comprising a least squares estimate, the least squares estimate to be used for a given matrixSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data;

based on the ciphertext, carrying out QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix;

and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

Optionally, the performing, based on the ciphertext, QR decomposition on the matrix a to obtain a matrix decomposition result, including:

based on the ciphertext, carrying out QR decomposition on the matrix A according to the updated QR decomposition algorithm to obtain a matrix decomposition result; wherein, the updated QR decomposition algorithm carries out one-step root-opening operation in each iteration of the original QR decomposition algorithmAnd combining the one-step division operation q ═ a/r into one-step target operation

Optionally, calculating by the following steps

Selecting t₀Is the initial value of the iteration;

initialization s₀＝s×t₀，h₀＝0.5t₀；

Performing the following iterative operation, wherein the iterative times are z: r is_i＝1.5-s_i-1×h_i-1；s_i＝s_i-1×r_i；h_i＝h_i-1×r_i；

When the z times of iterative operation is completed, obtainingIs calculated to be 2h_z。

Optionally, the performing least squares estimation based on a ciphertext by using the matrix decomposition result to obtain a solution of the vector x includes:

let Q be [ Q ]₁Q₂]Based on the matrix decomposition result, the solution min_x||y-Ax||₂Conversion to solution

Solving upper trigonometric equation set based on ciphertextA solution to the vector x is obtained.

Optionally, the ciphertext calculation task includes linear regression calculation, the matrix a includes ciphertext data of at least two parties, the vector y includes a prediction tag corresponding to the ciphertext data, and a solution of the vector x is a weight of each feature corresponding to the prediction tag of the linear regression.

Optionally, the ciphertext calculation task includes communication signal estimation, the matrix a is a channel encryption matrix, the vector y is an encoded signal obtained by encrypting an original signal based on the matrix a, and a solution of the vector x is the original signal obtained by estimation.

In another aspect, an embodiment of the present invention discloses a data processing apparatus for a multi-party secure computing system, where the apparatus includes:

a task receiving module for receiving a ciphertext computation task, the ciphertext computation task comprising a least squares estimate for a specified matrixSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data;

a matrix decomposition module for performing QR decomposition on the matrix A based on the ciphertext to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix;

and the result calculation module is used for performing least square estimation on the basis of the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

Optionally, the matrix decomposition module is specifically configured to:

based on the ciphertext, carrying out QR decomposition on the matrix A according to the updated QR decomposition algorithm to obtain a matrix decomposition result; wherein, the updated QR decomposition algorithm carries out one-step root-opening operation in each iteration of the original QR decomposition algorithmAnd combining the one-step division operation q ═ a/r into one-step target operation

Optionally, the apparatus further comprises: an iterative computation module for computingThe iterative computation module comprises:

a selection submodule for selecting t₀Is the initial value of the iteration;

an initialization submodule for initializing s₀＝s×t₀，h₀＝0.5t₀；

The iteration submodule is used for executing the following iteration operation, and the iteration number is z: r is_i＝1.5-s_i-1×h_i-1；s_i＝s_i-1×r_i；h_i＝h_i-1×r_i；

A result obtaining submodule for obtaining the result after the z-times iterative operation is finishedIs calculated to be 2h_z。

Optionally, the result calculating module includes:

a computation conversion submodule for making Q ═ Q₁Q₂]Based on the matrix decomposition result, the solution min_x||y-Ax||₂Conversion to solution

An equation solving submodule for solving the upper trigonometric equation set based on the ciphertextA solution to the vector x is obtained.

Optionally, the ciphertext calculation task includes linear regression calculation, the matrix a includes ciphertext data of at least two parties, the vector y includes a prediction tag corresponding to the ciphertext data, and a solution of the vector x is a weight of each feature corresponding to the prediction tag of the linear regression.

Optionally, the ciphertext calculation task includes communication signal estimation, the matrix a is a channel encryption matrix, the vector y is an encoded signal obtained by encrypting an original signal based on the matrix a, and a solution of the vector x is the original signal obtained by estimation.

In yet another aspect, the present invention discloses a device for data processing, for use in a multi-party secure computing system, the device comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing one or more of the data processing methods described above.

In yet another aspect, an embodiment of the invention discloses a machine-readable medium having stored thereon instructions, which, when executed by one or more processors, cause an apparatus to perform a data processing method as described in one or more of the preceding.

The embodiment of the invention has the following advantages:

in the embodiment of the invention, in a multi-party safety computing system, the solving problem of least square estimation is solved by using a matrix decomposition method. Specifically, based on a ciphertext, performing QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises an orthogonal matrix Q and an upper triangular matrix R; and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x. Compared with the explicit equation solving method, the explicit equation solving method has the advantages that the intermediate calculation step of the explicit equation solving can be omitted through matrix decomposition, not only can the calculation complexity be reduced and the calculation efficiency be improved, but also the memory overhead required by the intermediate calculation can be saved. In addition, the cipher text calculation task comprising the least square estimation is executed by the multi-party safety calculation system, so that the privacy of data can be prevented from being leaked, the data safety is ensured, and the least square estimation can be suitable for a calculation scene with higher requirements on safety and real-time performance.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.

FIG. 1 is a flow chart of the steps of one data processing method embodiment of the present invention;

FIG. 2 is a block diagram of an embodiment of a data processing apparatus according to the present invention;

FIG. 3 is a block diagram of an apparatus 800 for data processing of the present invention;

fig. 4 is a schematic diagram of a server in some embodiments of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Method embodiment

Referring to fig. 1, a flow chart of steps of an embodiment of a data processing method of the present invention is shown, the method can be used for a multi-party secure computing system, and the method specifically can include the following steps:

step 101, receiving a ciphertext computing task, anThe ciphertext computation task includes a least squares estimation that is used to compute a matrix for the givenSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data;

102, based on the ciphertext, performing QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix;

and 103, performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

A multi-party secure computing system is a computing system that protects data privacy security. The embodiment of the invention does not limit the security computing protocol adopted by the multi-party security computing system. For example, the Multi-party Secure computing system may be based on an MPC (Multi-party Secure computing) protocol, in the Multi-party Secure computing system based on the MPC protocol, multiple computing participants may perform collaborative computing using a Multi-party Secure computing technique to obtain a computing result without leaking their own data, and the data participating in the computing, the intermediate results, and the final result may be ciphertext. Of course, the multi-party secure computing system may also be a multi-party secure computing protocol implemented based on techniques such as secret sharing, semi-homomorphism, and oblivious transmission.

The multi-party secure computing system may include a task management and control platform, a computing node, and a data node. The task management and control platform is used for issuing the ciphertext computing task and scheduling the computing nodes to execute the ciphertext computing task. The data nodes may provide services such as data storage, data provisioning, computation result storage, and the like. And the computing node is used for executing the ciphertext computing task issued by the task management and control platform according to the ciphertext data provided by the data node.

The ciphertext computing task can be realized by a computer program of a preset programming language, and the multiparty security computing system can realize corresponding computing functions by executing the computer program. The ciphertext computation tasks include, but are not limited to, data cleansing, computation, analysis, model training, storage, database queries, federated learning, linear regression, communication signal estimation, Xgboost, joint statistics, covert queries, privacy intersection, and the like. It is to be understood that the specific type of the ciphertext computing task is not limited by the embodiments of the present invention.

The ciphertext computation task may be a process described by a computer programming language for private data, the process may include one or more computation instructions. The scheme of the invention is suitable for any privacy operation scene based on the ciphertext. In the embodiment of the present invention, the given matrix a is ciphertext data. In some examples, the ciphertext data may be a private data, such as environmental monitoring data, user credit data, user account data, personal health data, and the like. A ciphertext computation task may include at least one computation instruction, which may include an instruction for least squares estimation.

In the present embodiment, given matrix a,i.e. a is a real matrix of m x n. Given a vector y, the vector y is,i.e. y is a real vector in m dimensions. Least squares estimationThe assignment is performed for a given matrix a and vector y, solving for vector x,i.e. x is a real number vector of dimension n, such that min_x||y-Ax||₂(ii) a Wherein m is larger than or equal to n, and each element in the matrix A is ciphertext data.

The embodiment of the invention can realize least square estimation by utilizing a multi-party safety computing system, and further can execute a ciphertext computing task comprising the least square estimation by utilizing the multi-party safety computing system, and in the whole computing process, the data, the intermediate result and the final result participating in the computation can be ciphertexts, so that the plaintext of the data is not exposed, and the privacy and the safety of the data can be ensured.

In an optional embodiment of the present invention, the ciphertext calculation task may include linear regression calculation, the matrix a may include ciphertext data of at least two parties, the vector y may include a prediction tag corresponding to the ciphertext data, and a solution of the vector x may be a weight of each feature corresponding to the prediction tag of the linear regression.

The data processing method provided by the invention can be applied to a linear regression calculation scene. In the linear regression computation scenario, a may be a data source, including ciphertext data from multiple (more than two) parties. y is a tag vector representing a prediction tag corresponding to each ciphertext data. And x to be solved is the weight of each characteristic corresponding to the prediction label. The participants may be data parties and may be used to provide computing data for multi-party secure computing.

Exemplarily, it is assumed that elements in the matrix a are bank deposit data and panning payment data of users from multiple participants, y is default probability, and x to be solved is weight of each feature of linear regression. After linear regression, the weights corresponding to the individual features may be different. For example, when predicting the default probability, the weight corresponding to the deposit characteristic may be higher, and the weight corresponding to the gender characteristic may be lower.

In an optional embodiment of the present invention, the ciphertext calculation task may include communication signal estimation, the matrix a may be a channel encryption matrix, the vector y may be an encoded signal obtained by encrypting an original signal based on the matrix a, and a solution of the vector x may be the original signal obtained by estimation.

The data processing method of the embodiment of the invention can also be applied to communication signal estimation scenes. In the communication signal estimation scenario, a is an encryption matrix used to encrypt the original signal x. And y is an encoded signal obtained by encrypting the original signal x by using the encryption matrix A. For the sender, the original signal x may be encrypted by using the encryption matrix a to obtain the encoded signal y, e.g., y ═ a × x. After the sender sends the coded signal y to the receiver, the receiver can estimate the original signal x by using the encryption matrix a.

It can be understood that the least square estimation can be widely applied to various fields, the linear regression and the communication signal estimation are only used as an application example of the invention, and the data processing method provided by the invention can be applied to any application scene needing the least square estimation. For example, the data processing method provided by the present invention can also be applied to a least square estimation process in a GPS (Global Positioning System).

For any ciphertext calculation task, assuming that elements in the matrix A and elements in the vector y are respectively from a plurality of participants and are ciphertexts, the embodiment of the invention can utilize a multi-party security calculation system to estimate and obtain a solution of x according to A and y of the ciphertexts. Therefore, the embodiment of the invention can realize the fusion calculation of the data of a plurality of data parties on the basis of the ciphertext, not only can realize the data sharing, but also can ensure the privacy and the safety of the data.

The calculation efficiency of the least square estimation greatly affects the execution efficiency of the ciphertext calculation task, and therefore, the calculation efficiency of the least square estimation is particularly important in a calculation scene with high real-time requirement.

In a particular application, the least squares estimation may be solved by the display equation, i.e., may be solved by x ═ a^TA)^{- 1}A^Ty directly yields a solution for x.

However, best is done by the display equationSolving the small second product estimation, firstly, the matrix multiplication A needs to be calculated^TA, the complexity of this step is O (2 mn)²). Then the inverse of the matrix needs to be calculated, i.e. (A)^TA)^-1The complexity of this step is at leastThe matrix multiplication (A) needs to be calculated next^TA)^-1A^TComplexity of O (2 n)²m). Finally, the matrix is calculated by multiplying the vectors, i.e., [ (A)^TA)^-1A^T]y, complexity of O (m)²). So the total complexity of solving using the display equation isThe complexity is high, and the calculation scene with high real-time requirement is difficult to meet.

In order to improve the calculation efficiency of the least square estimation, in the process of the least square estimation, the matrix A is firstly subjected to matrix decomposition without directly solving a display equation. Specifically, based on the ciphertext, performing QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q being an orthogonal matrix, i.e. Q^TAnd Q is I, I is an identity matrix, and R is an upper triangular matrix. The obtained matrix decomposition result may be ciphertext data.

In one example, the algorithmic description of QR decomposition may be as follows:

wherein r is_kkValues of elements, q, representing the k-th row and k-th column of the matrix R_kThe values of the elements representing the kth column of the matrix Q,representing the values of the elements of the kth iteration of the kth column of matrix a.

In an optional embodiment of the present invention, the performing, by using the matrix decomposition result and based on a ciphertext, least squares estimation to obtain a solution of a vector x may include:

step S11, Q is made [ Q ]₁Q₂]Based on the matrix decomposition result, the solution min_x||y-Ax||₂Conversion to solution

Step S12, solving upper trigonometric equation set based on ciphertextA solution to the vector x is obtained.

Decomposing the matrix A intoThen, wherein Q ═ Q₁Q₂]That is to say,wherein Q is₁Is a matrix of m x n in the left half of Q, Q₂Is a matrix of m x (m-n) in the right half of Q1.

Therefore, the least squares estimation is equivalent toAccording to the nature of the orthogonal matrix (left-hand orthogonal matrix does not change norm value and Q^TQ ═ I), the left-hand matrix Q^TThe above formula can be converted into And the right itemIndependent of x. At this time, the upper trigonometric equation system can be solvedTo solve for x. The complexity of the solving process is O (2 mn)³)。

The embodiment of the invention firstly carries out QR decomposition on the matrix A to obtain a matrix decomposition result, and then carries out least square estimation solving on the equation set Ax as y by utilizing the matrix decomposition result to obtain the solution of the vector x, so that the total complexity of the least square estimation solving is reduced to O (2 mn)³) Compared with a method for solving a display equation, the execution efficiency of the ciphertext calculation task can be improved.

Although the complexity of the least square estimation solution can be reduced to some extent by using QR decomposition, and the execution efficiency of the ciphertext computation task can be improved, it can be seen from the algorithm of QR decomposition that the second norm needs to be computed in line 6 of the QR decomposition algorithmThe calculation of the two norms requires the square-opening operation; in addition, division is required in line 7 of the QR decomposition algorithmThe multi-party safety calculation protocol realized based on the technologies of secret sharing, semi-homomorphism, careless transmission and the like has the advantages that the operation of opening square root and division is high in time consumption and needs to be realized through multi-step iteration, the 6 th line and the 7 th line of the QR decomposition algorithm can cause two different multi-step iteration operations, the QR decomposition speed is low, and the calculation real-time performance is influenced.

In order to solve the problem, reduce the computation overhead of QR decomposition by a multi-party secure computation protocol and further improve the efficiency of QR decomposition, the embodiment of the invention improves the algorithm of QR decomposition to obtain an updated QR decomposition algorithm.

In an optional embodiment of the present invention, the performing QR decomposition on the matrix a based on the ciphertext to obtain a matrix decomposition result may include:

based on the ciphertext, carrying out QR decomposition on the matrix A according to the updated QR decomposition algorithm to obtain a matrix decomposition result; wherein, the updated QR decomposition algorithm carries out one-step root-opening operation in each iteration of the original QR decomposition algorithmAnd combining the one-step division operation q ═ a/r into one-step target operation

The above QR decomposition algorithm, line 6 and line 7, can be summarized as the following two operations:q is a/r. Where r corresponds to r in the above-mentioned QR decomposition algorithm_kkQ corresponds to q in the QR decomposition algorithm_kA corresponds to in the QR decomposition algorithm described abovea is a vector and s represents the sum of the squares of a.

The two steps of operation are as follows:q is a/r, equivalent to

In a multi-party secure computing system, performing an open square root operation and a division operation in two steps based on a ciphertext will result in two different multi-step iterative operations. In order to reduce the number of iterative operations in the QR decomposition process, the embodiment of the present invention combines the open square root operation and the division operation, which need to be performed in two steps, into one-step target operation.

In an alternative embodiment of the invention, the calculation may be performed by the following steps

Step S21, selecting t₀Is the initial value of the iteration;

step S22, initialization S₀＝s×t₀，h₀＝0.5t₀；

Step S23, the following iterative operations are performed, the number of iterations is z: r is_i＝1.5-s_i-1×h_i-1；s_i＝s_i-1×r_i；h_i＝h_i-1×r_i；

Step S24, when the z times iteration operation is completed, obtainingIs calculated to be 2h_z。

The embodiment of the invention obtains through iterative operationAn estimate of (d). Specifically, t is selected first₀Is an initial value of the iteration and initializes s₀＝s×t₀，h₀＝0.5t₀。

Wherein, the initial value t₀Can be arbitrarily given, but the closer togetherThe better the exact value of (c). The initial value may be an estimated value, such as 0.5 for 2 knowing that the root number of 4 results in 2, and then the initial value t may be selected₀Is 0.5.

In one example, assuming s is 4.5, a calculation is required

First, let t₀＝0.5，t₀Is composed ofAnd initializing s₀＝s×t₀＝2.25，h₀＝0.5t₀＝0.25。

Then, the iterative operation described in the above step S23 is performed.

Specifically, in the first iteration:

r₁＝1.5-s₀×h₀＝1.5-2.25×0.5＝0.9375；

s₁＝s₀×r₁＝2.25×0.9375＝2.109375；

h₁＝h₀×r₁＝0.25×0.9375＝0.234375。

in the second iteration:

r₂＝1.5-s₁×h₁＝1.5-2.109375×0.234375＝1.005615234375；

s₂＝s₁×r₂＝2.109375×1.005615234375＝2.1212196350097656；

h₂＝h₁×r₂＝0.234375×1.005615234375＝0.23569107055664062。

by analogy, 2h can be obtained after z times of iterative operation is finished_zIs thatAn estimate of (d).

It should be noted that the above iterative computation may be performed on a ciphertext basis, and is shown in plaintext for convenience of description.

Referring to Table 1, h obtained for each iteration in the above example is shown_iAnd 2h_iThe iteration value of (2).

TABLE 1

Number of iterations	hi	2hi	Relative error
				1	0.234375	0.46875	0.00563108
2	0.235691	0.471382	4.75E-05
				3	0.235702	0.471405	3.38E-09
4	0.235702	0.471405	2.36E-16
				5	0.235702	0.471405	2.36E-16
6	0.235702	0.471405	2.36E-16

As can be seen from table 1, only 4 times of iterative operations are required to obtain a very small relative error value, and thus, through the iterative operations, the embodiment of the present invention may combine the root-opening operation and the division operation, which originally need to be performed in two steps, into a target operation for solving the square root and its reciprocal in one step, which may reduce the number of iterations, accelerate the QR decomposition speed, and ensure the accuracy of the calculation result.

In practical applications, the number of iterations z may be set according to experience and accuracy requirements, and in general, the accuracy achieved by setting the number of iterations to 10 may already meet most of the calculation requirements. In the above example, when z is 4 times, the accuracy can reach a relative error level of 10 { -16 }.

In the implementation, because the calculation of the invention can be carried out in a multi-party secure computing system based on ciphertext and does not expose the plaintext value of s in the calculation process, the initial value t can be determined by dividing the interval table look-up method₀。

For example, preset intervals may be preset, and each preset interval corresponds to a square value of a preset value. If the preset interval is set as follows: [ a ] A₁,b₁]、[a₂,b₂]、[a₃,b₄]、[a₄,b₄]、[a₅,b₅]And the like. The preset intervals correspond to the square values of preset values 1, 2, 3, 4, 5 and 6 respectively.

The selection t₀The step of being an initial value of the iteration may comprise: respectively comparing s with the endpoint values of the preset intervals based on the ciphertext to determine the preset interval where s is located, and determining t according to the preset value corresponding to the preset interval where s is located₀The value of (c).

For example, if s has a value of 4, and s is ciphertext. Then s is respectively based on the ciphertext with the endpoint value of each preset intervalComparing to determine s in the preset interval of [ a ]₂,b₂]If the preset value corresponding to the preset interval is 2, t can be selected₀The value of (c) is 1/2 ═ 0.5.

The following describes the least squares estimation solution using QR decomposition according to the present invention by using a specific example.

Assuming a given matrix(Vector)Need to solve for min_x||y-Ax||₂。

It should be noted that the elements in the matrix a and the vector y may be ciphertext, and are shown in plaintext here for convenience of description.

By using the updated QR decomposition algorithm, QR decomposition is performed on the matrix A, and the following results can be obtained:

so that

In this example, since m is equal to n, Q is equal to n₁I.e. Q, there is no Q₂. After obtaining the matrix decomposition result of QR decomposition, solving the upper triangular matrix equation setI.e. solving for Rx as Q^Ty. By solving the upper triangular matrix equation set Rx-Q^Ty, the vector x can be solved. That is, the following upper triangular matrix equation set is solved:

i.e. solving the following upper triangular matrix equation set:

specifically, x can be obtained by solving from bottom to top

In summary, in the embodiment of the invention, in the multi-party security computing system, the solution problem of least square estimation is solved by using a matrix decomposition method. Specifically, based on a ciphertext, performing QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises an orthogonal matrix Q and an upper triangular matrix R; and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x. Compared with the explicit equation solving method, the explicit equation solving method has the advantages that the intermediate calculation step of the explicit equation solving can be omitted through matrix decomposition, not only can the calculation complexity be reduced and the calculation efficiency be improved, but also the memory overhead required by the intermediate calculation can be saved. In addition, the cipher text calculation task comprising the least square estimation is executed by the multi-party safety calculation system, so that the privacy of data can be prevented from being leaked, the data safety is ensured, and the least square estimation can be suitable for a calculation scene with higher requirements on safety and real-time performance.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

Device embodiment

Referring to fig. 2, a block diagram of an embodiment of a data processing apparatus of the present invention, which may be used in a multi-party secure computing system, may specifically include:

a task receiving module 201, configured to receive a ciphertext computation task, where the ciphertext computation task includes a least squares estimation, and the least squares estimation is used for a specific matrixSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data;

a matrix decomposition module 202, configured to perform QR decomposition on the matrix a based on the ciphertext to obtain a matrix decomposition result, where the matrix decomposition result includes a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix;

and the result calculating module 203 is configured to perform least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

Optionally, the matrix decomposition module is specifically configured to:

based on the ciphertext, carrying out QR decomposition on the matrix A according to the updated QR decomposition algorithm to obtain a matrix decomposition result; wherein, the updated QR decomposition algorithm is used for generating root signals in one step in each iteration of the original QR decomposition algorithmOperationsAnd combining the one-step division operation q ═ a/r into one-step target operation

Optionally, the apparatus further comprises: an iterative computation module for computingThe iterative computation module comprises:

a selection submodule for selecting t₀Is the initial value of the iteration;

an initialization submodule for initializing s₀＝s×t₀，h₀＝0.5t₀；

The iteration submodule is used for executing the following iteration operation, and the iteration number is z: r is_i＝1.5-s_i-1×h_i-1；s_i＝s_i-1×r_i；h_i＝h_i-1×r_i；

A result obtaining submodule for obtaining the result after the z-times iterative operation is finishedIs calculated to be 2h_z。

Optionally, the result calculating module includes:

a computation conversion submodule for making Q ═ Q₁ Q₂]Based on the matrix decomposition result, the solution min_x||y-Ax||₂Conversion to solution

An equation solving submodule for solving the upper trigonometric equation set based on the ciphertextA solution to the vector x is obtained.

Optionally, the ciphertext calculation task includes linear regression calculation, the matrix a includes ciphertext data of at least two parties, the vector y includes a prediction tag corresponding to the ciphertext data, and a solution of the vector x is a weight of each feature corresponding to the prediction tag of the linear regression.

Optionally, the ciphertext calculation task includes communication signal estimation, the matrix a is a channel encryption matrix, the vector y is an encoded signal obtained by encrypting an original signal based on the matrix a, and a solution of the vector x is the original signal obtained by estimation.

In the embodiment of the invention, in a multi-party safety computing system, the solving problem of least square estimation is solved by using a matrix decomposition method. Specifically, based on a ciphertext, performing QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises an orthogonal matrix Q and an upper triangular matrix R; and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x. Compared with the explicit equation solving method, the explicit equation solving method has the advantages that the intermediate calculation step of the explicit equation solving can be omitted through matrix decomposition, not only can the calculation complexity be reduced and the calculation efficiency be improved, but also the memory overhead required by the intermediate calculation can be saved. In addition, the cipher text calculation task comprising the least square estimation is executed by the multi-party safety calculation system, so that the privacy of data can be prevented from being leaked, the data safety is ensured, and the least square estimation can be suitable for a calculation scene with higher requirements on safety and real-time performance.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

An embodiment of the present invention provides a device for data processing for a multi-party secure computing system, the device comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for:

receiving a ciphertext computation task, the ciphertext computation task comprising a least squares estimate, the least squares estimate to be used for a given matrixSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data;

based on the ciphertext, carrying out QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix;

and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

Optionally, the performing, based on the ciphertext, QR decomposition on the matrix a to obtain a matrix decomposition result, including:

based on ciphertext, according to updated QR decomposition algorithmCarrying out QR decomposition on the matrix A to obtain a matrix decomposition result; wherein, the updated QR decomposition algorithm carries out one-step root-opening operation in each iteration of the original QR decomposition algorithmAnd combining the one-step division operation q ═ a/r into one-step target operation

Optionally, calculating by the following steps

Selecting t₀Is the initial value of the iteration;

initialization s₀＝s×t₀，h₀＝0.5t₀；

Performing the following iterative operation, wherein the iterative times are z: r is_i＝1.5-s_i-1×h_i-1；s_i＝s_i-1×r_i；h_i＝h_i-1×r_i；

When the z times of iterative operation is completed, obtainingIs calculated to be 2h_z。

Optionally, the performing least squares estimation based on a ciphertext by using the matrix decomposition result to obtain a solution of the vector x includes:

let Q be [ Q ]₁ Q₂]Based on the matrix decomposition result, the solution min_x||y-Ax||₂Conversion to solution

Solving upper trigonometric equation set based on ciphertextA solution to the vector x is obtained.

Optionally, the ciphertext calculation task includes linear regression calculation, the matrix a includes ciphertext data of at least two parties, the vector y includes a prediction tag corresponding to the ciphertext data, and a solution of the vector x is a weight of each feature corresponding to the prediction tag of the linear regression.

Optionally, the ciphertext calculation task includes communication signal estimation, the matrix a is a channel encryption matrix, the vector y is an encoded signal obtained by encrypting an original signal based on the matrix a, and a solution of the vector x is the original signal obtained by estimation.

Fig. 3 is a block diagram illustrating an apparatus 800 for data processing in accordance with an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Referring to fig. 3, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of the components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

Fig. 4 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.

The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the data processing method shown in fig. 1.

A non-transitory computer readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a data processing method, the method comprising: the ciphertext computation task is received and,the ciphertext computation task includes a least squares estimation for a given matrixSum vectorSolve for vector x, let min_x||y-Ax||₂(ii) a Wherein m is more than or equal to n, and the matrix A is ciphertext data; based on the ciphertext, carrying out QR decomposition on the matrix A to obtain a matrix decomposition result, wherein the matrix decomposition result comprises a matrixSum matrixSo thatWherein the content of the first and second substances,q is an orthogonal matrix, and R is an upper triangular matrix; and performing least square estimation based on the ciphertext by using the matrix decomposition result to obtain a solution of the vector x.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

The data processing method, the data processing apparatus and the apparatus for data processing provided by the present invention are described in detail above, and specific examples are applied herein to illustrate the principles and embodiments of the present invention, and the description of the above embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.