本博客地址:https://security.blog.csdn.net/article/details/124110931
一、Paillier半同态加密算法
同态加密又可以分为全同态加密、些许同态加密和半同态加密三种形式。这其中,由于受到性能等因素的约束,当前在工业界主要使用半同态加密算法。Paillier即属于半同态加密算法,其并不满足乘法同态运算,虽然Paillier算法不是全同态加密的,但是与全同态加密算法(FHE)相比,其计算效率大大提升,因此在工业界被广泛应用。
我们以 x 表示明文,以 [[x]] 表示其对应的密文,那么Paillier 半同态加密算法满足:[[u+v]] = [[u]] +[[v]]
对于Paillier算法的加密损失函数,损失值 L 关于参数 的梯度值为:
上式对应的加密梯度为:,该式仅涉及加法和数乘运算,因此Paillier算法适用于经过多项式近似之后的损失函数求解。
二、同态加密防御的具体实现
2.1、定义模型
先自定义一个模型类 LR_Model,以方便我们进行加解密。已对代码做出了具体的注释说明,具体细节阅读代码即可。
models.py
import torch
from torchvision import models
import numpy as np
def encrypt_vector(public_key, x):
return [public_key.encrypt(i) for i in x]
def encrypt_matrix(public_key, x):
ret = []
for r in x:
ret.append(encrypt_vector(public_key, r))
return ret
def decrypt_vector(private_key, x):
return [private_key.decrypt(i) for i in x]
def decrypt_matrix(private_key, x):
ret = []
for r in x:
ret.append(decrypt_vector(private_key, r))
return ret
class LR_Model(object):
def __init__ (self, public_key, w_size=None, w=None, encrypted=False):
# w_size: 权重参数数量
# w: 是否直接传递已有权重,w和w_size只需要传递一个即可
# encrypted: 是明文还是加密的形式
self.public_key = public_key
if w is not None:
self.weights = w
else:
limit = -1.0/w_size
self.weights = np.random.uniform(-0.5, 0.5, (w_size,))
if encrypted==False:
self.encrypt_weights = encrypt_vector(public_key, self.weights)
else:
self.encrypt_weights = self.weights
# 用于更新加密的权重向量
def set_encrypt_weights(self, w):
for id, e in enumerate(w):
self.encrypt_weights[id] = e
# 用于更新明文权重向量
def set_raw_weights(self, w):
for id, e in enumerate(w):
self.weights[id] = e
2.2、(客户端)本地模型训练
在本地的模型训练中,模型参数是在加密的状态下进行,其过程如下所示。已对代码做出了具体的注释说明,具体细节阅读代码即可。
client.py
import models, torch, copy
import numpy as np
from server import Server
class Client(object):
def __init__(self, conf, public_key, weights, data_x, data_y):
self.conf = conf
self.public_key = public_key
self.local_model = models.LR_Model(public_key=self.public_key, w=weights, encrypted=True)
self.data_x = data_x
self.data_y = data_y
def local_train(self, weights):
# 复制服务端下发的全局模型权重
original_w = weights
# 将本地模型的权重更新为全局模型权重
self.local_model.set_encrypt_weights(weights)
neg_one = self.public_key.encrypt(-1)
for e in range(self.conf["local_epochs"]):
print("start epoch ", e)
# 每一轮都随机挑选batch_size大小的训练数据进行训练
idx = np.arange(self.data_x.shape[0])
batch_idx = np.random.choice(idx, self.conf['batch_size'], replace=False)
x = self.data_x[batch_idx]
x = np.concatenate((x, np.ones((x.shape[0], 1))), axis=1)
y = self.data_y[batch_idx].reshape((-1, 1))
# 在加密状态下求取加密梯度
batch_encrypted_grad = x.transpose() * (0.25 * x.dot(self.local_model.encrypt_weights) + 0.5 * y.transpose() * neg_one)
encrypted_grad = batch_encrypted_grad.sum(axis=1) / y.shape[0]
for j in range(len(self.local_model.encrypt_weights)):
self.local_model.encrypt_weights[j] -= self.conf["lr"] * encrypted_grad[j]
weight_accumulators = []
for j in range(len(self.local_model.encrypt_weights)):
weight_accumulators.append(self.local_model.encrypt_weights[j] - original_w[j])
return weight_accumulators
2.3、(服务端)生成公钥和私钥
已对代码做出了具体的注释说明,具体细节阅读代码即可。
server.py
import models, torch
import paillier
import numpy as np
class Server(object):
# 利用paillier算法生成公钥和私钥,公钥用于加密,私钥用于解密
public_key, private_key = paillier.generate_paillier_keypair(n_length=1024)
def __init__(self, conf, eval_dataset):
self.conf = conf
self.global_model = models.LR_Model(public_key=Server.public_key, w_size=self.conf["feature_num"]+1)
self.eval_x = eval_dataset[0]
self.eval_y = eval_dataset[1]
def model_aggregate(self, weight_accumulator):
for id, data in enumerate(self.global_model.encrypt_weights):
update_per_layer = weight_accumulator[id] * self.conf["lambda"]
self.global_model.encrypt_weights[id] = self.global_model.encrypt_weights[id] + update_per_layer
def model_eval(self):
total_loss = 0.0
correct = 0
dataset_size = 0
batch_num = int(self.eval_x.shape[0]/self.conf["batch_size"])
self.global_model.weights = models.decrypt_vector(Server.private_key, self.global_model.encrypt_weights)
print(self.global_model.weights)
for batch_id in range(batch_num):
x = self.eval_x[batch_id*self.conf["batch_size"] : (batch_id+1)*self.conf["batch_size"]]
x = np.concatenate((x, np.ones((x.shape[0], 1))), axis=1)
y = self.eval_y[batch_id*self.conf["batch_size"] : (batch_id+1)*self.conf["batch_size"]].reshape((-1, 1))
dataset_size += x.shape[0]
wxs = x.dot(self.global_model.weights)
pred_y = [1.0 / (1 + np.exp(-wx)) for wx in wxs]
pred_y = np.array([1 if pred > 0.5 else -1 for pred in pred_y]).reshape((-1, 1))
correct += np.sum(y == pred_y)
acc = 100.0 * (float(correct) / float(dataset_size))
return acc
# 对数据进行重新加密
# 先利用paillier生成私钥解密,再利用公钥重新加密
@staticmethod
def re_encrypt(w):
return models.encrypt_vector(Server.public_key, models.decrypt_vector(Server.private_key, w))
版权归原作者 武天旭 所有, 如有侵权,请联系我们删除。