Processing method of neural network and server and electronic device thereof

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
By converting the source code of the AI compiler into obfuscated circuit code and using the obfuscated transmission protocol to generate an encrypted neural network model, the problem of insufficient model privacy in cloud services is solved, and the secure transmission and protection of the model is achieved.

CN116362307BActive Publication Date: 2026-06-12IND TECH RES INST

View PDF 1 Cites 0 Cited by

Patent Information

Authority / Receiving Office: CN · China
Patent Type: Patents(China)
Current Assignee / Owner: IND TECH RES INST
Filing Date: 2022-02-16
Publication Date: 2026-06-12

Application Information

Patent Timeline

16 Feb 2022

Application

12 Jun 2026

Publication

CN116362307B

IPC: G06N3/063; G06N3/04; G06N3/08; G06F8/41

CPC: G06N3/063; G06N3/04; G06N3/08; G06F8/41; G06N3/045; G06N3/047; G06N3/044; G06N3/048

AI Tagging

Application Domain

User identity/authority verificationMechanically effected encryption

Explore More Agents

Novelty Search
Search existing technologies and assess novelty
↗
FTO
Analyze whether a product may infringe others' patents
↗
Design FTO
Check prior-design risk for exterior design
↗
Drafting
Draft patent application text based on a technical solution
↗
Find Solutions with TRIZ
Generate feasible solution to solve your technical challenge
↗

Similar Technology Patents

Creating a block for a blockchain in an asynchronous blockchain environment
US20260163750A1User identity/authority verification Protocol authorisation
Systems and methods for implementing multi-custody control of cryptographic keys using cloud-based services
WO2026054842A3Key distribution for secure communicationPublic key for secure communication
Providing software information for vehicles without displays
DE202026101545U1Registering/indicating working of vehicles User identity/authority verification
A digital human identity authentication and privacy protection system and method
CN122204339AUser identity/authority verification Selective content distribution
Secure and efficient signing of cryptocurrency transactions under fully homomorphic encryption
WO2025230990A9Multiple keys/algorithms usagePublic key for secure communication

Get free access to AI patent search and analysis

Check patentability, review prior art and ask IP Agent with full patent context.

AI Technical Summary

⚠Technical Problem

In cloud services, the privacy of neural network models is difficult to guarantee, which leads to the risk of important assets being leaked when model developers upload models.

⚗Method used

By converting the source code of the AI compiler into obfuscated circuit code and using obfuscated transmission protocol and obfuscated circuit protocol, an encrypted neural network model is generated to ensure that the model is not obtained by unauthorized parties during transmission.

🎯Benefits of technology

It enables encrypted transmission of neural network models in a cloud environment, protecting the privacy of the models and preventing unauthorized parties from obtaining the model content.

✦ Generated by Eureka AI based on patent content.

Smart Images

Figure CN116362307B_ABST

Patent Text Reader

Abstract

A processing method of a neural network is provided. An AI compiler source code of an artificial intelligence compiler is converted into a garbled circuit code, including the following steps: a server transmits a circuit diagram of a garbled circuit having a plurality of logic gates corresponding to the garbled circuit code to an electronic device; the electronic device generates a plurality of key codebooks corresponding to a plurality of candidate gates of each logic gate; the electronic device generates a plurality of garbled truth tables corresponding to the plurality of candidate gates of each logic gate and transmits them to the server by using a blinding transmission protocol; and the server obtains a target garbled truth table of each logic gate. Then, the electronic device encrypts a neural network model according to the plurality of key codebooks. The server generates a compiled neural network model of the encrypted neural network model.

Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to a method for processing neural networks and a server and electronic device thereof. Background Technology

[0002] With the development of technology, applications of Artificial Intelligence (AI) are receiving increasing attention. Most AI frameworks only support CPU and GPU hardware environments. AI compilers (neural network compilers) can enable neural network (NN) models to run on different types of hardware, such as mobile phones, embedded system devices, and low-power special purpose chips.

[0003] AI compilers can be implemented in cloud services. Model developers only need to upload their neural network (NN) models, and the cloud-based AI compiler can optimize, benchmark, and package the models for different hardware platforms. The compiled NN models can be transferred to AI systems on a chip (SoC) or AI software dongles (such as USB AI dongles) for execution, or they can be executed on other different hardware platforms.

[0004] However, this method of implementing AI compilers in cloud services results in a lack of privacy for neural network (NN) models. When NN models developed using different frameworks are uploaded to the cloud for compilation, they may be obtained by others. High-quality NN models are often important assets of a company. If NN models are made known to others, it could cause significant losses to the company. Therefore, how to properly protect the NN models developed by their developers and ensure the privacy of uploaded NN models when uploading them to the cloud has become a key issue that the industry is working on. Summary of the Invention

[0005] According to a first aspect of this disclosure, a method for processing a Neural Network (NN) is proposed, comprising the following steps: Converting the source code of an Artificial Intelligence (AI) compiler into garbled circuit code, comprising the following steps: A server transmits a circuit diagram of a garbled circuit corresponding to this garbled circuit code to a first electronic device, the garbled circuit having multiple logic gates; the first electronic device generates multiple key codebooks corresponding to multiple candidate gates of each logic gate; the first electronic device generates multiple garbled truth tables corresponding to the multiple candidate gates of each logic gate; the first electronic device transmits the multiple garbled truth tables corresponding to the multiple candidate gates of each logic gate to the server using an Oblivious Transfer (OT) protocol; and the server, based on the multiple garbled truth tables corresponding to the multiple candidate gates of each logic gate, obtains a target garbled truth table for each logic gate using the OT protocol. The first electronic device encrypts the NN model according to the multiple key codebooks to generate an encrypted NN model. This server generates the compiled NN model of this encrypted NN model based on the obfuscated circuit code by obfuscating the truth table of each logic gate.

[0006] According to a second aspect of this disclosure, a server for processing neural networks is proposed, including a transmission circuit and a processor. The processor is used to convert AI compiler source code of an AI compiler into obfuscated circuit code. The processor executes the following procedures: transmitting a circuit diagram of an obfuscated circuit corresponding to the obfuscated circuit code to a first electronic device via the transmission circuit, the obfuscated circuit having multiple logic gates; receiving multiple obfuscated truth tables corresponding to multiple candidate gates of each logic gate from the first electronic device via the transmission circuit using an OT protocol; and obtaining a target obfuscated truth table for each logic gate based on the multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate using the OT protocol. The first electronic device generates multiple key encoding books corresponding to the multiple candidate gates of each logic gate. The first electronic device encrypts the NN model according to the multiple key encoding books to generate an encrypted NN model. The processor is also used to generate a compiled NN model of the encrypted NN model based on the obfuscated circuit code using the target obfuscated truth tables of each logic gate.

[0007] According to a third aspect of this disclosure, an electronic device for processing neural networks is proposed, including a transmission circuit and a processor. The processor assists a server in converting AI compiler source code of an AI compiler into obfuscated circuit code. The processor executes the following procedures: receiving, via the transmission circuit, a circuit diagram of an obfuscated circuit corresponding to the obfuscated circuit code from the server, the obfuscated circuit having multiple logic gates; generating multiple key encoding books corresponding to multiple candidate gates of each logic gate; generating multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate; and transmitting the multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate to the server via the transmission circuit using an OT protocol. The processor is further configured to encrypt the NN model based on the multiple key encoding books to generate an encrypted NN model. The server, based on the multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate, obtains a target obfuscated truth table for each logic gate using the OT protocol, and thereby, the server generates a compiled NN model of the encrypted NN model based on the obfuscated circuit code using the target obfuscated truth tables for each logic gate.

[0008] To provide a better understanding of the above and other aspects of this disclosure, specific embodiments are described below in conjunction with the accompanying drawings: Attached Figure Description

[0009] The above and other objects, features and advantages of this disclosure will become clearer from the following description of embodiments with reference to the accompanying drawings, in which:

[0010] Figure 1 A flowchart illustrating a neural network processing method according to an embodiment of the present disclosure is shown.

[0011] Figure 2 Draw a block diagram of the system used to process neural networks.

[0012] Figure 3A Draw the first OT scenario.

[0013] Figure 3B Draw the second OT scenario.

[0014] Figure 3C Draw out the OT requirements.

[0015] Figure 4A Draw the flow of the 2-choose-1 blind transmission protocol.

[0016] Figure 4B Draw the flow diagram of the n-choose-1 random transmission protocol.

[0017] Figure 5A Draw an example of an obfuscation circuit for an obfuscation circuit protocol.

[0018] Figure 5BThis section illustrates an example of the input line key and output line key of an AND gate.

[0019] Figure 5C show Figure 5B The truth table corresponding to the AND gate, and Figure 5B The encrypted truth table (obfuscated truth table) corresponding to the AND gate.

[0020] Figure 6 This shows an example of a scrambled circuit.

[0021] Figure 7 Drawing correspondence to Figure 6 Example of a circuit diagram for a confusion circuit.

[0022] Figures 8A to 8H Examples are shown for the input line key, output line key, truth table, and corresponding encrypted truth table for AND candidate gate, OR candidate gate, AND-NOT candidate gate, NOR-NOT candidate gate, XOR candidate gate, XNOR candidate gate, buffer candidate gate, and NOT candidate gate, respectively. Detailed Implementation

[0023] like Figure 1 and Figure 2 As shown, Figure 1 A flowchart illustrating a neural network processing method according to an embodiment of the present disclosure is provided. Figure 2 A block diagram of a system for processing neural networks is shown. The neural network processing method includes the following steps. First, by executing steps 102 to 110, the AI compiler source code of the Artificial Intelligence (AI) compiler is converted into garbled circuit code. In step 102, server 202 transmits the circuit diagram Gc of the garbled circuit corresponding to the garbled circuit code to electronic device 204. The garbled circuit has multiple logic gates. In step 104, electronic device 204 generates multiple key codebooks (kevcodebooks) corresponding to multiple candidate gates of each logic gate. In step 106, electronic device 204 generates multiple garbled truth tables corresponding to multiple candidate gates of each logic gate. In step 108, electronic device 204 transmits the multiple garbled truth tables corresponding to multiple candidate gates of each logic gate to server 202 using an Oblivious Transfer (OT) protocol. In step 110, server 202 obtains the target obfuscated truth table for each logic gate by using the OT protocol, based on multiple obfuscated truth tables corresponding to multiple candidate gates for each logic gate.

[0024] Next, in step 112, electronic device 204 encrypts the NN model according to multiple key encoding books to generate an encrypted NN model. Then, in step 114, server 202 generates a compiled NN model of the encrypted NN model based on the obfuscated circuit code through the target obfuscation truth table of each logic gate.

[0025] Electronic device 204, for example, acts as a client in system 200. Server 202, for example, is a cloud server. By encrypting the NN model according to the key codebook and transmitting the obfuscated truth table using the OT protocol, the content of the NN model provided by electronic device 204 (client) is not known to server 202 (cloud server), thus protecting the privacy of the NN model. Furthermore, by transmitting the circuit diagram Gc instead of the obfuscated circuit, using obfuscated circuit codes, and transmitting the obfuscated truth table using the OT protocol, the content of the AI compiler of server 202 (cloud server) is not known to electronic device 204 (client). Therefore, the privacy of the AI compiler is also protected. The processing method of the neural network (NN) according to embodiments of this disclosure will be further described below.

[0026] In cryptography, oblivious transfer (OT) is a protocol in which the transmitting end sends one of several pieces of information to the receiving end, but the transmitting end still does not know which piece of information has been transmitted. The first form of oblivious transfer was proposed by Michael O. Rabin in 1981 (Michael O. Rabin. "How to exchange secrets with oblivious transfer." Technical Report TR-81, Aiken Computation Laboratory, Harvard University, 1981.). In 1985, Shimon Even, Oded Goldreich, and Abraham Lempel proposed a more useful form of oblivious transfer, called 1-2 oblivious transfer or "1 out of 2 oblivious transfer" (S. Even, O. Goldreich, and A. Lempel, "A Randomized Protocol for Signing Contracts", Communications of the ACM, Volume 28, Issue 6, pp. 637-647, 1985.). It is summarized as "1 out of noblivious transfer," where the receiver receives only one element, the sender is unaware of which element was queried, and the receiver is unaware of any other unretrieved elements.

[0027] like Figures 3A to 3C As shown, Figure 3A Illustrate the first OT scenario. Figure 3B Draw the second OT scenario, Figure 3C Draw out the OT requirements. For example... Figure 3A As shown, when user B transmits bit value b=1 to user A to query message M1, user A replies to user B with message M1 corresponding to b=1. However, in Figure 3A In the first OT scenario shown, user A knows user B's choice b (b=1). Figure 3B As shown, when user B selects bit value b=1 and does not transmit bit value b=1 to user A, user A directly transmits messages M0 and M1, corresponding to b=0 and b=1 respectively, to user B. However, in cases such as Figure 3B In the second OT scenario shown, user B knows the message M0 corresponding to b=0, where message M0 was not selected by user B. For example... Figure 3CAs shown, user B transmits bit value b (b can be 0 or 1), and user A only transmits message Mb (when the value of b is 0, message Mb is M0; when the value of b is 1, message Mb is M1) to user B. Under this OT requirement, user A is unaware of user B's choice (the value of b), and user B is unaware of user A's other messages.

[0028] like Figure 4A As shown, Figure 4A Draw the flow diagram of the 2-choose-1 blind transport protocol. Assume that given generators g and g', ... m mod q. According to the Discrete-Log assumption, calculating the value of m is difficult. Here, g is a large prime number, q is the modulus, and m is an integer.

[0029] Assume Z q It is a group of order q, that is, Z q G represents m The set of elements mod q, which is Z q = {0, 1, 2, ..., q-1}. Both User A and User B know the value of generator "g". User A randomly selects Z. q Z is an element, and the selected element is represented by generator "c". User A transmits generator "c" to user B. User B randomly selects Z. q One element is selected, denoted as generator "k". User B selects a bit value b, which is an element from the set {0, 1}. User B also sets z. b =g k , z 1-b =c / g k (That is, when b is 0, z0 = g) k z1 = c / g k When b is 1, z1 = g k z0 = c / g k Then user B will z b and z 1-b Transmitted to user A.

[0030] User A randomly selects values "r0" and "r1" and generates the value "g". r0 "and "g r1 User A has two pieces of information, "x0" and "x1". User A encrypts "x0" and "x1" using values "r0" and "r1". For example, user A generates the value... and Then, user A transmits data C0 and C1 to user B. Data C0 and C1 are defined by (Equation 1):

[0031]

[0032]

[0033] H is a hash function that can be used to map data of arbitrary length to lengths x0 and x1. Operators This represents the exclusive OR operation at the bit-wise level.

[0034] After user B receives data C0 and C1, user B calculates... Decrypting C b = [v1, v2]. Taking b = 0 as an example. When b = 0, z0 = g k z1 = c / g k Then, z0 r0 =(g k ) r0 z1 r1 (c / g k ) r1 ,and therefore, However, due to And for C1 It is equal to Because of c r1 Since the value is unknown, the value of "x1" cannot be obtained. Thus, user B can obtain the information "x0" without knowing the information "x1," while user A is unaware of the value of b chosen by user B. In other words, user B only obtains one of x0 and x1, and user A is unaware of which of x0 and x1 user B obtained.

[0035] like Figure 4B As shown, Figure 4B Draw the flow diagram of the n-choose-1 random transport protocol. Assume a generator g and g' are given. m According to the Discrete-Log hypothesis, calculating the value of m is difficult, where g is a large prime number, q is the modulus, and m is an integer.

[0036] Suppose Zq is a group of order q, that is, Zq represents g. m The set of elements mod q, which is Z q ={0, 2, ..., q-1}. Z qThe generators "g" and "h" are known to both user A and user B. User B chooses a value a, where a is an element of the set {1, ..., n} and n is an integer. User B randomly chooses Z. q An element, denoted as generator "r", is used by user B to transmit the value y = g to user A. r h a User A randomly selects Z. q The n elements are represented as generators "k1, k2, ... k n User A possesses information (x1, x2, ..., x...). n Then, user A transmits { <c i =(g ki x i (y / h a ) ki The data is transmitted from user A to user B, where i = 1, ..., n. That is, user A transmits e1 = (g... K1 ,x1(y / h a ) k1 ), c2=(g k2 ,x2(y / h a ) k2 ), ...c n =(g kn x n (y / h a ) kn ) to user B. User B receives c a =(v, w)=(g ka x a (y / h a ) ka ), and calculate x a =W / v r For example, when user B chooses a = 2, x² = w / v r =x a (y / h a ) ka / (g ka ) r =x a (g r h a / h a ) ka / (g ka ) r =x a =x2. Thus, user B can operate without knowing the information "x1" and "x3~x2". n In the case of "x0", user A receives the information "x2", while user B is unaware of the value of 'a' chosen by user B. That is, user B only receives information from x0 to x2.n One of them, while user A is unaware that user B obtained x0 to x n Which one?

[0037] like Figures 5A to 5C As shown, it illustrates the flow of the garbled circuit protocol. Figure 5A Draw an example of an obfuscation circuit for an obfuscation circuit protocol. Figure 5B This section illustrates an example of the input line key and output line key of an AND gate. Figure 5C show Figure 5B The truth table corresponding to the AND gate, and Figure 5B The encrypted truth table (obfuscated truth table) corresponding to the AND gate. Obfuscated circuit protocol is an encryption protocol that ensures secure computation between two parties, where both parties can jointly evaluate a function using their respective inputs. In obfuscated circuit protocol, the function must be described as a Boolean circuit. Obfuscated circuits were first proposed by Andrew Yao (Yao, Andrew Chi-Chih (1986), "How to generate and exchange secrets", 27th Annual Symposium on Foundations of Computer Science (SFCS 1986), Foundations of Computer Science, 1986).

[0038] like Figure 5A As shown, both users, A and B, are aware of the Boolean circuit 502 that executes function f. User A has input x, and user B has input y. Users A and B can safely compute f(x, v) without user A knowing user B's input and user B knowing user A's input. Figure 5B As shown, user A first selects two random keys for each line. One key corresponds to "0" and the other key corresponds to "1". A gate with two input lines has a total of six keys. We will now use AND gate 504 as an example. AND gate 504 has two input lines 506 and 508 and one output line 510, as follows... Figure 5B As shown. AND gate 504 receives the x value on input line 506 and the y value on input line 508. AND gate 504 outputs the z value on output line 510. User A selects two random keys k for input line 506. 0x and k 1x Input line key k 0x Corresponding to "0", while the input line key k 1xCorresponding to "1". User A selects two random keys k for input line 508. 0y and k 1y Input line key k 0y Corresponding to "0", while the input line key k 1y Corresponding to "1". User A also selects two random keys k for output line 510. 0z and k 1z Output line key k 0z Corresponding to "0", and the output line key k 1z Corresponding to "1".

[0039] like Figure 5C As shown, user A then uses the corresponding pair of input line keys to control the output line key k. 0z and k 1z Encryption is performed to encrypt each column of the truth table of AND gate 504. For example, user A uses the corresponding pair of input line keys k. 0x and k 0y For the output line key k 0z Encryption is performed, corresponding to the first column of the truth table (which shows z = 0 when x = 0 and y = 0), to produce the content E of the first column of the encrypted truth table. k0x (E k0y ( k0z Function E k0y (k 0z This indicates the use of the input line key k. 0y To output the key k 0z Encryption is performed. Function E k0x (E k0y (k 0z )) indicates the use of the input line key k 0x , to E k0y (k 0z The value of ) is encrypted. The input line key k can be used. 0y and k 0x To pair the output line key k 0z Decryption is performed.

[0040] User A uses the corresponding pair of input line keys k 0x and k 1y For the output line key k 0z Encryption is performed, corresponding to the second column of the truth table (which shows the values when x=0 and y=1, z=0), to produce the content E of the second column of the encrypted truth table. k0x (E k1y (k 0z Function E k1y (k 0z This indicates the use of the input line key k.1y To output the key k 0z Encryption is performed. Function E k0x (E k1y (k 0z )) indicates the use of the input line key k 0x , to E k1y (k 0z The value of ) is encrypted. The input line key k can be used. 1y and k 0x To pair the output line key k 0z Decryption is performed.

[0041] User A uses the corresponding pair of input line keys k 1x and k 0y For the output line key k 0z Encryption is performed, corresponding to the third column of the truth table (which shows z = 0 when x = 1 and y = 0), to produce the content E of the third column of the encrypted truth table. k1x (E k0y (k 0z Function E k0y (k 0z This indicates the use of the input line key k. 0y To output the key k 0z Encryption is performed. Function E k1x (E k0y (k 0z )) indicates the use of the input line key k 1x , to E k0y (k 0z The value of ) is encrypted. The input line key k can be used. 0y and k 1x To pair the output line key k 0z Decryption is performed.

[0042] Similarly, user A uses the corresponding pair of input line keys k 1x and k 1y For the output line key k 1z Encryption is performed, corresponding to the fourth column of the truth table (which shows z=1 when x=1 and y=1), to produce the content E of the fourth column of the encrypted truth table. k1x (E k1y (k 1z Function E k1y (k 1z This indicates the use of the input line key k. 1y To output the key k 1z Encryption is performed. Function E k1x (E k1y (k 1z )) indicates the use of the input line key k1x , to E k1v (k 1z The value of ) is encrypted. The input line key k can be used. 1y and k 1x To pair the output line key k 1z Decryption is performed.

[0043] After generating the encrypted truth table using AND gate 504, each column of the encrypted truth table can be rearranged randomly for enhanced protection. This encrypted truth table serves as a scrambled truth table transmitted by user A to user B. User A can perform similar procedures to target... Figure 5A Other gates in the Boolean circuit generate an encrypted truth table (a confused truth table). For example, user A could execute a similar procedure to generate a truth table like the one described above. Figure 5A The diagram shows the encryption truth tables (confusion truth tables) for OR gate 512, OR gate 514, AND gate 516, NOT gate 518, and AND gate 520. The output line key of one gate can be used as the input line key of another gate. For example, the output line key k of AND gate 504... 0z and k 1z It can be used as the input line key for AND gate 516.

[0044] The following example illustrates the main steps of a garbled circuit protocol. In main step 1, when user A's bit value is 1, user A only inputs the key k to the input line. 1x Transmitted to user B. When user A's bit value is 0, user A only inputs the key k. 0x Transmitted to user B. In main step 2, when user B's bit value is b, user B obtains k only from user A using the OT protocol. by That is, user A transmits the input line key k to user B. 0y and k 1y When user B's bit value is 0, user B obtains k only from user A through the OT protocol. 0y When user B's bit value is 1, user B obtains k solely from user A through the OT protocol. 1y .

[0045] In main step 3, assuming user B's bit value is 0, user B can use the input line key k based on the obfuscated truth table transmitted from user A to user B. 1x and k 0y To calculate k 0z Since user B only has the input line key k 1x and k 0y User B was unable to pass. Figure 5C The contents of the first column of the obfuscated truth table E k0x (Ek0y (k 0z Perform the decryption process to obtain k. 0z User B was also unable to pass. Figure 5C The content of the second row of the obfuscated truth table shown is E k0x (E k1y (k 0z Perform the decryption process to obtain k. 0z User B was also unable to pass. Figure 5C The content of the fourth row of the obfuscated truth table shown is E k1x (E k1y (k 1z Perform the decryption process to obtain k. 0z User B can only access the system through [the system / platform]. Figure 5C The content of the third row of the obfuscated truth table shown is E k1x (E k0y (k 0z Perform the decryption process to obtain k. 0z Therefore, user B performs a blind compute on the function of AND gate 504, AND(1, 0) = 0. That is, user B calculates the input line key k based on the input value in key form. 1x and k 0y The output line key k is obtained as the output value in key form. 0z Even if user B does not know the output line key k 0z This corresponds to the case where the bit value is 0.

[0046] After user B completes the AND gate 504 operation, user B can continue to perform operations on other gates by repeating the main steps 1 to 3 described above, for example... Figure 5AThe operations of OR gate 512, OR gate 514, AND gate 516, NOT gate 518, and AND gate 520 are shown. For example, after user B receives the key form input value of OR gate 512, user B decrypts it using the obfuscated truth table of OR gate 512 to obtain the key form output value of OR gate 512. Next, user B uses the key form output of AND gate 504 and the key form output of OR gate 512 as the input of AND gate 516 to obtain the output of AND gate 516. That is, user B uses the key form output value of AND gate 504 and the key form output value of OR gate 512 as the key form input value of AND gate 516, and obtains the key form output value of AND gate 516 according to the obfuscated truth table of AND gate 516. Next, user B uses the key-form output value of AND gate 516 and the key-form output value of NAND gate 518 as the key-form input value of AND gate 520. Based on the confusion truth table of AND gate 520, user B obtains the key-form output value of AND gate 520. User A can then decrypt the key-form output value of AND gate 520 based on the relationship between the bit value of the output of AND gate 520 and the key of the corresponding output line of AND gate 520, thus obtaining the corresponding bit value of the output of AND gate 520.

[0047] For example Figure 1 As shown in Figure 2, the process of converting the AI compiler source code into obfuscated circuit code by performing steps 102 to 110 will be described in more detail below. The AI compiler is implemented, for example, by a software program. The software program is first converted into circuit code, such as Boolean circuit code. See “Niklaus Wirth, 'Hardware compilation: translating programs into circuits', Computer 31.6 (1998): pp. 25-31”, which mentions that, in addition to individual programming languages and hardware description languages, a single language can also allow one to compile a part of a program into a sequence of instructions for a general processor, while compiling other parts into a programmable gate array (PGA) circuit.

[0048] Then, using the aforementioned obfuscated circuit protocol, the circuit code is converted into obfuscated circuit code. The obfuscated circuit code can be simulated using functions of the obfuscated circuit. Figure 6An example of a scrambled circuit is shown. The scrambled circuit 600 includes multiple circuit units, such as T circuit units, where T is an integer. The T circuit units include circuit unit 602(1), circuit unit 602(2), ..., circuit unit 602(T). Each circuit unit may have multiple logic gates. For example, circuit unit 602(1) has logic gates 604(1) through 604(6). For example, logic gate 604(1) is an AND logic gate, logic gate 604(2) is a NOR logic gate, logic gate 604(3) is an OR logic gate, logic gate 604(4) is an AND logic gate, logic gate 604(5) is a NOT logic gate, and logic gate 604(6) is an AND logic gate.

[0049] exist Figure 1 In step 102, the server 202 transmits the circuit diagram Gc of the obfuscated circuit corresponding to the obfuscated circuit code to the electronic device 204. Figure 7 Drawing correspondence to Figure 6 Example of circuit diagram 700 for a confusion circuit 600. Circuit diagram 700 is a circuit diagram with multiple gates, where the types of gates are not indicated. The connection relationships of these gates are shown in the circuit diagram. For example, circuit diagram 700 has multiple graphic units. Graphic units include graphic units 702(1) to 702(T). Graphic unit 702(1) includes gates 704(1) to 704(6). The outputs of gates 704(1) and 704(2) are connected to the inputs of gate 704(4), similar to the connection relationship of logic gates 604(1), 604(2), and 604(4), where the outputs of logic gate 604(1) and 604(2) are connected to the inputs of logic gate 604(4). However, the types of logic gates in confusion circuit 600 are not shown in circuit diagram 700. For example, the types of gates 704(1) to 704(6) are not shown in circuit diagram 700. Take gate 704(1) as an example. Although logic gate 604(1) is an AND logic gate, it is unknown whether gate 704(1) is also an AND gate.

[0050] In step 104, the electronic device 204 generates multiple key encoding books corresponding to multiple candidate gates for each logic gate. The multiple candidate gates include at least one single-input candidate gate and at least one two-input candidate gate. The multiple confusion truth tables include a single-input confusion truth table and a two-input confusion truth table. The at least one single-input candidate gate includes a buffer gate and a NOT gate, such as a buffer candidate gate and a NOT candidate gate. The at least one two-input candidate gate includes an AND gate, an OR gate, a NAND gate, a NOR gate, an XOR gate, and an XNOR gate, such as an AND candidate gate, an OR candidate gate, a NAND candidate gate, a NOR candidate gate, an XOR candidate gate, and an XNOR candidate gate.

[0051] like Figures 8A to 8H As shown, examples are drawn for the input line key, output line key, truth table, and corresponding encrypted truth table of AND candidate gate, OR candidate gate, AND-NOT candidate gate, NOR-NOT candidate gate, XOR candidate gate, XNOR candidate gate, buffer candidate gate, and NOT candidate gate, respectively.

[0052] Assume the logic gates include logic gate 1 604(1) to logic gate N 604(N), and multiple candidate gates have candidate gates of type 1 to type M, where M and N are integers. Each candidate gate has at least one input line and one output line. For a specific candidate gate among the multiple candidate gates, at least one input line key corresponding to at least one input line of this specific candidate gate is provided, and at least one output line key corresponding to at least one output line of this specific candidate gate is provided. Each column of the truth table of this specific candidate gate is encrypted by encrypting this output line key using this at least one input line key.

[0053] by Figure 8A Take, for example, candidate gates. Figure 8A As shown, two input line keys k are provided corresponding to the input line x1 of the candidate gate. 0x1 and k 1x1 Provides two input line keys k corresponding to the input line y1 of the candidate gate. 0y1 and k 1y1 And provides the output line key k corresponding to the output line z1 of the candidate gate. 0z1 and k 1z1 Each column of the truth table for the candidate gates is encrypted by using at least one input line key to encrypt the output line key, resulting in an encrypted truth table (i.e., a confused truth table), such as... Figure 8A As shown.

[0054] Take logic gate 604(1) and gate 704(1) as examples. Since gate 704(1) is as follows... Figure 7The circuit diagram 700 shows a dual-input gate, so gate 704(1) can be of the same type as at least one of the dual-input candidate gates. That is, logic gate 604(1) and gate 704(1) correspond to AND candidate gate, OR candidate gate, NAND candidate gate, NOR candidate gate, XOR candidate gate, and AND-XNOR candidate gate. The key codebook for each candidate gate includes the bit value of the input or output, and the corresponding input line key or output line key. For example, the key codebook for the AND candidate gate records that the bit value "0" of input x1 corresponds to the input line key k. 0x1 The bit value "1" in input x1 corresponds to the key k on the input line. 1x1 The bit value "0" in input y1 corresponds to the key k on the input line. 0y1 The bit value "1" in input y1 corresponds to the key k on the input line. 1y1 The bit value "0" in output z1 corresponds to the key k on the output line. 0z1 The bit value "1" in output z1 corresponds to the key k on the output line. 1z1 .

[0055] In step 106, electronic device 204 generates multiple confused truth tables corresponding to multiple candidate gates for each logic gate. For example, logic gate 604(1) and gate 704(1). Since electronic device 204 (the client) does not know the gate type of gate 704(1), and electronic device 204 knows that gate 704(1) is a two-input gate, electronic device 204 knows that the candidate gates of gate 704(1) include AND candidate gates, OR candidate gates, NAND candidate gates, NOR candidate gates, XOR candidate gates, and AND-XNOR candidate gates. Therefore, electronic device 204 generates confused truth tables corresponding to the AND candidate gates, OR candidate gates, NAND candidate gates, NOR candidate gates, XOR candidate gates, and AND-XNOR candidate gates for logic gate 604(1). Furthermore, for example, logic gate 604(5) and gate 704(5). Since electronic device 204 does not know the gate type of gate 704(5) and electronic device 204 knows that gate 704(5) is a single-input gate, electronic device 204 knows that the candidate gates of gate 704(5) include buffer candidate gates and non-candidate gates. Therefore, electronic device 204 generates a confused truth table corresponding to the buffer candidate gates and non-candidate gates of logic gate 604(5).

[0056] In step 108, electronic device 204 transmits multiple scrambled truth tables corresponding to multiple candidate gates of each logic gate to server 202 using the OT protocol. The circuit diagram 700 of the scrambled circuit 600 is, for example, a numbered circuit diagram. The numbered circuit diagram 700 has gates numbered 1 to N and does not indicate the gate type. For example, gates 704(1) to 704(6) of graphics unit 702(1) are numbered 1 to 6 in sequence. Similarly, the gates of graphics units 702(2) to 702(T) are also numbered 7 to N in sequence.

[0057] Step 108 may include the server 202 transmitting a request R(i) corresponding to the i-th logic gate among a plurality of logic gates to the electronic device 204, where i is an integer between 1 and N; and in response to the request R(i) from the electronic device 204, transmitting the obfuscated truth table X1(i) of the first type candidate gate, the obfuscated truth table X2(i) of the second type candidate gate, ..., the obfuscated truth table X of the M-th type candidate gate corresponding to the i-th logic gate. M (i) Transmit to server 202. When the i-th logic gate is a two-input line logic gate, set R(i) = a i a i Let R(i) be an element in the set {1, 2, ..., 6}, corresponding to the i-th logic gate. The i-th logic gate is an element in the set {AND gate, OR gate, NAND gate, NOR gate, XOR gate, XNOR gate}. When the i-th logic gate is a single-input-line logic gate, let R(i) = b. i b i Let be an element in the set {0, 1}, which corresponds to the i-th logic gate. The i-th logic gate is an element in the set {buffer logic gate, NOT logic gate}.

[0058] For example, when i = 1, server 202 transmits request R(1) corresponding to logic gate 604(1) to electronic device 204. In response to request R(1), electronic device 204 transmits the following truth tables corresponding to logic gate 604(1): X1(1) for candidate gates, X2(1) for OR candidate gates, X3(1) for non-candidate gates, X4(1) for OR non-candidate gates, X5(1) for XOR candidate gates, and X6(1) for XNOR candidate gates to server 202. Since logic gate 604(1) is a two-input line logic gate, the value of M is equal to 6.

[0059] Furthermore, when i = 5, server 202 transmits a request R(5) corresponding to logic gate 604(5) to electronic device 204. In response to request R(5), electronic device 204 transmits the confused truth table X1(5) of the buffer candidate gates and the confused truth table X2(5) of the non-candidate gates corresponding to logic gate 604(5) to server 202. Since logic gate 604(5) is a single-input line logic gate, the value of M is equal to 2.

[0060] In step 110, server 202 obtains the target obfuscated truth table for each logic gate based on multiple obfuscated truth tables corresponding to multiple candidate gates for each logic gate using the OT protocol. The process of step 110 may include the server obtaining the target obfuscated truth table for the i-th logic gate corresponding to the obfuscated truth table of the j-th type candidate gate through a decryption program using the OT protocol. The j-th type candidate gate has the same gate type as the i-th logic gate, and j is an integer between 1 and M.

[0061] Taking i=1 as an example. Through the decryption process of the OT protocol, the server 202 obtains the target obfuscated truth table TG(1) of logic gate 604(1) corresponding to the obfuscated truth table of the first type candidate gate (that is, the obfuscated truth table of candidate gate X1(1)). The server 202 obtains the target obfuscated truth table TG(1) of logic gate 604(1) by using the OT protocol based on the obfuscated truth tables of candidate gates X1(1) to X6(1) corresponding to logic gate 604(1). The first type candidate gate (that is, the candidate gate X1(1)) is a gate of the same type as logic gate 604(1).

[0062] Taking i=5 as an example. Through the decryption process of the OT protocol, the server 202 obtains the target obfuscated truth table TG(5) of logic gate 604(5) corresponding to the obfuscated truth table of the second type of candidate gate (that is, the obfuscated truth table of the non-candidate gate X1(1)). Based on the obfuscated truth tables of the candidate gates X1(1) to X2(1) corresponding to logic gate 604(5), the server 202 obtains the target obfuscated truth table TG(5) of logic gate 604(5) through the OT protocol. The second type of candidate gate (that is, the non-candidate gate X2(5)) is a gate of the same type as logic gate 604(5).

[0063] Steps 102 to 110 above can be considered as the process of setting up the AI compiler in server 202. Steps 112 to 114 can be considered as the process of encrypting and decrypting the NN model transmitted by the client (i.e., electronic device 204).

[0064] In step 112, electronic device 204 encrypts the NN model according to multiple key encoding books to generate an encrypted NN model. The process of step 112 may include electronic device 204 converting the NN model into multiple binary values, and according to the key encoding books, converting the multiple binary values into multiple key-form raw model values. The key-form raw model values are transmitted to server 202. For example, electronic device 204 first converts the NN model into binary values (e.g., binary values (b... I0 b I1 b I2 ... b ISS is an integer, b I0 b I1 b I2 ... b IS Each represents a binary value), and then these binary values are converted into multiple key-form raw model values according to the key codebook (e.g., key-form raw model values (K)). I1 K I2 K I3 ... K Is S is an integer, K is a finite integer. I1 K I2 K I3 ... K IS Each represents a key-based original model value. This key is used to encrypt the pre-trained neural network model and its pre-trained parameters or weights based on the key encoding. The key-based original model value (K...) I1 K I2 K I3 … K IS For example, an input line key selected from the input terminals corresponding to the input terminals of circuit diagram 700. The input terminals of circuit diagram 700 may include multiple input terminals of the first-stage gate of each circuit unit, such as... Figure 7 The input terminals of the gates numbered 1, 2, 3, 7, 8, 9, 10, ..., N-5, N-4, N-3 are shown. The electronic device (client) 204 will input the original model value (K) in key form. I1 K I2 K I3 ... K IS The data is transmitted to server 202 as input to the mixing circuit 600, such as... Figure 6 As shown.

[0065] In step 114, server 202 generates the compiled NN model of the encrypted NN model based on the obfuscated circuit code using the target obfuscated truth tables of each logic gate. The procedure in step 114 may include executing the obfuscated circuit code based on the original model values in multiple key forms to generate the compiled NN model in multiple key forms. That is, since the AI compiler in server 202 has already converted to obfuscated circuit code corresponding to obfuscated circuit 600 and has obtained the target obfuscated truth tables of each logic gate, server 202 can generate the compiled NN model by using the input original model values in key form (K). I1 K I2 K I3 … K IS The compiled NN model is generated by evaluating the confusing circuit code.

[0066] The process of evaluating the obfuscated circuit code can be illustrated using obfuscated circuit 600. Taking circuit unit 602(1) as an example, the input value K in key form... I1 and K I2 The input is fed into AND gate 604(1). AND gate 604(1) uses the target confusion truth table TG(1) of logic gate 604(1) (i.e., the confusion truth table of gate 704(1) and candidate gates) according to the input value K in key form. I1 and K I2 To obtain the output value K in key form with logic gate 604(1) a Similarly, the NOR gate 604(2) uses the target confusion truth table TG(2) of the NOR gate 604(2) (i.e., the confusion truth table of the inverse OR candidate gate of the gate 704(2)) according to the input value K in key form. I3 and K I4 The output value K in key form of the NOR gate 604(2) is obtained. b Or logic gate 604(3) uses the target confusion truth table TG(3) of logic gate 604(3) (i.e., the confusion truth table of the OR candidate gate of gate 704(3)) according to the input value K in key form. I5 and K I6 The key-type output value K of the OR logic gate 604(3) is obtained. c Using the target confusion truth table TG(4) of logic gate 604(4) (i.e., the confusion truth table of gate 704(4) with the candidate gate), based on the input value K in key form. a and K b The output value K in key form of logic gate 604(4) is obtained. d The non-logic gate 604(5) uses the target confusion truth table TG(5) of the logic gate 604(5) (i.e., the confusion truth table of the non-candidate gate of the gate 704(5)) according to the input value K in the form of the key. c The key-form output value K of the NOT gate 604(5) is obtained. e The target confusion truth table TG(6) of logic gate 604(6) (i.e., the confusion truth table of gate 704(6) with the candidate gate) is used with logic gate 604(6) according to the input value K in key form. d and K e The output value K in key form of logic gate 604(6) is obtained. O1 .

[0067] Circuit units 602(2) to 602(T) execute similar procedures to generate output values K in key form, respectively. O2 To K OTThe compiled model value in key form is generated after compilation of the NN model, which is (K O1 K O2 K O3 ... K OT Server 202 then outputs the compiled model value (K) in key form to the compiled NN model. O1 K O2 K O3 ... K OT ) Transmitted to another electronic device 214.

[0068] Electronic device 214 further decrypts the compiled NN model based on multiple key encoding books to generate machine code. Electronic device 214 then executes this machine code. That is, electronic device 204 transmits the key encoding book Key_cb to electronic device 214, and then electronic device 214, based on the key encoding book Key_cb and the compiled model value (K) in key form... O1 K O2 ...K OT The compiled NN model is decrypted to generate machine code and then executed.

[0069] For example, electronic device 214 may include transmission circuit 216, processor 218, and AI execution module 220. Transmission circuit 216 receives the compiled model value (K) in the form of a key. O1 K O2 ... K OT Processor 218 uses the key encoding Key_cb to encode the compiled model value (K) in key form. O1 K O2 ... K OT Decryption is performed to generate binary values (b) O1 b O2 ... b OT Processor 218 further processes the binary value (b... O1 b O2 ... b OT The code is converted into machine code (or deployable code) that can be executed by the AI execution module 220. The AI execution module 220 can execute the machine code through the runtime module.

[0070] like Figure 2As shown, server 202 may include transmission circuitry 206 and processor 208. Processor 208 is used to convert the AI compiler source code of the AI compiler into obfuscated circuit code. Processor 208 executes the following program: Processor 208 transmits the circuit diagram of the obfuscated circuit corresponding to the obfuscated circuit code to electronic device 204 via transmission circuitry 206. The obfuscated circuit has multiple logic gates. Processor 208 receives multiple obfuscated truth tables corresponding to multiple candidate gates of each logic gate from electronic device 204 via transmission circuitry 206 using the OT protocol.

[0071] The processor 208 obtains the target obfuscated truth table for each logic gate by using the OT protocol, based on multiple obfuscated truth tables corresponding to multiple candidate gates for each logic gate.

[0072] Electronic device 204 generates multiple key encoding books corresponding to multiple candidate gates for each logic gate. Electronic device 204 encrypts the NN model based on the multiple key encoding books to generate an encrypted NN model. Processor 208 is also used to generate a compiled NN model of the encrypted NN model based on the obfuscated circuit code through the target obfuscation truth tables of each logic gate.

[0073] like Figure 2 As shown, the electronic device 204 may include a transmission circuit 210 and a processor 212. The processor 212 assists the server 202 in converting the AI compiler source code of the AI compiler into obfuscated circuit code. The processor 212 executes the following program: The processor 212 receives a circuit diagram of an obfuscated circuit corresponding to the obfuscated circuit code from the server 202 via the transmission circuit 210. The obfuscated circuit has multiple logic gates. The processor 212 generates multiple key encodings corresponding to multiple candidate gates of each logic gate. The processor 212 generates multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate. The processor 212 transmits the multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate to the server 202 via the transmission circuit 210 using the OT protocol.

[0074] Processor 212 is also used to encrypt the NN model according to multiple key encoding books to generate an encrypted NN model. Server 202 obtains the target obfuscation truth table for each logic gate based on multiple obfuscation truth tables corresponding to multiple candidate gates, using the OT protocol. Server 202 then generates the compiled NN model of the encrypted NN model according to the obfuscated circuit code using the target obfuscation truth tables for each logic gate.

[0075] Although Figure 2The embodiments illustrate electronic devices 204 and 214. In some embodiments, electronic device 214 may be incorporated into electronic device 204. Therefore, the processor 208 of server 202 can transmit the compiled NN model to electronic device 204, which decrypts the compiled NN model according to the key codebook to generate machine code and executes the machine code.

[0076] By encrypting the neural network (NN) model according to a key encoding and transmitting the obfuscated truth table using the over-the-air (OT) protocol, the content of the NN model provided by the model provider (client) is protected from leakage to the cloud server, thus safeguarding the privacy of the NN model. Furthermore, by transmitting the circuit diagram instead of the obfuscated circuit, using obfuscated circuit codes, and transmitting the obfuscated truth table using the OT protocol, the content of the AI compiler on the cloud server is not leaked to the client. Therefore, the privacy of the AI compiler is also protected.

[0077] This disclosure provides a secure AI compiler (neural network compiler, deep learning compiler) that can compile a neural network (NN) without knowing the pre-trained model, model parameters, or weights, to generate an optimized, encrypted file. The client can then decrypt this encrypted file to generate low-level machine code executable on hardware. This disclosure protects the NN model from being decoded by the compiler. Embodiments of this disclosure enhance the privacy protection of models in cloud-based AI compiler services. A privacy protection mechanism for NN model compilation is achieved through the use of obfuscated transport protocols and obfuscated circuits (obfuscated logic gates). Through embodiments of this disclosure, model developers can protect their NN models, and users can execute the compiled model source code using information obtained from the model developer for decryption (e.g., a key codebook).

[0078] In summary, although this disclosure has been presented above with reference to embodiments, it is not intended to limit this disclosure. Those skilled in the art can make various modifications and refinements without departing from the spirit and scope of this disclosure.

Claims

1. A method for processing neural networks, comprising: Converting the AI compiler source code of an artificial intelligence compiler into obfuscated circuit code includes the following steps: The server transmits the circuit diagram of the obfuscated circuit corresponding to the obfuscated circuit code to the first electronic device, the obfuscated circuit having multiple logic gates; The first electronic device generates multiple key codes corresponding to multiple candidate gates of each logic gate; The first electronic device generates multiple confused truth tables corresponding to multiple candidate gates for each logic gate; The first electronic device transmits the confused truth tables corresponding to multiple candidate gates of each logic gate to the server using a confused transmission protocol; and The server obtains the target confused truth table for each logic gate by using a confusing transport protocol, based on multiple confused truth tables corresponding to multiple candidate gates for each logic gate. The first electronic device encrypts the neural network model based on multiple key encoding books to generate an encrypted neural network model; and The server generates the compiled neural network model of the encrypted neural network model based on the obfuscated circuit code by using the target obfuscated truth table of each logic gate.

2. The method according to claim 1, wherein, The plurality of candidate gates includes at least one single-input candidate gate and at least one double-input candidate gate, and the plurality of scrambled truth tables includes a plurality of single-input scrambled truth tables and a plurality of double-input scrambled truth tables. The at least one single-input candidate gate includes a buffer and a NOT gate, and the at least one double-input candidate gate includes an AND gate, an OR gate, a NAND gate, a NOR gate, an XOR gate, and a XNOR gate.

3. The method according to claim 1, wherein, The circuit diagram of the obfuscated circuit is a numbered circuit diagram, which has multiple numbered gates without indicating gate type. The logic gates include the first logic gate to the Nth logic gate, and the multiple candidate gates have candidate gates of type 1 to type M, where M and N are integers. The first electronic device transmits multiple obfuscated truth tables corresponding to the multiple candidate gates to the server using an obfuscated transmission protocol, which includes the following steps: The server transmits the request R(i) corresponding to the i-th logic gate out of a plurality of logic gates to the first electronic device, where i is an integer between 1 and N; and In response to the request R(i) from the first electronic device, the confusing truth table of the first type candidate gate corresponding to the i-th logic gate, the confusing truth table of the second type candidate gate, ... the confusing truth table of the M-th type candidate gate is transmitted to the server; The step of the server obtaining the target obfuscated truth table for each logic gate based on multiple obfuscated truth tables corresponding to multiple candidate gates of each logic gate by using a blind transmission protocol includes: the server obtaining the target obfuscated truth table for the i-th logic gate corresponding to the obfuscated truth table of the j-th type candidate gate by using a decryption program through the blind transmission protocol, wherein the i-th type candidate gate has the same gate type as the i-th logic gate, and j is an integer between 1 and M.

4. The method according to claim 1, wherein, Each candidate gate has at least one input line and an output line. The first electronic device generates multiple confusing truth tables corresponding to the multiple candidate gates for each logic gate, comprising the following steps: For a specific candidate gate among a plurality of candidate gates, at least one input line key corresponding to the at least one input line of the specific candidate gate is provided, and at least one output line key corresponding to the output line of the specific candidate gate is provided; and Each column of the truth table for that particular candidate gate is encrypted by encrypting the output line key using at least one input line key.

5. The method according to claim 1, wherein, The steps by which the first electronic device encrypts the neural network model according to multiple key encoding books to generate the encrypted neural network model include: Convert the neural network model into multiple binary values; and Based on multiple key encoding books, multiple binary values are converted into original model values in multiple key forms; Among these, the original model values in multiple key formats are transmitted to the server.

6. The method according to claim 5, wherein, The steps by which the server generates the compiled neural network model of the encrypted neural network model based on the obfuscated circuit code through the target obfuscated truth table of each logic gate include: The obfuscated circuit code is executed based on the original model values in multiple key forms to produce the compiled model values in multiple key forms of the compiled neural network model.

7. The method according to claim 1, further comprising: The first or second electronic device decrypts the compiled neural network model based on multiple key encoding books to generate machine code; as well as The machine code is executed by either the first electronic device or the second electronic device.

8. A server for processing neural networks, comprising: Transmission circuit; A processor is used to convert the AI compiler's source code into obfuscated circuit code. This processor is used to execute the following programs: The circuit diagram of the obfuscated circuit corresponding to the obfuscated circuit code is transmitted to the first electronic device through the transmission circuit. The obfuscated circuit has multiple logic gates. Through this transmission circuit, using a fuzzy transmission protocol, multiple confused truth tables corresponding to multiple candidate gates of each logic gate are received from the first electronic device; and Based on multiple confused truth tables corresponding to multiple candidate gates of each logic gate, the target confused truth table of each logic gate is obtained by using the fuzzy transport protocol. The first electronic device generates multiple key encoding books corresponding to multiple candidate gates of each logic gate. The first electronic device encrypts the neural network model according to the multiple key encoding books to generate an encrypted neural network model. The processor is also used to generate a compiled neural network model of the encrypted neural network model according to the obfuscated circuit code through the target obfuscation truth table of each logic gate.

9. The server according to claim 8, wherein, The plurality of candidate gates includes at least one single-input candidate gate and at least one double-input candidate gate, and the plurality of scrambled truth tables includes a plurality of single-input scrambled truth tables and a plurality of double-input scrambled truth tables. The at least one single-input candidate gate includes a buffer and a NOT gate, and the at least one double-input candidate gate includes an AND gate, an OR gate, a NAND gate, a NOR gate, an XOR gate, and a XNOR gate.

10. The server according to claim 8, wherein, The circuit diagram of the obfuscated circuit is a numbered circuit diagram, which has multiple numbered gates without indicating gate type. The logic gates include the first logic gate to the Nth logic gate, and the multiple candidate gates have first type candidate gates to M type candidate gates, where M and N are integers. The procedure for receiving multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate from the first electronic device through the transmission circuit, using a fuzzy transmission protocol, includes: The request R(i) corresponding to the i-th logic gate among a plurality of logic gates is transmitted to the first electronic device, where i is an integer between 1 and N; and Receive the confusing truth table of the first type candidate gate, the confusing truth table of the second type candidate gate, ... the confusing truth table of the Mth type candidate gate corresponding to the i-th logic gate associated with the request R(i); The server obtains the target obfuscated truth table for each logic gate by using a blind transmission protocol based on multiple obfuscated truth tables corresponding to multiple candidate gates for each logic gate. This process includes obtaining the target obfuscated truth table for the i-th logic gate corresponding to the obfuscated truth table of the j-th type candidate gate through a decryption program using the blind transmission protocol. The j-th type candidate gate has the same gate type as the i-th logic gate, and j is an integer between 1 and M.

11. The server according to claim 8, wherein, Each candidate gate has at least one input line and one output line. The multiple confusion truth tables corresponding to the multiple candidate gates of each logic gate are generated by the following procedure: For a specific candidate gate among a plurality of candidate gates, at least one input line key corresponding to the at least one input line of the specific candidate gate is provided, at least one output line key corresponding to the output line of the specific candidate gate is provided, and each column of the truth table of the specific candidate gate is encrypted by encrypting the output line key using the at least one input line key.

12. The server according to claim 8, wherein, The neural network model is encrypted by converting it into multiple binary values and then, based on multiple key encoding books, converting these binary values into original model values in the form of multiple keys. The compiled neural network model is generated by executing the obfuscated circuit code based on the original model values in multiple key forms to produce the compiled model values in multiple key forms.

13. The server according to claim 8, wherein, The processor is also used to transmit the compiled neural network model to the first electronic device; The compiled neural network model is decrypted by the first electronic device based on multiple key encoding books to generate machine code, which is then executed by the first electronic device.

14. The server according to claim 8, wherein, The processor is also used to transmit the compiled neural network model to a second electronic device; The compiled neural network model is decrypted by the second electronic device based on multiple key encoding books to generate machine code, which is then executed by the second electronic device.

15. An electronic device for processing neural networks, comprising: Transmission circuit; A processor, used to assist the server in converting the AI compiler's source code into obfuscated circuit code, executes the following programs: Through this transmission circuit, the circuit diagram of the obfuscated circuit corresponding to the obfuscated circuit code is received from the server. The obfuscated circuit has multiple logic gates. Generate multiple key encoding books corresponding to multiple candidate gates for each logic gate; Generate multiple confused truth tables corresponding to multiple candidate gates for each logic gate; and By using a confusing transmission protocol, multiple confused truth tables corresponding to multiple candidate gates of each logic gate are transmitted to the server through the transmission circuit; The processor is also used to encrypt the neural network model according to multiple key encoding books to generate an encrypted neural network model. The server obtains the target obfuscated truth table of each logic gate based on multiple obfuscated truth tables of multiple candidate gates corresponding to each logic gate by using a blind transfer protocol. The server then generates the compiled neural network model of the encrypted neural network model according to the obfuscated circuit code through the target obfuscated truth table of each logic gate.

16. The electronic device according to claim 15, wherein, The plurality of candidate gates includes at least one single-input candidate gate and at least one double-input candidate gate, and the plurality of scrambled truth tables includes a plurality of single-input scrambled truth tables and a plurality of double-input scrambled truth tables. The at least one single-input candidate gate includes a buffer and a NOT gate, and the at least one double-input candidate gate includes an AND gate, an OR gate, a NAND gate, a NOR gate, an XOR gate, and a XNOR gate.

17. The electronic device according to claim 15, wherein, The circuit diagram of the obfuscated circuit is a numbered circuit diagram, which has multiple numbered gates without indicating gate type. The logic gates include the first logic gate to the Nth logic gate, and the multiple candidate gates have candidate gates of type 1 to type M, where M and N are integers. The program that transmits multiple obfuscated truth tables corresponding to the multiple candidate gates of each logic gate to the server through the transmission circuit using an obfuscated transmission protocol includes: Receive a request R(i) from the server corresponding to the i-th logic gate among a plurality of logic gates, where i is an integer between 1 and N; and In response to the request R(i), the scrambled truth table of the first type candidate gate corresponding to the i-th logic gate, the scrambled truth table of the second type candidate gate, ... the scrambled truth table of the M-th type candidate gate is transmitted to the server; In this process, by using the obfuscated transmission protocol, the target obfuscated truth table of each logic gate is obtained by the server through a decryption program, which corresponds to the obfuscated truth table of the j-th type candidate gate and the i-th logic gate. The j-th type candidate gate has the same gate type as the i-th logic gate, and j is an integer between 1 and M.

18. The electronic device according to claim 15, wherein, Each candidate gate has at least one input line and one output line. The procedure for generating multiple confusing truth tables corresponding to the multiple candidate gates for each logic gate includes: For a specific candidate gate among a plurality of candidate gates, at least one input line key corresponding to the at least one input line of the specific candidate gate is provided, and at least one output line key corresponding to the output line of the specific candidate gate is provided; and Each column of the truth table for that particular candidate gate is encrypted by encrypting the output line key using at least one input line key.

19. The electronic device according to claim 15, wherein, is The neural network model is encrypted by converting it into multiple binary values, and then converting these binary values into original model values in multiple key forms according to multiple key encoding books. The original model values in multiple key forms are then transmitted to the server. The compiled neural network model of the encrypted neural network model is generated by executing the obfuscated circuit code according to the original model values in multiple key forms to produce the compiled model values in multiple key forms.

20. The electronic device according to claim 15, wherein, The processor is also used to decrypt the compiled neural network model based on multiple key encoding books to generate machine code, and execute the machine code.