Index calculation and verification method, device and computer equipment applied to federated learning
By generating cryptographic commitment values and digital signatures using zero-knowledge proof algorithms, the problems of log record tampering and data privacy leakage in federated learning are solved, achieving the immutability of log records and data privacy protection, and ensuring the security and compliance of the federated learning process.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- ETHERCORE TECHNOLOGY (SHENZHEN) CO LTD
- Filing Date
- 2026-02-03
- Publication Date
- 2026-06-05
AI Technical Summary
In federated learning, log records are easily tampered with, and the verification and auditing processes may lead to data privacy leaks. How can we ensure that log records are not tampered with and that data privacy is not leaked during the auditing process?
By generating cryptographic commitment values and proof data, using zero-knowledge proof algorithms to generate digital signature information, recording logs and performing verification and auditing, the integrity of log records and data privacy are ensured.
It achieves the immutability of log records and the protection of data privacy, ensuring that the consistency of indicator calculation process can be verified without obtaining the original private data during the audit process, thereby improving data security.
Smart Images

Figure CN122153949A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the fields of privacy protection and compliance auditing technology, and in particular to a method, apparatus, computer equipment, and storage medium for calculating and verifying metrics applied to federated learning. Background Technology
[0002] Federated learning is a distributed machine learning paradigm whose core principle is "data is usable but not visible." It enables multiple participants to collaboratively train the same machine learning model without leaking data. Participants train the model locally and only upload relevant parameters or gradients to the server after training, without uploading the original data. This effectively avoids the risk of data leakage. This approach is adaptable to different data distribution scenarios, breaks down data silos, and is widely used in data-sensitive fields such as finance, healthcare, and government. It balances model performance with privacy protection, making it a key technological path to achieving compliant artificial intelligence (AI).
[0003] To ensure the performance, fairness, security, and compliance of the federated learning process, it is usually necessary to calculate relevant metrics, such as evaluation metrics, contribution metrics, reputation scores, and compliance metrics. These metrics are closely related to the federated learning process, and their calculation inevitably involves verification and auditing. In the traditional approach, each participating party records the parameters they participate in the calculation through logs for future verification and auditing.
[0004] However, log records can be tampered with or selectively deleted, and complete log records are required for verification or auditing, which can easily lead to data privacy breaches. Therefore, ensuring that log records are not tampered with and guaranteeing that data privacy is not compromised during verification and auditing processes are urgent problems that need to be solved. Summary of the Invention
[0005] Therefore, it is necessary to provide a method, apparatus, computer equipment, storage medium, and computer program product for calculating and verifying metrics in federated learning that avoids record tampering and prevents data privacy from being compromised during the auditing process, in order to address the aforementioned technical problems.
[0006] Firstly, this application provides a method for calculating and validating metrics applied to federated learning. The method includes:
[0007] Obtain input parameters, which are used to calculate target metrics, which are used to measure the performance, fairness, security, and compliance of the federated learning implementation process; Based on the input parameters, generate the cryptographic commitment value corresponding to the input parameters; Based on the calculation process of the target indicator and the cryptographic commitment value, proof data is generated, and the proof data indicates that the input parameters participate in the calculation of the target indicator; Based on the cryptographic commitment value and the proof data, digital signature information is obtained; Based on the digital signature information, log information is generated and written to a log file, which is used to verify and audit the input parameters.
[0008] In one embodiment, generating a cryptographic commitment value corresponding to the input parameters based on the input parameters includes: converting the input parameters into a first integer; mapping the first integer to a finite field, and selecting two non-zero elements from the finite field such that the two non-zero elements satisfy a commitment condition, wherein the commitment condition includes the absence of an integer k such that a first equation holds, and the first equation is: h=g k modp, where g and h are the two non-zero elements, k is an integer, and p is the basic parameter of the finite field; a random value is selected from the finite field; based on the two non-zero elements and the random value, the cryptographic commitment value corresponding to the first integer is obtained.
[0009] In one embodiment, generating proof data based on the calculation process of the target indicator and the cryptographic commitment value includes: generating a first constraint based on the calculation process of the target indicator; generating a second constraint based on the calculation process of the cryptographic commitment value; and obtaining the proof data using a zero-knowledge proof algorithm based on the first constraint and the second constraint.
[0010] In one embodiment, generating the first constraint based on the calculation process of the target indicator includes: converting the calculation process of the target indicator into an arithmetic circuit, wherein the arithmetic circuit includes only addition gates and multiplication gates; based on the arithmetic circuit, statistically analyzing all intermediate variables in the calculation process of the target indicator, wherein the intermediate variables are calculated based on the first integer through the addition gates or the multiplication gates; and generating the first constraint based on the intermediate variables.
[0011] In one embodiment, obtaining the proof data using a zero-knowledge proof algorithm based on the first constraint and the second constraint includes: generating a first vector, the first vector including the first integer, all intermediate variables, and an output result, the output result including the result obtained from the calculation process based on the target index and the result obtained from the calculation process based on the cryptographic commitment value; generating a constraint system based on the first vector, the first constraint and the second constraint being represented by the first vector; and inputting the constraint system and the first integer into the zero-knowledge concise non-interactive knowledge proof zk-SNARK algorithm to obtain the proof data.
[0012] In one embodiment, obtaining digital signature information based on the cryptographic commitment value and the proof data includes: reading the current system time and generating a timestamp based on the current system time; generating a text description of the input parameter; obtaining an information unit based on the timestamp, the file description of the input parameter, the cryptographic commitment value, and the proof data; and digitally signing the information unit according to the signing private key to obtain the digital signature information.
[0013] In one embodiment, the method further includes: receiving an audit instruction; sending the log file to an audit server according to the audit instruction, wherein the audit server reads log entries related to the input parameters from the log file according to the input parameters; decomposing the log entries to obtain the timestamp, the text description of the input parameters, the cryptographic commitment value, and the proof data; verifying whether the parameters recorded in the text description of the input parameters are the parameters expected to be audited; and, if the parameters recorded in the text description of the input parameters are the parameters expected to be audited, invoking a zero-knowledge proof algorithm to verify the correctness of the cryptographic commitment value and the proof data.
[0014] Secondly, this application also provides an indicator calculation and verification device for federated learning. The device includes: The acquisition module is used to acquire input parameters, which are used to calculate target metrics, which are used to measure the performance, fairness, security and compliance of the federated learning implementation process. A generation module is used to generate a cryptographic commitment value corresponding to the input parameters based on the input parameters; The generation module is further configured to generate proof data based on the calculation process of the target indicator and the cryptographic commitment value, wherein the proof data indicates that the input parameters participate in the calculation of the target indicator; The signature module is used to obtain digital signature information based on the cryptographic commitment value and the proof data; The writing module is used to generate log information and write it to a log file based on the digital signature information. The log file is used to verify and audit the input parameters.
[0015] Thirdly, this application also provides a computer device. The computer device includes a memory and a processor, the memory storing a computer program, and the processor executing the steps of the above-described method for calculating and verifying metrics applied to federated learning.
[0016] Fourthly, this application also provides a computer-readable storage medium. The computer-readable storage medium stores a computer program thereon, which is executed by a processor through the steps of the above-described method for calculating and verifying metrics applied to federated learning.
[0017] Fifthly, this application also provides a computer program product. The computer program product includes a computer program that is processed by a processor to perform the steps of the above-described method for calculating and verifying metrics applied to federated learning.
[0018] The aforementioned method, apparatus, computer equipment, storage medium, and computer program products for calculating and verifying indicators in federated learning, after obtaining the input parameters for calculating federated learning indicators, generate corresponding cryptographic commitment values based on these input parameters; then, based on the calculation process of the target indicator and the cryptographic commitment values, generate proof data indicating that the input parameters participated in the calculation of the target indicator; next, based on the cryptographic commitment values and the proof data, obtain digital signature information; then, based on the digital signature information, generate log information and write it to a log file; finally, verify and audit the input parameters based on the log file. In this way, digital signatures ensure that log records cannot be tampered with, and during the auditing process, the auditor does not need to obtain the original private data to verify the consistency of the indicator calculation process, ensuring that data privacy is not leaked and improving data security. Attached Figure Description
[0019] Figure 1 This is an application environment diagram of an indicator calculation and verification method applied to federated learning in one embodiment; Figure 2 This is a flowchart illustrating a method for calculating and validating metrics applied to federated learning in one embodiment. Figure 3 This is a schematic diagram of the logic principle of an arithmetic circuit in one embodiment; Figure 4 This is a structural block diagram of an indicator calculation and verification device applied to federated learning in one embodiment; Figure 5 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation
[0020] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0021] The indicator calculation and verification method provided in this application for federated learning can be applied to, for example... Figure 1 In the application environment shown, terminal 110 communicates with server 120 via a network. A data storage system can store the data that server 120 needs to process. The data storage system can be integrated onto server 120, or it can be located in the cloud or on other network servers. Terminal 110 can be, but is not limited to, various personal computers, laptops, smartphones, tablets, and portable wearable devices. Server 120 can be a standalone server or a server cluster consisting of multiple servers.
[0022] Terminal 110 can record the input parameters for the current federated learning metric calculation. Server 120 obtains the recorded input parameters, generates a cryptographic commitment value corresponding to the input parameters, and generates proof data based on the metric calculation process and the cryptographic commitment value. Server 120 performs digital signature based on the generated cryptographic commitment value and proof data to obtain digital signature information. Server 120 generates log information based on the digital signature information and writes it to a log file. Server 120 or other audit servers can verify or audit the input parameters involved in the calculation based on the log file.
[0023] It should be noted that the indicator calculation and verification method provided in this application for federated learning involves the fields of privacy protection and compliance auditing in federated learning. It is applicable to various data-sensitive federated learning scenarios that require a balance between fairness and compliance, such as joint credit risk control model training in the financial field, multi-hospital disease diagnosis model collaboration in the medical and health field, joint data analysis across government departments, recommendation algorithm training across multiple internet platforms, and joint training of cross-enterprise equipment fault prediction models in the industrial internet. It can achieve indicator auditing and compliance verification while protecting user privacy and corporate trade secrets, helping various industries break down data silos and promote the implementation of compliant AI.
[0024] In one embodiment, such as Figure 2 As shown, a method for calculating and validating metrics applied to federated learning is provided. This embodiment illustrates the method using a server as an example. It is understood that this method can also be applied to terminals, and further to systems including both terminals and servers, and implemented through interaction between the terminal and the server. In this embodiment, the method includes the following steps: S202, Obtain input parameters.
[0025] The input parameters are used to calculate the target metrics. The target metrics refer to one of the metrics that need to be calculated to ensure the performance, fairness, security, and compliance of the federated learning process.
[0026] Specifically, the target metrics can be one of the following: evaluation metrics, contribution metrics, reputation scores, or compliance metrics. Evaluation metrics are used to comprehensively assess the model performance and efficiency of the federated learning system; contribution metrics are used to quantify the marginal value of each participant to the global model, preventing participants who have not contributed from "free-riding"; reputation scores are used to assess the honesty, reliability, and long-term contributions of clients, serving as a core means of preventing malicious behavior and having a "rewarding honesty and punishing malice" orientation; compliance metrics are used to quantify the degree to which federated learning complies with data privacy regulations (such as the General Data Protection Regulation (GDPR) and the Personal Information Protection Act), which is key to avoiding legal risks and gaining regulatory approval.
[0027] It should be understood that the required parameters differ depending on the metric. For example, when measuring the contributions of each participant in a federated learning process, the calculation is expressed by the following formula: ψ i =ω i Acc i Where, ω i This is the sample size weight of participant i, which means the proportion of participant i's local sample size to the total sample size of all participants, Acc. i ψ represents the local model accuracy of participant i, meaning the accuracy of participant i on the classification task on the local test set. It reflects the adaptability of its local data to the model; the larger the value, the better the quality of the local data and the stronger its adaptability to the model. i ω represents the contribution value of participant i. In the example above, ω i and Acc i These are all input parameters.
[0028] S204, Based on the input parameters, generate the cryptographic commitment value corresponding to the input parameters.
[0029] Cryptographic commitment is a cryptographic protocol that binds data without revealing its content. Specifically, the commitment can be: the committer generates a commitment value Com(x, r) (where r is a random number) for a private data x, and publishes the commitment value to the verifier. The verifier can verify that the generation of the commitment value necessarily used the private data x.
[0030] It should be noted that a cryptographic commitment must satisfy two core properties: firstly, it must satisfy concealment, meaning that the verifier cannot deduce the original data x or r from the commitment value; secondly, it must satisfy binding, meaning that once the committer generates and publishes the commitment value, it cannot use another data x´ to satisfy that commitment value.
[0031] Specifically, after obtaining the input parameters, a corresponding cryptographic commitment value is generated for each input parameter using cryptographic commitment.
[0032] In one embodiment, the input parameter is converted into a first integer, the first integer is mapped to a finite field, and two non-zero elements are selected from the finite field such that the two non-zero elements satisfy a commitment condition, which includes that there is no integer k such that a first equation holds, the first equation being: h = g k modp, where k is an integer and p is the basic parameter of the finite field; a random value is selected from the finite field, and the cryptographic commitment value corresponding to the first integer is calculated based on the above two non-zero elements and the random value.
[0033] Specifically, after obtaining the input parameters, since the input parameters may be in different forms such as fractions (e.g., 1 / 4, 2 / 5, etc.) or floating-point numbers (e.g., 0.3752, 2.0356, etc.), they are uniformly converted into integer representations for ease of subsequent processing.
[0034] Furthermore, after converting the input parameters to integers, these integers are mapped to a finite field (such as F). p Within this range, the mapping process can be represented by the following formula: a´=a mod p Here, 'a' represents the integer obtained by converting the input parameter, 'p' represents the fundamental parameter of the finite field, 'mod' represents the modulo operation, and 'a' represents the number obtained by mapping 'a' to the finite field. It should be noted that all subsequent operations are performed within the finite field F. p It was carried out on the ground.
[0035] Next, select two non-zero elements within the finite field (e.g., g, h ∈ F). p (where g≠0, h≠0) such that the two selected non-zero elements satisfy the commitment condition, which can be: there is no integer k such that the first equation holds, as shown below: h=g k mod p From the finite field F p Select a random value r (r∈F) p The cryptographic commitment value of 'a' is calculated using the following formula: com a =g ah r mod p S206, Based on the calculation process of the target indicator and the cryptographic commitment value, generate proof data.
[0036] The evidence indicates that the input parameters were involved in the calculation of the target indicator.
[0037] Specifically, after obtaining the cryptographic commitment value corresponding to the input parameters, the calculation process of the target indicator is further combined with the input parameters to generate proof data. This proof data can then be used to support subsequent auditing or verification to determine that the target indicator is calculated based on the input parameters.
[0038] In one embodiment, a first constraint is generated based on the calculation process of the target index, a second constraint is generated based on the calculation process of the cryptographic commitment value, and proof data is obtained through a zero-knowledge proof algorithm according to the first and second constraints.
[0039] Optionally, the calculation process of the target indicator is transformed into an arithmetic circuit, which includes only addition gates and multiplication gates. Based on the arithmetic circuit, all intermediate variables in the calculation process of the target indicator are statistically analyzed. These intermediate variables are calculated based on a first integer (the integer corresponding to the input parameter) through addition gates or multiplication gates. Based on the intermediate variables, the first constraint condition is generated.
[0040] Arithmetic circuits are mathematical models that use combinations of addition and multiplication gates to describe computational logic, supporting integer arithmetic within finite fields. Generally, any computable function / procedure or executable program on a computer can be decomposed into combinations of addition and multiplication, and can be represented using arithmetic circuits. The conversion process includes three core steps: Step 1: Define the objective function and variables, and transform all variables into integers within a finite field. For example, the objective function is y = f(x1, x2, ..., x...). n ), where x1, x2, ..., x n y is the input variable, and y is the output.
[0041] Step 2: Decompose the objective function into "atomic steps" containing only addition and multiplication. In this process, nonlinear functions (such as ReLU) are approximated using polynomials.
[0042] Step 3: Optimize the circuit structure to reduce circuit complexity. For example, for repetitive operations, the calculation can be performed only once and the calculation result can be shared.
[0043] Specifically, the index calculation process involving input parameters (y=f(a)) is transformed into an arithmetic circuit. For example, suppose the calculation process is: y=a 2+2a+3, then the corresponding arithmetic circuit can be obtained, such as Figure 3 As shown, the tree structure of this arithmetic circuit contains multiple child nodes, each representing an addition or multiplication operation.
[0044] Furthermore, the intermediate variables in the above calculation process are statistically analyzed, and constraints are established for each intermediate variable, for the above calculation process (y=a 2 With +2a+3), we can determine that there are two intermediate variables (x1 and x2) and three constraints, as shown below: Constraint 1: x1 = a × a; Constraint 2: x² = 2 × a; Constraint 3: y = x1 + x2 + 3; It should be understood that constraint 1, constraint 2, and constraint 3 all belong to the first constraint mentioned above. Similarly, the calculation process of the cryptographic commitment value, i.e., com... a =g a h r Using the same transformation approach described above, we can generate the corresponding second constraint condition by mod p.
[0045] In one embodiment, a first vector is generated, which includes a first integer, all intermediate variables, and the output result. The first vector may also include a constant 1 to better represent other constants in the constraints. Based on the first vector, a constraint system is generated, wherein the first constraint and the second constraint are represented by the first vector. The constraint system and the first integer are input into the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) algorithm to obtain proof data.
[0046] In this context, the constraint system and the arithmetic circuit are equivalent, and can be viewed as a mathematical abstraction of a circuit. The zk-SNARK algorithm is a cryptographic primitive that allows a prover to efficiently prove a statement to a verifier without revealing secret information. Its core principle lies in transforming a function or process into an arithmetic circuit, establishing a constraint system, generating a non-interactive proof, supporting the verification of the proof, and ultimately achieving zero-knowledge, concise, and non-interactive knowledge proof.
[0047] Specifically, in order to express the constraints through matrix calculations, a first vector containing the first integer, the constant 1, all intermediate variables and the output results is generated, and the corresponding constraints are represented by the generated first vector.
[0048] For example, suppose the calculation process is as described above: y=a2 +2a+3, with the intermediate variables x1 and x2, can generate the first vector w, i.e., w = (1, a, x1, x2, y). Correspondingly, all constraints can be represented by w, such as constraint 1, which is represented as: [(0, 1, 0, 0, 0)]. w]×[(0,1,0,0,0) w] = (0, 0, 1, 0, 0) w; Constraint 2 is expressed as: [(2, 0, 0, 0, 0) w]×[(0,1,0,0,0) w] = (0, 0, 0, 1, 0) w; Constraint 3 is represented as: (0, 0, 1, 1, 0) w+(3,0,0,0,0) w = (0, 0, 0, 0, 1) w.
[0049] Furthermore, the generated constraint system and input parameters (including the first integer corresponding to the input parameters) are input into the zk-SNARK algorithm to generate proof data demonstrating the participation of the input parameters in the index calculation process. It should be understood that the above process can be accomplished using multiple existing zk-SNARK algorithms, and this application does not limit this approach.
[0050] It should also be understood that, regardless of which zk-SNARK algorithm is used, the proof data obtained is basically composed of points on an elliptic curve and elements of a finite field. In terms of specific representation, a point on an elliptic curve is a two-dimensional coordinate, such as (345533, 233455). Generally speaking, the length of the proof data is about several hundred to several thousand bytes.
[0051] S208, based on cryptographic commitment values and proof data, obtains digital signature information.
[0052] Specifically, after obtaining the cryptographic commitment value and proof data corresponding to the input parameters, in order to prevent the audit log from being tampered with, the obtained cryptographic commitment value and proof data can be digitally signed. This eliminates the possibility of the audit log being tampered with from the source, thereby improving data security.
[0053] In one embodiment, the current system time is read and a timestamp is generated based on the current system time; a textual description of the input parameters is generated, and an information unit is obtained based on the timestamp, the textual description of the input parameters, the cryptographic commitment value, and the proof data; the information unit is digitally signed according to the signing private key to obtain digital signature information.
[0054] Specifically, after reading the current system time and generating a timestamp, a textual description of the input parameter is generated. This textual description is used to explain the relevant characteristics of the input parameter, such as the name of the input parameter, its basic definition, and its specific purpose. Then, the textual description of the input parameter, the timestamp, the cryptographic commitment value, and the proof data are combined to form an information unit. Finally, each participating party uses its own signing private key to digitally sign the aforementioned information unit to obtain digital signature information.
[0055] S210: Based on the digital signature information, generate log information and write it to the log file.
[0056] Specifically, after digitally signing the information unit using the signing private key, the information unit, along with the signature value, is written as a log message to a log file. This log file is used to verify and audit the input parameters.
[0057] In one embodiment, an audit instruction is received, and a log file is sent to the audit server according to the audit instruction. The audit server reads log entries related to the input parameters from the log file based on the input parameters; decomposes the log entries to obtain a timestamp, a textual description of the input parameters, a cryptographic commitment value, and proof data; verifies whether the parameters recorded in the textual description of the input parameters are the parameters expected to be audited; if the parameters recorded in the textual description of the input parameters are the parameters expected to be audited, the zk-SNARK algorithm is invoked to verify the correctness of the cryptographic commitment value and proof data.
[0058] Specifically, each participating party records the parameters used in the calculation through logs. If an audit instruction is received from a third-party audit server, the party sends a log file to the third-party audit server according to the audit instruction. The third-party audit server can verify and audit the parameters through the corresponding log file, thereby verifying the consistency of the indicator calculation process.
[0059] Furthermore, the auditing of metrics and compliance verification are based on the log files of each participant. Therefore, during the verification process, it is necessary to read relevant log entries from the log files of each participant.
[0060] In particular, since the logs of each participant are continuously written and the number of files is huge, in order to improve the log reading efficiency, the relevant log entries can be read from the log file based on the input parameters, or based on the relevant date, or by combining the input parameters and the relevant date. This application does not limit the specific method.
[0061] The aforementioned method for calculating and verifying metrics applied to federated learning obtains the input parameters used to calculate the target metric, generates corresponding cryptographic commitment values based on these parameters, generates proof data according to the calculation process of the target metric and the cryptographic commitment values, digitally signs the proof data and the cryptographic commitment values, generates log information and writes it to a log file, and finally verifies and audits the input parameters through this log file. This solves the problems of tampering and privacy leakage in traditional federated learning metric auditing. The process integrates arithmetic circuits, cryptographic commitments, and zk-SNARK technology. Digital signatures ensure the audit logs are tamper-proof, and the hidden nature of cryptographic commitments and the zero-knowledge nature of zk-SNARKs allow for verification of metric calculation consistency without requiring original private data, thus ensuring data privacy. Furthermore, it supports full-process verification of various core metrics, balancing fairness and compliance, and features concise proof data, efficient verification, and adaptability to distributed scenarios, demonstrating good versatility and practicality.
[0062] It should be understood that although the steps in the flowcharts of some embodiments of this application are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowchart may include multiple steps or multiple stages, which are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages in other steps.
[0063] In one embodiment, such as Figure 4 As shown, a metric calculation and verification device 400 for federated learning is provided, including: an acquisition module 402, a generation module 404, a signature module 406, and a writing module 408, wherein: The acquisition module 402 is used to acquire input parameters, which are used to calculate the target index.
[0064] The generation module 404 is used to generate the cryptographic commitment value corresponding to the input parameter based on the input parameter.
[0065] The generation module 404 is also used to generate proof data based on the calculation process of the target indicator and the cryptographic commitment value, the proof data indicating that the input parameters participate in the calculation of the target indicator.
[0066] The signature module 406 is used to obtain digital signature information based on cryptographic commitment values and proof data.
[0067] The writing module 408 is used to generate log information and write it to a log file based on the digital signature information. This log file is used to verify and audit the input parameters.
[0068] In one embodiment, the generation module 404 is specifically configured to: convert the input parameter into a first integer, map the first integer to a finite field, and select two non-zero elements from the finite field such that the two non-zero elements satisfy a commitment condition, the commitment condition including the absence of an integer k such that a first equation holds, the first equation being: h=g k mod p, where k is an integer and p is the fundamental parameter of the finite field. A random value is selected from the finite field. Based on the two non-zero elements and the random value, the cryptographic commitment value corresponding to the first integer is obtained.
[0069] In one embodiment, the generation module 404 is further configured to generate a first constraint based on the calculation process of the target index, generate a second constraint based on the calculation process of the cryptographic commitment value, and obtain proof data through a zero-knowledge proof algorithm according to the first and second constraints.
[0070] In one embodiment, the generation module 404 is specifically used to: convert the calculation process of the target indicator into an arithmetic circuit, which includes only addition gates and multiplication gates; based on the arithmetic circuit, count all intermediate variables in the calculation process of the target indicator, which are calculated based on a first integer through addition gates or multiplication gates; and generate a first constraint condition based on the intermediate variables.
[0071] In one embodiment, the generation module 404 is further configured to generate a first vector, which includes a constant 1, a first integer, all intermediate variables and output results. Based on the first vector, a constraint system is generated, and the first constraint condition and the second constraint condition are represented by the first vector. The constraint system and the first integer are input into the zero-knowledge concise non-interactive knowledge proof zk-SNARK algorithm to obtain proof data.
[0072] In one embodiment, the signature module 406 is specifically used to: read the current system time, generate a timestamp based on the current system time, generate a text description of the input parameters, obtain an information unit based on the timestamp, the text description of the input parameters, the cryptographic commitment value, and the proof data, and digitally sign the information unit according to the signature private key to obtain digital signature information.
[0073] For specific limitations regarding the aforementioned indicator calculation and verification device applied to federated learning, please refer to the limitations of the aforementioned indicator calculation and verification method applied to federated learning described above, and will not be repeated here. Each module in the aforementioned indicator calculation and verification device applied to federated learning can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device in hardware form, or stored in the memory of a computer device in software form, so that the processor can call and execute the corresponding operations of each module.
[0074] In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as follows: Figure 5 As shown, the computer device includes a processor, memory, and a network interface connected via a system bus. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The database stores data processed by the storage service interface. The network interface communicates with external terminals via a network connection. When executed by the processor, the computer program implements a method for calculating and verifying metrics applied to federated learning.
[0075] Those skilled in the art will understand that Figure 5 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0076] In one embodiment, a computer device is also provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps in the above method embodiments.
[0077] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon that, when executed by a processor, implements the steps in the above method embodiments.
[0078] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in any non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the methods described above. Any references to memory, storage, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, or optical storage, etc. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM can be in various forms, such as static random access memory (SRAM) or dynamic random access memory (DRAM), etc.
[0079] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
[0080] The above embodiments merely illustrate several implementation methods of this application, and while the descriptions are relatively specific and detailed, they should not be construed as limiting the scope of the invention patent. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this patent application should be determined by the appended claims.
Claims
1. A method for calculating and validating metrics applied to federated learning, characterized in that, The method includes: Obtain input parameters, which are used to calculate target metrics, which are used to measure the performance, fairness, security, and compliance of the federated learning implementation process; Based on the input parameters, generate the cryptographic commitment value corresponding to the input parameters; Based on the calculation process of the target indicator and the cryptographic commitment value, proof data is generated, and the proof data indicates that the input parameters participate in the calculation of the target indicator; Based on the cryptographic commitment value and the proof data, digital signature information is obtained; Based on the digital signature information, log information is generated and written to a log file, which is used to verify and audit the input parameters.
2. The method according to claim 1, characterized in that, The step of generating the cryptographic commitment value corresponding to the input parameters based on the input parameters includes: Convert the input parameters into a first integer; Map the first integer to a finite field, and select two non-zero elements from the finite field such that the two non-zero elements satisfy the commitment condition, which includes that there is no integer k such that the first equation holds. The first equation is: h = g k modp, where g and h are the two non-zero elements, k is an integer, and p is the fundamental parameter of the finite field; Select a random value from the finite field; Based on the two non-zero elements and the random value, the cryptographic commitment value corresponding to the first integer is obtained.
3. The method according to claim 1 or 2, characterized in that, The step of generating proof data based on the calculation process of the target indicator and the cryptographic commitment value includes: Based on the calculation process of the target index, the first constraint condition is generated; Based on the calculation process of the cryptographic commitment value, a second constraint is generated; The proof data is obtained using a zero-knowledge proof algorithm based on the first and second constraints.
4. The method according to claim 3, characterized in that, The calculation process based on the target index generates the first constraint condition, including: The calculation process of the target index is transformed into an arithmetic circuit, which includes only addition gates and multiplication gates; Based on the arithmetic circuit, all intermediate variables in the calculation process of the target index are statistically analyzed. The intermediate variables are calculated based on the first integer through the addition gate or the multiplication gate. The first constraint is generated based on the intermediate variables.
5. The method according to claim 4, characterized in that, The step of obtaining the proof data using a zero-knowledge proof algorithm based on the first constraint and the second constraint includes: Generate a first vector, the first vector including the first integer, all the intermediate variables and the output result, the output result including the result obtained by the calculation process based on the target index and the result obtained by the calculation process based on the cryptographic commitment value; A constraint system is generated based on the first vector, wherein the first constraint condition and the second constraint condition are represented by the first vector; The constraint system and the first integer input zero-knowledge concise non-interactive knowledge proof zk-SNARK algorithm are used to obtain the proof data.
6. The method according to claim 1, characterized in that, The process of obtaining digital signature information based on the cryptographic commitment value and the proof data includes: Read the current system time and generate a timestamp based on the current system time; Generate a textual description of the input parameters; Based on the timestamp, the textual description of the input parameters, the cryptographic commitment value, and the proof data, an information unit is obtained; The information unit is digitally signed using the signing private key to obtain the digital signature information.
7. The method according to claim 6, characterized in that, The method further includes: Receive audit instructions; The audit server sends the log file to the audit server according to the audit instruction. The audit server reads log entries related to the input parameters from the log file according to the input parameters; decomposes the log entries to obtain the timestamp, the text description of the input parameters, the cryptographic commitment value, and the proof data; verifies whether the parameters recorded in the text description of the input parameters are the parameters expected to be audited; if the parameters recorded in the text description of the input parameters are the parameters expected to be audited, it calls a zero-knowledge proof algorithm to verify the correctness of the cryptographic commitment value and the proof data.
8. A device for calculating and verifying indicators applied to federated learning, characterized in that, The device includes: The acquisition module is used to acquire input parameters, which are used to calculate target metrics, which are used to measure the performance, fairness, security and compliance of the federated learning implementation process. A generation module is used to generate a cryptographic commitment value corresponding to the input parameters based on the input parameters; The generation module is further configured to generate proof data based on the calculation process of the target indicator and the cryptographic commitment value, wherein the proof data indicates that the input parameters participate in the calculation of the target indicator; The signature module is used to obtain digital signature information based on the cryptographic commitment value and the proof data; The writing module is used to generate log information and write it to a log file based on the digital signature information. The log file is used to verify and audit the input parameters.
9. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that, It stores computer program instructions that, when executed by a computer, cause the computer to perform the method according to any one of claims 1 to 7.