Power edge lightweight privacy protection method and system supporting a national secret algorithm

By initializing fully homomorphic keys using the national cryptographic algorithm at power edge nodes and combining a dynamic differential privacy noise mechanism and mean square error gradient, the compatibility problem between the national cryptographic algorithm and the homomorphic encryption computing system is solved, thus achieving both security and computational efficiency in power edge computing.

CN122389084APending Publication Date: 2026-07-14CHINA ELECTRIC POWER RESEARCH INSTITUTE CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA ELECTRIC POWER RESEARCH INSTITUTE CO LTD
Filing Date
2026-06-12
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In power edge computing scenarios, the national cryptographic algorithms are incompatible with homomorphic encryption computing systems, which makes ciphertext conversion and algorithm migration difficult and unable to support computing needs. In addition, traditional solutions have communication bandwidth bottlenecks and privacy leakage risks.

Method used

By initializing a fully homomorphic key using national cryptographic algorithms at the power edge node, generating public and private keys, and performing data encryption and decryption, and combining dynamic differential privacy noise mechanism and mean square error gradient, the local model is updated to ensure security and computational efficiency.

Benefits of technology

It achieves compatibility between national cryptographic algorithms and homomorphic encryption, blocks data reconstruction attacks, ensures data security and model accuracy, adapts to the resource-constrained situation of power edge nodes, and supports computing needs.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122389084A_ABST
    Figure CN122389084A_ABST
Patent Text Reader

Abstract

The application provides a power edge lightweight privacy protection method and system supporting a national encryption algorithm, wherein the national encryption algorithm supported by a power edge node is used for initializing a random number generator, ensuring that the randomness of a full homomorphic encryption algorithm calculation bottom layer meets the national encryption standard, realizing the compatibility of the two, guaranteeing the safe and trusted transmission of federal learning data, introducing a mean square error gradient can avoid the ciphertext domain nonlinear calculation of the full homomorphic encryption algorithm, adapting to the situation that the power edge node resources are limited, and introducing a dynamic differential privacy noise mechanism considering annealing attenuation and node cooperative regulation can avoid the inverse decryption analysis of the initiator on the global characteristics of the data, realizing the blocking of data reconstruction attacks while guaranteeing the precision and convergence efficiency of the local model, so as to better support the calculation demand of the power edge scene.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data security technology, specifically to a lightweight encrypted privacy protection method and system for the power edge that supports national cryptographic algorithms. Background Technology

[0002] Federated learning is a machine learning paradigm in which many clients collaboratively train a model under the coordination of a central server, while ensuring the decentralization and distribution of training data. It allows for the analysis and learning of data from multiple data owners without exposing the data itself. To ensure real-time and rapid transmission during the learning process, research has incorporated knowledge distillation into federated learning. This research uses the model to be optimized as the student model, and models installed on other clients as teacher models. The student model is optimized by exchanging soft labels (Logits) output by the student and teacher models instead of the original parameters, which can improve the generalization ability of the student model while reducing communication overhead. However, Logits themselves still contain rich information about the input data. Attackers can reconstruct the training data by analyzing Logits, posing a significant privacy risk. Therefore, some research now applies homomorphic encryption to knowledge distillation-based federated learning to protect model updates and avoid privacy breaches.

[0003] With the rapid development of power edge computing, various edge intelligent terminals (such as smart meters and drones) have accumulated massive amounts of high-value power grid operation and user status data. Utilizing distributed data to train models on these edge intelligent terminals (such as models for anti-theft detection, non-intrusive load identification, and distribution fault location) enables refined control of the power grid. Traditional solutions involve transmitting data from each edge intelligent terminal back to the cloud for centralized training, which faces communication bandwidth bottlenecks, increased computational latency, and privacy risks. Therefore, combining the distributed architecture of federated learning with power edge computing has become a development trend. In this approach, the model to be optimized in one edge intelligent terminal serves as the student model, while models in other edge intelligent terminals serve as the teacher models, thus offloading computational tasks to the edge and enabling on-site data processing.

[0004] However, current edge data acquisition encryption mechanisms are based on national cryptographic algorithms such as SM1, SM4, or SM9. While these algorithms offer high security at their underlying parameters, they lack the capability to directly construct the underlying mathematical space for homomorphic encryption. Therefore, when combining a federated learning architecture employing knowledge distillation and homomorphic encryption with power edge computing services, the homomorphic encryption computing system is incompatible with the national cryptographic algorithms used at the edge. This leads to difficulties in ciphertext conversion and algorithm migration, ultimately failing to support the computing needs of power edge scenarios. Summary of the Invention

[0005] To overcome the shortcomings of current national cryptographic algorithms being incompatible with homomorphic encryption computing systems, and the difficulties in ciphertext conversion and algorithm migration, thus failing to support the computing needs of power edge scenarios, this invention provides a lightweight encrypted privacy protection method for power edge scenarios that supports national cryptographic algorithms, comprising: The initiator of the edge federated learning computing task initializes the random number generator using a national cryptographic algorithm based on the task salt value generated in the cloud and its own device identifier; a fully homomorphic key is generated based on the initialized random number generator, the fully homomorphic key including a public key and a private key; the public key is uploaded to the cloud and the private key is stored locally, the initiator being a power edge node; The plaintext verification set is encrypted using the public key to generate a ciphertext verification set, which is then uploaded to the cloud. The plaintext verification set is inferred using a local model to obtain the initiator prediction result; the initiator prediction result is encrypted using the public key to generate an encrypted initiator prediction result, which is then uploaded to the cloud. The noisy ciphertext gradient generated in the cloud is decrypted using the private key to obtain the noisy plaintext gradient. The noisy ciphertext gradient is the mean square error gradient generated by the cloud based on the prediction results of the encryption initiator and the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. Based on the obtained local gradients generated by training with the plaintext validation set and the noisy plaintext gradients, the local model is updated using the chain rule, taking into account the loss function that considers local label error and global collaborative knowledge error.

[0006] Optionally, the initialization of the random number generator based on the task salt value generated in the cloud and its own device identifier using the national cryptographic algorithm includes: The task salt value generated in the cloud and the device identifier are concatenated to obtain the task device concatenated string; the initial entropy of the task device concatenated string is calculated using the SM3 algorithm. In counter mode, the initial entropy is expanded using the SM4 algorithm to generate a high-entropy random seed; The random number generator is initialized based on the high-entropy random seed.

[0007] Optionally, generating a fully homomorphic key based on the initialized random number generator includes: Based on pre-agreed fully homomorphic encryption public parameters and an initialized random number generator, a fully homomorphic algorithm is used in the ring. Perform a sampling operation to generate a fully homomorphic key.

[0008] Optionally, the step of updating the local model based on the obtained local gradient generated by training with the plaintext verification set and the noisy plaintext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, using the chain rule, includes: Using the chain rule, the gradient function of the weight parameters of the local model is calculated based on the loss function that combines local label error and global collaborative knowledge error. Based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, the current weight parameters of the local model are updated using the weight parameter gradient function, thereby updating the local model.

[0009] Optionally, the updated weight parameters satisfy the following formula:

[0010] in, As the initiator Updated weight parameters, As the initiator The current weight parameters in round t, For learning rate, The hyperparameters used to balance the distillation weights, This is the gradient of the local gradient with respect to the weight parameters. To add noisy plaintext gradient, This is the Jacobian matrix of the prediction results generated by training the local model using the plaintext validation set, relative to the weight parameters.

[0011] On the other hand, the present invention also provides a lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms, comprising: The key generation module is used by the initiator participating in the edge federated learning computing task to initialize the random number generator using the national cryptographic algorithm based on the task salt value generated in the cloud and its own device identifier; generate a fully homomorphic key based on the initialized random number generator, the fully homomorphic key including a public key and a private key; upload the public key to the cloud and save the private key locally, the initiator being a power edge node; The verification set encryption module is used to encrypt the plaintext verification set using the public key, generate the ciphertext verification set, and upload the ciphertext verification set to the cloud. The inference module is used to perform plaintext inference on the plaintext verification set using a local model to obtain the initiator prediction result; and to encrypt the initiator prediction result using the public key to generate an encrypted initiator prediction result and upload it to the cloud. The security decryption module is used to decrypt the noisy ciphertext gradient generated by the cloud using the private key to obtain the noisy plaintext gradient; the noisy ciphertext gradient is the mean square error gradient generated by the cloud based on the prediction results of the encryption initiator and the prediction results of the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The local model update module is used to update the local model based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, using the chain rule.

[0012] Optionally, the key generation module is specifically used for: The task salt value generated in the cloud and the device identifier are concatenated to obtain the task device concatenated string; the initial entropy of the task device concatenated string is calculated using the SM3 algorithm. In counter mode, the initial entropy is expanded using the SM4 algorithm to generate a high-entropy random seed; The random number generator is initialized based on the high-entropy random seed.

[0013] Optionally, the key generation module is specifically used for: Based on pre-agreed fully homomorphic encryption public parameters and an initialized random number generator, a fully homomorphic algorithm is used in the ring. Perform a sampling operation to generate a fully homomorphic key.

[0014] Optionally, the local model update module is specifically used for: Using the chain rule, the gradient function of the weight parameters of the local model is calculated based on the loss function that combines local label error and global collaborative knowledge error. Based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, the current weight parameters of the local model are updated using the weight parameter gradient function, thereby updating the local model.

[0015] Optionally, the updated weight parameters satisfy the following formula:

[0016] in, As the initiator Updated weight parameters, As the initiator The current weight parameters in round t, For learning rate, The hyperparameters used to balance the distillation weights, This is the gradient of the local gradient with respect to the weight parameters. To add noisy plaintext gradient, This is the Jacobian matrix of the prediction results generated by training the local model using the plaintext validation set, relative to the weight parameters.

[0017] On the other hand, the present invention also provides a lightweight encrypted privacy protection method for power edge applications that supports national cryptographic algorithms, the method comprising: The task salt is generated in the cloud for the edge federated learning computing task, and the task salt is distributed to each power edge node that is parameterized by the edge federated learning computing task. Each power edge node initializes a random number generator using the national cryptographic algorithm based on the task salt and its own device identifier, and generates a fully homomorphic key based on the initialized random number generator. The fully homomorphic key includes a public key and a private key. Each edge node includes an initiator and a participant. Receive the ciphertext verification set generated by the initiator using its public key, and forward the ciphertext verification set to the participating party; Receive the encrypted initiator prediction result from the initiator, and the encrypted participant prediction result generated by the participant based on the ciphertext verification set; Based on the prediction results of the encryption initiator and the encryption participants, a mean squared error gradient is generated using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The mean squared error gradient is then sent to the initiator as a noisy ciphertext gradient. The initiator uses this gradient to update its local model based on the local gradient obtained from training with the plaintext verification set and the noisy plaintext gradient obtained by decrypting the noisy ciphertext gradient. This update is combined with a loss function that considers local label error and global collaborative knowledge error, and the chain rule is used to update the local model.

[0018] Optionally, the step of generating a mean squared error gradient based on the prediction results of the encryption initiator and the prediction results of the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment, includes: The preset annealing attenuation coefficient is adjusted based on the current round to obtain the adjusted annealing attenuation coefficient. Based on the adjusted annealing attenuation coefficient and the total number of edge nodes, a noise standard deviation is generated; Sampling is performed within a Gaussian distribution of the variance of the noise standard deviation to obtain a zero-mean perturbation vector; The zero-mean perturbation vector is encrypted using the public key to obtain ciphertext noise; Based on the prediction results of the encryption initiator, the prediction results of the encryption participants, and the ciphertext noise, a mean squared error gradient is generated.

[0019] Optionally, the adjusted annealing attenuation coefficient satisfies the following formula:

[0020] in, The standard deviation of noise. Initial noise, This is the preset annealing attenuation coefficient. For the current round, The total number of all the aforementioned edge nodes.

[0021] Optionally, the noisy ciphertext gradient represents the mean square error of the global collaborative knowledge; The mean square error gradient satisfies the following formula:

[0022] in, The mean square error gradient, It is the set of the prediction results of the encryption initiator and the prediction results of the encryption participants. The global average prediction result in the ciphertext domain is the prediction result of the encryption initiator and the prediction results of the encryption participants. The ciphertext noise, This is homomorphic subtraction. This is a homomorphic addition.

[0023] On the other hand, the present invention also provides a lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms, comprising: The task salt value generation module is used to generate task salt values ​​for edge federated learning computing tasks via the cloud, and to distribute the task salt values ​​to each power edge node that is responsible for the edge federated learning computing tasks. Each power edge node initializes a random number generator using a national cryptographic algorithm based on the task salt value and its own device identifier, and generates a fully homomorphic key based on the initialized random number generator. The fully homomorphic key includes a public key and a private key. Each edge node includes an initiator and participants. The verification set distribution module is used to receive the ciphertext verification set generated by the initiator using its public key, and forward the ciphertext verification set to the participating parties; The encrypted knowledge receiving module is used to receive the encrypted initiator prediction result from the initiator and the encrypted participant prediction result generated by the participant based on the ciphertext verification set. The noise injection module is used to generate a mean squared error gradient based on the prediction results of the encryption initiator and the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The mean squared error gradient is then sent to the initiator as a noisy ciphertext gradient. The initiator uses the obtained local gradient generated by training with the plaintext verification set and the noisy plaintext gradient obtained by decrypting the noisy ciphertext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, and uses the chain rule to update its local model.

[0024] Optionally, the noise injection module is specifically used for: The preset annealing attenuation coefficient is adjusted based on the current round to obtain the adjusted annealing attenuation coefficient. Based on the adjusted annealing attenuation coefficient and the total number of edge nodes, a noise standard deviation is generated; Sampling is performed within a Gaussian distribution of the variance of the noise standard deviation to obtain a zero-mean perturbation vector; The zero-mean perturbation vector is encrypted using the public key to obtain ciphertext noise; Based on the prediction results of the encryption initiator, the prediction results of the encryption participants, and the ciphertext noise, a mean squared error gradient is generated.

[0025] Optionally, the adjusted annealing attenuation coefficient satisfies the following formula:

[0026] in, The standard deviation of noise. Initial noise, This is the preset annealing attenuation coefficient. For the current round, The total number of all the aforementioned edge nodes.

[0027] Optionally, the noisy ciphertext gradient represents the mean square error of the global collaborative knowledge; The mean square error gradient satisfies the following formula:

[0028] in, The mean square error gradient, It is the set of the prediction results of the encryption initiator and the prediction results of the encryption participants. The global average prediction result in the ciphertext domain is the prediction result of the encryption initiator and the prediction results of the encryption participants. The ciphertext noise, This is homomorphic subtraction. This is a homomorphic addition.

[0029] On the other hand, the present invention also provides a lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms, including: a cloud and multiple power edge nodes participating in edge federated learning computing tasks, wherein the multiple power edge nodes include an initiator and a participant; The cloud platform is configured to generate task salts for the edge federated learning computation task and receive the public key returned by the initiator; it is also configured to forward the ciphertext verification set generated by the initiator to the participants; it is further configured to receive the encrypted initiator prediction result from the initiator and the encrypted participant prediction result generated by the participants based on the ciphertext verification set; based on the encrypted initiator prediction result and the encrypted participant prediction result, a mean squared error gradient is generated using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment, and the mean squared error gradient is sent to the initiator as a noisy ciphertext gradient; The initiator is configured to initialize a random number generator using a national cryptographic algorithm based on the task salt value and its own device identifier; generate a fully homomorphic key, including a public key and a private key, based on the initialized random number generator; encrypt the plaintext verification set using the public key to generate a ciphertext verification set; perform plaintext inference on the plaintext verification set using a local model to obtain the initiator's prediction result; encrypt the initiator's prediction result using the public key to generate an encrypted initiator's prediction result; and update the local model based on the obtained local gradient generated by training with the plaintext verification set and the noisy plaintext gradient, combined with a loss function considering local label error and global collaborative knowledge error, using a chain rule.

[0030] The participating party is used to perform forward propagation inference on the ciphertext verification set in the ciphertext domain using a local model to generate the encrypted participating party prediction result.

[0031] On the other hand, the present invention also provides a computer device, comprising: one or more processors; The processor is used to store one or more programs; When the one or more programs are executed by the one or more processors, the power edge lightweight encrypted privacy protection method supporting national cryptographic algorithms described above is implemented.

[0032] On the other hand, the present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed, it implements the power edge lightweight encrypted privacy protection method supporting national cryptographic algorithms as described above.

[0033] Compared with the prior art, the beneficial effects of the present invention are as follows: This invention provides a lightweight encrypted privacy protection method for power edge computing that supports national cryptographic algorithms. The method involves the initiator of an edge federated learning computation task initializing a random number generator using national cryptographic algorithms based on a task salt value generated in the cloud and its own device identifier. A fully homomorphic key, including a public key and a private key, is generated based on the initialized random number generator. The public key is uploaded to the cloud, while the private key is stored locally. The initiator is a power edge node. A plaintext verification set is encrypted using the public key to generate a ciphertext verification set, which is then uploaded to the cloud. Finally, a local model is used to perform plaintext inference on the plaintext verification set to obtain the sent... The initiator predicts the result; the initiator's prediction result is encrypted using the public key, and uploaded to the cloud; the noisy ciphertext gradient generated by the cloud is decrypted using the private key to obtain the noisy plaintext gradient; the noisy ciphertext gradient is the mean squared error gradient generated by the cloud based on the encrypted initiator's prediction result and the encrypted participant's prediction result, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment; based on the obtained local gradient and noisy plaintext gradient generated by training with the plaintext validation set, combined with a loss function that considers local label error and global collaborative knowledge error, the local model is updated using the chain rule. This invention uses the national cryptographic algorithm supported by power edge nodes to initialize the random number generator, ensuring that the randomness of the underlying computation of the fully homomorphic encryption algorithm meets the national cryptographic standard, thus achieving compatibility between the two and guaranteeing the secure and trusted transmission of federated learning data. The introduction of mean square error gradient can avoid nonlinear computation in the ciphertext domain of the fully homomorphic encryption algorithm, adapting to the resource-constrained situation of power edge nodes. Furthermore, the introduction of a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment can prevent the initiator from reverse decrypting and analyzing the global features of the data. This achieves the goal of blocking data reconstruction attacks while ensuring the accuracy and convergence efficiency of the local model, thereby better supporting the computational needs of power edge scenarios. Attached Figure Description

[0034] Figure 1 This is a flowchart illustrating the lightweight encrypted privacy protection method for the power edge that supports national cryptographic algorithms, as described in this invention. Figure 2 This is a flowchart illustrating the lightweight encrypted privacy protection method for the power edge that supports national cryptographic algorithms, as described in this invention. Figure 3 The present invention provides a lightweight dense-state federated learning method for power edge computing that supports national cryptographic standards. Figure 4 This is a schematic diagram of the lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms according to the present invention. Figure 5 This is a schematic diagram of the lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms according to the present invention. Figure 6This is a schematic diagram of the electronic device of the present invention. Detailed Implementation

[0035] The specific embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.

[0036] Example 1: This invention provides a lightweight encrypted privacy protection method for power edge computing that supports national cryptographic algorithms, such as... Figure 1 As shown, it includes the following steps: Step 101: The initiator of the edge federated learning computing task initializes the random number generator using the national cryptographic algorithm based on the task salt value generated in the cloud and its own device identifier; a fully homomorphic key is generated based on the initialized random number generator, which includes a public key and a private key; the public key is uploaded to the cloud and the private key is stored locally, with the initiator being the power edge node.

[0037] Step 102: Encrypt the plaintext verification set using the public key to generate the ciphertext verification set, and upload the ciphertext verification set to the cloud.

[0038] Step 103: Use the local model to perform plaintext reasoning on the plaintext verification set to obtain the initiator's prediction result; use the public key to encrypt the initiator's prediction result, generate the encrypted initiator's prediction result, and upload it to the cloud.

[0039] Step 104: Use the private key to decrypt the noisy ciphertext gradient generated in the cloud to obtain the noisy plaintext gradient; the noisy ciphertext gradient is the mean square error gradient generated by the cloud based on the prediction results of the encryption initiator and the prediction results of the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment.

[0040] Step 105: Based on the obtained local gradient and noisy plaintext gradient generated by training with the plaintext validation set, and combined with the loss function that considers local label error and global collaborative knowledge error, the local model is updated using the chain rule.

[0041] In this embodiment of the invention, the national cryptographic algorithm supported by the power edge node is used to initialize the random number generator, ensuring that the randomness of the underlying computation of the fully homomorphic encryption algorithm meets the national cryptographic standard, thus achieving compatibility between the two and guaranteeing the secure and trusted transmission of federated learning data. The introduction of mean square error gradient can avoid nonlinear computation in the ciphertext domain of the fully homomorphic encryption algorithm, adapting to the resource-constrained situation of power edge nodes. Furthermore, the introduction of a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment can prevent the initiator from reverse decrypting and analyzing the global features of the data. This achieves the goal of blocking data reconstruction attacks while ensuring the accuracy and convergence efficiency of the local model, thereby better supporting the computational needs of power edge scenarios.

[0042] In this embodiment of the invention, the nodes participating in the edge federated learning computing task include cloud nodes and power edge nodes, where the power edge nodes can be edge intelligent terminals within the power system. Power edge nodes can be categorized into initiators and participants based on their role in initiating and participating in the task. Generally, both initiators and participants can generate their own fully homomorphic keys according to the steps shown in step 101.

[0043] Step 101 can be viewed as the initialization process before the edge federated learning computation task begins. This initialization process mainly involves generating the national cryptographic hybrid key. Before the edge federated learning computation task begins, the cloud can dynamically generate a high-entropy task salt value for the task. This indicates that the task salt value is then distributed to each power edge node. There are no restrictions on the process of generating the task salt value in the cloud. Specifically, step 101 may include random seed generation based on national cryptographic algorithms, fully homomorphic key generation, and coordinator designation.

[0044] In one example, step 101 above, which initializes the random number generator using a national cryptographic algorithm based on the task salt value generated in the cloud and the device identifier, includes: The task salt value generated in the cloud and the device identifier are concatenated to obtain the task device concatenated string; the initial entropy of the task device concatenated string is calculated using the SM3 algorithm. In counter mode, the initial entropy is expanded using the SM4 algorithm to generate a high-entropy random seed; The random number generator is initialized based on a high-entropy random seed. This example uses the initiator as an example to illustrate the process of generating a high-entropy random seed and initializing the random number generator for each power edge node.

[0045] The initiator receives the task salt value Then, the task salt value is compared with its own device identifier (such as a device identifier). By concatenating the strings, we obtain the concatenated string for the task device. Then, the initial entropy is obtained through SM3 hash calculation. Subsequently, the initial entropy H is expanded using the national cryptographic SM4 algorithm in counter (CTR) mode to generate a high-entropy random seed. For example, the SM4 processing flow may include: a) Take the first 16 bytes of H as the SM4 key K.

[0046] b) Take the last 16 bytes of H to construct the initialization vector IV, and use the first 12 bytes of it as the Nonce (a number used only once for replay attacks) to construct counters CTR_0 = (Nonce||0x00000000) and CTR_1 = (Nonce||0x00000001).

[0047] c) SM4 encryption is performed on CTR_0 and CTR_1 using key K, resulting in two 16-byte keystream blocks, KeyStream_0 and KeyStream_1. These are concatenated to generate a 256-bit high-entropy random seed, seed_i = KeyStream_0|| KeyStream_1. This example uses the national cryptographic algorithms SM3 and SM4 as pseudo-random number generators for a fully homomorphic encryption scheme, ensuring that the randomness of the underlying encrypted computation in federated learning is based on national cryptographic standards. This solves the problems of current national cryptographic encryption mechanisms at the power edge not supporting encrypted computation and the difficulty of algorithm migration, realizing the trust transfer from hardware security attributes to secure algorithm computation, and guaranteeing the compliance of the underlying encrypted computation with national cryptographic standards.

[0048] In this example, the random number generator can be a pseudo-random number generator (PRNG), such as AES (An Advanced Encryption Standard)-CTR-DRBG or HMAC (Hash-based Message Authentication Code)-DRBG.

[0049] In one example, step 101 above, which involves generating a fully homomorphic key based on the initialized random number generator, includes: Based on pre-agreed fully homomorphic encryption public parameters and an initialized random number generator, a fully homomorphic algorithm is used in the ring. Perform a sampling operation to generate a fully homomorphic key.

[0050] This example uses the fully homomorphic algorithm CKKS (a fully homomorphic encryption scheme) as an example. The pre-agreed public parameters of the fully homomorphic encryption scheme are the pre-agreed public parameters of the CKKS scheme for each power edge node (e.g., security parameter λ=128, ring dimension N=214). The pseudo-random number generator PRNG (such as based on AES-CTR-DRBG or HMAC-DRBG) is initialized with seed_i, and in the ring... Perform the following sampling operation to generate a fully homomorphic key (i.e., a CKKS key pair): 1) Sample to generate private key polynomial Using the initialized PRNG, generate a polynomial of length N. Each coefficient of the polynomial is independently and randomly selected from the set {-1, 0, 1}, where the probability of taking -1 and 1 is equal to 1 / 2. The probability of taking 0 is ( It is a small density parameter, for example ),ensure It is a sparse small polynomial.

[0051] 2) Sample to generate uniformly random public-key polynomials Using PRNG in the ring A polynomial is generated by uniformly and randomly sampling from the top. .

[0052] 3) Sampling generates small-error polynomials Using PRNG from a discrete Gaussian distribution (mean is 0, variance is) A polynomial is generated by sampling in ) The coefficients of this polynomial are also small.

[0053] Calculate another part of the public key: Ultimate power edge node The CKKS key pair is: public key = ( , ), private key = .

[0054] In this implementation, the cloud is designated as the coordinator for each round of training during the coordinator designation process. Each power edge node uploads its public key to the cloud and keeps its private key locally.

[0055] Step 102 above mainly implements the encryption and distribution of the local verification set. In one implementation, the initiator can choose an unlabeled local data sample set as the plaintext verification set, denoted as . Then use its own public key Encryption is performed (e.g., but not limited to CKKS encryption), generating a ciphertext verification set, denoted as... This process can encrypt the initiator's private data. Because the power edge nodes are not directly connected, the initiator... The encrypted verification set is transmitted to the cloud, and the cloud, acting as a coordinating node, distributes the encrypted verification set to all participating parties. .

[0056] Step 103 above enables edge-side ciphertext reasoning and encrypted knowledge generation. In one implementation, the initiator... The local model can be used on the validation set. Plain text reasoning yields the initiator's prediction result Encryption is the prediction result of the encryption initiator. Then it is uploaded to the cloud; in addition, in this implementation method, other edge nodes, i.e., each participating party Based on cloud-deployed encrypted verification sets Forward propagation inference can be performed in the ciphertext domain of the local model to generate cryptographic participant predictions for Logits. The data is then uploaded to the cloud. Here, the participants can complete the forward propagation inference of the ciphertext verification set within the ciphertext domain, ensuring the security of the task data. It is understandable that the encrypted participant prediction results calculated by the participants are obtained for the ciphertext verification set; therefore, for the sake of consistency in subsequent descriptions, both the encrypted initiator prediction result and the encrypted participant prediction result will be denoted as... .

[0057] The gradient of the noisy ciphertext in step 104 above is denoted as... The noisy ciphertext gradient is obtained by injecting differential privacy noise and aggregating the ciphertext gradient in the cloud. The specific process of generating the noisy ciphertext gradient in the cloud will be described in subsequent embodiments.

[0058] In one implementation, in step 104 above, the initiator... Use the private key stored locally Gradient of noisy ciphertext Decryption yields the noisy plaintext gradient, which is a plaintext gradient vector with dynamic differential privacy noise (also known as a distilled gradient), satisfying, for example, the following formula:

[0059] in, To add noisy plaintext gradient, For decryption processing, This is the set of predictions from the encryption initiator and the encryption participants in the plaintext domain. This is the global average prediction result in the plaintext domain of the prediction results from the encryption initiator and the encryption participants. This is dynamic differential privacy noise. As it is random noise, it disrupts the initiator's ability to construct a deterministic system of equations for reverse reasoning from the mathematical algebraic structure. The feasibility of using original data from others ensures the security of task data.

[0060] The noisy plaintext gradient, as the mean squared error that integrates the prediction results of the initiator and all participants, can characterize the global collaborative knowledge error. In addition to this global collaborative knowledge error, the initiator also comprehensively considers the local label error to optimize the weight parameters of the local model. In one implementation, in step 105 above, the initiator fuses the noisy plaintext gradient with the local gradient generated using the plaintext validation set, and uses the chain rule to iteratively update the weight parameters of the local model. For example, step 105 above includes: Using the chain rule, the gradient function of the weight parameters of the local model is calculated based on the loss function that combines local label error and global collaborative knowledge error. Based on the obtained local gradient and noisy plaintext gradient generated by training with the plaintext validation set, the current weight parameters of the local model are updated using the weight parameter gradient function to achieve the update of the local model.

[0061] In this example, the overall optimization objective of the initiator is to jointly minimize the local labeling error and the global collaborative knowledge error. The corresponding loss function that combines the local labeling error and the global collaborative knowledge error is expressed as:

[0062] in, For the total loss, This is due to local labeling errors. For global collaborative knowledge error, These are hyperparameters used to balance the weight distillation (local learning vs. global learning). During backpropagation in the local neural network, the overall loss is calculated with respect to the weight parameters within the model. The gradient of , using the chain rule (such as the chain rule in calculus), can be decomposed into two parts, as shown in the following formula:

[0063] in, The gradient of the overall loss with respect to the weight parameters. This is the gradient of the local gradient with respect to the weight parameters (which can be obtained by directly taking the gradient of the local label error with respect to the weight parameters). The hyperparameters used to balance the distillation weights, Gradient of plaintext for adding noise , (Right now The matrix () represents the Jacobian matrix of the prediction results generated by the local model using a plaintext verification set, with respect to the weight parameters. This matrix is ​​calculated using the local plaintext model, without incurring homomorphic encryption overhead. Based on this derivation, the initiator... Combined with the set learning rate Perform gradient descent to update the local model parameters for the next training epoch. The complete parameter update formula satisfies:

[0064] in, As the initiator Updated weight parameters, As the initiator The current weight parameters in round t, For learning rate, The hyperparameters used to balance the distillation weights, This is the gradient of the local gradient with respect to the weight parameters. To add noisy plaintext gradient, This is the Jacobian matrix of the prediction results generated by training the local model using the plaintext validation set, relative to the weight parameters.

[0065] The process of obtaining the local gradient generated by training with a plaintext validation set can be as follows: generate a local label error by training with a plaintext validation set, and then directly take the gradient of the local label error with respect to the weight parameters to obtain the local gradient.

[0066] The calculation process for local label error is as follows: During this round of federated training, the initiator's validation set... Includes real sample labels This process utilizes a labeled local data sample set. The local model outputs the original prediction vector (Logits) through forward propagation. Then, it is first transformed into a probability distribution vector using the Softmax function. Subsequently, the cross-entropy loss between the model's predicted distribution and the true label is calculated. Its calculation formula satisfies:

[0067] Cross-entropy loss This part of the loss function is considered as local label error. Calculated in the local plaintext domain, this measure assesses the current model's learning degree and classification accuracy regarding local private data features. In this implementation, the local label error is calculated as cross-entropy, and the global collaborative knowledge error is calculated as mean squared error (MSE).

[0068] The updated weight parameters satisfy the parameter update formula. In this implementation, although a dynamic differential privacy perturbation vector is injected during the cloud aggregation stage... However, since the noise is sampled from a Gaussian distribution with zero mean, its mathematical expectation is... Therefore, deciphering the substitution formula It remains an unbiased estimate of the global gradient. This statistical property mathematically guarantees that, with increasing iterations, the disturbances from random noise are expected to be offset, and the local model weight parameters... It can stably converge to the global suboptimal or optimal solution, balancing strict privacy protection with high-precision model performance.

[0069] It is understandable that, in order to ensure the global generalization capability of federated learning, the initiator role is rotated among the edge nodes according to a predetermined strategy until the model converges or reaches the predetermined upper limit of communication rounds, thus completing one edge federated learning computation task.

[0070] The deployment environment of power edge devices is complex and poorly protected. Directly exchanging model parameters makes them vulnerable to reverse engineering attacks (such as model inversion and member inference), leading to privacy leaks. Furthermore, frequent exchange of model parameters between nodes incurs high communication overhead, especially in scenarios where power edge networks have limited bandwidth. Since the federated learning architecture using knowledge distillation and homomorphic encryption only exchanges model parameters (such as Logits), reducing communication overhead, and combining it with fully homomorphic encryption can prevent the leakage of underlying data privacy, it is necessary to combine a federated learning architecture with knowledge distillation and homomorphic encryption with power edge computing services. However, in power edge computing scenarios, traditional solutions have two major bottlenecks: first, the edge-side data acquisition encryption mechanism relies on national cryptographic algorithms, which are incompatible with existing encrypted computing systems and cannot directly support encrypted computation; second, the computational complexity of distillation loss in the encrypted domain is too high, exceeding the carrying capacity of power edge terminals with weak computing power. To address these issues, this invention first proposes a homomorphic encryption random seed generation and key construction mechanism based on national cryptographic algorithms to achieve national cryptographic algorithm conversion that supports encrypted computation. Secondly, a dimensionality-reduced dense-state gradient calculation method for edge computing terminals with weak computing power is designed. A homomorphic, mean-squared error strategy is adopted, allowing gradient calculation in the ciphertext domain via a single linear subtraction, thus reducing computational overhead. Furthermore, a dynamic differential privacy noise injection method is proposed, integrating round decay and node number, to ensure model accuracy while preventing inverse reconstruction.

[0071] Example 2: Based on the same inventive concept, this invention also provides a lightweight encrypted privacy protection method for power edge computing that supports national cryptographic algorithms, such as... Figure 2 As shown, it includes the following steps: Step 201: Generate a task salt value for the edge federated learning computing task via the cloud, and distribute the task salt value to each power edge node of the parameter edge federated learning computing task. Each power edge node uses the task salt value and its own device identifier to initialize the random number generator using the national cryptographic algorithm, and generates a fully homomorphic key based on the initialized random number generator. The fully homomorphic key includes a public key and a private key; each edge node includes an initiator and a participant. Step 202: Receive the ciphertext verification set generated by the initiator using its public key, and forward the ciphertext verification set to the participants; Step 203: Receive the encrypted initiator prediction result from the initiator, and the encrypted participant prediction result generated by the participant based on the ciphertext verification set; Step 204: Based on the prediction results of the encryption initiator and the encryption participants, a mean squared error gradient is generated using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The mean squared error gradient is then sent to the initiator as a noisy ciphertext gradient. The initiator uses the noisy plaintext gradient obtained by decrypting the local gradient generated by training with the plaintext verification set and the noisy ciphertext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, and uses the chain rule to update its local model.

[0072] In this embodiment of the invention, the national cryptographic algorithm supported by the power edge node is used to initialize the random number generator, ensuring that the randomness of the underlying computation of the fully homomorphic encryption algorithm meets the national cryptographic standard, thus achieving compatibility between the two and guaranteeing the secure and trusted transmission of federated learning data. The introduction of mean square error gradient can avoid nonlinear computation in the ciphertext domain of the fully homomorphic encryption algorithm, adapting to the resource-constrained situation of power edge nodes. Furthermore, the introduction of a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment can prevent the initiator from reverse decrypting and analyzing the global features of the data. This achieves the goal of blocking data reconstruction attacks while ensuring the accuracy and convergence efficiency of the local model, thereby better supporting the computational needs of power edge scenarios.

[0073] The embodiments of this invention are mainly applied to cloud-based tasks involving edge federated learning. The specific processing procedures for power edge nodes (including initiators and participants) can be found in the above embodiments, and will not be repeated here.

[0074] Step 201 can be viewed as the initialization process before the edge federated learning computation task begins. This initialization process mainly involves generating the national cryptographic hybrid key. Before the edge federated learning computation task begins, the cloud can dynamically generate a high-entropy task salt value for the task. This indicates that the task salt value is then distributed to each power edge node. There are no restrictions on the process of generating the task salt value in the cloud.

[0075] In step 202, the cloud acts as a coordinating node, responsible for receiving and forwarding the initiator's encrypted verification set.

[0076] In step 203, the cloud acts as a collaborative node, responsible for receiving the prediction results from both the initiator and the participants in the encryption process.

[0077] In step 204, differential privacy noise injection and ciphertext gradient aggregation are implemented in the cloud. This is to prevent the initiator from using the difference obtained from decryption. Reverse global distribution The cloud injects differential privacy noise into the computation results. The cloud adjusts the noise's standard deviation based on the current training epoch. The decay is determined jointly by round-based annealing and node-based collaborative adjustment. In one implementation, step 204 above includes: The preset annealing attenuation coefficient is adjusted based on the current round to obtain the adjusted annealing attenuation coefficient. Based on the adjusted annealing attenuation coefficient and the total number of edge nodes, the noise standard deviation is generated; Sampling is performed in a Gaussian distribution of the variance of the noise standard deviation to obtain a zero-mean perturbation vector; The zero-mean perturbation vector is encrypted using a public key to obtain ciphertext noise; The mean squared error gradient is generated based on the prediction results of the encryption initiator, the prediction results of the encryption participants, and the ciphertext noise.

[0078] For example, the adjusted annealing attenuation coefficient satisfies the following formula:

[0079] in, The standard deviation of noise. Initial noise, This is the preset annealing attenuation coefficient. , For the current round, This represents the total number of edge nodes. In the early stages of training, model differences are large, so significant noise is introduced; as training rounds increase, models converge, and noise is automatically attenuated to ensure high accuracy; simultaneously, participating nodes... The more anonymity, the stronger the anonymity, and the more noise is automatically injected.

[0080] From the variance in the cloud Sampling zero-mean perturbation vector in Gaussian distribution Use the initiator's public key Encryption yields ciphertext noise Finally, a noisy ciphertext gradient is synthesized. The noisy ciphertext gradient represents the mean squared error of the global collaborative knowledge; the mean squared error gradient satisfies the following formula:

[0081] in, The mean square error gradient, It is the set of predictions from the crypto initiator and the crypto participants. The global average prediction result in the ciphertext domain is the prediction result of the encryption initiator and the prediction results of the encryption participants. For ciphertext noise, This is homomorphic subtraction. This is a homomorphic addition.

[0082] To address the risk that directly returning the ciphertext difference of MSE can be easily decrypted by the initiator using the private key to analyze the global features of the data, this example introduces a dynamic differential privacy mechanism in the cloud to prevent reverse reconstruction. It combines an annealing decay strategy with dynamic adjustment of noise intensity based on the scale of participating nodes to prevent data reconstruction attacks at the algebraic structure level. At the same time, it ensures unbiased gradient estimation based on zero-mean noise, ensuring efficient convergence and high prediction accuracy of model training, thus balancing privacy protection and model convergence accuracy.

[0083] In the above formula, This can characterize the noisy MSE gradient, and the specific derivation process is as follows: Initiator The distillation objective is to minimize its prediction Compared with global average mean square error :

[0084] In backpropagation of a neural network, updating the model parameters requires calculating the loss function against the local predictions. gradient By taking the derivative according to the chain rule, we can obtain:

[0085] Mapping the above derivative directly to the ciphertext domain, since subtraction is linear, the encryption gradient is obtained in the ciphertext domain through a single homomorphic subtraction:

[0086] To address the issue of limited resources in edge computing terminals with weak computing power, this example adopts a homomorphic and friendly mean squared error loss function calculation strategy to replace the KL divergence (relative entropy divergence) which includes complex log normalization factors. This avoids nonlinear operations (such as Softmax) and deep polynomial multiplication in the ciphertext domain, significantly reducing the overhead and latency of dense computing in edge computing environments with weak computing power.

[0087] Example 3: Based on the same inventive concept, this invention also provides a lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms, including: a cloud and multiple power edge nodes participating in edge federated learning computing tasks, wherein the multiple power edge nodes include an initiator and participants; In the cloud, it is used to generate task salts for edge federated learning computation tasks and receive public keys returned by the initiator; it is also used to forward the ciphertext verification set generated by the initiator to the participants; it is also used to receive the encrypted initiator prediction results from the initiator and the encrypted participant prediction results generated by the participants based on the ciphertext verification set; based on the encrypted initiator prediction results and the encrypted participant prediction results, it generates a mean squared error gradient using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment, and sends the mean squared error gradient as a noisy ciphertext gradient to the initiator; The initiator is used to initialize a random number generator using a national cryptographic algorithm based on the task salt value and its own device identifier; generate a fully homomorphic key, including a public key and a private key, based on the initialized random number generator; encrypt the plaintext verification set using the public key to generate a ciphertext verification set; perform plaintext inference on the plaintext verification set using the local model to obtain the initiator's prediction result; encrypt the initiator's prediction result using the public key to generate an encrypted initiator's prediction result; and update the local model based on the obtained local gradient and noisy plaintext gradient generated by training on the plaintext verification set, combined with a loss function that considers local label error and global collaborative knowledge error, using the chain rule.

[0088] The participant is used to perform forward propagation inference on the ciphertext verification set in the ciphertext domain using a local model to generate the encrypted participant prediction result.

[0089] The specific processing procedures in the cloud, including the power edge nodes corresponding to the initiator and the parameter provider in this model, can be found in the two embodiments mentioned above. Repeated details will not be repeated.

[0090] The following is based on Figure 3 Taking the lightweight, dense-state federated learning method for power edge nodes that supports national cryptographic standards as an example, the interaction process between power edge nodes and the cloud is explained, including the following steps: S101: System initialization: Generate a high-entropy random seed using the national cryptographic algorithm (SM3 / SM4) and construct a CKKS key pair.

[0091] S102: The initiator selects a local plaintext verification set, encrypts it into a ciphertext verification set using a public key, and then distributes it through the cloud.

[0092] S103: Each participant performs forward inference based on the ciphertext verification set, generates and sends encrypted Logits vectors to the cloud, and the initiator performs inference encryption based on the plaintext verification set, generates and sends encrypted Logits vectors to the cloud.

[0093] S104: The cloud calculates the mean of all encrypted Logits and the gradient of encrypted MSE, injects dynamic differential privacy noise, and generates a noisy ciphertext gradient.

[0094] S105: The initiator securely decrypts the noisy ciphertext gradient, obtains the noisy plaintext gradient, and combines it with the local cross-entropy loss to complete backpropagation and model update.

[0095] S106: Determine if the iteration termination condition has been met. If yes, end the edge federated learning computation task. If no, perform role rotation and return to S102 with the new initiator and participants.

[0096] Current research has proposed combining knowledge distillation with fully homomorphic encryption (such as CKKS) in decentralized federated learning. This scheme assigns a coordinator to each group, with participants sharing a cryptographic verification set. Other nodes perform ciphertext inference to generate encrypted Logits, which are then sent to the coordinator. The coordinator calculates the average Logits and a partial approximation of the KL divergence loss in the ciphertext domain and sends it back to the initiator for decryption and updates. To avoid Softmax computation, the algorithm approximates the KL divergence by splitting it: (1) Discard complex normalization factors: Introduce a constant adjustment term. (make = To replace the normalization term that requires complex nonlinear computation of ciphertext. .

[0097] (2) Plaintext base entropy term calculated locally by the initiator (splitting term 1): Since the initiator has its own local model predicting the plaintext probability of the result on the validation set. It can directly calculate the basic entropy term locally in plaintext form. This avoids the performance loss associated with homomorphic encryption.

[0098] (3) Coordinator ciphertext scalar cross-term calculation (split term two): The initiator publishes its encrypted prediction probability in each round of training. The coordinator node collects the reasoning results from other members within the group and calculates the average encryption. Then, homomorphic multiplication and addition are performed within the ciphertext field: the encryption probability of the initiator is... Multiply by average encryption Divide by the temperature coefficient Finally, add an encrypted constant correction term. By summing, the coordinator calculates the encrypted cross-loss portion in the ciphertext field. .

[0099] (4) Decryption calculation: The coordinator calculates the scalar loss of the ciphertext. The data is then sent back to the initiator. The initiator uses its own private key to decrypt this part, and then subtracts the decrypted scalar cross-loss from the locally calculated plaintext basic entropy term to obtain the final approximate distillation loss.

[0100] Although the above technologies reduce the privacy risks associated with direct parameter interaction through grouping and homomorphic encryption, they still have the following drawbacks in power edge computing scenarios: (1) National cryptographic algorithms are difficult to support edge cryptographic computation: The underlying mathematical space and random number generation system of existing homomorphic encryption algorithms rely on general cryptographic standards. However, in the edge fusion computing environment of power IoT, the encryption mechanism of edge data acquisition is based on national cryptographic algorithms such as SM1, SM4 or SM9. The underlying parameters of national cryptographic algorithms are highly secure, but they have poor compatibility with existing homomorphic encryption algorithms and do not have the attribute of directly constructing the underlying mathematical space of homomorphic encryption, which makes ciphertext conversion and algorithm migration extremely difficult.

[0101] (2) High computational load of ciphertext: The approximate calculation of this scheme still requires the coordinator to perform homomorphic ciphertext multiplication of encryption probability and encryption Logits, which will still cause high computational latency and computational overload in the weak computing power environment at the power edge.

[0102] To address the aforementioned shortcomings, this invention proposes a lightweight, dense-state federated learning privacy-preserving method for power edge computing that supports national cryptographic standards. Specifically, it includes: 1. In view of the fact that existing edge-side data encryption mechanisms cannot support encrypted computation and that ciphertext conversion and algorithm migration are difficult, this invention uses the national cryptographic algorithms SM3 and SM4 as pseudo-random number generators for fully homomorphic encryption, ensuring that the underlying randomness of encrypted computation is based on the national cryptographic standard, and realizing secure trust transfer between hardware and algorithm.

[0103] 2. To address the issues of limited resources on the edge side and high computational overhead of the knowledge distillation loss function in the ciphertext domain, this invention designs a homomorphic-friendly mean squared error (MSE) loss function to replace the KL divergence, avoiding nonlinear operations in the ciphertext domain, significantly reducing the depth of polynomial multiplication, and achieving lightweight ciphertext privacy protection.

[0104] 3. To address the issue that directly returning the MSE ciphertext difference can be easily decrypted and analyzed for global data features by the initiator using the private key, this invention proposes a dynamic differential privacy noise mechanism to prevent reverse reconstruction. This mechanism combines annealing attenuation with the number of nodes to adjust the noise intensity, thus blocking data reconstruction attacks while ensuring the accuracy and convergence efficiency of the model.

[0105] Currently, new power systems widely deploy massive numbers of edge intelligent devices such as smart converged terminals, drones, and inspection robots. The privacy protection technology proposed in this invention can empower these edge intelligent terminals, providing underlying security support for typical business categories such as fault identification and load identification. It has significant engineering guiding value for strengthening the security of edge data flow and improving the power Internet of Things protection system. In the future, with the continuous evolution of power edge-side source-grid-load-storage collaborative interaction and the improvement of terminal computing power, the demand for secure on-site data processing and multi-entity collaborative computing will grow rapidly, making this technical solution a promising candidate for market applications.

[0106] Example 4: Based on the same inventive concept, this invention also provides a lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms, such as... Figure 4 As shown, it includes: The key generation module is used by the initiator participating in the edge federated learning computing task to initialize the random number generator using the national cryptographic algorithm based on the task salt value generated in the cloud and its own device identifier; generate a fully homomorphic key based on the initialized random number generator, the fully homomorphic key including a public key and a private key; upload the public key to the cloud and save the private key locally, the initiator being a power edge node; The verification set encryption module is used to encrypt the plaintext verification set using the public key, generate the ciphertext verification set, and upload the ciphertext verification set to the cloud. The inference module is used to perform plaintext inference on the plaintext verification set using a local model to obtain the initiator prediction result; and to encrypt the initiator prediction result using the public key to generate an encrypted initiator prediction result and upload it to the cloud. The security decryption module is used to decrypt the noisy ciphertext gradient generated by the cloud using the private key to obtain the noisy plaintext gradient; the noisy ciphertext gradient is the mean square error gradient generated by the cloud based on the prediction results of the encryption initiator and the prediction results of the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The local model update module is used to update the local model based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, using the chain rule.

[0107] In one specific implementation, the key generation module is specifically used for: The task salt value generated in the cloud and the device identifier are concatenated to obtain the task device concatenated string; the initial entropy of the task device concatenated string is calculated using the SM3 algorithm. In counter mode, the initial entropy is expanded using the SM4 algorithm to generate a high-entropy random seed; The random number generator is initialized based on the high-entropy random seed.

[0108] In one specific implementation, the key generation module is specifically used for: Based on pre-agreed fully homomorphic encryption public parameters and an initialized random number generator, a fully homomorphic algorithm is used in the ring. Perform a sampling operation to generate a fully homomorphic key.

[0109] In one specific implementation, the local model update module is specifically used for: Using the chain rule, the gradient function of the weight parameters of the local model is calculated based on the loss function that combines local label error and global collaborative knowledge error. Based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, the current weight parameters of the local model are updated using the weight parameter gradient function, thereby updating the local model.

[0110] In one specific implementation, the updated weight parameters satisfy the following formula:

[0111] in, As the initiator Updated weight parameters, As the initiator The current weight parameters in round t, For learning rate, The hyperparameters used to balance the distillation weights, This is the gradient of the local gradient with respect to the weight parameters. To add noisy plaintext gradient, This is the Jacobian matrix of the prediction results generated by training the local model using the plaintext validation set, relative to the weight parameters.

[0112] Example 5: Based on the same inventive concept, this invention also provides a lightweight encrypted privacy protection system for the power edge that supports national cryptographic algorithms, such as... Figure 5 As shown, it includes: The task salt value generation module is used to generate task salt values ​​for edge federated learning computing tasks via the cloud, and to distribute the task salt values ​​to each power edge node that is responsible for the edge federated learning computing tasks. Each power edge node initializes a random number generator using a national cryptographic algorithm based on the task salt value and its own device identifier, and generates a fully homomorphic key based on the initialized random number generator. The fully homomorphic key includes a public key and a private key. Each edge node includes an initiator and participants. The verification set distribution module is used to receive the ciphertext verification set generated by the initiator using its public key, and forward the ciphertext verification set to the participating parties; The encrypted knowledge receiving module is used to receive the encrypted initiator prediction result from the initiator and the encrypted participant prediction result generated by the participant based on the ciphertext verification set. The noise injection module is used to generate a mean squared error gradient based on the prediction results of the encryption initiator and the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The mean squared error gradient is then sent to the initiator as a noisy ciphertext gradient. The initiator uses the obtained local gradient generated by training with the plaintext verification set and the noisy plaintext gradient obtained by decrypting the noisy ciphertext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, and uses the chain rule to update its local model.

[0113] In one specific implementation, the noise injection module is specifically used for: The preset annealing attenuation coefficient is adjusted based on the current round to obtain the adjusted annealing attenuation coefficient. Based on the adjusted annealing attenuation coefficient and the total number of edge nodes, a noise standard deviation is generated; Sampling is performed within a Gaussian distribution of the variance of the noise standard deviation to obtain a zero-mean perturbation vector; The zero-mean perturbation vector is encrypted using the public key to obtain ciphertext noise; Based on the prediction results of the encryption initiator, the prediction results of the encryption participants, and the ciphertext noise, a mean squared error gradient is generated.

[0114] In one specific implementation, the adjusted annealing attenuation coefficient satisfies the following formula:

[0115] in, The standard deviation of noise. Initial noise, This is the preset annealing attenuation coefficient. For the current round, The total number of all the aforementioned edge nodes.

[0116] In one specific implementation, the noisy ciphertext gradient represents the mean square error of the global collaborative knowledge; The mean square error gradient satisfies the following formula:

[0117] in, The mean square error gradient, It is the set of the prediction results of the encryption initiator and the prediction results of the encryption participants. The global average prediction result in the ciphertext domain is the prediction result of the encryption initiator and the prediction results of the encryption participants. The ciphertext noise, This is homomorphic subtraction. This is a homomorphic addition.

[0118] Example 6: like Figure 6 As shown, the present invention also provides an electronic device, which may be a computer device, a microcontroller device, a smart mobile device, etc. The electronic device in this embodiment may include a processor, a memory, a transceiver component, etc. The memory, processor, and transceiver component are connected via a bus; the memory can be used to store executable programs, and an exemplary executable program may include instructions; the processor is used to execute the instructions stored in the memory. The memory can also be used to store data, which can be accessed and / or modified when instructions are executed.

[0119] The processor may be a Central Processing Unit (CPU), or it may be other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. It is the computing core and control core of the terminal, and it is suitable for implementing one or more instructions. Specifically, it is suitable for loading and executing one or more instructions in the storage medium to implement the corresponding method flow or corresponding function, so as to implement the steps of the power edge lightweight encrypted privacy protection method supporting national cryptographic algorithms in the above embodiments.

[0120] Example 7: Based on the same inventive concept, this invention also provides a readable storage medium, specifically an electronic device readable storage medium (Memory). This readable storage medium is a memory device within an electronic device used to store programs and data. It is understood that the storage medium here can include both built-in storage media within the electronic device and extended storage media supported by the electronic device. The storage medium provides storage space, which stores the terminal's operating system. Furthermore, this storage space also stores one or more instructions suitable for loading and execution by a processor. These instructions can be one or more executable programs (including program code). It should be noted that the storage medium here can be high-speed RAM or non-volatile memory, such as at least one disk storage device. Loading and executing one or more instructions stored in the storage medium by the processor can implement the steps of a lightweight encrypted privacy protection method for power edge applications supporting national cryptographic algorithms as described in the above embodiments.

[0121] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0122] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0123] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1The function specified in one or more boxes.

[0124] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0125] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit its scope of protection. Although the present invention has been described in detail with reference to the above embodiments, those skilled in the art should understand that after reading the present invention, they can still make various changes, modifications or equivalent substitutions to the specific implementation methods of the application, but these changes, modifications or equivalent substitutions are all within the scope of protection of the claims pending approval.

Claims

1. A lightweight encrypted privacy protection method for power grid edge applications supporting national cryptographic algorithms, characterized in that, The method includes: The initiator of the edge federated learning computing task initializes the random number generator using a national cryptographic algorithm based on the task salt value generated in the cloud and its own device identifier; a fully homomorphic key is generated based on the initialized random number generator, the fully homomorphic key including a public key and a private key; the public key is uploaded to the cloud and the private key is stored locally, the initiator being a power edge node; The plaintext verification set is encrypted using the public key to generate a ciphertext verification set, which is then uploaded to the cloud. The plaintext verification set is inferred using a local model to obtain the initiator prediction result; the initiator prediction result is encrypted using the public key to generate an encrypted initiator prediction result, which is then uploaded to the cloud. The noisy ciphertext gradient generated in the cloud is decrypted using the private key to obtain the noisy plaintext gradient. The noisy ciphertext gradient is the mean square error gradient generated by the cloud based on the prediction results of the encryption initiator and the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. Based on the obtained local gradients generated by training with the plaintext validation set and the noisy plaintext gradients, the local model is updated using the chain rule, taking into account the loss function that considers local label error and global collaborative knowledge error.

2. The method as described in claim 1, characterized in that, The task salt value and device identifier generated in the cloud are used to initialize the random number generator using a national cryptographic algorithm, including: The task salt value generated in the cloud and the device identifier are concatenated to obtain the task device concatenated string; the initial entropy of the task device concatenated string is calculated using the SM3 algorithm. In counter mode, the initial entropy is expanded using the SM4 algorithm to generate a high-entropy random seed; The random number generator is initialized based on the high-entropy random seed.

3. The method as described in claim 1 or 2, characterized in that, The generation of a fully homomorphic key based on the initialized random number generator includes: Based on pre-agreed fully homomorphic encryption public parameters and an initialized random number generator, a fully homomorphic algorithm is used in the ring. Perform a sampling operation to generate a fully homomorphic key.

4. The method as described in claim 1, characterized in that, The local model is updated based on the acquired local gradient generated by training with the plaintext verification set and the noisy plaintext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, using the chain rule, including: Using the chain rule, the gradient function of the weight parameters of the local model is calculated based on the loss function that combines local label error and global collaborative knowledge error. Based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, the current weight parameters of the local model are updated using the weight parameter gradient function, thereby updating the local model.

5. The method as described in claim 4, characterized in that, The updated weight parameters satisfy the following formula: in, As the initiator Updated weight parameters, As the initiator The current weight parameters in round t, For learning rate, The hyperparameters used to balance the distillation weights, This is the gradient of the local gradient with respect to the weight parameters. To add noisy plaintext gradient, This is the Jacobian matrix of the prediction results generated by training the local model using the plaintext validation set, relative to the weight parameters.

6. A lightweight encrypted privacy protection system for power edge applications supporting national cryptographic algorithms, characterized in that, include: The key generation module is used by the initiator participating in the edge federated learning computing task to initialize the random number generator using the national cryptographic algorithm based on the task salt value generated in the cloud and its own device identifier; generate a fully homomorphic key based on the initialized random number generator, the fully homomorphic key including a public key and a private key; upload the public key to the cloud and save the private key locally, the initiator being a power edge node; The verification set encryption module is used to encrypt the plaintext verification set using the public key, generate the ciphertext verification set, and upload the ciphertext verification set to the cloud. The reasoning module is used to perform plaintext reasoning on the plaintext verification set using a local model to obtain the initiator's prediction result. The public key is used to encrypt the initiator's prediction result, and the encrypted initiator's prediction result is uploaded to the cloud. The security decryption module is used to decrypt the noisy ciphertext gradient generated by the cloud using the private key to obtain the noisy plaintext gradient; the noisy ciphertext gradient is the mean square error gradient generated by the cloud based on the prediction results of the encryption initiator and the prediction results of the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The local model update module is used to update the local model based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, using the chain rule.

7. The system as described in claim 6, characterized in that, The key generation module is specifically used for: The task salt value generated in the cloud and the device identifier are concatenated to obtain the task device concatenated string; the initial entropy of the task device concatenated string is calculated using the SM3 algorithm. In counter mode, the initial entropy is expanded using the SM4 algorithm to generate a high-entropy random seed; The random number generator is initialized based on the high-entropy random seed.

8. The system as described in claim 6 or 7, characterized in that, The key generation module is specifically used for: Based on pre-agreed fully homomorphic encryption public parameters and an initialized random number generator, a fully homomorphic algorithm is used in the ring. Perform a sampling operation to generate a fully homomorphic key.

9. The system as described in claim 6, characterized in that, The local model update module is specifically used for: Using the chain rule, the gradient function of the weight parameters of the local model is calculated based on the loss function that combines local label error and global collaborative knowledge error. Based on the obtained local gradient generated by training with the plaintext validation set and the noisy plaintext gradient, the current weight parameters of the local model are updated using the weight parameter gradient function, thereby updating the local model.

10. The system as described in claim 9, characterized in that, The updated weight parameters satisfy the following formula: in, As the initiator Updated weight parameters, As the initiator The current weight parameters in round t, For learning rate, The hyperparameters used to balance the distillation weights, This is the gradient of the local gradient with respect to the weight parameters. To add noisy plaintext gradient, This is the Jacobian matrix of the prediction results generated by training the local model using the plaintext validation set, relative to the weight parameters.

11. A lightweight encrypted privacy protection method for power edge applications supporting national cryptographic algorithms, characterized in that, The method includes: The task salt is generated in the cloud for the edge federated learning computing task, and the task salt is distributed to each power edge node that is parameterized by the edge federated learning computing task. Each power edge node initializes its random number generator using the national cryptographic algorithm based on the task salt and its own device identifier, and generates a fully homomorphic key based on the initialized random number generator. The fully homomorphic key includes a public key and a private key. Each edge node includes an initiator and a participant. Receive the ciphertext verification set generated by the initiator using its public key, and forward the ciphertext verification set to the participating party; Receive the encrypted initiator prediction result from the initiator, and the encrypted participant prediction result generated by the participant based on the ciphertext verification set; Based on the prediction results of the encryption initiator and the encryption participants, a mean squared error gradient is generated using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The mean squared error gradient is then sent to the initiator as a noisy ciphertext gradient. The initiator uses this gradient to update its local model based on the local gradient obtained from training with the plaintext verification set and the noisy plaintext gradient obtained by decrypting the noisy ciphertext gradient. This update is combined with a loss function that considers local label error and global collaborative knowledge error, and the chain rule is used to update the local model.

12. The method as described in claim 11, characterized in that, The step of generating a mean squared error gradient based on the prediction results of the encryption initiator and the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment, includes: The preset annealing attenuation coefficient is adjusted based on the current round to obtain the adjusted annealing attenuation coefficient. Based on the adjusted annealing attenuation coefficient and the total number of edge nodes, a noise standard deviation is generated; Sampling is performed within a Gaussian distribution of the variance of the noise standard deviation to obtain a zero-mean perturbation vector; The zero-mean perturbation vector is encrypted using the public key to obtain ciphertext noise; Based on the prediction results of the encryption initiator, the prediction results of the encryption participants, and the ciphertext noise, a mean squared error gradient is generated.

13. The method as described in claim 12, characterized in that, The adjusted annealing attenuation coefficient satisfies the following formula: in, The standard deviation of noise. Initial noise, The preset annealing attenuation coefficient, For the current round, The total number of all the aforementioned edge nodes.

14. The method as described in claim 12 or 13, characterized in that, The noisy ciphertext gradient represents the mean square error of the global collaborative knowledge; The mean square error gradient satisfies the following formula: in, The mean square error gradient, It is the set of the prediction results of the encryption initiator and the prediction results of the encryption participants. The global average prediction result in the ciphertext domain is the prediction result of the encryption initiator and the prediction results of the encryption participants. The ciphertext noise, This is homomorphic subtraction. This is a homomorphic addition.

15. A lightweight encrypted privacy protection system for power edge applications supporting national cryptographic algorithms, characterized in that, include: The task salt value generation module is used to generate task salt values ​​for edge federated learning computing tasks via the cloud, and to distribute the task salt values ​​to each power edge node that is responsible for the edge federated learning computing tasks. Each power edge node initializes a random number generator using a national cryptographic algorithm based on the task salt value and its own device identifier, and generates a fully homomorphic key based on the initialized random number generator. The fully homomorphic key includes a public key and a private key. Each edge node includes an initiator and participants. The verification set distribution module is used to receive the ciphertext verification set generated by the initiator using its public key, and forward the ciphertext verification set to the participating parties; The encrypted knowledge receiving module is used to receive the encrypted initiator prediction result from the initiator and the encrypted participant prediction result generated by the participant based on the ciphertext verification set. The noise injection module is used to generate a mean squared error gradient based on the prediction results of the encryption initiator and the prediction results of the encryption participants, using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment. The mean squared error gradient is sent to the initiator as a noisy ciphertext gradient. The initiator then uses the obtained local gradient generated by training with the plaintext verification set and the noisy plaintext gradient obtained by decrypting the noisy ciphertext gradient to update its local model using a chain rule, taking into account the loss function that considers local label error and global collaborative knowledge error.

16. The system as described in claim 15, characterized in that, The noise injection module is specifically used for: The preset annealing attenuation coefficient is adjusted based on the current round to obtain the adjusted annealing attenuation coefficient. Based on the adjusted annealing attenuation coefficient and the total number of edge nodes, a noise standard deviation is generated; Sampling is performed within a Gaussian distribution of the variance of the noise standard deviation to obtain a zero-mean perturbation vector; The zero-mean perturbation vector is encrypted using the public key to obtain ciphertext noise; Based on the prediction results of the encryption initiator, the prediction results of the encryption participants, and the ciphertext noise, a mean squared error gradient is generated.

17. The system as claimed in claim 16, characterized in that, The adjusted annealing attenuation coefficient satisfies the following formula: in, The standard deviation of noise. Initial noise, The preset annealing attenuation coefficient, For the current round, The total number of all the aforementioned edge nodes.

18. The system as described in claim 16 or 17, characterized in that, The noisy ciphertext gradient represents the mean square error of the global collaborative knowledge; The mean square error gradient satisfies the following formula: in, The mean square error gradient, It is the set of the prediction results of the encryption initiator and the prediction results of the encryption participants. The global average prediction result in the ciphertext domain is the prediction result of the encryption initiator and the prediction results of the encryption participants. The ciphertext noise, This is homomorphic subtraction. This is a homomorphic addition.

19. A lightweight encrypted privacy protection system for power edge applications supporting national cryptographic algorithms, characterized in that, include: The cloud and multiple power edge nodes participate in the edge federated learning computing task, and the multiple power edge nodes include initiators and participants; The cloud is used to generate task salts for the edge federated learning computing task and to receive the public key returned by the initiator. It is also used to forward the ciphertext verification set generated by the initiator to the participant; it is also used to receive the encrypted initiator prediction result from the initiator and the encrypted participant prediction result generated by the participant based on the ciphertext verification set; based on the encrypted initiator prediction result and the encrypted participant prediction result, a mean square error gradient is generated using a dynamic differential privacy noise mechanism that considers annealing decay and node collaborative adjustment, and the mean square error gradient is sent to the initiator as a noisy ciphertext gradient; The initiator is used to initialize the random number generator using a national cryptographic algorithm based on the task salt value and its own device identifier; and to generate a fully homomorphic key based on the initialized random number generator, wherein the fully homomorphic key includes a public key and a private key. The plaintext verification set is encrypted using the public key to generate a ciphertext verification set; It is also used to perform plaintext reasoning on the plaintext verification set using a local model to obtain the initiator's prediction result; The public key is used to encrypt the initiator's prediction result to generate an encrypted initiator's prediction result; it is also used to update the local model based on the obtained local gradient generated by training with the plaintext verification set and the noisy plaintext gradient, combined with a loss function that considers local label error and global collaborative knowledge error, using the chain rule. The participating party is used to perform forward propagation inference on the ciphertext verification set in the ciphertext domain using a local model to generate the encrypted participating party prediction result.

20. An electronic device, characterized in that, include: At least one processor and memory; The memory and processor are connected via a bus; The memory is used to store one or more programs; When the one or more programs are executed by the at least one processor, the lightweight encrypted privacy protection method for power edge supporting national cryptographic algorithms as described in any one of claims 1 to 5 is implemented, or the lightweight encrypted privacy protection method for power edge supporting national cryptographic algorithms as described in any one of claims 11 to 14 is implemented.

21. A readable storage medium, characterized in that, It contains an execution program, which, when executed, implements the lightweight encrypted privacy protection method for power edge supporting national cryptographic algorithms as described in any one of claims 1 to 5, or implements the lightweight encrypted privacy protection method for power edge supporting national cryptographic algorithms as described in any one of claims 11 to 14.