[open source trusted privacy computing framework "argot"] ant announced the official open source for global developers

introduction

The data circulation industry has entered a dense era , The trusted privacy computing framework can meet the different needs of various scenarios .

The argot is that ant group lasted 6 Independent research and development in , With Security 、 to open up A trusted privacy computing technology framework for core design concepts , It covers almost all current mainstream privacy computing technologies .

According to introducing , Built in argot MPC、TEE、 Homomorphism and other dense computing virtual devices , Provide multi class federated learning algorithm and differential privacy mechanism . Protect data analysis through layered design and out of the box privacy 、 Machine learning and other functions , Effectively reduce the technical threshold of developers' applications , Can help Privacy computing applies to AI、 Data analysis and other fields , Solve the pain points of privacy protection, data islands and other industries .

After ant group's large-scale business and external finance 、 Successful application of medical scenes , Argot gives consideration to both safety and performance . In the press conference , Ant group introduced many characteristics of argot .

1、 What kind of privacy computing open source framework we need ？

Privacy computing is a new interdisciplinary technology field , Involving cryptography 、 machine learning 、 Hardware 、BI Analysis etc. , Including multi-party secure computing （MPC）、 Federal learning （FL）、 Trusted execution environment （TEE）、 Trusted dense state computation （TECC）、 Homomorphic encryption 、 Differential privacy and other technical routes , Involving many professional technology stacks .

As a key technology to give consideration to data security and data circulation , Privacy computing can ensure that the data provider does not disclose the original data , Analyze and calculate the data , Realize the integration of data in the process of circulation and integration “ Available not visible ”“ It's not recognizable ”.

According to the practical experience of the past few years, the industry has found , There are various directions of privacy computing technology , Different scenarios have their own appropriate technical solutions , And it involves many fields , It needs the cooperation of experts in many fields . For practitioners , Privacy computing has a high learning curve , Users with non privacy computing backgrounds have difficulty using .

In actual technology development , Privacy computing solutions are often a combination of multiple technical routes , The process involves a lot of repetitive work . such as , If developers want to use federated learning , Then use A Framework to do research and development ; If you want to use multi-party secure computing （MPC）, Then use B Framework to do research and development , If you want to use trusted hardware , You need to be familiar with the architecture of the selected hardware to really start using . But the real business needs are , It often requires multiple technologies to be used together , Then there will be tedious 、 Repetitive development work . This is a technological innovation , But it brings technology “ The chimney ” Trouble .

More deadly , In the solution of cross technology route , The introduction of an underlying new technology , It will affect all the work of the upper level , Drag down technical iterations . Introduce a new technology , It will certainly change many things on the top , For users , All deployments may have to be experienced again , Feel very bad .

The current open source privacy computing framework , Such as TensorFlow Federated（TFF）、FATE、FederatedScope、Rosetta、FedLearner、Primihub Almost all of them are for a single privacy computing route . These frameworks provide some support for community research and industrial applications related to privacy Computing . However , Increasingly diverse application requirements in actual scenarios , And the limitations of technology itself , It brings new challenges to the existing privacy computing framework .

for example , First proposed “ Federal learning ” Technology giant Google , It's also TensorFlow The maker of , Recently, we have increased our support for a new platform JAX Investment , This move caused speculation in the industry ：TensorFlow Will gradually be replaced .

2、 Solve the problem of privacy computing open source framework

The argot of ant group echoes the current situation of the industry , It opens a way to the generalization of privacy Computing .

The head of the argot framework 、 Wang Lei, general manager of privacy intelligent computing Department of ant group, said , Ants from 2016 Started doing argot in , Purely technology driven forward-looking layout , It is an experiment incubated within a company .

The evolution of argot technology begins with matrix transformation , To trusted execution environment （TEE）, Then to multi-party secure computing 、 Federal learning, etc , Through internal and external application scenarios , In terms of performance, it has been able to support large-scale data sets . In Finance 、 There are also successful large-scale landing experience in medical and other fields 、 Support the inter agency data flow of Shanghai Pudong Development Bank 、 Medical insurance of a third-class hospital in Zhejiang DRG（Diagnosis Related Group, Disease diagnosis related grouping ） reform , It has been awarded by the China Academy of communications “ Xinghe case ” prize ,CCF Science and technology award, science and technology progress Excellence Award 、 China Cyberspace Security Association “ Typical practice cases of data security ”, Selected by the Ministry of industry and information technology 2021 List of pilot demonstration projects for big data industry development in .

6 Years of technology accumulation , After forming a comprehensive technical system and mature landing experience , Officially open source argot , What are the advantages ？

The design goal of argot is to make it very easy for data scientists and machine learning developers to use privacy computing technology for data analysis and machine learning modeling , Without knowing the underlying technical details .
Its overall architecture is divided into five layers from bottom to top ：

At the bottom is the resource management . It mainly undertakes two responsibilities . The first is for the business delivery team , It can shield the differences in the underlying infrastructure of different institutions , Reduce the deployment, operation and maintenance cost of the business delivery team . On the other hand , Through the unified management of resources of different institutions , Solve the problems of high availability and stability after business scale .

Above is the Ming ciphertext computing device and primitive layer . Provides a unified programmable device abstraction , Multi party secure computing (MPC)、 Homomorphic encryption (HE)、 Trusted hardware (TEE) And other privacy computing technologies are abstracted as dense devices , Abstract unilateral local computing into plaintext devices . meanwhile , It provides some basic algorithms that are not suitable for device abstraction , Such as differential privacy (DP)、 Secure aggregation (Secure Aggregation) etc. . In the future, when new dense state computing technologies appear , This loosely coupled design can be integrated into the privacy framework .

Continuing up is the Ming ciphertext hybrid scheduling layer . On the one hand, this layer provides the upper layer with an interface for mixed programming of Ming and ciphertext , It also provides a unified device scheduling abstraction . By describing the upper algorithm as a directed acyclic graph , Where the node represents the calculation on a device , Edges represent data flow between devices , Logic calculation diagram . Then the distributed framework further splits the logical calculation diagram and schedules it to physical nodes . At this point , Argot draws on the mainstream deep learning framework , The latter represents the neural network as a calculation diagram composed of operators on devices and tensor flows between devices .

Continue to be AI & BI Privacy algorithm layer . The purpose of this layer is to shield the details of privacy computing technology , But keep the concept of privacy Computing , Its purpose is to reduce the development threshold of privacy computing algorithm , Improve development efficiency . Students with privacy computing algorithm development demands , According to their own scenarios and business characteristics , Design some specialized privacy computing algorithms , To meet their own business and scenario security 、 Balance between computational performance and computational accuracy . On this level , Argot itself will also provide some general algorithmic capabilities , such as MPC Of LR/XGB/NN, Federated learning algorithm ,SQL Ability, etc .

The top layer is the user interface layer ： The goal of argot is not to make an end-to-end product , But to enable different businesses to have comprehensive privacy computing capabilities through rapid integration of argots . Therefore, argot will provide a thin layer of products at the top API, And some atomized front and rear ends SDK, To reduce the cost of business integration argot .

Integrate the current mainstream privacy computing technologies and provide flexible assembly to meet the needs of scenarios , Is the most intuitive advantage of argot presentation . The bottom line is this , Under this framework , Developers have a variety of choices , Do experiments in their field through argot 、 Do iteration , Can lower the cost 、 Do technical verification more quickly . At the same time, the verified technology can also be used by other developers in other technical directions . Wang Lei thinks , Argot is more like a developer's platform , It is to gather these developers with different specialties , It is in line with the spirit of open source .

3、 Interpretation of the technical highlights of the current open source framework

Take it apart in detail , The highlight of the first open source version of this argot , As shown in the figure, the lighting module .

1. MPC equipment . Support most Numpy API, Support automatic derivation , Provide LR and NN dependent demo, Support pade High precision fixed-point number fitting algorithm , Support ABY3、 Cheetah agreement . Users can use the traditional algorithm programming mode , I don't know MPC Protocol based development MPC Agreed AI Algorithm ;

2. HE equipment . Support Paillier Homomorphic encryption algorithm , Offer to the top Numpy Programming interface (API) , Users can use Numpy The interface performs matrix addition or ciphertext matrix multiplication . And realize the connection with MPC Data can be transferred between dense devices ;

3. Differential privacy security primitive . Some differential privacy noise mechanisms are implemented 、 Safety noise generator 、 Privacy cost calculator ;

4. Ming ciphertext mixed programming . Support centralized programming mode , Use @device Mark up the mixed computing diagram of plaintext and ciphertext devices , Parallel based on computational graph 、 Asynchronous task scheduling ;

5. Data preprocessing . Provide data standardization in horizontal scenarios 、 discretization 、 Sub box function , Provide correlation coefficient matrix in vertical scene 、WOE Sub box function . Seamlessly connect existing dataframe, Provide and sklearn Consistent use of body feel ;

6. AI & BI Privacy algorithms - Multiparty secure computing . Provide XGBoost Algorithm 、 Add HESS-LR Algorithm , Combined with differential privacy, the privacy protection of split learning is enhanced ;

7. AI & BI Privacy algorithms - Federal learning . Provide federal learning model construction and include SecureAggregation,MPC Aggregation, PlaintextAggregation Gradient aggregation of multiple security modes including , Users only need to give the participants when building the model list And polymerization methods , Subsequent data reading , The experience from preprocessing to model training is almost the same as that of traditional plaintext programming .

In short , The main highlights are as follows ：

• For algorithms / Model development ： The programming ability provided by using argots , It can easily and quickly migrate more algorithms and models , And enhanced privacy protection .
• For the bottom Security Co Construction ： The underlying password can be / Security research results are embedded in the argot , Improve the capability of dense equipment 、 Performance and safety , Transform actual business applications .
• The argot will also be updated in the subsequent open source version , Gradually light up more modules .

4、 The unique skill of using technical experience

The development process of argot , After years of technical precipitation , After having a very deep understanding of Technology , Just know what is common 、 constant , Need to precipitate 、 Abstract things . This is actually the induction and deduction of Technology , When there is no need , It is difficult to abstract what is common .

As AI developer , No security background is required , The existing model can be safely applied to multi-party data .
As a security developer , No need for any AI background , Only the basic operators of secure computing , Can support a variety of front-end frameworks . also , It can be easily deployed and operated , Compromise between safety and performance , Find the best landing plan .

5、 Open source ,“ Argot ” Well prepared

Talking about why we should open source such a powerful framework , Wang Lei's explanation is , Open source for the research community 、 It is a matter of far-reaching significance for the industry .

For research institutions , Open source privacy computing framework can be used , Do some experiments and Research on it , Produce research results and papers . From the perspective of promoting the development of privacy computing technology , One company alone , In fact, it is difficult to drive the common progress of the industry . In this regard , Argot actually makes a lot of consideration , How to let more people from different backgrounds come in and make contributions . Facing users with different backgrounds , A lot of design has been done on the layering of the whole architecture , Provide a more suitable mode for their development and access . Although this matter is very difficult , But we still hope to take this step .

And for technology itself , Wang Lei thinks , In closed source mode , Judgment on Technology 、 Authenticity 、 And its implementation details , In fact, we can only judge from the external articles . More importantly , Its safety and performance judgment , On the one hand, there should be theoretical verification , Secondly, is there a gap between the specific implementation and the theory , From this perspective , It is difficult to judge the degree of technology in the case of closed source , Will bring more losses .

“ We hope to open source , Be able to create more scenes ”. At present, privacy computing applications are more focused on financial risk control scenarios , For other scenes 、 For example, medical treatment 、 energy 、 Industry and so on will also have application needs . At present, there are not many professionals doing privacy Computing , If we still fight separately , It is a great waste for the whole industry . We still hope to put the Limited 、 Very strong technical personnel aggregation , Form a joint force to make some real technological breakthroughs .

Wang Lei said , Ant group has always believed that open source is a very prudent thing , It's not just about exposing the code , More importantly, I hope that through good architecture design, more people can join it . Based on precipitation and accumulation in all directions of privacy Computing , Combined with the goal of open source co construction , Ant can ensure open source “ Argot ” It's a high quality 、 Extensible technical framework , We also hope to attract more high-quality developers and users to join the space of argot .

Reference documents

More information can be found at SecretFlow.

Document learning website ：https://secretflow.readthedocs.io

Open source address ：
https://github.com/secretflow
https://gitee.com/secretflow