bytedance · Jerseyshin · Mar 26, 2024 · Mar 26, 2024 · Mar 26, 2024 · Mar 26, 2024
diff --git a/fedlearner/__init__.py b/fedlearner/__init__.py
@@ -20,3 +20,4 @@
 from fedlearner import proxy
 from fedlearner import trainer
 from fedlearner import fedavg
+from fedlearner import privacy
diff --git a/fedlearner/privacy/__init__.py b/fedlearner/privacy/__init__.py
@@ -0,0 +1 @@
+
diff --git a/fedlearner/privacy/splitnn/__init__.py b/fedlearner/privacy/splitnn/__init__.py
@@ -0,0 +1 @@
+
diff --git a/fedlearner/privacy/splitnn/discorloss.py b/fedlearner/privacy/splitnn/discorloss.py
@@ -0,0 +1,61 @@
+import tensorflow as tf
+import logging
+import time
+
+# DisCorLoss论文详见：https://arxiv.org/abs/2203.01451
+
+class DisCorLoss(tf.keras.losses.Loss):
+    def __init__(self, **kwargs):
+        super(DisCorLoss, self).__init__(**kwargs)
+
+    def _pairwise_dist(self, A, B):
+        # squared norms of each row in A and B
+        na = tf.reduce_sum(tf.square(A), 1)
+        nb = tf.reduce_sum(tf.square(B), 1)
+
+        # na as a row and nb as a column vectors
+        na = tf.reshape(na, [-1, 1])
+        nb = tf.reshape(nb, [1, -1])
+
+        # return pairwise euclidead difference matrix
+        D = tf.sqrt(tf.maximum(na - 2 * tf.matmul(A, B, False, True) + nb + 1e-20,
+                            0.0))
+        return D
+
+    def tf_distance_cor(self, embeddings, labels, debug=False):
+        start = time.time()
+
+        embeddings = tf.debugging.check_numerics(embeddings, "embeddings contains nan/inf")
+        labels = tf.debugging.check_numerics(labels, "labels contains nan/inf")
+        labels = tf.expand_dims(labels, 1)
+
+        n = tf.cast(tf.shape(embeddings)[0], tf.float32)
+        a = self._pairwise_dist(embeddings, embeddings)
+        b = self._pairwise_dist(labels, labels)
+
+        # X = x - x的行均值 - x的列均值 + x的总均值
+        A = a - tf.reduce_mean(a,
+                            axis=1) - tf.expand_dims(tf.reduce_mean(a,
+                                                                    axis=0),
+                                                        axis=1) + tf.reduce_mean(a)
+        B = b - tf.reduce_mean(b,
+                            axis=1) - tf.expand_dims(tf.reduce_mean(b,
+                                                                    axis=0),
+                                                        axis=1) + tf.reduce_mean(b)
+        # 计算协方差
+        dCovXY = tf.sqrt(tf.abs(tf.reduce_sum(A * B) / (n ** 2)))
+        # 计算方差
+        dVarXX = tf.sqrt(tf.abs(tf.reduce_sum(A * A) / (n ** 2)))
+        dVarYY = tf.sqrt(tf.abs(tf.reduce_sum(B * B) / (n ** 2)))
+        # 计算相关性
+        dCorXY = dCovXY / tf.sqrt(dVarXX * dVarYY)
+        end = time.time()
+        if debug:
+            print(("tf distance cov: {} and cor: {}, dVarXX: {}, "
+                "dVarYY:{} uses: {}").format(
+                dCovXY, dCorXY,
+                dVarXX, dVarYY,
+                end - start))
+        return dCorXY
+
+
diff --git a/fedlearner/privacy/splitnn/emb_attack.py b/fedlearner/privacy/splitnn/emb_attack.py
@@ -0,0 +1,23 @@
+import tensorflow.compat.v1 as tf
+
+# Emb Attack见论文：https://arxiv.org/pdf/2203.01451.pdf
+
+def get_emb_pred(emb):
+    mean_emb = tf.reduce_mean(emb, axis=0)
+    # 规范化处理emb
+    mean_reduced_emb = emb - mean_emb
+    # 对规范化矩阵做奇异值分解
+    s, u, v = tf.linalg.svd(mean_reduced_emb)
+    # 最大奇异值对应的右奇异向量与矩阵做内积
+    top_singular_vector = tf.transpose(v)[0]
+    pred = tf.linalg.matvec(mean_reduced_emb, top_singular_vector)
+    # 内积之后的结果可以分为两个簇
+    pred = tf.math.sigmoid(pred)
+    return pred
+
+def emb_attack_auc(emb, y):
+    emb_pred = get_emb_pred(emb)
+    emb_pred = tf.reshape(emb_pred, y.shape)
+    # 计算emb attack auc
+    _, emb_auc = tf.metrics.auc(y, emb_pred)
+    return emb_auc
diff --git a/fedlearner/privacy/splitnn/fedpass.py b/fedlearner/privacy/splitnn/fedpass.py
@@ -0,0 +1,37 @@
+import tensorflow.compat.v1 as tf
+
+
+def scale_transform(s_scalekey):
+   """ 对密钥应用变换并计算缩放因子 """
+   _, s_c = tf.shape(s_scalekey)[0], tf.shape(s_scalekey)[1]
+   s_scale = tf.reduce_mean(s_scalekey, axis=0)
+   s_scale = tf.reshape(s_scale, [1, s_c])
+   return s_scale
+
+def fedpass(hidden_feature, x, mean, scale):
+   # hidden_feature: 中间层维度
+   # x: 输入数据
+   # mean, scale: 随机密钥的均值和方差
+
+   # 定义层
+   dense = tf.keras.layers.Dense(hidden_feature, use_bias=False, activation=None)
+   encode = tf.keras.layers.Dense(hidden_feature // 4, use_bias=False, activation=None)
+   decode = tf.keras.layers.Dense(hidden_feature, use_bias=False, activation=None)
+
+   # 初始化随机变量
+   newshape = tf.shape(x)
+   skey = tf.random.normal(newshape, mean=mean, stddev=scale, dtype=x.dtype)
+   bkey = tf.random.normal(newshape, mean=mean, stddev=scale, dtype=x.dtype)
+   # 应用层和计算缩放因子
+   s_scalekey = dense(skey)
+   b_scalekey = dense(bkey)
+
+
+   s_scale = scale_transform(s_scalekey)
+   b_scale = scale_transform(b_scalekey)
+
+   s_scale = tf.reshape(decode(tf.nn.leaky_relu(encode(s_scale))), [1, hidden_feature])
+   b_scale = tf.reshape(decode(tf.nn.leaky_relu(encode(b_scale))), [1, hidden_feature])
+   x = dense(x)
+   x = tf.tanh(s_scale) * x + tf.tanh(b_scale)
+   return x