US 12,335,379 B1
Privacy-preserving transformer model with encrypted dimensionality reduction
Harrison Dahme, Stateline, NV (US); and Nicholas Roberts-Huntley, New York, NY (US)
Assigned to K2 Network Labs, Inc., Dover, DE (US)
Filed by K2 Network Labs, Inc., Dover, DE (US)
Filed on Jan. 17, 2025, as Appl. No. 19/028,234.
Int. Cl. H04L 9/30 (2006.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/0861 (2013.01) [H04L 9/30 (2013.01); H04L 9/3247 (2013.01)] 30 Claims
OG exemplary drawing
 
1. A computerized method for implementing a privacy-preserving transformer model with secure key management comprising:
receiving input data for processing by a transformer model from a computerized storage device;
using a computerized processor, applying a dimensionality reduction operation to the input data using an input privacy layer positioned horizontally between an input layer and an execution layer of the transformer model, wherein the input privacy layer comprises:
a down projection operation to compress the input data from a higher dimension of size N to a lower dimension of size M, where M<N,
a transformation operation in the lower dimension, and
an up projection operation to reconstruct the input data back to the higher dimension of size N;
wherein the input privacy layer positioned horizontally between the input layer and the execution layer is configured for:
applying privacy-preserving transformations across a plurality of input features;
processing one or more batches of input data through the input privacy layer in parallel, and
separating the privacy-preserving computations from main execution logic of the transformer model,
processing the reconstructed input data through at least a portion of the execution layer of the transformer model;
generating an encryption key for encrypting weights of the input privacy layer using a cryptographically secure random number generator;
splitting the encryption key into K shares using a secret sharing scheme, where K is an integer greater than 1;
distributing the K shares among K distinct blockchain addresses;
encrypting individual key shares of the K shares using public keys of their corresponding blockchain addresses before transmission;
encrypting the weights of the input privacy layer using the encryption key;
receiving a set of T signatures corresponding to T distinct blockchain addresses from the K distinct blockchain addresses, where T is an integer less than or equal to K and greater than or equal to a predefined threshold;
reconstructing the encryption key using the received T signatures and their corresponding shares through polynomial interpolation;
verifying the authenticity of each signature of the T signatures using a corresponding blockchain address's public key;
decrypting the weights of the input privacy layer using the reconstructed encryption key only if all T signatures are successfully verified; and
updating the transformer model by replacing original weights of the input privacy layer with the decrypted weights; and
protecting against tampering of the transformer model by utilizing the secret sharing scheme and the blockchain addresses.