How SecretFlow Enables Privacy‑Preserving AI Model Training with Secure Multi‑Party Computation

Privacy Computing Motivation

In the data‑driven era, massive personal and business data create value but also privacy risks. Regulations such as GDPR, China’s Data Security Law, and the Personal Information Protection Law impose strict requirements, while data silos hinder innovation. Privacy‑preserving computation is therefore essential.

SecretFlow Overview

SecretFlow is an open‑source framework that enables computations on encrypted data. It integrates secure multi‑party computation (MPC), federated learning, and differential privacy, allowing multiple parties to collaborate without revealing raw data.

Key Advantages

Unified integration : One‑stop support for MPC, federated learning, and differential privacy.

Native usability : SQL, Python, and AI interfaces lower the learning curve.

Modular architecture : Plug‑in components can be combined and extended easily.

High performance : Proven at billions‑scale data workloads in finance and healthcare.

Typical Application Scenarios

Medical research : Hospitals jointly analyze patient data without sharing raw records.

Financial anti‑fraud : Banks collaborate on fraud detection while keeping customer data private.

Cross‑company collaboration : Enterprises perform joint analytics without exposing proprietary data.

AI model training : Companies train models on user data without compromising privacy.

Quick Start

SecretFlow provides Docker images that contain all dependencies. Choose the full version or the lightweight version (without deep‑learning libraries).

# Full version
docker run -it secretflow/secretflow-anolis8:latest

# Lite version
docker run -it secretflow/secretflow-lite-anolis8:latest

Secure Multi‑Party Computation Example

This example computes the average income of three parties (Alice, Bob, Carol) without revealing individual incomes.

Step 1: Initialize the environment

import secretflow as sf

sf.init(
    parties={'Alice', 'Bob', 'Carol'},
    address='local'
)

Step 2: Create private computation devices

alice = sf.PYU('Alice')
bob = sf.PYU('Bob')
carol = sf.PYU('Carol')

Step 3: Input private income data

# Assume incomes: Alice=5000, Bob=6000, Carol=7000
alice_income = alice(lambda: 5000)()
bob_income   = bob(lambda: 6000)()
carol_income = carol(lambda: 7000)()

Step 4: Perform secure computation on an SPU device

spu = sf.SPU(sf.utils.testing.cluster_def(['Alice', 'Bob', 'Carol']))
average_income = spu(lambda x, y, z: (x + y + z) / 3)(alice_income, bob_income, carol_income)

Step 5: Reveal the result securely

print("Average income:", sf.reveal(average_income))
# Output: Average income: 6000.0

Technical Architecture

Abstract device layer : Normal devices and secret devices that encapsulate cryptographic protocols.

Device flow layer : Models algorithms as device object flows and DAGs.

Algorithm layer : Handles horizontally or vertically partitioned data for analysis and machine learning.

Workflow layer : Integrates data processing, model training, and hyper‑parameter tuning.

Related projects include Kuscia (task orchestration), SCQL (secure query language), SPU (secure processing unit), HEU (high‑performance homomorphic encryption), and YACL (cryptography, networking, and I/O library).

GitHub: github.com/secretflow/secretflow