Privacy-Preserving Shared Intelligence: Secure AI Techniques for Financial Services

With growing privacy regulations worldwide and China’s new Civil Code emphasizing personal data protection, financial services face heightened technical requirements for secure data handling. Ant Group’s senior algorithm expert Zhou Jun presented at the 2020 AI Developer Conference how Alipay leverages shared‑intelligence technology to protect data security and user privacy.

Financial scenarios involve massive user interactions generating large, diverse datasets across micro‑loans, insurance, payments, and wealth management. Key challenges include time‑sensitive user interests, data volume and heterogeneity, and the critical need for security and privacy to deliver intelligent financial services.

Data silos hinder open platforms, while data sharing introduces leakage risks, exemplified by high‑profile privacy breaches. Regulatory pressures such as GDPR further demand robust privacy safeguards, prompting the need for technical solutions that satisfy security, privacy, and new compliance requirements.

Ant’s shared‑intelligence privacy‑protection solution addresses these issues by enabling multi‑party collaboration without trusting any single data holder. The core technologies comprise differential privacy, trusted execution environments (TEE), and secure multi‑party computation (MPC).

Differential Privacy adds calibrated noise to query results, making it difficult for attackers to infer individual records. While effective for protecting output, additional techniques are required for privacy during joint computation.

Trusted Execution Environment (e.g., Intel SGX enclaves) creates encrypted memory spaces that shield code and data from OS, hypervisor, and malicious software, with remote attestation ensuring only authorized software runs.

Secure Multi‑Party Computation includes secret sharing, homomorphic encryption, and garbled circuits. Secret sharing splits data into random shares for collaborative computation with low computational overhead but high communication; homomorphic encryption enables computation on encrypted data with higher computational cost but lower communication.

The implementation architecture builds a TEE‑based shared‑intelligence platform using SGX enclaves, a key‑synchronization center, and Kubernetes for cloud‑native load balancing and scaling. Distributed XGBoost runs inside enclaves with TLS‑encrypted enclave‑to‑enclave communication and oblivious memory access to prevent side‑channel attacks, delivering end‑to‑end secure model training and deployment.

For MPC‑based shared intelligence, data owners exchange random and encrypted values to jointly train neural networks or other models while keeping all intermediate data encrypted. Although this offers strong data‑in‑domain privacy, it incurs high computational costs and deployment complexity.

A layered framework abstracts cryptographic primitives (secret sharing, homomorphic encryption, garbled circuits) into secure operators and provides a DSL that compiles high‑level AI algorithms (linear models, tree models, deep learning, GNNs) into privacy‑preserving implementations, simplifying development.

Two neural‑network approaches are discussed: secure neural networks (fully encrypted training, low efficiency) and split learning (partial local training, higher efficiency but reduced global performance). Ant proposes a hybrid framework that balances security, efficiency, and model quality.

An adversarial‑learning defense mechanism trains a defender model to simulate attacker reconstruction, enhancing privacy for DNN, CNN, RNN, and GNN models.

The protocol layer builds on hybrid ABY‑style frameworks, offering flexible switching between secret sharing and homomorphic encryption via DSL‑driven automatic conversion, supporting a wide range of machine‑learning algorithms with formal security proofs.

Impact highlights include 165 privacy‑technology patents contributed by the shared‑intelligence team, recognition from the China Computer Federation and World AI Conference, and adoption in industry standards and national certifications.

Case studies demonstrate practical benefits: with Zhonghe Rural Credit, loan approval time dropped from over a month to five minutes and default rates fell sharply; Jiangsu Bank used MPC to improve joint model performance; and Ant’s shared‑intelligence risk‑control solution increased transaction volume by over 15 million RMB per day, cut monthly loss rates by 90 %, and boosted fraud‑detection accuracy by more than 30 %.

Looking forward, Ant envisions shared intelligence becoming the foundational infrastructure for data sharing, integrating MPC, differential privacy, and TEE to connect financial institutions, insurers, governments, and other data providers. Planned capabilities include secure BI analytics, DSL‑driven AI pipelines, and a unified platform for joint risk control, marketing, governance, and healthcare, aiming to deliver privacy‑preserving AI comparable to plaintext performance.