1
Secure Collaborative Planning, Forecasting, and Replenishment
Vinayak Deshpande
Krannert School of ManagementPurdue University
Collaborators:
Mikhail Atallah, Marina Blanton, Keith Frikken, Jiangtao Li
Computer Sciences, Purdue University
Leroy B.Schwarz
School of Management, Purdue University
Research funded by NSF ITR Grant
2
The Starting Point....
“Information Asymmetry” is one of the major sources of inefficiency in Managing Supply Chains
==> Wrong Investment in Capacity
==> Misallocation of Resources
==> “Bullwhip Effect”
==> Reduced Customer Service
==> Unnecessary Additional Costs
3
Supply Chain Management Trends
• Collaboration between supply-chain partners to improve efficiencies
• Information sharing for collaborative decision making
• National program sponsored by VICS for establishing collaboration standards – called CPFR (Collaborative Planning, Forecasting and Replenishment)
4
.... but, there are Very Good Reasons for Keeping Asymmetric Information
Asymmetric
• Fear that Supply-Chain Partner will Take Advantage of Private Information
• Fear that Private Information will Leak to a Competitor
5
As a result…
• Reluctance to share private/proprietary info– Even when both sides would gain from sharing
• Consequence: Information asymmetry– Many inefficiencies
6
Is it possible to enjoy the benefits of Information-Sharing without Disclosing Private Information?
Obvious Question…
7
The Future
• Online interactions that give the benefits of sharing, without its drawbacks– “As if” information sharing had taken place, yet without
revealing one’s private/proprietary data
• Counterpart’s information is often needed only as partial input for computing a desired output
• Can two parties compute desired output without either learning the other’s input?
8
An Example: Vickrey Auction
• Requires computation of the second highest bid value and identity of highest bidder from all submitted bids
• Secure Multi-party Computation (SMC) protocols can– Compute the second highest bid without revealing the
identity of the second highest bidder
– Identify highest bidder without revealing his bid
– Not reveal bids of any other bidders
9
Secure multiparty computation
• Alice has private data x,• Bob has private data y,• They want to jointly compute f(x,y),• Only Alice (or Bob, or both) knows the result.
Alice Bob
x y
10
Secure multiparty computation (SMC) Literature
• A decades old area– Yao, Goldreich, Micali, Wigderson, … (many others)
– Elegant theory
– General results • Circuit simulations, use oblivious transfer
– General results typically impractical
• Recently: Protocols for specific problems– More practical
11
Mechanism Design Literature
• Studies how private information can be elicited from agents by providing incentives
• Mechanism design problem simplified through the revelation principle (principal announces a menu constructed to induce truth telling)
• No future or side consequences of participating in the mechanism and truthfully revealing private information
• Assumes that the entity implementing the mechanism is trustworthy
12
Supply Chain Literature…
• Has quantified the benefit of information sharing (e.g. Lee, So and Tang; Cachon and Fisher)
• Has modeled Supply-Chain Collaboration, e.g. collaborative forecasting (Aviv 2001, 2003)
• Key obstacles: companies unwilling to share sensitive information, fear of information leakage
13
We Propose to
marry three distinct disciplines
• Secure Multi-Party Computation from CS
• Mechanism Design from Economics
• Supply-Chain Management from OM
14
Our Goal..
...we are developing protocols to enable Supply-Chain Partners to
Make Decisions that Cooperatively Achieve Desired System Goals without Revealing
Private Information
15
A Supply Chain Problem..
• Collaborative Forecasting and Planning without revealing private forecast information
16
Industry Backdrop
• Collaborative Planning, Forecasting, and Replenishment (CPFR), an initiative of the Voluntary Intra-Industry Collaboration Society (VICS)– buyer and supplier share inventory-status, forecast, and
event-oriented information and collaboratively make replenishment decisions
– pilot program between Wal-Mart and Warner-Lambert, called CFAR: (www.cpfr.org)
• Challenges to CPFR– fear that competitively-sensitive “private information”
will be compromised– Necessary to protect “sensitive” forecast information
such as sales promotions from “leaking”
17
Business Scenario
• A supply-chain with two players, a supplier selling to a retailer.
• The retailer and the supplier receive independent “signals” about future market demand– e.g., a retailer has private information about “promotions”
that he may be planning to run in the future which can affect his forecast of demand;
– the supplier can receive signals about overall “market trends”
• Incorporating these “signals” can improve forecast accuracy
• But.. “signal” information should be kept private
18
Demand Model
, ,1 1
T Tr s
t r t i s t i ti i
d
• dt – demand in period t (observed by the retailer only)
• t,ir – Retailer’s signal about period t observed in period t-i
(private information to the retailer)
• t,is –Supplier’s signal about period t observed in period t-i
(private information to the supplier)
• , r , s – unknown parameters to be estimated from past observations
19
Forecasting Process
• In each period t, estimate , r , s by regressing the observations dt versus the observed signals t,i
r and t,i
s
• For the forecast horizon (T periods) construct the forecast using the following equation:
, , 1,...,
T Tr s
j r sj i j ii j t i j t
d j t t T
22
Secure Protocols Building Blocks:
• Hiding numbers by additively splitting values
-x= xs + xr, Supplier has xs, while retailer has xr
- Modular arithmetic (xs+xr) mod N =x hides x in a information theoretic sense
Secure addition and subtraction
Homomorphic Encryption ( E(X) E(Y)=E(X+Y) )
Secure Split Multiplication
Secure Split Division
Secure Scalar Product
Secure Matrix Multiplication
23
Advanced Building Blocks:• Secure Matrix Inversion
-Matrix A is split such that As+Ar = A.
- Output supplier learns Bs, retailer learns Br; Bs+Br = B
• Secure Binary Search
• Secure Comparison
-Supplier has X, Retailer has Y,
- Output reveals if X<Y, without revealing X to retailer and Y to supplier
27
Retailer Supplier
16.80td
7RtOH
Step 2: Input demand and inventory information
1,1 0.83Rt
0RtBO
22RtIT
13StOH
0StBO
19StIT
2,2 0.58Rt
3,3 0.88Rt
4,4 0.29Rt
1,1 1.84St
2,2 0.81St
3,3 0.69St
4,4 0.18St
29
Step 3: Leadtime demand forecast
Overall
,[ , ] 47.46Rt t t L
,[ , ] 5.02St t t L
,[ , ] 79.35R St t t L L
SupplierRetailer
,[ ] 8.28R St t L L
32
Protocol Implementation Issues:
Protocols are verifiable
• The Logic of the Protocol is Auditable– Logic of Source Code Can be Audited
• Outputs Can be Tested– Outputs Can be Verified Given Known Inputs
33
Protocol Implementation Issues:
Other Advantages
• Valuable even in Trusted e.g. (intra-corporate) interactions– “Defense in depth” ! – Systems are hacked into, break-ins occur,
viruses occur, spy-ware, bad insiders, etc– Liability Decreased
• “Don’t send me your data even if you trust me”
• Impact on Litigation and Insurance Rates
34
We Have Only Just Begun...
• Tough Issues to Deal with:– SMC Complexities; e.g.,
• How to Deal with Collusion• Computational Complexity (e.g., simultaneity)
– Supply-Chain Modeling Complexities; e.g.• Contracting/Incentive Issues
– SSCC Complexities; e.g., • Inverse Optimization
• Bob’s Objective is fB(xA, xB); Alice’s is fA((xA, xB)
35
Future Work
• Protocols for other supply-chain applications– Price-Masking
– Bullwhip Scenarios
– Capacity Allocation
• Protocol implementation issues– Collusion by a subset of parties
– Intrusion detection
– Incentive issues and mechanism design
39
Secure Demand Forecasting ProtocolInput: The supplier knows the j,i
s and the retailer knows the j,ir , for all j,
i such that j = t + 1, ..., t + T and i = j − t, ..., T. The parameters , r , s are available in additively split form.
Output: Both supplier and retailer learn the forecast dj for all j = t + 1, ..., t + T.
Protocol Steps: 1. For each j {t + 1, ..., t + T}, the supplier computes vj
s = j,i
s. This is a “local” computation, as the supplier has all the j,i
s values. The retailer similarly computes vj
r = j,i
r for all j {t + 1, ..., t + T}.2. For each j {t + 1, ..., t + T}, the supplier and retailer run a split
multiplication protocol twice, once to compute wrj = rvr
j and once to compute ws
j = svsj (both in split fashion).
3. For each j {t + 1, ..., t + T}, the supplier and retailer run a split addition protocol to compute µ+ wr
j+ wsj, which is equal to dj . They
exchange their shares of each dj so they both learn its value.
Top Related