Secure Collaborative Planning, Forecasting, and Replenishment (SCPFR)

Transcription

1 Secure Collaborative Planning, Forecasting, and Replenishment (SCPFR) Mikhail Atallah* Marina Blanton* Vinayak Deshpande** Keith Frikken* Jiangtao Li* Leroy B. Schwarz** * Department of Computer Sciences ** Krannert School of Management Purdue University West Lafayette, IN May 30, 2005 Extended Abstract 1. Introduction It is well known that information-sharing about inventory levels, sales, order-status, demand forecasts, production/delivery schedules, etc. can dramatically improveme supply-chain performance. Lee and Whang (2000) describe several real-world examples. The reason for this improvement, of course, isn t information-sharing, per se, but, rather, because shared information improves decision-making. However, despite its well-known benefits, many companies are averse to sharing their so-called private information, fearful that their partner(s) or competitor(s) will take advantage of it. Secure Multi-Party Computation (SMC) provides a framework for supply-chain partners to make collaborative forecasts and/or collaborative decisions without disclosing private information to one another; and, most important, without the aid of a trusted third party. SMC accomplishes this through the use of so-called protocols. An SMC protocol involves theoretically-secure hiding of private information (e.g., encryption), transmission, and processing of hidden private data. Since private information is never available in its original form (e.g., if encryption is used to hide the data, it is never decrypted), any attempt to hack or misuse private information is literally impossible. In our research, we apply SMC protocols to facilitate collaborative forecasting and inventory-replenishment decisions between a single supplier and a single retailer. The model is an extension of Clark and Scarf (1960). The business process is CPFR: Collaborative Plan- 1

2 ning, Forecasting, and Replenishment. Hence, the acronym SCPFR for Secure CPFR. 1.1 Overview/Summary This research describes privacy-preserving protocols for collaborative forecasting and inventory planning. The business scenario is a 2-stage, serial (supplier-retailer) supply chain facing periodic stochastic retailer demand. Our model is based on that of Clark and Scarf (1960) except customer demand is nonstationary. More specifically, during each time period, the retailer experiences customer demand generated by a state-dependent linear process. The only inventory available to satisfy this demand is the retailer s on-hand inventory at the beginning of that time period (after receiving any orders due for delivery that period). Excess customer demand is backordered, and all retailer end-of-period backorders incur a penalty cost of $p R /unit. Retailer end-of-period inventory is charged a holding cost of $h R /unit. At the beginning of each time period, after receiving any units delivered that time period, but before demand occurs, the retailer has the opportunity to place an order on the supplier. In our analytical model, negative orders (i.e., instantaneous returns) are permitted without penalty, as they are in other models of nonstationary demand. There is no fixed order cost. If the supplier s inventory is inadequate to fill the retailer s order entirely, the supplier will ship only a partial order, backordering the remainder until its own inventory is adequate to fill it. The supplier-to-retailer delivery leadtime is a fixed L R periods. The supplier incurs an inventory-holding cost of $h S /unit on its end-of-period inventory each period (h S <h R ). In addition, the supplier incurs a backorder-penalty cost of $p S /unit on customer backorders at the retailer. Like the retailer, the supplier can place an order (or make an instant, costless return) at the beginning of each period. The supplier s source of supply is infinite. The leadtime on supplier orders is a fixed L S periods. The privacy concerns of each company are as follows: Each company has private information (e.g. signals) with respect to future retail-customer demand. Each company s private information would improve the collaborative forecast, but neither company desires to disclose that information to its partner. Each company also has private information (e.g., retailer s inventory-holding cost, manufacturer s production cost), which, if centralized, could lead to a coordinated (i.e., first-best) decision, but both companies desire to maintain its privacy, too. Under the collaborative policy our incentive-compatible SCPFR protocols determine a collaborative forecast of future customer demand, and, based on these, the target base-stocks 2

3 of both partners that will minimize supply-chain expected cost. Based on these, and their private inventory status, the retailer and supplier are then instructed how much to order. The contributions of this research are as follows: 1) First to address privacy and incentivecompatibility issues in CPFR. 2) First to demonstrate that information-sharing isn t necessary to achieve collaboration in a supply-chain. In particular, we: (a) demonstrate that forecasting and inventory-replenishment can be done collaboratively without disclosing the private information of either the supplier or retailer; and (b) construct inventive compatible mechanisms for collaborative forecasting. 3) Demonstrate that it is difficult/impossible for either party to determine the private information of its partner using its own private information and the orders it is instructed to make by the SCPFR protocols. This is an important practical consideration; i.e., why use SMC techniques if participants can compute their partners private inputs 4) Demonstrate the benefits of SCPFR using simulation. 5) Provide practical SMC protocols. That is, given their privacy-preserving nature, certain simple mathematical processes become very complex. Each table look-up, for example, if done in a secure manner, has complexity proportional to the size of the table. We reformulate such processes to make them more computationally efficient. 2. A Model of Collaborative Forecasting and Planning We examine a supply-chain with two players, a supplier selling to a retailer. Our assumptions are the same as those of Clark and Scarf except that, in our model, customer demand in period t, d t, is realized from a state-dependent linear process, as described below. The retailer observes demand over time and uses these observations to forecast customer future demand. These forecasts are then used by the retailer to place replenishment orders to the supplier. The retailer and the supplier also receive independent signals about market demand in the future. For example, a retailer has private information about promotions that he may be planning to run in the future which can affect his forecast of demand. Similarly, the supplier can receive signals about overall market trends which can influence future demand for the product. In the collaborative scenario, a joint forecast is created by incorporating past observations of demand as well the retailer s and supplier s signals about future demand. As a result, the forecast accuracy of the demand process improves. The primary goal of our research is to provide protocols such that this forecasting and inventory planning can be conducted 3

4 in a secure fashion, i.e., the protocols would preserve the privacy of each participants private information. Thus the collaborative forecast should be computed without actually revealing the retailer s past observations of demand and his signals about future demand to the supplier, and without revealing the supplier s signals to the retailer. In the next sub-sections we present a mathematical framework of the secure collaborative forecasting. 2.1 Demand Model and Forecasting Process We assume that the demand follows a linear process given by the following equation: T T d t = µ + θ r δt,i r + θ s δt,i s + ɛ t i=1 i=1 Here D t denotes the demand realization in period t, while δ j t,i indicates the signal observed by player j about period t demand in period t i. For example, δt,i r may represent the impact of promotion that the retailer plans to run in period t as measured in period t i. Similarly, δt,i s may represent the impact of new product introductions by the supplier in period t as estimated in period t i. Our demand model is similar to the one proposed by Aviv (2002), except that we do not capture intertemporal correlation between demands in consecutive periods. As in Aviv (2002), we further assume that the signals and the error term are normally distributed, i.e., δt,i r N(0,σ r,i ), δt,i s N(0,σ s,i ), ɛ t N(0,σ 0 ). The key difference between our model and Aviv s is that information is split between the retailer and the supplier. Thus, in each period t the retailer observes the demand, d t, and demand signals up to T periods in future, δj,j t,j r = t +1,...,t+ T, but these observations are not known to the supplier. Similarly, in each period t, the supplier observes signals about demand up to T periods in future, δj,j t,j s = t +1,...,t+ T, but these observations are not known to the retailer. As a result, the parameters of the demand process, i.e., µ, θ r, and θ s are not known either to the supplier or the retailer. In the collaborative forecasting scenario, the forecast is based on both the retailer s and supplier s observations. Hence the forecasting is now determined as follows: 1. In each period t, estimate ˆµ r, ˆθ r, and ˆθ s by regressing the observations d t versus the observed signals δt,i r and δt,i. s 2. For the forecast horizon (T periods) construct the forecast using the following equation: 4

5 ˆd j =ˆµ r + ˆθ r T i=j t δ r j,i + ˆθ s T i=j t where ˆd j is the forecast of the mean demand in period j. 2.2 The Collaborative Inventory Planning Policy δ s j,i, j = t +1,..., t + T (1) By definition, the retailer s echelon inventory is the same as its local inventory; while the supplier s echelon inventory equals the total supply-chain inventory; i.e., inventory at the retailer, plus inventory at the supplier, plus any inventory in transit between the supplier and the retailer. Define y S and y R to be the echelon base stocks of the supplier and retailer, respectively. The goal of the collaborative inventory planning process is to determine the optimal echelon base-stock levels in each period, to minimize the total supply chain costs. Clark and Scarf prove that the optimal (y S, y R ) which minimizes the total supply-chain costs can be determined sequentially, first, by finding the yr and then ys. Hence, assuming the existence of a so-called trusted third party, the determination of (ys,y R) is straightforward. We describe the corresponding secure sequential determination of (ys,y R ) in Atallah et al (2005) which does not need a trusted third party. 2.3 Secure Process for Forecasting and Inventory Planning We now describe the steps needed for secure collaboration between the retailer and the supplier, i.e., a process which does not reveal private information to either party. This is described by a 5 step process as follows: 1) Retailer and supplier input their (private) cost parameters, h R,p R,h S,p S to the protocol. This information is kept private by the protocol. 2) In period t, retailer inputs (private) information d t where t =1,...,T, δj,i r where j = 0,...,t+T, and i = j t,...,t, and inventory status OHt R, BOt R, and OOt R. Supplier inputs his (private) information δj,i s where j =0,...,t+ T and i = j t,...,t, and inventory status OHt S, BOS t,oos t. This information is kept private and not revealed to anyone. 3) The secure forecasting protocol (described in Section 3) is run to compute the demand forecasts µ [t,t+lr+1], µ [t,t+ls], and µ [t,t+l 1+L 2 +1]. These forecasts are computed in a split fashion and hence kept private. They serve as an input inventory planning process in the next step. 4) The secure inventory planning protocol (can be found in Atallah et al. (2005)) is run to 5

6 compute the retailer and suppliers optimal base-stock levels yr and ys. This information is also computed in split fashion and kept private. This serves as an input to the next step. 5) The secure replenishment protocol (can be found in Atallah et al. (2005)) is run to compute the retailer and suppliers ordering decision. The protocol computes the order quantity q R = yr IP R and q S = ys IP S. Each player learns their order quantity and nothing else from the protocol. 3. Secure Protocols for Forecasting In this extended abstract we give only a secure demand forecasting protocol; secure inventory planning and secure replenishment protocols can be found in Atallah et al. (2005). These protocols rely on usage of cryptographic primitives and secure protocols for basic sub-tasks, which we briefly review here. One of the key notions is the notion of additively split data. An item x is said to be addivitely split between the supplier and retailer if the supplier has x s and the retailer has x r such that x = x s + x r, but the value of x is not known to either party. Using this notion, we show how to securely perform split addition and subtraction. In addition, usage of homomorphic encryption encryption that allows one to perform arithmetic operations directly on encrypted data permits us to construct protocols for secure split multiplication and division. Other building blocks that are used in the forecasting and planning protocols are: secure scalar product, secure polynomial evaluation, secure matrix multiplication, secure matrix inversion, and secure comparison. We refer the reader to Atallah et al. (2005) for a detailed description of these concepts and protocols. Next, we present our secure forecasting protocol. Figure 1 gives a protocol that securely computes ˆd j, where t +1 j t + T, from equation (1) given additively split estimates (ˆµ, ˆθ r, and ˆθ s ). Correctness of the answer produced by this protocol follows from Equation (1), which it faithfully implements. As long as the split multiplication protocol and the split addition protocol are secure, by the composition theorem of Canetti (2000), the secure demand forecasting protocol is secure. 6

7 Input: Supplier knows the δj,i s s and Retailer knows the δj,i s, r for all j, i such that j = t +1,...,t+ T and i = j t,...,t. The parameters ˆµ, ˆθ r, and ˆθ s are available in additively split form, i.e., for each x {ˆµ, ˆθ r, ˆθ s } Supplier (Retailer) has a random x s (resp., x r ) such that x = x s + x r. Output: Supplier and Retailer obtain ˆd s j and ˆd r j, respectively, for all j = t+1,...,t+t where ˆd j = ˆd s j + ˆd r j. Protocol Steps: 1. For each j {t +1,...,t+ T }, Supplier computes vj s = T i=j t δj,i s. This is a local computation, as Supplier has all the δj,i s values. Retailer similarly computes vj r = T i=j t δj,i r for all j {t +1,...,t+ T }. 2. For each j {t +1,...,t+ T }, Supplier and Retailer run a split multiplication protocol twice, once to compute w r j = ˆθ r v r j and once to compute ws j = ˆθ s v s j (both in split fashion). 3. For each j {t+1,...,t+t }, Supplier and Retailer run a split addition protocol to compute ˆµ + w r j + ws j, which is equal to ˆd j. References Figure 1: Secure demand forecasting protocol. [1] Atallah, M.J., M. Blanton, V. Deshpande, K. Frikken, J. Li, and L. Schwarz Secure Collaborative Planning, Forecasting, and Replenishment (SCPFR). Working Paper, Purdue University. [2] Aviv, Y., Gaining Benefits from Joint Forecasting and Replenishment Processes: The Case of Auto-Correlated Demand Manufacturing & Service Operations Mgmt. 4(1), Winter 2002, Pgs: [3] Canetti, R Security and Composition of Multiparty Cryptographic Protocols. Journal of Cryptology 13(1), Springer. [4] Clark, A., H. Scarf Optimal Policies for a multi-echelon inventory problem. Management Science, 40, p [5] Lee, H. L., S. Whang Information Sharing in a Supply Chain. International Journal of Technology Management, 20(3/4), p