信息网络安全 ›› 2024, Vol. 24 ›› Issue (1): 93-105.doi: 10.3969/j.issn.1671-1122.2024.01.009

• 隐私保护 • 上一篇    下一篇

基于同态加密的隐私保护与可验证联邦学习方案

赖成喆(), 赵益宁, 郑东   

  1. 西安邮电大学网络空间安全学院,西安 710121
  • 收稿日期:2023-07-16 出版日期:2024-01-10 发布日期:2024-01-24
  • 通讯作者: 赖成喆 E-mail:lcz_xupt@163.com
  • 作者简介:赖成喆(1985—),男,陕西,教授,博士,CCF会员,主要研究方向为无线网络安全、应用密码学|赵益宁(1998—),女,陕西,硕士研究生,主要研究方向为隐私计算、信息安全|郑东(1964—),男,山西,教授,博士,主要研究方向为编码密码学和网络安全
  • 基金资助:
    国家自然科学基金(62072371);陕西省重点研发计划(2021ZDLGY06-02)

A Privacy Preserving and Verifiable Federated Learning Scheme Based on Homomorphic Encryption

LAI Chengzhe(), ZHAO Yining, ZHENG Dong   

  1. School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
  • Received:2023-07-16 Online:2024-01-10 Published:2024-01-24
  • Contact: LAI Chengzhe E-mail:lcz_xupt@163.com

摘要:

Cross-silo联邦学习使客户端可以在不共享原始数据的情况下通过聚合本地模型更新来协作训练一个机器学习模型。然而研究表明,训练过程中传输的中间参数也会泄露原始数据隐私,且好奇的中央服务器可能为了自身利益伪造或篡改聚合结果。针对上述问题,文章提出一种抗合谋的隐私保护与可验证cross-silo联邦学习方案。具体地,对每个客户端中间参数进行加密以保护数据隐私,同时为增强系统安全性,结合秘密共享方案实现密钥管理和协同解密。此外,通过聚合签名进一步实现数据完整性和认证,并利用多项式承诺实现中央服务器聚合梯度的可验证性。安全性分析表明,该方案不仅能保护中间参数的隐私及验证数据完整性,而且能够确保聚合梯度的正确性。同时,性能分析表明,相比于现有同类方案,文章所提方案的通信开销显著降低。

关键词: 联邦学习, 隐私保护, 同态加密, 多项式承诺, 聚合签名

Abstract:

Cross-silo federated learning enables clients to collaboratively train a machine learning model by aggregating local model updates without sharing raw data. However, studies have shown that intermediate parameters transmitted during training can also leak the privacy of raw data. A curious central server may falsify or tamper with aggregation results for its own benefit. To address these issues, an anti-collusion privacy preserving and verifiable cross-silo federated learning scheme was proposed. Specifically, the intermediate parameters of each client were encrypted to protect data privacy, and key management and collaborative decryption were achieved by combining secret sharing schemes to enhance system security. Furthermore, data integrity and authentication were achieved through aggregate signatures, and the verifiability of central server aggregation gradients was ensured using polynomial commitments. Security analysis shows that the proposed scheme not only protects the privacy of intermediate parameters and verifies data integrity, but also ensures the correctness of aggregation gradients. Performance analysis shows that compared to the existing schemes, the proposed scheme can significantly reduce the communication overhead.

Key words: federated learning, privacy preserving, homomorphic encryption, polynomial commitment, aggregate signature

中图分类号: