A Fusion Scheme of Multi-Key Homomorphic Encryption and Differential Privacy for Distributed Learning

doi:10.3969/j.issn.1671-1122.2026.02.005

Abstract

Abstract:

In the era of big data, data privacy protection in the field of machine learning has become increasingly important. In multi-party learning scenarios, attackers can reverse-engineer original data features from information such as gradients and model parameters. Moreover, some participants may collude for personal gain, sharing data that should remain confidential, thereby undermining the fairness and privacy requirements of multi-party learning. To address these issues, this paper proposed a fusion scheme of multi-key homomorphic encryption and differential privacy for distributed learning, namely the PrivMPL scheme, whose core objective was to achieve efficient model training while ensuring data privacy security. In this scheme, local clients used an aggregated public key to encrypt updated model parameters, and the decryption process required collaborative participation from all data users. The server achieved differential privacy by adding Gaussian noise to the aggregated parameters. The scheme effectively prevented privacy leakage caused by information sharing during multi-party training and was robust against collusion between data users and the server. To validate the effectiveness of the PrivMPL scheme, it is compared with a Paillier-based homomorphic encryption multi-party learning approach, using model accuracy as the evaluation metric. Experimental results show that the PrivMPL scheme achieves a significant improvement in model accuracy, further demonstrating its advantages in data privacy protection and model performance.

Key words: machine learning as a service, multi-party learning, differential privacy, multi-key homomorphic encryption

CLC Number:

TP309

WANG Teng, FAN Kunwei, ZHANG Yao. A Fusion Scheme of Multi-Key Homomorphic Encryption and Differential Privacy for Distributed Learning[J]. Netinfo Security, 2026, 26(2): 236-250.

Figures/Tables 9

References 34

[1]	RIBEIRO M, GROLINGER K, CAPRETZ M A M. MLaaS: Machine Learning as a Service[C]// IEEE. 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). New York: IEEE, 2015: 896-902.
[2]	CARLINI N, CHIEN S, NASR M, et al. Membership Inference Attacks from First Principles[C]// IEEE. 2022 IEEE Symposium on Security and Privacy (SP). New York: IEEE, 2022: 50-61.
[3]	FREDRIKSON M, JHA S, RISTENPART T. Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures[C]// ACM.The 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2015: 45-57.
[4]	DWORK C. Differential Privacy: A Survey of Results[C]// Springer.International Conference on Theory and Applications of Models of Computation. Heidelberg: Springer, 2008: 1-19.
[5]	SUN Yifan, ZHANG Rui, TAO Yang, et al. A Survey on Local Differential Privacy[J]. Frontiers of Data and Computing, 2023, 5(5): 74-97.
	孙一帆, 张锐, 陶杨, 等. 本地化差分隐私综述[J]. 数据与计算发展前沿, 2023, 5(5): 74-97.
[6]	ABADI M, CHU A, GOODFELLOW I, et al. Deep Learning with Differential Privacy[C]// ACM. The 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016: 38-49.
[7]	RUAN Wenqiang, XU Mingxin, FANG Wenjing, et al. Private, Efficient, and Accurate: Protecting Models Trained by Multi-Party Learning with Differential Privacy[C]// IEEE. 2023 IEEE Symposium on Security and Privacy (SP). New York: IEEE, 2023: 1926-1943.
[8]	FU Jie, YE Qingqing, HU Haibo, et al. DPSUR: Accelerating Differentially Private Stochastic Gradient Descent Using Selective Update and Release[J]. The VLDB Endowment, 2024(7): 1200-1213.
[9]	ZHANG Jianqing, HUA Yang, WANG Hao, et al. Fedala: Adaptive Local Aggregation for Personalized Federated Learning[C]// AAAI. The AAAI Conference on Artificial Intelligence. Washington, D. C.: AAAI, 2023, 37(9): 11237-11244.
[10]	WANG Zhenya, CHENG Xiang, SU Sen, et al. Atlas: Gan-Based Differentially Private Multi-Party Data Sharing[J]. IEEE Transactions on Big Data, 2023, 9(4): 1225-1237.
[11]	XU Depeng, YUAN Shuhan, WU Xintao. Achieving Differential Privacy in Vertically Partitioned Multiparty Learning[C]// IEEE. 2021 IEEE International Conference on Big Data. New York: IEEE, 2021: 5474-5483.
[12]	WEN Jinming, LIU Qing, CHEN Jie, et al. Research Current Status and Challenges of Fully Homomorphic Cryptography Based on Learning with Errors[J]. Netinfo Security, 2024, 24(9): 1328-1351.
	温金明, 刘庆, 陈洁, 等. 基于错误学习的全同态加密技术研究现状与挑战[J]. 信息网络安全, 2024, 24(9): 1328-1351.
[13]	NAEHRIG M, LAUTER K, VAIKUNTANATHAN V. Can Homomorphic Encryption Be Practical?[C]// ACM. The 3rd ACM Workshop on Cloud Computing Security Workshop. New York: ACM, 2011: 113-124.
[14]	MARCOLLA C, SUCASAS V, MANZANO M, et al. Survey on Fully Homomorphic Encryption, Theory, and Applications[J]. Proceedings of the IEEE, 2022, 110(10): 1572-1609. doi: 10.1109/JPROC.2022.3205665 URL
[15]	TAKABI H, HESAMIFARD E, GHASEMI M. Privacy Preserving Multi-Party Machine Learning with Homomorphic Encryption[C]// NIPS. The 29th Annual Conference on Neural Information Processing Systems (NIPS). Vancouver: NIPS, 2016: 1-4.
[16]	FANG Haokun, QIAN Quan. Privacy Preserving Machine Learning with Homomorphic Encryption and Federated Learning[J]. Future Internet, 2021, 13(4): 94-109. doi: 10.3390/fi13040094 URL
[17]	WANG Sen, CHANG J M. Differentially Private Principal Component Analysis over Horizontally Partitioned Data[C]// IEEE. 2018 IEEE Conference on Dependable and Secure Computing (DSC). New York: IEEE, 2018: 1-8.
[18]	LOPEZ-ALT A, TROMER E, VAIKUNTANATHAN V. On-The-Fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption[C]// ACM. The Forty-Fourth Annual ACM Symposium on Theory of Computing. New York: ACM, 2012: 1219-1234.
[19]	CLEAR M, MCGOLDRICK C. Multi-Identity and Multi-Key Leveled FHE from Learning with Errors[C]// Springer. Annual Cryptology Conference. Heidelberg: Springer, 2015: 630-656.
[20]	CAI Yuxuan, DING Wenxiu, XIAO Yuxuan, et al. Secfed: A Secure and Efficient Federated Learning Based on Multi-Key Homomorphic Encryption[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 21(4): 3817-3833. doi: 10.1109/TDSC.2023.3336977 URL
[21]	LI Yanling, LAI Junzuo, ZHANG Rong, et al. Secure and Efficient Multi-Key Aggregation for Federated Learning[J]. Information Sciences, 2024, 654: 119830-119856. doi: 10.1016/j.ins.2023.119830 URL
[22]	MA Jing, NAAS S A, SIGG S, et al. Privacy-Preserving Federated Learning Based on Multi-Key Homomorphic Encryption[J]. International Journal of Intelligent Systems, 2022, 37(9): 5880-5901. doi: 10.1002/int.v37.9 URL
[23]	JIA Bin, ZHANG Xiaosong, LIU Jiewen, et al. Blockchain-Enabled Federated Learning Data Protection Aggregation Scheme with Differential Privacy and Homomorphic Encryption in IIoT[J]. IEEE Transactions on Industrial Informatics, 2021, 18(6): 4049-4058. doi: 10.1109/TII.2021.3085960 URL
[24]	LI Yujie, SUN Yi, LIN Wei. Efficient End to End Privacy Preserving Federated Learning Scheme[J]. Journal of Chinese Computer Systems, 2025, 46(8): 1818-1828.
	李宇杰, 孙奕, 林玮. 一种高效的全流程隐私保护联邦学习方案[J]. 小型微型计算机系统, 2025, 46(8): 1818-1828.
[25]	JAYARAMAN B, WANG Lingxiao, EVANS D, et al. Distributed Learning without Distress: Privacy-Preserving Empirical Risk Minimization[J]. Advances in Neural Information Processing Systems, 2018(6), 31-48.
[26]	MCMAHAN H B, RAMAGE D, TALWAR K, et al. Learning Differentially Private Recurrent Language Models[C]// ICLR. International Conference on Learning Representations. Vancouver: ICLR, 2018: 1-14.
[27]	TRUEX S, LIU Ling, CHOW K H, et al. LDP-Fed: Federated Learning with Local Differential Privacy[C]// ACM. The Third ACM International Workshop on Edge Systems, Analytics and Networking. New York: ACM, 2020: 61-66.
[28]	BOHLER J, KERSCHBAUM F. Secure Multi-Party Computation of Differentially Private Heavy Hitters[C]// ACM. The 2021 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2021: 2361-2377.
[29]	CHEN Hao, CHILLOTTI I, SONG Y. Multi-Key Homomorphic Encryption from TFHE[C]// Springer. International Conference on the Theory and Application of Cryptology and Information Security. Heidelberg: Springer, 2019: 446-472.
[30]	BRAKERSKI Z. Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP[C]// Springer. Annual Cryptology Conference. Heidelberg: Springer, 2012: 868-886.
[31]	FAN Junfeng, VERCAUTEREN F. Somewhat Practical Fully Homomorphic Encryption[EB/OL]. (2012-03-22)[2025-04-02]. https://eprint.iacr.org/2012/144.
[32]	CHEON J H, KIM A, KIM M, et al. Homomorphic Encryption for Arithmetic of Approximate Numbers[C]// Springer. International Conference on the Theory and Application of Cryptology and Information Security. Heidelberg: Springer, 2017: 409-437.
[33]	SUN Han, ZHANG Yan, XU Zhen, et al. MK-FLFHNN: A Privacy-Preserving Vertical Federated Learning Framework for Heterogeneous Neural Network via Multi-Key Homomorphic Encryption[C]// IEEE. The 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD). New York: IEEE, 2023: 552-558.
[34]	LI Ping, LI Jin, HUANG Zhengan, et al. Multi-Key Privacy-Preserving Deep Learning in Cloud Computing[J]. Future Generation Computer Systems, 2017, 74: 76-85. doi: 10.1016/j.future.2017.02.006 URL