一种基于同态签名的可验证联邦学习方案

A Verifiable Federated Learning Scheme Based on Homomorphic Signatures

联邦学习作为一种新兴的分布式机器学习技术,允许用户通过服务器协同训练全局模型,而无需共享其原始数据集.然而服务器可以对用户上传的模型参数进行分析,推断用户隐私.此外,服务器还可能伪造聚合结果,诱导用户发布敏感信息.因此用户需要对参数进行保护,同时对聚合结果进行正确性验证.本文设计了一种可验证的联邦学习方案.首先,基于公开可验证秘密共享设计了双掩码安全聚合协议,在保护用户模型参数的同时还能支持用户的动态退出和共享验证功能,确保服务器解密的正确性.其次,基于同态签名构建验证公钥更短的聚合结果验证方案,使用户可以验证服务器聚合结果的正确性.实验结果表明,同现有方案相比,方案验证聚合结果时的计算开销和通信开销同时处于较低水平.安全性分析证明了方案在隐私保护方面能够有效防止恶意攻击和数据泄露,保障了联邦学习训练的安全性.

As an emerging distributed machine learning technology,federated learning allows users to collaboratively train a global model on a server without sharing their original data sets.However,the server can analyze the model parameters uploaded by users and infer user privacy.In addition,the server may also forge the aggregation results and induce users to publish sensitive information.Therefore,users need to protect the parameters and verify the correctness of the aggregation results.This paper designs a privacy-preserving and verifiable federated learning scheme.Firstly,based on publicly verifiable secret sharing,a double-mask secure aggregation protocol is designed to protect the user model parameters while supporting the user’s dynamic exit and sharing verification functions to ensure the correctness of the server decryption.Secondly,based on homomorphic signatures,an aggregation result verification scheme with shorter verification public key is constructed,so that users can verify the correctness of server aggregation results.The experimental results show that,compared with the existing schemes,the computational overhead and communication overhead of the proposed scheme in verifying the aggregation results are at a low level.Security analysis shows that the proposed scheme can effectively prevent malicious attacks and data leakage in terms of privacy protection,and ensure the security of federal learning and training.