Secure Aggregation In Federated Learning

Federated Learning(FL)is a novel distributed machine learning framework that has gained much attention due to its ability to model collaboration without collecting raw data from each client.In FL,each client(mobile devices,enterprises or institutions)trains a local model and uploads the local model parameters to a central server.The central server aggregates the local model parameters into a global model and returns it to each client.During this process,the local models of clients are the inputs of the aggregation phase of FL,and the global model is the output of the aggregation phase.However,the aggregation phase of FL still faces various challenging security and privacy issues,including input privacy issue,output privacy issue and output integrity issue.To solve the above security and privacy issues,this paper first studies the most basic input privacy issue in FL,and then focuses on the output privacy and output integrity issues in cross-silo FL scenarios with higher security requirements.Finally,a privacy-enhanced cross-silo FL framework is designed.The main work of this paper is as follows.We proposed a general secure aggregation protocol for FL focusing on input privacy.We systematically analyzed the state-of-the-art secure aggregation protocol for protecting input privacy of clients,and then proposed a single-mask secure aggregation protocol based on secret sharing.This protocol utilizes the additive homomorphic property of secret sharing to protect input privacy of clients while having extremely low computation and communication costs.It can also solve the problem of client dropouts in FL.We proposed a secure aggregation protocol for cross-silo FL that focuses on output privacy.We elaborated on the importance of output privacy in cross-silo FL scenarios and proposed a secure aggregation protocol through symmetric encryption and key agreement protocol.The secure aggregation protocol aims to guarantee output privacy by encrypting shared mask and transferring the model aggregation task.In the global model aggregation phase,each client first encrypts the sum of secret shares of the mask(only the clients can decrypt)and exchanges it,then locally decrypts the ciphertext and aggregates the global model.We designed a privacy-enhanced cross-silo FL framework called SIGFL.SIGFL is a FL framework designed for cross-silo scenarios,aiming to ensure the input privacy,output privacy,and output integrity of clients and tolerate client dropouts.The framework is an extension of the previous two works,thus ensuring the input and output privacy of clients.In addition,by adding one-time digital signatures and changing the role of the server(only responsible for forwarding messages without participating in any computation),SIGFL also has the ability to ensure the output integrity of FL.This paper elaborates on the important significance of input privacy,output privacy,and output integrity in FL,and proposes corresponding solutions through the above research.SIGFL is a cross-silo FL framework proposed for the above three security and privacy issues,aiming to ensure the input privacy,output privacy,and output integrity of clients and tolerate client dropouts.Compared with existing mainstream cross-silo FL frameworks,SIGFL combines security,fault tolerance,and computational efficiency.When the number of clients is 100 and the number of model parameters is 50000,SIGFL can complete one round of secure aggregation in only 1.2seconds on a network bandwidth of 120 Mbps.