| The arrival of the big data era has promoted the development of artificial intelligence technology,which provides powerful support for all aspects of modern society.However,training high accuracy models requires huge amount of data support,which usually contains private information of data holders,and they are not willing to provide the private data directly to the cloud server to train the models centrally.In this case,there will be a large amount of data isolated locally by the participants,resulting in data islands that affect the accuracy of the final model.Federal Learning has developed rapidly due to its protection of private data.It allows participants to upload only shared gradients to cloud servers for model training,thereby protecting participants’ local data privacy.Although federated learning can protect participants’ data privacy to a certain extent,just sharing gradients can also lead to disclosure of participants’ data privacy.Therefore,how to protect the privacy of gradient parameters is also a focus of attention.At the same time,during the entire federated learning and training process,if the cloud server obtains each round of gradient aggregation results,it may also lead to the disclosure of participant data privacy.In addition,cloud servers may obtain private information about participants by falsifying aggregation results and directly affect the accuracy of the model.Therefore,it is worthwhile to investigate how to protect participants’ private information and achieve verifiability of aggregation results by participants in the process of federal learning.Existing verifiable privacy-preserving federated learning schemes suffer from privacy leakage,significant additional overhead when participantsdrop out,high authentication overhead,and brute-force cracking attacks.The purpose of this work is to discuss how to achieve verifiability of aggregated results with lightweight verification overhead while protecting participants’ private information.The research content of this work is as follows:· This work proposes a verifiable privacy-preserving federal learning scheme.This scheme uses Paillier encryption algorithm and secret sharing technology to protect the privacy of local gradients,and uses a combination of linear functions and cryptography to achieve verifiability of aggregation results,which can effectively resist brute-force cracking attacks launched by cloud servers.A mask is also introduced to blind the aggregation results of each round,protecting the privacy of the aggregation results to the cloud server without the complicity of the cloud server and the participants.Through theoretical analysis and experimental demonstration,this scheme finally achieves the protection of participants’ private information and the verifiability of aggregation results,and also ensures the accuracy of the model.· A verifiable privacy-preserving federated learning scheme with lightweight verification overhead is proposed for the additional overhead caused by verification in current verifiable privacy-preserving federated learning schemes.This scheme uses a homomorphic pseudorandom generator to generate a mask to blind the gradient parameters to protect the gradient privacy,and uses Paillier encryption to upload the seed of the generated mask to the cloud server thus eliminating the mask.Using the method of encrypting individual verification values to achieve verifiability of aggregated results and effectively resist brute force cracking attacks initiated by cloud servers through a lightweight verification mechanism.Compared to existing verifiable privacy-preserving federation learning schemes,the verification mechanism of this scheme imposes a constant communication overhead as the number of gradient parameters increases,allows participants to dropout and does not impose additional overhead. |
PDF Full Text Request