基于博弈论的可验证隐私保护联邦学习方案

doi:10.19678/j.issn.1000-3428.0252350

摘要/Abstract

摘要： 针对联邦学习中模型聚合时可能会泄露用户的私有数据，以及服务器可能篡改聚合结果以获取某些非法利益的问题，提出一种双服务器架构下基于博弈论的高效可验证的隐私保护联邦学习方案。首先，使用基于种子同态伪随机生成器的单掩码方案来保护数据隐私，同时通过Shamir(t, n)门限秘密共享方案对掩码进行分发与重构，从而使所提方案能够在保证隐私的同时允许部分用户因网络环境不稳定而退出；其次，构造基于Hadamard乘积的轻量级的验证方法，使得用户最后仅需要进行简单的向量乘积运算即可验证聚合结果的正确性，从而减少验证所需的计算开销；最后，引入博弈论中的囚徒契约和背叛契约，通过激励策略促进两个服务器不发起合谋攻击，解决双服务器架构中面临的服务器合谋问题，保障用户隐私的安全性以及全局模型的可信性。实验结果表明，所提方案能够在不影响模型准确率的情况下对用户梯度进行隐私保护，且与现有方案相比，其计算效率和通信效率均有所提升，这种优势在用户退出时更明显。

Abstract: To solve the problems that users' private data may be leaked during model aggregation in federated learning, and that the server may tamper with the aggregation result to obtain certain illegal benefits, an efficient and verifiable privacy-preserving federated learning scheme based on game theory in dual-server architecture was proposed. Firstly, a single mask scheme based on homomorphic pseudorandom generator was used to protect data privacy, and the Shamir (t, n) threshold secret sharing scheme was used to distribute and reconstruct the mask, so that the proposed scheme can ensure privacy while allowing some users to drop out due to instability in the network environment. Secondly, a lightweight verification method based on Hadamard product was constructed, so that users only need to perform simple vector product operations to verify the correctness of the aggregation result, reducing the computational overhead required for verification. Finally, the prisoner contract and betrayal contract in game theory were introduced, and the two servers were promoted not to initiate collusion attacks through incentive strategies, solving the server collusion problem faced in the dual-server architecture, ensuring the security of user privacy and the credibility of the global model. The experimental results show that the proposed scheme can safely aggregate the gradients without affecting the accuracy of the model, and compared with existing schemes, its computational efficiency and communication efficiency have been improved, which is more obvious when users drop out.

杨媛, 张恩, 李功丽. 基于博弈论的可验证隐私保护联邦学习方案[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0252350.

YANG Yuan , ZHANG En , LI Gongli. A verifiable privacy-preserving federated learning scheme based on game theory[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0252350.

参考文献

[1] 刘淼,林婉茹,王琴,等.车联网联邦学习的数据异质性问题及基于个性化的解决方法综述[J].通信学报,2024,45(10):207-224. LIU M, LIN W R, WANG Q, et al. Survey on data heterogeneity problems and personalization based solutions of federated learning in Internet of vehicles[J]. Journal on Communications, 2024, 45(10): 207–224.
[2] RAUNIYAR A, HAGOS D H, JHA D, et al. Federated learning for medical applications: a taxonomy, current trends, challenges, and future research directions[J]. IEEE Internet of Things Journal, 2024,11(5):7374-7398.
[3] LIU D C, DANG Z, PENG C L, et al. FedForgery: generalized face forgery detection with residual federated learning[J]. IEEE Transactions on Information Forensics and Security, 2023,18:4272-4284.
[4] MCMAHAN B, MOORE E, RAMAGE D, et al. Communication-efficient learning of deep networks from decentralized data[C]// Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. New York: PMLR, 2017: 1273-1282.
[5] KONEČNÝ J, MCMAHAN H B, YU F X, et al. Federated learning: strategies for improving communication efficiency[C]//Proceedings of the 29th Conference on Neural Information Processing Systems, New York: Curran Associates, 2016: 5-10.
[6] LU X Z, XIAO L, LI P M, et al. Reinforcement learning-based physical cross-layer security and privacy in 6G[J]. IEEE Communications Surveys & Tutorials, 2023, 25(1): 425-466.
[7] CHEN Y H, LIU Z B, LU X Z, et al. Risk-Aware reinforcement learning based federated learning framework for Io V[C]//2024 IEEE Wireless Communications and Networking Conference (WCNC). Piscataway: IEEE Press, 2024: 1-6.
[8] ZHU L, LIU Z, HAN S. Deep leakage from gradients[C]//Proceedings of the 33rd International Conference on Neural Information Processing Systems, New York: Curran Associates, 2019: 14774 - 14784.
[9] ZHAO P, CAO Z K, JIANG J, et al. Practical private aggregation in federated learning against inference attack[J]. IEEE Internet of Things Journal, 2023, 10(1): 318-329.
[10] WANG D B, GUAN S P. FedFR-ADP: Adaptive differential privacy with feedback regulation for robust model performance in federated learning[J]. Information Fusion, 2025, 116: 102796.
[11] XIE Q P, JIANG S Y, JIANG L S, et al. Efficiency optimization techniques in privacy-preserving federated learning with homomorphic encryption: A brief survey[J]. IEEE Internet of Things Journal, 2024, 11(14): 24569-24580.
[12] 刘铭辉,张恩,王梦涛,等.非平衡场景下的模糊隐私集合交集基数协议[J/OL].计算机工程,1-13[2025-04-12]. https:// doi.org/10.19678/j.issn.1000-3428.0070356. LIU M H, ZHANG E, WANG M T, et al. Fuzzy private set intersection cardinality protocol in unbalanced scenarios [J]. Computer Engineering, 1-13[2025-04-12]. https:// doi.org/10.19678/j.issn.1000-3428.0070356.
[13] XU R H, BARACALDO N, ZHOU Y, et al. Hybridalpha: an efficient approach for privacy-preserving federated learning[C]//Proceedings of the 12th ACM workshop on artificial intelligence and security. New York: ACM Press,2019: 13-23.
[14] STEVENS T, SKALKA C, VINCENT C, et al. Efficient differentially private secure aggregation for federated learning via hardness of learning with errors[C]//31st USENIX Security Symposium (USENIX Security 22). Berkeley: USENIX Association, 2022: 1379-1395.
[15] 张少波,张激勇,朱更明,等.基于Bregman散度和差分隐私的个性化联邦学习方法[J].软件学报,2024,35(11):5249-5262. ZHANG S B, ZHANG J Y, ZHU G M, et al. Personalized federated learning method based on Bregman divergence and differential privacy[J]. Journal of Software, 2024, 35(11): 5249–5262.
[16] MA J, NAAS S A, SIGG S, et al. Privacy‐preserving federated learning based on multi‐key homomorphic encryption[J]. International Journal of Intelligent Systems, 2022, 37(9): 5880-5901.
[17] 牛淑芬,王宁,周旭升,等.智慧医疗中基于秘密共享和同态加密的安全联邦学习方案[J/OL].计算机工程,1-13[2025-04-12].https://doi.org/10.19678/j.issn.1000-3428.0070132. NIU S F, WANG N, ZHOU X S, et al. Secure federated learning scheme based on secret sharing and homomorphic encryption in smart healthcare [J/OL]. Computer Engineering, 1-13[2025-04-12]. https://doi. org/10.19678/j.issn.1000-3428.0070132.
[18] BONAWITZ K, IVANOV V, KREUTER B, et al. Practical secure aggregation for privacy-preserving machine learning[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM Press,2017: 1175-1191.
[19] LIU Z Z, CHEN S, YE J, et al. SASH: Efficient secure aggregation based on SHPRG for federated learning[C]//Uncertainty in Artificial Intelligence. New York: PMLR, 2022: 1243-1252.
[20] GUO X J, LIU Z L, LI J, et al. VeriFL: communication-efficient and fast verifiable aggregation for federated learning[J]. IEEE Transactions on Information Forensics and Security, 2020, 16: 1736-1751.
[21] XU G W, LI H W, LIU S, et al. VerifyNet: secure and verifiable federated learning[J]. IEEE Transactions on Information Forensics and Security, 2019, 15: 911-926.
[22] FU A M, ZHANG X L, XIONG N X, et al. VFL: A verifiable federated learning with privacy-preserving for big data in industrial IoT[J]. IEEE Transactions on Industrial Informatics, 2020, 18(5): 3316-3326.
[23] WANG R Y, YUAN X M, YANG Z G, et al. RFLPV: a robust federated learning scheme with privacy preservation and verifiable aggregation in IoMT[J]. Information Fusion, 2024, 102: 102029.
[24] HAHN C, KIM H, KIM M, et al. VerSA: verifiable secure aggregation for cross-device federated learning[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 20(1): 36-52.
[25] ZHONG Y J, TAN W Z, XU Z F, et al. WVFL: weighted verifiable secure aggregation in federated learning[J]. IEEE Internet of Things Journal, 2024,11(11): 19926 - 19936.
[26] YANG X, MA M J, TANG X H. An efficient privacy-preserving and verifiable scheme for federated learning[J]. Future Generation Computer Systems, 2024,160:238-250.
[27] CAI J W, SHEN W T, QIN J. ESVFL: efficient and secure verifiable federated learning with privacy-preserving[J]. Information Fusion, 2024, 109: 102420.
[28] KREPS D M, WILSON R. Sequential equilibria[J]. Econometrica: Journal of the Econometric Society, 1982, 50(4): 863–894.
[29] 张恩,秦磊勇,杨刃林等.基于弹性秘密共享的多方门限隐私集合交集协议[J].软件学报,2023,34(11):5424-5441. ZHANG E, QIN L Y, YANG R L, et al. Multi-party threshold private set intersection protocol based on robust secret sharing[J]. Journal of Software Science, 2023,34 (11): 5424-5441.
[30] SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612-613.
[31] MILLION E. The hadamard product[J]. Course Notes, 2007, 3(6): 1-7.
[32] DIFFIE W, HELLMAN M. New directions in cryptography[J]. IEEE transactions on Information Theory,1976,22(6),644-654.
[33] DONG C Y, WANG Y L, ALDWEESH A, et al. Betrayal, distrust, and rationality: smart counter-collusion contracts for verifiable cloud computing[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM Press,2017: 211-227.

选择文件类型/文献管理软件名称

选择包含的内容