Verifiable federated learning framework for client side secure admissions

doi:10.19678/j.issn.1000-3428.0253362

Abstract

Abstract: Federated learning (FL) features two core advantages: keeping raw data local and enabling collaborative training across participants, which safeguards data privacy and facilitates distributed model collaboration. However, its architecture still confronts two key security threats—malicious client selection manipulation and server-side gradient tampering—rooted in the contradiction between distributed training and centralized aggregation. Specifically, malicious servers can rig client selection to skew the aggregated model, and the server’s absolute control over gradient aggregation creates a trust bottleneck for tampering, as client authentication relies on server trust and gradient aggregation lacks decentralized verification. To tackle these issues, this paper proposes a client-verifiable FL framework integrating Verifiable Random Functions (VRF) and lightweight Message Authentication Codes (MAC). In client selection, a VRF-based dynamic protocol ensures unforgeable participant identities and publicly verifiable selection results, preventing undetectable server tampering. In gradient aggregation, an innovative lightweight MAC mechanism with auxiliary node collaboration enables trustless tampering detection via gradient-sensitive parameters. Experiments demonstrate that the VRF-based selection maintains performance close to the theoretical benchmark of unmanipulated scenarios, reducing the malicious node selection rate by over 33% compared with traditional FedAvg. Meanwhile, the MAC-based gradient verification mechanism cuts communication overhead by around 24% relative to the baseline VerifyNet.

摘要： 联邦学习以原始数据不离开本地、跨参与方协同训练模型为核心优势，在保护数据隐私的同时推动了分布式场景下的模型协作，但这一架构仍面临客户端选择被恶意操纵与服务器梯度篡改的双重安全威胁。一方面，在开放网络环境中，恶意服务器会通过恶意操控客户端选择过程，导致聚合模型偏向攻击者预设的恶意方向。另一方面，在传统联邦学习架构中，服务器掌握梯度聚合的绝对控制权，因此作为联邦学习系统核心的服务器可能成为梯度篡改的信任瓶颈。这两类威胁本质上源于联邦学习的 “分布式训练 - 集中式聚合” 架构矛盾：客户端身份认证依赖服务器的信任假设，而梯度聚合过程缺乏去中心化的验证手段。为应对上述威胁，提出了融合可验证随机函数（VRF，Verifiable Random Function）与轻量级MAC（Message Authentication Code）的客户端可验证联邦学习框架。在客户端选择阶段，设计基于VRF函数的动态选择协议，利用其不可预测证明确保参与者身份的不可伪造性以及其选择过程的公开可验证性确保服务器无法篡改选择结果而不被发现；在梯度聚合阶段，创新性地引入辅助节点协同的轻量级MAC验证机制，通过梯度敏感参数实现无信任服务器的篡改检测。实验表明，在有恶意操纵服务器选择的情况下能够保证客户端的选择接近无操纵情况选择恶意客户端的理论值，VRF方法相较于传统的客户端选择（FedAvg）将恶意节点入选率降低了超过33%，同时梯度验证机制与基线方法VerifyNet相比通信开销下降了24%左右。

jinhao hu , dongfen li, jinbo wang , Jinshan lai. Verifiable federated learning framework for client side secure admissions[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0253362.

胡津豪, 李冬芬, 王金波, 赖金山. 客户端安全准入的可验证联邦学习框架[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0253362.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0253362

References

[1] McMahan B, Moore E, Ramage D, et al. Communication-efficient learning of deep networks from decentralized data[C]//Artificial intelligence and statistics. PMLR, 2017: 1273-1282.
[2] Xiong J, Chen J, Liu H, et al. A Privacy-Preserving Computer-Aided Diagnosis Framework for Medical Applications Using Federated Learning and Homomorphic Encryption[C]//International Conference on Attacks and Defenses for Internet-of-Things. Cham: Springer Nature Switzerland, 2024: 90-106.
[3] Zhang X. Research on the Application of Federated Learning Technology in Smart Homes[C]//Proceedings of the 2024 3rd Asia Conference on Algorithms, Computing and Machine Learning. 2024: 228-233.
[4] Xu T, Zhu K, Andrzejak A, et al. Distributed learning in trusted execution environment: A case study of federated learning in SGX[C]//2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC). IEEE, 2021: 450-454.
[5] Kalapaaking A P, Khalil I, Rahman M S, et al. Blockchain-based federated learning with secure aggregation in trusted execution environment for internet-of-things[J]. IEEE Transactions on Industrial Informatics, 2022, 19(2): 1703-1714.
[6] Atallah M J, Pantazopoulos K N, Spafford E H. Secure outsourcing of some computations[J]. 1996. [7] Fan C I, Hsu Y W, Shie C H, et al. ID-based multireceiver homomorphic proxy re-encryption in federated learning[J]. ACM Transactions on Sensor Networks, 2022, 18(4): 1-25.
[8] Jiang Z, Ye P, He S, et al. Lotto: secure participant selection against adversarial servers in federated learning[C]//33rd USENIX Security Symposium (USENIX Security 24). 2024: 343-360.
[9] Cryptography. https://cryptography.io.
[10] Kalapaaking A P, Khalil I, Yi X, et al. Auditable and verifiable federated learning based on blockchain-enabled decentralization[J]. IEEE transactions on neural networks and learning systems, 2024, 36(1): 102-115.
[11] Wang H, Wang L P, Zhang L F, et al. Two-Server Verifiable Federated Learning: Unconditional Security and Practical Efficiency[C]//2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 2024: 163-168.
[12] Keshavarzkalhori G, Perez-Sola C, Navarro-Arribas G, et al. Federify: A verifiable federated learning scheme based on zksnarks and blockchain[J]. IEEE Access, 2023, 12: 3240-3255.
[13] Gao H, He N, Gao T. SVeriFL: Successive verifiable federated learning with privacy-preserving[J]. Information Sciences, 2023, 622: 98-114.
[14] Eltaras T, Sabry F, Labda W, et al. Efficient verifiable protocol for privacy-preserving aggregation in federated learning[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 2977-2990.
[15] Chai Z, Ali A, Zawad S, et al. Tifl: A tier-based federated learning system[C]//Proceedings of the 29th international symposium on high-performance parallel and distributed computing. 2020: 125-136.
[16] Kim Y G, Wu C J. Autofl: Enabling heterogeneity-aware energy efficient federated learning[C]//MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture. 2021: 183-198.
[17] Wang H, Kaplan Z, Niu D, et al. Optimizing federated learning on non-iid data with reinforcement learning[C]//IEEE INFOCOM 2020-IEEE conference on computer communications. IEEE, 2020: 1698-1707.
[18] Fakher B, Bennis I, Abouaissa A. FedCSA: A Novel Federated Learning Client Selection with Anomaly Detection Approach for IoT Systems[C]//2025 IEEE Wireless Communications and Networking Conference (WCNC). IEEE, 2025: 1-6.
[19] Zhang H, Li X, Xu M, et al. Robust Federated Learning Client Selection with Combinatorial Class Representations and Data Augmentation[J]. IEEE Transactions on Information Forensics and Security, 2025.
[20] Alfadhil M J, Baydoun A, Alazab M, et al. Enhancing federated learning for IoT-based anomaly detection: A reputation-based client selection approach[J]. Alexandria Engineering Journal, 2025, 130: 889-909.
[21] Guo X, Liu Z, Li J, et al. V eri fl: Communication-efficient and fast verifiable aggregation for federated learning[J]. IEEE Transactions on Information Forensics and Security, 2020, 16: 1736-1751.
[22] Xu G, Li H, Liu S, et al. VerifyNet: Secure and verifiable federated learning[J]. IEEE Transactions on Information Forensics and Security, 2019, 15: 911-926.
[23] Hahn C, Kim H, Kim M, et al. Versa: Verifiable secure aggregation for cross-device federated learning[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 20(1): 36-52.
[24] Ghodsi Z, Gu T, Garg S. Safetynets: Verifiable execution of deep neural networks on an untrusted cloud[J]. Advances in Neural Information Processing Systems, 2017, 30.
[25] Tramer F, Boneh D. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware[J]. arxiv preprint arxiv:1806.03287, 2018.
[26] Luo F, Al-Kuwari S, Ding Y. SVFL: Efficient secure aggregation and verification for cross-silo federated learning[J]. IEEE Transactions on Mobile Computing, 2022, 23(1): 850-864.
[27] LeCun Y, Bottou L, Bengio Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 2002, 86(11): 2278-2324.
[28] Xiao H, Rasul K, Vollgraf R. Fashion-MNISTt: a novel image dataset for benchmarking machine learning algorithms[J]. arXiv preprint arXiv:1708.07747, 2017.
[29] Krizhevsky A, Hinton G. Learning multiple layers of features from tiny images[J]. 2009.
[30] Shafiq M, Gu Z. Deep residual learning for image recognition: A survey[J]. Applied sciences, 2022, 12(18): 8972.
[31] Buyukates B, So J, Mahdavifar H, et al. Lightverifl: A lightweight and verifiable secure aggregation for federated learning[J]. IEEE Journal on Selected Areas in Information Theory, 2024, 5: 285-301.
[32] Lei X, Wang S, Fan Y. LPV-FL: A Lightweight Privacy-Preserving and Verifiable Federated Learning Scheme[J]. IEEE Internet of Things Journal, 2025.
[33] Wang RJ, Wang JB, Zhang FL, Li JW, Li ZP, Chen T. Feature Map Poisoning Attack and Dual Defense Mechanism for Federated Prototype Learning. Ruan Jian Xue Bao/Journal of Software,2025,36(03):1355-1374. (in Chinese). 王瑞锦,王金波,张凤荔,等.联邦原型学习的特征图中毒攻击和双重防御机制[J].软件学报,2025,36(03):1355-1374
[34] Yang Yuan, Zhang En, Li Gongli. A Verifiable Privacy-Preserving Federated Learning Scheme Based on Game Theory[J/OL]. Computer Engineering, 1-16[2025-11-27]. https://doi.org/10.19678/j.issn.1000-3428.0252350. 杨媛,张恩,李功丽.基于博弈论的可验证隐私保护联邦学习方案[J/OL].计算机工程,1-16[2025-11-27].https://doi.org/10.19678/j.issn.1000-3428.0252350.
[35] Guo Rui, Li Feifan, Zhang Yinghui, et al. A Multi-Server Accountable Privacy-Preserving Federated Learning Scheme[J/OL]. Journal of Frontiers of Computer Science and Technology, 1-22[2025-11-27]. https://link.cnki.net/urlid/11.5602.tp.20250904.1718.002. 郭瑞,李非凡,张应辉,等.多服务器可追责的隐私保护联邦学习方案[J/OL].计算机科学与探索,1-22[2025-11-27].https://link.cnki.net/urlid/11.5602.tp.20250904.1718.002.

Please choose a citation manager

Content to export