Federated learning (FL) schemes enable multiple clients to jointly solve a machine learning problem using their local data to train a local model, then aggregating these models under the coordination of a central server. To achieve such a practical FL system, we need to consider (i) how to deal with the disparity across clients' datasets, and (ii) how to further protect the privacy of clients' locally trained models, which may leak information. The first concern can be addressed using a weighted aggregation scheme where the weights of clients are determined based on their data size and quality. Approaches in previous works result in a good performance but do not provide any privacy guarantee. For the second concern, privacy-preserving aggregation schemes can provide privacy guarantees that can be mathematically analyzed. However, the security issue still exists that both the central server and clients may send fraudulent messages to each other for their own benefits, especially if there is an incentive mechanism where the reward provided by the server is distributed according to clients' weights. To address the issues mentioned above, we propose a secure weighted aggregation scheme. Precisely, relying on the homomorphic encryption (HE) crypto-system, each client's weight is calculated in a privacy-preserving manner. Furthermore, we adopt a zero-knowledge proof (ZKP) based verification scheme to prevent the central server and clients from receiving fraudulent messages from each other. To the best of our knowledge, this work proposes the first aggregation scheme to deal with data disparity and fraudulent messages in the FL system from both privacy and security perspective.
翻译:联邦学习(FL)计划使多个客户能够利用本地数据共同解决机器学习问题,用其本地数据培训本地模型,然后在中央服务器的协调下将这些模型汇集在一起。为了实现这样一个实用的FL系统,我们需要考虑(一) 如何处理客户数据集之间的差异,以及(二) 如何进一步保护客户在当地培训的模式的隐私,这些模式可能会泄漏信息。第一个关切可以使用加权汇总计划加以解决,即客户的权重是根据其数据大小和质量来确定的。以往工作中的做法导致良好的业绩,但不能提供任何隐私保障。第二个关切是,隐私保护汇总计划可以提供隐私保障,可以进行数学分析。然而,安全问题仍然存在,即中央服务器和客户可能相互发送欺诈性信息,以为自己的利益服务员在当地培训模式,根据客户的权重分配奖励。为了解决上述问题,我们建议采用一个安全的加权组合计划。准确地说,依靠同质加密(HE)系统加密,每个客户的保密组合可以提供隐私保障,而每个客户的保密权重从我们从欺诈性服务器的保密系统到核心系统,从每个客户的保密系统,通过一种保密机制,从我们从一个保密的保密的保密性保密系统到从安全系统,从一个安全系统到另一个的保密系统,从保密系统,从一个核心的保密系统到另一个的保密系统,从一个保密系统,从一个数据系统,从一个保密系统,从一个安全系统到一个保密系统,从一个保密系统到一个保密系统,从一个保密系统从一个系统,从一个系统从一个系统到一个系统,从一个系统,从一个系统从一个系统到一个系统从一个加密到一个核心的保密性加密到一个系统,从一个系统,从一个系统从一个系统从一个系统到一个系统,从一个系统,从一个系统从一个系统从一个系统从一个系统从一个系统到一个系统到一个系统,从一个系统到一个系统,从一个系统从一个系统从一个系统从一个系统,从一个系统到一个系统从一个系统从一个系统从一个系统从一个系统从一个系统到一个系统到一个系统从一个系统到一个系统从一个系统从一个系统从一个系统从一个系统从一个系统从一个系统到一个系统到一个系统从一个系统从一个系统到一个系统到一个系统到一个系统从一个系统到一个系统到一个系统从一个系统从一个系统