西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (5): 178-187.doi: 10.19665/j.issn1001-2400.20230403

• 网络空间安全 • 上一篇    下一篇

一种高效的联邦学习隐私保护方案

宋成(),程道晨(),彭维平()   

  1. 河南理工大学 计算机科学与技术学院,河南 焦作 454003
  • 收稿日期:2022-10-27 出版日期:2023-10-20 发布日期:2023-11-21
  • 通讯作者: 程道晨
  • 作者简介:宋 成(1980—),男,副教授,博士,E-mail:songcheng@hpu.edu.cn;|彭维平(1979—),男,教授,博士,E-mail:pwp9999@hpu.edu.cn
  • 基金资助:
    国家自然科学基金(62273290);国家自然科学基金(61872126);河南省科技攻关计划(222102210078);河南省科技攻关计划(212102210092)

Efficient federated learning privacy protection scheme

SONG Cheng(),CHENG Daochen(),PENG Weiping()   

  1. School of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454003,China
  • Received:2022-10-27 Online:2023-10-20 Published:2023-11-21
  • Contact: Daochen CHENG

摘要:

联邦学习允许客户端在只共享梯度的情况下联合训练模型,而不是直接将训练数据提供给服务器。尽管联邦学习避免将数据直接暴露给第三方,对于数据起着一定保护作用,但研究表明,联邦学习场景下传输的梯度依然会导致隐私信息泄露。然而在训练过程中采用加密方案带来的计算和通信开销又会影响训练效率,并且难以适用于资源受限的环境。针对当前联邦学习中隐私保护方案存在的安全与效率等问题,结合同态加密和压缩技术,提出一种安全高效的联邦学习隐私保护方案。通过优化同态加密算法,确保方案安全性的基础上,减少运算次数,提高运算效率;同时设计一种梯度过滤压缩算法,过滤掉与全局模型收敛趋势不相关的本地更新,并采用计算可忽略的压缩操作符量化更新参数,以在保证模型准确率的基础上提高通信效率。安全性分析表明,方案满足不可区分性,数据隐私性和模型安全性等安全特性。实验结果显示,方案不仅有较高模型准确率,而且在通信开销与计算开销方面较现有方案也有明显优势。

关键词: 联邦学习, 隐私保护技术, 同态加密, 自然压缩

Abstract:

Federated learning allows clients to jointly train models with only shared gradients,rather than directly feeding the training data to the server.Although federated learning avoids exposing data directly to third parties and plays a certain role in protecting data,research shows that the transmission gradient in federated learning scenarios will still lead to the disclosure of private information.However,the computing and communication overhead brought by the encryption scheme in the training process will affect the training efficiency,and it is difficult to apply to resource-constrained environments.Aiming at the security and efficiency problems of privacy protection schemes in current federated learning,a safe and efficient privacy protection scheme for federated learning is proposed by combining homomorphic encryption and compression techniques.The homomorphic encryption algorithm is optimized to ensure the security of the scheme,reduce the number of operations and improve the efficiency of operations.At the same time,a gradient filtering compression algorithm is designed to filter out the local updates that are not related to the convergence trend of the global model,and the update parameters are quantized by a computationally negligible compression operator,which ensures the accuracy of the model and increases the communication efficiency.The security analysis shows that the scheme satisfies the security characteristics such as indistinguishability,data privacy and model security.Experimental results show that the proposed scheme has not only higher model accuracy,but also obvious advantages over the existing schemes in terms of communication cost and calculation cost.

Key words: federated learning, privacy-preserving techniques, homomorphic encryption, natural compression

中图分类号: 

  • TP391