A lightweight privacy protection longitudinal federated learning model parameter aggregation method

By employing arbitrary one-way trapdoor permutation and hash digest algorithms in vertical federated learning, a lightweight privacy-preserving parameter aggregation method is designed, which solves the problems of insufficient computational complexity and security in existing technologies, and realizes efficient and secure parameter aggregation computation in multi-user scenarios.

CN115865313BActive Publication Date: 2026-06-23STATE GRID ANHUI ELECTRIC POWER CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
STATE GRID ANHUI ELECTRIC POWER CO LTD
Filing Date
2022-11-24
Publication Date
2026-06-23

Smart Images

  • Figure CN115865313B_ABST
    Figure CN115865313B_ABST
Patent Text Reader

Abstract

The application discloses a lightweight privacy protection longitudinal federated learning model parameter aggregation method, which is characterized in that the method adopts an arbitrary one-way trapdoor permutation and different hash digest algorithms in the background of federated learning, realizes privacy protection parameter aggregation calculation in a multi-user scene, and specifically includes four stages of system initialization, encryption, data aggregation and decryption. Compared with the prior art, the application has lower calculation and communication overhead, does not need to use public key homomorphic encryption, guarantees the security of the aggregation result, protects sensitive data of the participants from collusion attacks, better solves the problem that the calculation-intensive public key homomorphic encryption brings unbearable high complexity to resource-limited local users, guarantees the security of the aggregation result, and meets various efficiency and privacy requirements.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of privacy-preserving aggregation technology, specifically a method for supporting efficient privacy-preserving parameter aggregation on the ciphertext domain in a vertical federated learning scenario using lightweight homomorphic computation. Background Technology

[0002] With the booming development of the computer field, data has become a core element in realizing various technologies, and enterprises and institutions hope to benefit from massive amounts of data. Vertical federated learning technology improves the performance and security of privacy protection, ensuring that private data between enterprises does not leave the database. Each client model uses local data for training, interacting only with model parameters during the training process. This enables data analysis and computation while protecting the data itself from external leakage, separating data usage rights from ownership, strictly controlling the amount and method of data use, and reducing the work of data transfer, storage, and post-event destruction in traditional collaborations. It also addresses concerns about data leakage and reluctance to share data. However, in real-world applications, aggregators aggregate the model parameters from both parties and return the aggregation results to the recipient. During data processing or user interaction, there is an opportunity to snoop on users' private data, potentially leading to collusion with unauthorized users to launch attacks and disrupt the proper execution of the protocol.

[0003] To prevent user data privacy leaks and ensure information security, the most direct method is to protect data confidentiality through various encryption methods before sending it to the aggregator. The basic process of data encryption involves processing the original plaintext data using a key and a specific encryption algorithm, transforming it into unreadable code, or ciphertext. The decryptor must input the corresponding key and use the decryption algorithm to recover the original plaintext data. By encrypting data using these methods, the goal of protecting it from unauthorized access is achieved.

[0004] Privacy-preserving aggregation needs to meet the following two basic privacy protection requirements: (1) Input data privacy: that is, the privacy of the input data of the data owner can resist collusion attacks initiated by semi-trusted or malicious aggregators and malicious receivers; (2) Aggregation result privacy: that is, the aggregation calculation result can only be decrypted by an authorized receiver. Homomorphic encryption has the property that the computational operation performed on the ciphertext maintains the same computational operation performed on the corresponding plaintext, and can realize various secure computation functions on the ciphertext domain. Specifically, the data owner uses the public key of the result receiver to encrypt each input data used locally for data aggregation using homomorphic computation and sends it to the aggregator. The aggregator performs aggregation calculation on the ciphertext domain and sends the ciphertext calculation result to the receiver. The receiver uses its private key to decrypt the plaintext calculation result.

[0005] However, using public-key homomorphic encryption algorithms for secure aggregation fails to adequately protect input data, and its computational and communication complexity is too high to meet the performance requirements of local users with limited resources. More importantly, most lightweight secure aggregation solutions currently available internationally only provide effective solutions for single-user scenarios and cannot meet the more general needs of multi-user scenarios, where data input cannot be encrypted under different keys for data aggregation. Therefore, finding a lightweight, privacy-preserving method for parameter aggregation in longitudinal federated learning models is a pressing and publicly known problem that needs to be solved.

[0006] Existing privacy-preserving aggregation technologies rely on computationally intensive public-key homomorphic encryption. The use of public-key homomorphic encryption not only increases computational and communication overhead but also brings unacceptable high complexity to resource-constrained local users. Sensitive data of participating parties is vulnerable to collusion attacks, resulting in low security performance of the aggregation results. Summary of the Invention

[0007] The purpose of this invention is to address the shortcomings of existing technologies by providing a lightweight, privacy-preserving parameter aggregation method for longitudinal federated learning models. This privacy-preserving parameter aggregation method, designed using arbitrary one-way trapdoor permutation techniques within a federated learning context, enables efficient privacy-preserving aggregation computation in multi-user scenarios. This method supports aggregation computation over ciphertext domains in multi-user scenarios without utilizing Paillier public-key homomorphic encryption. It requires each data owner to perform the one-way trapdoor permutation only once to batch encrypt multiple data inputs. The one-way trapdoor permutation can be implemented using various specific public-key encryption algorithms, such as RSA encryption, Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and proxy re-encryption, depending on the security requirements of different network application scenarios. The hash function can employ different hash digest algorithms, such as MD5, SHA1, SHA3, and SHA256, depending on the input and output length requirements. The arbitrary one-way trapdoor and arbitrary hash function make this invention more flexible. This method does not require the use of public-key homomorphic encryption, which greatly reduces the computation and communication overhead, meets various efficiency and privacy requirements, protects the sensitive data of the participants from collusion attacks, ensures the security of the aggregation results, and effectively solves the problem of unbearable high complexity brought to resource-constrained local users by computationally intensive public-key homomorphic encryption.

[0008] The objective of this invention is achieved as follows: a lightweight, privacy-preserving parameter aggregation method for a longitudinal federated learning model. This method, in the context of federated learning, employs arbitrary one-way trapdoor permutations and different hash digest algorithms, involving multiple data owners, an aggregator, and a receiver of the computation results. It achieves privacy-preserving parameter aggregation in multi-user scenarios, specifically including the following stages:

[0009] (I) System Initialization Phase

[0010] Under given security parameters, the system executes a trapdoor permutation generator to generate a pair of one-way trapdoor permutations and a pair of public and private keys, and generates two hash functions. The data owner newly added in this round of parameter aggregation is the result receiver, and the private key is secretly held by the receiver.

[0011] (II) Data Encryption Stage

[0012] All data owners negotiate a shared key to generate a single key. The shared key is used to encrypt and blind the model parameters. A hash function is used to digest all ciphertext parameters to prevent tampering during transmission. The shared key is encrypted using the recipient's public key. All of the above data is then sent to the aggregator.

[0013] (III) Data Aggregation Stage

[0014] The aggregator performs calculations on the ciphertext field to complete the data aggregation and sends the aggregated ciphertext group to the data receiver.

[0015] (iv) Data Decryption Stage

[0016] The data receiver uses its private key to decrypt the shared secret, verifies the integrity of the ciphertext, and then performs a decryption operation to recover the aggregation result. Based on the aggregation parameters, it determines whether to continue the next round of model training. If no new data owner joins in this round, there is no need to encrypt the shared key using a one-way trapdoor permutation, and the aggregator finally sends the aggregation result to all data owners.

[0017] The specific process for generating public parameters, one-way trapdoor permutations, and their public and private keys during the system initialization phase is as follows:

[0018] a) Input 1, where λ is the safety parameter;

[0019] b) The system runs a trapdoor permutation generator, represented by a probabilistic multinomial-time algorithm, which outputs a pair of permutations (,) and a pair of public and private keys (,) over a finite field, where is a prime number and || = , is a multiplicative generator. It also outputs two hash functions, ,: 0, 1 * →0,1, the public parameter is =(,,,,,), and the private key is secretly held by the recipient.

[0020] The specific process for encrypting data during the data encryption phase is as follows:

[0021] a) Assume that in each round of aggregation, the users are (∈{1,…,N}), where n These are the new data owners who joined in this round, each inputting a model parameter m. Each data owner randomly selects... And calculate Each data owner will transmit z through a secure, authenticated channel. i Send to U i-1 U i+1 ,Bundle Send to other data owners U j (j≠i);

[0022] b) Receive N-1 data items from the other N-1 data owners. Then, each data owner calculates R using the following formula (1). i :

[0023]

[0024] Among them, R i The random number difference calculated for the i-th data owner; A random number generated for the i-th data owner; z i In the finite field F p Intermediate results calculated in the middle; U j For other data owners;

[0025] c) Received from neighboring data owner U i-1 and U i+1 Send z i-1 , z i+1 U i calculate And X via secure channel i Send to other participants U j (j≠i);

[0026] d) Each data owner calculates a shared secret for privacy-preserving data aggregation using the following formula (2):

[0027]

[0028] e) Each data owner U i PK using public key f Calculate r using equations (3) to (4) below. i The ciphertext C of ' 1,i Summary of shared secrets and blinding results C ram,i :

[0029] C 1,i =f pkf (r i ′), C 2,i =m i r i ′+R i (3);

[0030] C raE,i =H0(r i ′||C 2,i (4);

[0031] f) Each data owner U i C i =(C 1,i C 2,i C ram,i Send to the aggregator.

[0032] The specific process for data aggregation on the encrypted field during the data aggregation phase is as follows:

[0033] a) If all data owners successfully negotiate a shared secret, and let r = r1′ = r2′ = ... = r n ′, and This represents the result of the negotiation, then all r i All '(i∈{1,…,N}) should be equal;

[0034] b) Perform the following calculations (5) to (6) to complete the data aggregation:

[0035]

[0036]

[0037] c) The aggregator will C A =(C i C T ,C3) is sent to the recipient.

[0038] The specific process of the decryption algorithm in the data decryption stage is as follows:

[0039] a) The data receiver first decrypts the data. And check all r i Check if they are equal. If not, the data receiver terminates the protocol and outputs ⊥; otherwise, for all i∈{1,2,…,N}, let r=ri′, and continue checking equation C. ram,i =H0(r i ′‖C 2.i )and Are all conditions met? If not, the data receiver terminates the protocol and outputs ⊥; otherwise, it performs decryption and calculates m. T =r -1 C T This allows the receiver to recover the aggregation results and, based on these results, determine whether to continue participating in the next round of parameter aggregation after model training.

[0040] Compared with the prior art, the present invention has the following advantages:

[0041] (1) Security: In the privacy-preserving aggregation implemented by public-key homomorphic encryption, the input privacy and computation result privacy can only achieve adaptive choice plaintext security (CPA security). However, in the parameter aggregation method of our proposed lightweight privacy-preserving longitudinal federated learning model, the input privacy can achieve adaptive choice ciphertext security (CCA2 security) for unauthorized recipients when the aggregator and the cryptographic service provider do not collude. CCA2 security is a higher level of security than CPA security.

[0042] (2) Efficiency: In our proposed lightweight privacy-preserving longitudinal federated learning model parameter aggregation method, a shared secret is encrypted with only one arbitrary one-way trapdoor permutation operation (whose algorithmic complexity is comparable to that of a single public-key encryption operation). For Paillier public-key homomorphic encryption, achieving ciphertext aggregation at the same security level requires O(n) multiplications, while our proposed method only requires O(n) addition operations (where n is the number of data owners).

[0043] (3) High Availability: Most existing secure outsourced computing protocols internationally are only applicable to single-user scenarios, while the privacy-preserving aggregation scheme implemented by this method supports aggregation computing in multi-user scenarios, thus having higher availability. In the lightweight privacy-preserving vertical federated learning model parameter aggregation method, the one-way trapdoor permutation can be instantiated by various specific public-key encryption algorithms according to the security requirements of different network application scenarios, such as RSA encryption, identity-based encryption, attribute-based encryption, proxy re-encryption, etc., which is more flexible. Attached Figure Description

[0044] Figure 1 This is a system diagram of the present invention;

[0045] Figure 2 This is a flowchart of the present invention. Detailed Implementation

[0046] I. Explanation of the mathematical theory applied in this invention:

[0047] 1. Hash function

[0048] Hash functions map variable-length messages to fixed-length hash values ​​or message digests. There are many hash algorithms, with MD2, MD4, MD5, and the Secure Hash Algorithm (SHA-1) being commonly used. For a hash function whose input and output are both bit strings (strings of 0s and 1s), the length of the bit string x is denoted as |x|, and the bits x and y are denoted as x||y. Let compress: {0, 1} m+t→{0,1} m It is a compression function (here t≥1). An iterative IIash function will be constructed based on the compression function. The evaluation of the iterative hash function h mainly consists of the following three steps.

[0049] 1) Preprocessing: Given an input bit string x, where |x|≥m+t+1, construct a string y using a publicly available algorithm such that |y|≡0 (mod t). This is denoted as y=y1||y2||…||y r For 1≤i≤r, we have |y i |=t.

[0050] 2) Processing: Suppose IV is a publicly available initial value bit string of length m. Then calculate:

[0051] z0←IV,

[0052] z1←compress(z0||y1),

[0053] z2←comprgss(z1||y2),

[0054]

[0055] z r ←compress(z r-1 ||y r ),

[0056] 3) Output transformation: Let g: {0, 1} m →{0,1} l It is a public function. Define the hash function h(x) = g(z). r ).

[0057] 2. Public Key Encryption Scheme

[0058] A public-key encryption scheme consists of a key generation algorithm, an encryption algorithm, and a decryption algorithm.

[0059] Key generation algorithm: Input security parameter 1 n Output a public-private key pair (pk, sk), where pk is the public key and sk is the private key.

[0060] Encryption Algorithm: Input public key pk, message m, output ciphertext c < Enc pk (m).

[0061] Decryption algorithm: Input private key sk, ciphertext c, output m = Dec sk (c)

[0062] The correctness requirements of public-key encryption algorithms, besides negligible probability, are for the key generation algorithm Gen(1). n The public-private key pair (pk, sk) obtained has DCc sk (Enc pk (m))-m holds true.

[0063] 3. Chinese Remainder Theorem

[0064] Let m1, m2, ..., m k If b1, b2, ..., bn are pairwise coprime positive integers, then for any integers b1, b2, ..., bn... k A system of linear congruences There must be a solution, and all solutions form a modulus m1, m2, ..., m k A congruence class.

[0065] See Figure 1 This invention relates to multiple data owners, an aggregator, and a data receiver, each data owner U i The shared key, the blinded ciphertext of the message, and the digest are calculated from the random number and initial parameters and sent to the aggregator. The aggregator calculates the aggregation result and its digest on the ciphertext field. The data receiver verifies whether the data has been tampered with and then decrypts the data with the private key to obtain the aggregation result.

[0066] See Figure 2 The present invention specifically includes the following steps:

[0067] (I) System Initialization Phase

[0068] Under given security parameters, the system executes a trapdoor permutation generator to generate a pair of one-way trapdoor permutations and a pair of public and private keys, and generates two hash functions. The private key is secretly held by the recipient.

[0069] (II) Data Encryption Stage

[0070] All data owners negotiate a shared key to generate a single key. The shared key is used to encrypt and blind the model parameters. A hash function is used to digest all ciphertext parameters to prevent tampering during transmission. The shared key is encrypted using the recipient's public key. All of the above data is then sent to the aggregator.

[0071] (III) Data Aggregation Stage

[0072] The aggregator performs calculations on the ciphertext field to complete the data aggregation and sends the aggregated ciphertext group to the data receiver.

[0073] (iv) Data Decryption Stage

[0074] The data receiver uses its private key to decrypt the shared secret, verifies the integrity of the ciphertext, and then performs a decryption operation to recover the aggregation result. Based on the aggregation parameters, it determines whether to continue to the next round of model training. If no new data owner joins in this round, there is no need to encrypt the shared key using a one-way trapdoor permutation, and the aggregator ultimately sends the aggregation result to all data owners.

[0075] The meanings of the main parameters used in this invention are detailed in the parameter list in Table 1 below:

[0076] Table 1 Parameter List

[0077] parameter meaning λ Safety parameters <![CDATA[f,f -1 ]]> One-way trapdoor displacement and reverse displacement <![CDATA[pk f ,sk f ]]> Public and private keys for one-way trapdoor permutation <![CDATA[H0,H1]]> Cryptographic hash function <![CDATA[m i ]]> Input message from the i-th data owner <![CDATA[R i ]]> The random number difference calculated by the owner of the i-th data. <![CDATA[r i ′]]> The shared secret of the i-th data owner <![CDATA[C 1,i ]]> <![CDATA[r i 'ciphertext' <![CDATA[C 2,i ]]> <![CDATA[m i The result after blinding]]> <![CDATA[C ram,i ]]> Summary of shared secrets and blinded results <![CDATA[C T ]]> Ciphertext of the aggregation result <![CDATA[m T ]]> Aggregation results

[0078] The specific process for generating public parameters, one-way trapdoor permutations, and their public and private keys in step (I) is as follows:

[0079] a) Input 1 λ , where λ is a safety parameter;

[0080] b) The system runs a trapdoor permutation generator using a probabilistic multinomial-time algorithm. Let F represent the output in the finite field F. p A pair of permutations (f,f) on -1 ) and a public / private key pair (pk f ,sk f ), where p is a prime number and |p|=λ, and g is F p The multiplicative generator. It also outputs two hash functions H0, H1: 0, 1. * →0,1 λ The common parameters are PPR = (p, F p ,g,pk f H0, H1), the private key skf is secretly held by the recipient.

[0081] The specific process for encrypting data in step (II) is as follows:

[0082] a) Assume that in each round of aggregation, the user is U. i (i∈{1,…,N}), where U n These are the new data owners who joined in this round; each of them inputs a model parameter m. i Each data owner randomly selects r. i ,r i j (j∈{1,…,n}∧j≠i)∈ R Fp and calculate Each data owner U i z through a secure, authenticated channel i Send to U i-1 Ui+1 , put r i j Send to other data owners U j (j≠i);

[0083] b) Receive n-1 r from the other n-1 data owners i j Then, each data owner calculates R using the following formula (1). i :

[0084]

[0085] c) Received from neighboring data owner U i-1 and U i+1 Send z i-1 , z i+1 U i calculate And X via secure channel i Send to other participants U j (j≠i);

[0086] d) Each data owner calculates a shared secret for privacy-preserving data aggregation using the following formula (2):

[0087]

[0088] e) Each data owner U i PK using public key f Calculate r using equations (3) to (4) below. i The ciphertext C of ' 1,i Summary of shared secrets and blinding results C ram,i :

[0089]

[0090] C rDm,i =H0(r i ′||C 2,i (4);

[0091] f) Each data owner U i C i =(C 1,i C 2,i C ram,i Send to the aggregator.

[0092] The specific process for data aggregation in the ciphertext field in step (iii) is as follows:

[0093] a) If all data owners successfully negotiate a shared secret, and let r = r1′ = r2′ = ... = r n′, and This represents the result of the negotiation, then all r i All '(i∈{1,…,n}) should be equal;

[0094] b) Perform the following calculations (5) to (6) to complete the data aggregation:

[0095]

[0096]

[0097] c) The aggregator will C A =(C i C T ,C3) is sent to the recipient.

[0098] The specific process of the decryption algorithm in step (iv) is as follows;

[0099] a) The data receiver first decrypts the data. And check all r i Check if they are equal. If not, the data receiver terminates the protocol and outputs ⊥; otherwise, for all i∈{1,2,…,n}, let r = r i Continue checking equation C. ram,i =H0(r i ′‖C 2.i )and Are all conditions met? If not, the data receiver terminates the protocol and outputs ⊥; otherwise, it performs decryption and calculates m. T =r -1 C T This allows the receiver to recover the aggregation results and, based on these results, determine whether to continue participating in the next round of parameter aggregation after model training.

[0100] The invention will be further described in detail through the following specific examples.

[0101] Example 1

[0102] See Figure 1 This invention generates public parameters and keys through a system (a trusted third party), and multiple data owners U i Each user blinds the message using their own key and sends it to the aggregator. The aggregator performs aggregation calculations on the encrypted data in the ciphertext field, and the receiver decrypts the calculation result. This invention is based on arbitrary one-way trapdoor permutation, which can be flexibly applied in different network scenarios, meeting the requirements of correctness, efficiency, and privacy. It achieves adaptive choice ciphertext security (CCA2 security) in terms of both input privacy and calculation result privacy.

[0103] See Figure 2 To achieve efficient privacy-preserving aggregate computing in multi-user scenarios, the process includes four steps: system initialization, data encryption, data aggregation, and decryption algorithm. The specific process of step (I), system initialization, is as follows:

[0104] a) Input 1, where λ is a safety parameter, and λ = 1024 is taken;

[0105] b) The system runs a trapdoor permutation generator using a probabilistic multinomial-time algorithm. Let F represent the output in the finite field F. p A pair of permutations (f,f) on -1 ) and a public / private key pair (pk f ,sk f ), where p is a prime number and |p|=λ, and g is F p The multiplicative generator. It also outputs two hash functions H0, H1: 0, 1. * →0,1 λ The common parameters are PPR = (p, F p ,g,pk f H0, H1), private key sk f It is secretly held by the recipient. In the specific implementation, we used RSA as a one-way trapdoor permutation to generate a pair of RSA keys.

[0106] Choose a large prime number with 1024 bits:

[0107] p=169022611160046715659243236661523245685162643632732092117513627000107207092 234902393703919674461172382935923139500016930500768651901276667405728898445257 879951313991704969688497263614669094827858039097949258175472051963111767418672333079791733650445228617171490875718970647524684303339562557703826241508648689

[0108] For a one-way trapdoor permutation, generate the public and private keys for the RSA algorithm:

[0109] pk f =(N,e)

[0110] =(919923444410042458289110684697535023105957762474519523278169719738964939824111125296043775007768932874149155241216389201137355294526773001193374047326748401908327159449688455752557713946602736704612771054298669924550965139538466518211858592454515038036489709270846171115760894940957746750027484167175753924310606971731880134272460634774118229908377995023462130600809357816123028440077569603336005627409915869450349854145161891172452033821533105586614186394046985503809080072603179114783172875348143945367998783873446676508433218542355965184735953079042180959985170 635136387471087381916053777634717902195425067604709530489598690 537890116462968291486878865846956212063560973041102257654948764 715403835500439071101461568189549277032421256499145569469645164 476954321471641661702144159089696333007920344668300535557272598 445034371834237860841689366680532099508008637946706978659611845 041370858789344485639145864892877020521637978681721572070938677 766396754060387400328780390033785574259901309671664840112549241 524190088050651369279625411814721617661446979811989856351698706 869244033316762053348032520076202332213940437106395889286931936 762866040764606617364547589392698091752061538617022892593328057

[0121] 929246667523662986173953327030283782717,65537)

[0122]

[0123] The specific process for encrypting data in step (II) is as follows:

[0124] a) Assume that in each round of aggregation, each user ∈ {1,…,N} has a data input m. Each data owner randomly selects r,r... j (j∈{1,…,N}∧j≠)∈ R And calculate z = ri mo2. Each data owner sends z to [the data source] via a secure, authenticated channel. + , put r j Send to other data owners j (j≠).

[0125] Here, we selected two data owners, namely 2 and 37, whose input data are 62 respectively.

[0126] Choose two random numbers.

[0127] r=10000509295307981356245973825886551047640091875859716880287041333 26653825672578340223275835285455331246994710281151344711064021735296 8168371216589878344736872299496330377294951109368908301402807649767123 2936666698915076798428609025591975154718745098658449260530497113770289 244867156952117856525353346432841569

[0128] 5096549041062226903429273264999909668303946162644847468511338289743463461750359097605586436294497809443894442042221031198121064957239268006211357186335567200671209539063387154

[0129] calculate

[0130] U2 selects two random numbers.

[0131] r2=28134039583850737687384432513793011475524584241323053629507433684698475763 605286371622177185220048973886879794224976997767386837229222934734822702822604 974040526376319929423674389570455271168097653799336750283878297892043620717028987583678394753128464581622262418792245486052365887723783860059098608704969977

[0132]

[0133] calculate

[0134] b) Receive n-1 r from the other n-1 data owners i j Then, each data owner calculates R using the following formula (1). i :

[0135]

[0136] c) Received from neighboring data owner U i-1和 U i+1 Send z i-1 , z i+1 U i calculate X is sent to other participants via a secure channel. j j≠.

[0137] After each data owner sends and receives one piece of data, they calculate...

[0138] R=-1073224368090423218033860269266310362598967771634683515381628802 00016958022432748430897744833356703389451758691658035646385931564460 8333595511438336365970035444252651741783877601240484293457497418567442 0031071264673370501607779730371359215869099058779945683773968989111384 9324059996973850079961795885275364066

[0139] R2=10732243680904232180338602692663103625989677716346835153816288 0200016958022432748430897744833356703389451758691658035646385931564460 8333595511438336365970035444252651741783877601240484293457497418567442 0031071264673370501607779730371359215869099058779945683773968989111384 9324059996973850079961795885275364066

[0141] X = 1

[0142] X2 = 1

[0143] d) Each data owner calculates a shared secret for privacy-preserving data aggregation using the following formula (2):

[0144]

[0145] The subscript of X is calculated using modular addition with a modulus of N.

[0146] r′=15296332637824150013628895757936528637198786811463398921823641222 69547168220417679623091529464244179841052712010693428992741056025674 2883319672249553692222044538877035865600950942235181526785121614230077 4602973497950184246590161543033365031941448419245199091227521299552241 590329462662989732735917851257852369

[0147] r2′=15296332637824150013628895757936528637198786811463398921823641 2226954716822041767962309152946424417984105271201069342899274105602567 4288331967224955369222204453887703586560095094223518152678512161423007 7460297349795018424659016154303336503194144841924519909122752129955224 1590329462662989732735917851257852369

[0149] e) Each data owner calculates r using the public key according to equations (3) to (4) below. i The ciphertext C of ' , Summary of shared secrets and blinding results C raE, :

[0150]

[0151] C ram,i =H0(r i ′||C 2,i (4).

[0152] f) Set C = C , C 2, C ram, Send to the aggregator.

[0153] g) Using the RSA public key pk f Encrypting the shared secret yields:

[0154] C 1,1[b'\xe0\xc1M\xe6\xc6\xd6\xb7\xb3~q,\xa2\xa3\xd9}\xd5;\x85Jr\xa5\xf8}\x95\xdb:\x11\xfb\x1fFV[9x5\x7\x4v\v \xb2\xfb,\xdc0\xf3\xba.G\xb2S\xa8\x9b(\xa1\x97 / \x90\x98\x14\xc8\x9c:[�wz\x19\xa4\xc1\xca\xbb�70B\x\x\\xc f9F\x9ba\xca\x93\x8cN-x08\x19\xc3\xd7HB\xefg\x0e\x9f\x0fo@]\xbcx\xe7\xd2\x9aw.\xd8W\xde\xff\xc5\x9x\9x\78! 1eUcE\xc5\x86\xa9G@\xca\xcd\x9d\xe0\xd5\xc7P\xcc\xbe:\xb0\x16SW\x9b\xf1\x1e\xac\xb4yX\xf8\xee\xa1e\x1c\x9x81\xa6 1C\x07\x8e\xb5\xc4Hh\x1b\x87\xcd\xaf\xdeq\x11\xf1\x11]\xa33Z\x9c\xb7\x12h\xcaD\x03\x8b*\x85-\x03c1Q-Z\Z\x8 \x81z\xb6\xf9p\xff\x97|3H\xa4p\x1dE\xd1\xf8\xbb\x97\xec\x9e\x87\x94\xff\n\xf3\x8amd\xc9\x8f!\x87Rh9fZ\x}\xcc 9T\xc5\xcaI\x108\x1a\xbd\xb4~\xb3\xd3\x08\x12(\x1e\xce\xf3\xd4\xf5\x9d\xba\x13\xa5\xb9\xc8\xf3M\x6\xb\8\xd7 1\x97"\xea}{\xadBy\x9ft}\xbf\x97\x89\xe0\xc0\xaa\xba\xa3\x92H\xea@zn\xffG\x82\x13\x8a\xb0\xbb\xa9\xc1i\x1x\x81`\xeul\xd7I\xf6\xad8\x88U\x05\x86\xc1\x1cC\xbf\xc6\x89\xf0d\x82\xe7\xe6\x c2\xf0g\x9d\x07G\x13\x15\x9c\x18A,\x80\xcbY\xa6r\xd5@\x93h\xbaT\xef\x9 6\xe4\x1e\'U\x7f\x8f\x7f\xbd\x17\x0c5\xf7\x88\x91\x184\xda\xa5\x1d\x0 0\x87&T\xf0\x0b\xcf\xbaI\n\xec\xf9\xc3\x92\xca4\x80\x1b\x9c\xec\xb0\xd 2\x95jC\xf9\x9cN\x90I?\x2\xb9\xa6\xe9\x8c\x18\x8d\xe1\xc1\xc9\x14\'\ xdc\xdf\x95\xcc\x17\xfd\xfb\x82\xf9z\xcci\x86\x14\x04S\xc1\xa4\xb9x\x9 cA\xc8Y-\x7f\x08\xdf\xc9 / \xa04\xbc\xc1\xa2\xb9p\xcf\xa2J\xc0\x11,\xdf\ xbd\xb6\xd0\xd8;1\xf4-\xa9\x96)y\xe8a\x18\xa0\x98\x9e\xfcR\xd8\xbcZH',

[0155] C 2,1 =55523206391858931832393054035098845950365434307798924953 11266617454091418434676202244327574790765162675597573053403468727588501229525 15293495923809609396408850296873556474525540838445999306777423112107758179788 520914023142600924272909537678598192319089518130121556770031267164611265173587

[0156] C ram, [228711240581932356

[0157] C,2 =b'\xe0\xc1M\xe6\xc6\xd6\xb7\xb3~q,\xa2\xa3\xd9}\xd5;\x85Jr\xa5\xf8}\x9

[0158] 5\xdb:\x11\xfb\x1fFV\xa4v\xb5\xd0\x01\xf9\x7fMV[\xb2\xfb,\xdc0\xf3\xba.G\xb2S \xa8\x9b(\xa1\x97 / \x90\x98\x14\xc8\x9c:[~wz\x19\xa4\xc1\xca\xdb~\xe0\xc9\\\xc 7B\xbb\xb00\xf9F\x9ba\xca\x93\x8cN-=\x08\x19\xc3\xd7HB\xefg\x0e\x9f\x0fo@]\xb cx\xe7\xd2\x9aw.\xd8W\xde\xff\xc5\x8f!=\x88X\x97\x91W\x1eUcE\xc5\x86\xa9G@\xc a\xcd\x9d\xe0\xd5\xc7P\xcc\xbe:\xb0\x16SW\x9b\xf1\x1e\xac\xb4yX\xf8\xee\xa1e\x1c\xa6\x9a\x1f\'\x81C\x07\x8 Hh\x1b\x87\xcd\xaf\xdeq\x11\xf1\x11]\xa33Z\x9c\xb7\x12h\xcaD\x03\x8b*\x85-\x03Q@Z\x8f~\xc1-7Zt\p\x68[W\x xff\x97|3H\xa4p\x1dE\xd1\xf8\xbb\x97\xec\x9e\x87\x94\xff\n\xf3\x8amd\xc9\x8f|\x87FZ}\xf6\xccK}Rhx5\x9x\9f x108\x1a\xbd\xb4~\xb3\xd3\x08\x12(\x1e\xce\xf3\xd4\xf5\x9d\xba\x13\xa5\xb9\xc8\xf3M\xb\xd7\xcct\x16"\x9\x86 a}{\xadBy\x9ft}\xbf\x97\x89\xe0\xc0\xaa\xba\xa3\x92H\xea@zn\xffG\x82\x13\x8a\xb0\xbb\xa9\xc1i\x81`\xe7\xb9\ xf1,ul\xd7I\xf6\xad8\x88U\x05\x86\xc1\x1cC\xbf\xc6\x89\xf0d\x82\xe7\xe6\xc2\xf0g\x9d\x07G\x13\x15\8A,\c\x80\xcbY\xa6r\xd5@\x93h\xbaT\xef\x96\xe4\x1e\'U\x7f\x8f\x7f\xbd\x17\x0c5\xf7\x88\x91\x184\xda\xa5 \x1d\x00\x87&T\xf0\x0b\xcf\xbaI\n\xec\xf9\xc3\x92\xca4\x80\x1b\x9c\xec\xb0\xd2\x95jC\xf9\x9cN\x90I? \xe2\xb9\xa6\xe9\x8c\x18\x8d\xe1\xc1\xc9\x14\'\xdc\xdf\x95\xcc\x 17\xfd\xfb\x82\xf9z\xcci\x86\x14\x04S\xc1\xa4\xb9x\x9cA\xc8Y-\x7 f\x08\xdf\xc9 / \xa04\xbc\xc1\xa2\xb9p\xcf\xa2J\xc0\x11,\xdf\xbd\x b6\xd0\xd8;1\xf4-\xa9\x96)y\xe8a\x18\xa0\x98\x9e\xfcR\xd8\xbcZH',

[0159] C 2,2 =95910486722600153302533013968472787913231446002707756830688204 3827120940098902236209406522751167061840397857315795729540138047892364 1421017747938556925774671158529027410850977344309860975952525142679392 2256950695196451283046678129717822241390607925810018004938460104633528 27924486682079213509588702663262210944

[0161] C ram,2 =2286473375061887724

[0162] The data aggregation in step (iii) is performed on the encrypted domain, and the specific process is as follows:

[0163] a) If all data owners successfully negotiate a shared secret, and let r = r′ = r2′ = ... = rn ′, and If the result of the negotiation is to indicate that all r′∈{1,…,N} should be equal, then all r′∈{1,…,N} should be equal.

[0164] verify:

[0165] r1′=

[0166] r2′=15296332637824150013628895757936528637198786811463398921823641222695471682 204176796230915294642441798410527120106934289927410560256742883319672249553692 2220445388770358656009509422351815267851216142300774602973497950184246590161543033365031941448419245199091227521299552241590329462662989732735917851257852369

[0167] b) Perform the following calculations (5) to (6) to complete the data aggregation:

[0168]

[0169]

[0170] c) The aggregator will C A =(C i C T ,C3) is sent to the recipient.

[0171] The results of the aggregation calculation are as follows:

[0172] C T=15143369311445908513492606800357163350826798943348764932605404810468516965382135028268606141696017380426421848905864947028136454654175454486475527058155299 824093488265506944941432812829711517270398087776685694376297068240412425992760303138162203393505274710031524608655671917442616803635983540855867274527384531

[0173] C3 = 490747123044863373

[0174] The specific process of the decryption algorithm in step (iv) is as follows:

[0175] a) The data receiver first decrypts the data. And check all r i Check if they are equal. If not, the data receiver terminates the protocol and outputs ⊥; otherwise, for all i∈{1,2,…,N}, let r = r i Continue checking equation C. ram,i =H0(r i ′‖C 2.i )and Are all conditions met? If not, the data receiver terminates the protocol and outputs ⊥; otherwise, it performs decryption and calculates m. T =r -1 C T To restore the aggregation result.

[0176] b) Using the private key sk f Decrypt

[0177] r=152963326378241500136288957579365286371987868114633989218236412226954716822 041767962309152946424417984105271201069342899274105602567428833196722495536922 220445388770358656009509422351815267851216142300774602973497950184246590161543033365031941448419245199091227521299552241590329462662989732735917851257852369

[0178] c) Verify equation C raE, =r′‖C 2. and If true, perform the decryption operation to obtain m. T ='C T =99. Given that m + m² = 99, verify that m T =m+m2, meaning the aggregation result recovered by the receiver is correct.

[0179] The example above only describes privacy-preserving aggregation computation for two data owners. However, it is easy to see from the example that this lightweight privacy-preserving longitudinal federated learning model parameter aggregation method supports aggregation computation on the ciphertext domain with any number of users participating.

[0180] The above description is merely a further explanation of the present invention and is not intended to limit this patent. All equivalent implementations of the present invention should be included within the scope of the claims of this patent. The scope of protection of the present invention is not limited to the above embodiments. Any variations and advantages that can be conceived by those skilled in the art without departing from the spirit and scope of the inventive concept are included in the present invention and are protected by the claims.

Claims

1. A lightweight, privacy-preserving method for parameter aggregation in a longitudinal federated learning model, characterized in that, This method, within the context of federated learning, employs arbitrary one-way trapdoor permutations and different hash digest algorithms to achieve aggregate computation of privacy-preserving parameters in multi-user scenarios. Specifically, it includes the following steps: (I) System Initialization Under given security parameters, the system executes a trapdoor permutation generator to generate a pair of one-way trapdoor permutations and a pair of public and private keys, and generates two hash functions. In this round of parameter aggregation, the newly added data owner is the receiver, and the private key is secretly held by the receiver. (ii) Data encryption All data owners negotiate a shared key, use the shared key to encrypt and blind the model parameters, use a hash function to digest all ciphertext parameters, use the recipient's public key to encrypt the shared key, and send the data to the aggregator. (III) Data Aggregation The aggregator performs calculations on the ciphertext field to complete the data aggregation and sends the aggregated ciphertext group to the receiver. (iv) Data decryption The receiver uses its private key to decrypt the shared key, verifies the integrity of the ciphertext, and then executes the decryption algorithm to recover the aggregation result. Based on the aggregation parameters, it determines whether to continue the next round of parameter aggregation. If there are no new data owners in this round, the aggregator sends the aggregation result to all data owners; if there are new data owners in this round, the parameter aggregation steps (i) to (iv) are repeated. The specific operation process of the one-way trapdoor permutation and the pair of public and private keys in step (I) is as follows: a) Input ,in These are safety parameters; b) The system runs a trapdoor permutation generator using a probabilistic multinomial-time algorithm. To indicate that the output is in a finite field A pair of permutations and a public / private key pair ,in It is a prime number and ; yes The multiplication generator is used to output two hash functions. Common parameters are private key It is held secretly by the recipient; The specific operation process for data encryption in step (II) is as follows: a) Assume that in each round of aggregation, the users are respectively ,in These are the new data owners who joined in this round; each of them inputs a model parameter. Each data owner randomly selects... And calculate Each data owner Through a secure, authenticated channel Send to ,Bundle Send to other data owners ; b) From other The data owner received strip Then, each data owner uses the following formula (1) to... Perform the calculation: (1); in, For the first The difference in random numbers calculated by each data owner; For the first A random number generated by the data owner; For a finite field Intermediate results calculated in the process; For other data owners; c) Received from neighboring data owners and Sent , , calculate and through a secure channel Send to other participants ; d) Each data owner calculates a shared key for privacy-preserving data aggregation using the following formula (2). : (2); in, The subscript is based on the modulus. Modular addition is used to calculate; For the first The shared key of each data owner; e) Each data owner use Calculate using equations (3) to (4) below. ciphertext : , (3); (4); f) Will Send to the aggregator; The specific operation process for performing calculations on the ciphertext field to complete data aggregation in step (iii) is as follows: a) If all data owners successfully negotiate a shared key, and let , and Indicating the outcome of the negotiation, then all They should all be equal; b) Perform the following calculations (5) to (6) to complete the data aggregation: (5); (6); c) The aggregator will Send to the recipient.

2. The lightweight privacy-preserving vertical federated learning model parameter aggregation method according to claim 1, characterized in that, The specific operation flow of the decryption algorithm in step (iv) is as follows: a) The receiver first decrypts And check all If they are not equal, the receiver terminates the protocol and outputs the result. Otherwise, for all ,make Continue checking the equation and If all conditions are met, and if not, the receiver terminates the protocol and outputs the following: ; Otherwise, perform the decryption operation and calculate... This allows the receiver to recover the aggregation results and, based on these results, determine whether to continue participating in the next round of parameter aggregation after model training.