Data protection method, apparatus and system based on federated learning

By generating encrypted ciphertext data and signature data, and using system parameters and super-incrementing sequences to encode and decode user models, the problem of low user data security in federated learning is solved, and efficient security and privacy protection of user data are achieved.

CN117332451BActive Publication Date: 2026-07-03ZHEJIANG LAB

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ZHEJIANG LAB
Filing Date
2023-10-31
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

In federated learning, user data security is low, and existing technologies are insufficient to effectively protect user data privacy and security.

Method used

By generating encrypted ciphertext data and signature data, the user model is encoded and decoded using system parameters and super-incrementing sequences. Combined with the subkey and private key generated by the key generation center, the user data is encrypted and decrypted. The cloud server generates the aggregated result and transmits it to the user terminal for model updates.

Benefits of technology

It improves the security and privacy protection of user data, ensures the data security of user models, prevents collusion attacks, and enables flexible participation of users in federated learning.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117332451B_ABST
    Figure CN117332451B_ABST
Patent Text Reader

Abstract

The application relates to a data protection method, device and system based on federated learning, wherein the data protection method based on federated learning comprises the following steps: sending a federated learning request to a cloud server, wherein the federated learning request comprises a user identifier; when the number of federated learning requests received by the cloud server exceeds a preset number threshold, receiving all user identifiers sent by the cloud server, and obtaining target input data according to the user identifiers; generating ciphertext data and signature data of encrypted user data according to the target input data, and sending the ciphertext data and the signature data to the cloud server, so that the cloud server generates an aggregation result; receiving and decrypting the aggregation result sent by the cloud server, and updating a user model according to the decrypted aggregation result, so as to protect the data of the user model. Through the application, the data security of users in horizontal federated learning is realized, and the privacy of the users is protected.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data security, and in particular to a data protection method, apparatus and system based on federated learning. Background Technology

[0002] Currently, with the advent of the era of big data and artificial intelligence, applications related to machine learning have developed rapidly, such as garbage detection, facial recognition, genome prediction, financial forecasting, natural language processing, computer vision, and recommendation systems. The success of these technologies is built upon massive amounts of data. Typical learning models require tens of thousands of data points to train a suitable model. To train models more accurately and efficiently, federated learning is used to bridge data silos, thereby solving the problems of data silos and data fragmentation.

[0003] In existing technologies, data security must be protected while data sharing, so that data is usable but not visible. However, when faced with the massive amount of computation based on federated learning, common cryptographic algorithms are difficult to handle. Therefore, it is difficult to encrypt large amounts of user data during federated learning, and thus it is difficult to achieve secure protection of user data and privacy.

[0004] There is currently no effective solution to the problem of low security of user data in federated learning. Summary of the Invention

[0005] This embodiment provides a data protection method, apparatus, and system based on federated learning to address the problem of low user data security in federated learning in related technologies.

[0006] Firstly, this embodiment provides a data protection method based on federated learning, the method comprising:

[0007] Send a federated learning request to the cloud server, the federated learning request including a user identifier;

[0008] When the number of users receiving federated learning requests from the cloud server exceeds a preset threshold, the server receives all user identifiers sent by the cloud server and obtains the target input data based on the user identifiers.

[0009] Based on the target input data, encrypted ciphertext data and signature data of the user data are generated, and the ciphertext data and signature data are sent to the cloud server so that the cloud server generates an aggregation result;

[0010] The system receives and decrypts the aggregation result sent by the cloud server, and updates the user model based on the decrypted aggregation result to achieve data protection for the user model.

[0011] In some embodiments, the process of sending the federated learning request to the cloud server includes:

[0012] The parameters of the user model are encoded based on the system parameters and the super-incrementing sequence to generate the gradient data of the user model; both the system parameters and the super-incrementing sequence are generated by the key generation center.

[0013] In some embodiments, generating encrypted ciphertext data and signature data of the user data based on the target input data includes:

[0014] A subkey for the user model is generated based on the target input data and the system parameters; the target input data is the local input data in the user model.

[0015] Based on the target input data, the system parameters, the gradient data, and the subkey, generate encrypted ciphertext data of the user data;

[0016] Based on the gradient data and the system parameters, the encrypted signature data of the user model is generated.

[0017] In some embodiments, receiving and decrypting the aggregation result sent by the cloud server, and updating the user model based on the decrypted aggregation result, includes:

[0018] Receive the encrypted aggregation result sent by the cloud server; use the private key in the system parameters to decrypt the encrypted aggregation result to obtain the aggregation result; the aggregation result includes the ciphertext aggregation result and the signature aggregation result;

[0019] The system parameters and the signature aggregation result are used to determine whether the aggregation result is correct.

[0020] When the aggregation result is determined to be correct, the super-incrementing sequence is used to decode the aggregation result to obtain the aggregation result of the multidimensional data;

[0021] Based on the aggregation results of the multidimensional data, the aggregated gradient vector of the user model is obtained, and the parameters of the user model are updated using the aggregated gradient vector.

[0022] In some embodiments, updating the parameters of the user model using the aggregated gradient vector includes:

[0023] The target parameters of the user model are determined based on the preset model update learning rate, the aggregated gradient vector, the number of federated learning requests, and the parameters of the user model.

[0024] The parameters of the user model are updated to the target parameters of the user model in order to update the user model.

[0025] Secondly, this embodiment provides a data protection method based on federated learning, the method comprising:

[0026] The system receives encrypted data and signature data sent by the user terminal, and aggregates the encrypted data and signature data respectively according to system parameters, the number of federated learning requests, and the super-incrementing sequence to obtain the aggregation result.

[0027] Based on the correspondence between the signature data and user identifiers in the aggregation result, the aggregation result is sent to each user so that the user updates the user model according to the aggregation result.

[0028] In some embodiments, before receiving the encrypted data and signature data sent by the user, the process includes:

[0029] Receive federated learning requests sent by the client and determine whether the number of users receiving federated learning requests exceeds a preset threshold.

[0030] When it is determined that the number of users receiving federated learning requests exceeds a preset threshold, the user identifiers of all users who sent federated learning requests are collected to obtain a user identifier set;

[0031] The user identifier set is sent to all users who sent federated learning requests so that the users can encrypt their data.

[0032] Thirdly, this embodiment provides a data protection device based on federated learning, the device comprising: a sending module, a receiving module, and a processing module;

[0033] The sending module is used to send a federated learning request to the cloud server, the federated learning request including a user identifier; it is also used to send encrypted data and signature data to the cloud server so that the cloud server generates an aggregation result.

[0034] The receiving module is configured to receive all user identifiers sent by the cloud server when the number of users receiving federated learning requests from the cloud server exceeds a preset threshold, and to obtain target input data based on the user identifiers; it is also configured to receive aggregation results sent by the cloud server.

[0035] The processing module is used to generate encrypted ciphertext data and signature data based on the target input data; it is also used to decrypt the aggregation result sent by the cloud server and update the user model based on the decrypted aggregation result to achieve data protection of the user model.

[0036] Fourthly, this embodiment provides a data protection device based on federated learning, the device comprising: a sending module, a receiving module, and a processing module;

[0037] The receiving module is used to receive encrypted data and signature data sent by the user terminal;

[0038] The processing module is used to aggregate the ciphertext data and the signature data according to system parameters, the number of federated learning requests, and the super-incrementing sequence, respectively, to obtain an aggregation result.

[0039] The sending module is used to send the aggregation result to each user according to the correspondence between the signature data and the user identifier in the aggregation result, so that the user updates the user model according to the aggregation result.

[0040] Fifthly, this embodiment provides a data protection system based on federated learning, the system comprising: a user terminal and a cloud server; the user terminal is connected to the cloud server;

[0041] The user terminal is used to execute the federated learning-based data protection method described in the first aspect;

[0042] The cloud server is used to execute the federated learning-based data protection method described in the second aspect.

[0043] Compared with related technologies, the data protection method, apparatus and system based on federated learning provided in this embodiment send federated learning requests to the cloud through multiple user terminals. When the number of users received by the cloud exceeds a preset number, the cloud sends the identifiers of all users to the users, thereby enabling the users to determine the corresponding model input data. The user terminals generate encrypted ciphertext data and signature data based on the model input data and send these data to the cloud. The cloud receives these data and generates aggregation results. The user terminals receive and decrypt these aggregation results to update the user model, thereby improving the security of user data.

[0044] Details of one or more embodiments of this application are set forth in the following drawings and description to make other features, objects and advantages of this application more readily apparent. Attached Figure Description

[0045] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:

[0046] Figure 1 This is a hardware structure block diagram of a terminal that executes the federated learning-based data protection method according to the embodiments of this application.

[0047] Figure 2 This is a flowchart of a data protection method based on federated learning, as described in an embodiment of this application.

[0048] Figure 3 This is a flowchart of another data protection method based on federated learning, as described in this application.

[0049] Figure 4 This is a flowchart of a data protection method based on federated learning, which is a specific embodiment of this application.

[0050] Figure 5 This is a schematic diagram of the interactive system in a specific embodiment of this application.

[0051] Figure 6 This is a structural block diagram of a data protection device based on federated learning, according to an embodiment of this application. Detailed Implementation

[0052] To better understand the purpose, technical solution, and advantages of this application, the application is described and illustrated below in conjunction with the accompanying drawings and embodiments.

[0053] Unless otherwise defined, the technical or scientific terms used in this application shall have the general meaning as understood by one of ordinary skill in the art to which this application pertains. Words such as “a,” “an,” “an,” “the,” “the,” and “these,” used in this application, do not indicate quantitative limitation and may be singular or plural. The terms “comprising,” “including,” “having,” and any variations thereof used in this application are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or device that comprises a series of steps or modules (units) is not limited to the listed steps or modules (units) but may include steps or modules (units) not listed, or may include other steps or modules (units) inherent to such processes, methods, products, or devices. The terms “connected,” “linked,” and “coupled,” used in this application, are not limited to physical or mechanical connections but may include electrical connections, whether direct or indirect. The term “multiple” used in this application refers to two or more. The "and / or" operator describes the relationship between related objects, indicating that three relationships can exist. For example, "A and / or B" can represent three cases: A alone, A and B simultaneously, and B alone. Typically, the character " / " indicates that the objects before and after it are in an "or" relationship. The terms "first," "second," and "third," etc., used in this application are merely for distinguishing similar objects and do not represent a specific ordering of the objects.

[0054] The method embodiments provided in this example can be executed on a terminal, computer, or similar computing device. For example, it can run on a terminal. Figure 1 This is a hardware structure block diagram of a terminal executing the federated learning-based data protection method according to embodiments of this application. Figure 1 As shown, a terminal may include one or more ( Figure 1 Only one is shown in the diagram. A processor 102 and a memory 104 for storing data are also included. The processor 102 may be, but is not limited to, a microprocessor (MCU) or a programmable logic device (FPGA). The terminal may also include a transmission device 106 for communication functions and an input / output device 108. Those skilled in the art will understand that… Figure 1 The structure shown is for illustrative purposes only and does not limit the structure of the terminal described above. For example, the terminal may also include components that are larger than... Figure 1 The more or fewer components shown, or having the same Figure 1 The different configurations shown are illustrated.

[0055] The memory 104 can be used to store computer programs, such as application software programs and modules, like the computer program corresponding to the federated learning-based data protection method in this embodiment. The processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, thereby implementing the aforementioned method. The memory 104 may include high-speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory remotely located relative to the processor 102, and these remote memories can be connected to the terminal via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0056] The transmission device 106 is used to receive or send data via a network. This network includes a wireless network provided by the terminal's communication provider. In one example, the transmission device 106 includes a Network Interface Controller (NIC), which can connect to other network devices via a base station to communicate with the Internet. In another example, the transmission device 106 can be a Radio Frequency (RF) module used for wireless communication with the Internet.

[0057] This embodiment provides a data protection method based on federated learning. Figure 2 This is a flowchart of a data protection method based on federated learning, as described in an embodiment of this application. Figure 2 As shown, the process includes the following steps:

[0058] Step S210: Send a federated learning request to the cloud server. The federated learning request includes the user identifier.

[0059] Specifically, when a user needs to perform horizontal federated learning, the user sends a federated learning request, including the user's identifier, to the cloud server.

[0060] Step S220: When the number of users receiving federated learning requests from the cloud server exceeds a preset threshold, the cloud server receives all user identifiers and obtains the target input data based on the user identifiers.

[0061] Specifically, when the cloud server receives federated learning requests from multiple user terminals and determines that the number of users receiving federated learning requests exceeds a preset threshold, the cloud server collects the user identifiers from all user terminal federated requests and sends all user identifiers to the user terminal; the user terminal receives all user identifiers sent by the cloud server and obtains the target input data corresponding to the user model based on the user identifiers.

[0062] Step S230: Based on the target input data, generate encrypted ciphertext data and signature data of the encrypted user data, and send the ciphertext data and signature data to the cloud server so that the cloud server generates the aggregation result.

[0063] Specifically, the user terminal generates encrypted ciphertext data and signature data of the user data based on the target input data; the ciphertext data and signature data are sent to the cloud server, and the cloud server generates an aggregated result based on the ciphertext data and signature data sent by multiple user terminals.

[0064] Step S240: Receive and decrypt the aggregation result sent by the cloud server, and update the user model according to the decrypted aggregation result to achieve data protection of the user model.

[0065] Specifically, after the cloud server generates the aggregation result, it sends the aggregation result to multiple user terminals. The user terminals receive the aggregation result, decrypt it, and then update the user model based on the decrypted aggregation result, thereby protecting the data in the user model.

[0066] Through the above steps, multiple client terminals send federated learning requests to the cloud server. When the number of users received by the cloud server exceeds a preset number, it sends all user identifiers to the users, enabling them to determine the corresponding target input data. The client terminal generates encrypted ciphertext data and signature data based on the target input data and sends these data to the cloud server. The cloud server receives these data and generates aggregation results. The client terminal receives and decrypts these aggregation results and updates the user model based on the decrypted aggregation results, thereby improving the security of the data in the user model and protecting the privacy of the client terminal.

[0067] In some embodiments, step S201 is included before step S210.

[0068] Step S201: Encode the parameters of the user model based on the system parameters and the super-incrementing sequence to generate the gradient data of the user model; both the system parameters and the super-incrementing sequence are generated by the key generation center.

[0069] Specifically, the key generation center generates system parameters and a super-incrementing sequence, and sends the system parameters and the super-incrementing sequence to the user terminal; the user terminal encodes the parameters of the user model according to the system parameters and the super-incrementing sequence, and then generates the gradient data of the user model, so as to encrypt and decrypt the user model in the future through the gradient data.

[0070] In some of these embodiments, step S230 includes steps S231 to S233.

[0071] Step S231: Generate a subkey for the user model based on the target input data and system parameters; the target input data is the local input data in the user model.

[0072] Specifically, the user terminal generates a subkey for the user model based on the target input data and system parameters.

[0073] Step S232: Generate encrypted ciphertext data of the user data based on the target input data, system parameters, gradient data, and subkey.

[0074] Specifically, the user terminal encrypts the set of all gradient data based on the target input data, system parameters, gradient data, and subkey, thereby generating encrypted ciphertext data of the user data.

[0075] Step S233: Generate the encrypted signature data of the user model based on the gradient data and system parameters.

[0076] Specifically, the user terminal calculates the corresponding hash value based on gradient data and system parameters, and then generates encrypted signature data of the user model based on the hash value and system parameters.

[0077] Through the above steps, the user terminal generates a subkey for the user model based on the local input data in the user model and the system parameters sent by the key generation center; then, based on the subkey, target input data, system parameters, and generated gradient data, the encrypted ciphertext data and signature data of the user data are obtained; by obtaining ciphertext data and signature data of the encrypted user data from data from different sources and data generated at different times, the security of user data is improved.

[0078] In some of these embodiments, step S240 includes steps S241 to S244.

[0079] Step S241: Receive the encrypted aggregation result sent by the cloud server; use the private key in the system parameters to decrypt the encrypted aggregation result to obtain the aggregation result; the aggregation result includes the ciphertext aggregation result and the signature aggregation result.

[0080] Specifically, after the cloud server receives encrypted data and signature data sent by multiple user terminals, it aggregates the data to obtain an encrypted aggregated result and sends the aggregated result to all user terminals. After receiving the encrypted aggregated result sent by the cloud server, the user terminal uses the private key parameter in the system parameters to decrypt the encrypted aggregated result, thereby obtaining an aggregated result that includes the encrypted aggregated result and the signature aggregated result.

[0081] Step S242: Determine whether the aggregation result is correct by using system parameters and signature aggregation results.

[0082] Specifically, the user terminal uses bilinear mapping to determine whether the aggregation result is correct, based on system parameters and signature aggregation results.

[0083] Step S243: When the aggregation result is determined to be correct, the aggregation result is decoded using a super-incrementing sequence to obtain the aggregation result of the multidimensional data.

[0084] Specifically, when the user terminal determines that the aggregation result is correct, it receives the aggregation result and decodes it using the super-incrementing sequence selected by the key generation center to obtain a multi-dimensional aggregation result. When the user terminal determines that the aggregation result is incorrect, it confirms that the aggregation result is invalid.

[0085] Step S244: Based on the aggregation results of the multidimensional data, obtain the aggregated gradient vector of the user model, and use the aggregated gradient vector to update the parameters of the user model.

[0086] Specifically, the user terminal obtains the aggregated gradient vector of the user model based on the aggregation results of multidimensional data, and then uses the aggregated gradient vector to update the parameters of the user model.

[0087] Through the above steps, after the user receives the aggregation result sent by the cloud server, it first determines whether the aggregation result is accurate by signing the aggregation result. If the aggregation result is determined to be accurate, it is decoded to obtain the aggregation result of multidimensional data. Then, based on the aggregation result of multidimensional data, the aggregation gradient vector of the user model is obtained, and the parameters of the user model are updated using the aggregation gradient vector. This helps to improve the data security of the user model. For example, the data of the user model includes the user's local personal data, privacy data, etc., thereby realizing the protection of the user's privacy and further improving the data security of the user model, thus protecting the privacy of the user.

[0088] In some of these embodiments, step S244 includes steps S2441 to S2442.

[0089] Step S2441: Determine the target parameters of the user model based on the preset model update learning rate, aggregated gradient vector, number of federated learning requests, and user model parameters.

[0090] Specifically, the user terminal performs relevant calculations based on the preset model update learning rate, aggregated gradient vector, user data from federated learning requests, and the original parameters of the user model to obtain the target parameters of the user model.

[0091] Step S2442: Update the user model's parameters to the user model's target parameters to update the user model.

[0092] Specifically, the user client updates the target parameters of the user model, and then updates the user model based on the target parameters.

[0093] Through the above steps, the user terminal calculates the target parameters of the user model, then replaces the parameters of the user model with the iterated target parameters, and then uses the target parameters to update the user model, thereby improving the data security of the user model and protecting user privacy.

[0094] This embodiment also provides a data protection method based on federated learning. Figure 3 This is a flowchart of another data protection method based on federated learning, as described in this application embodiment. Figure 3 As shown, the process includes the following steps:

[0095] Step S310: Receive ciphertext data and signature data sent by the user terminal, and aggregate the ciphertext data and signature data respectively according to system parameters, the number of federated learning requests and the super-incrementing sequence to obtain the aggregation result.

[0096] Specifically, the cloud server receives encrypted data and signature data sent by multiple user terminals, and then aggregates the encrypted data and signature data according to system parameters, super-incrementing sequences, and the number of users requesting federated learning, thereby obtaining the aggregation result.

[0097] Step S320: Based on the correspondence between the signature data and the user identifier in the aggregation result, send the aggregation result to each user so that the user can update the user model according to the aggregation result.

[0098] Specifically, after the cloud server obtains the aggregation results, it sends the aggregation results to different user terminals based on the correspondence between the signature data in the aggregation results and different user identifiers, thereby enabling the user terminals to update the user model based on the aggregation results.

[0099] Through the above steps, the cloud server receives encrypted data and signature data sent by the user terminal, then aggregates the encrypted data and signature data to obtain an aggregation result; and sends the aggregation result to different user terminals according to different user identifiers, so that the user terminal updates the user model according to the aggregation result, thereby protecting the data security and privacy of the user model.

[0100] In some embodiments, steps S301 to S303 are included before step S310.

[0101] Step S301: Receive the federated learning request sent by the user terminal and determine whether the number of users receiving the federated learning request exceeds the preset threshold.

[0102] Specifically, the cloud server receives federated learning requests from multiple user clients and determines whether the number of users receiving federated learning requests exceeds a preset threshold.

[0103] Step S302: When it is determined that the number of users receiving federated learning requests exceeds a preset threshold, the user identifiers of all users who sent federated learning requests are collected to obtain a user identifier set.

[0104] Specifically, when the cloud server determines that the number of users receiving federated learning requests exceeds a preset user number threshold, it receives and aggregates the identifiers of all users who sent federated learning requests, thereby obtaining a set of user identifiers.

[0105] Step S303: Send the user identifier set to all users who sent federated learning requests so that users can encrypt their data.

[0106] Specifically, the cloud server sends a set of user identifiers to all users who send federated learning requests, thereby enabling the user client to encrypt the user model data based on the user identifiers.

[0107] Through the above steps, the cloud server determines whether the number of users sending federated learning requests exceeds a preset threshold. When the threshold is exceeded, it receives and aggregates the identifiers of all users who sent federated learning requests, thus obtaining a user identifier set. This facilitates federated learning when multiple users are not online simultaneously, thereby achieving flexible user participation in federated learning. By sending the user identifier set to the user terminals participating in federated learning and encrypting the user model data based on the user identifiers, the data security of the user model is improved subsequently.

[0108] This embodiment also provides a data protection system based on federated learning, including a client and a cloud server. The client is used to perform actions such as... Figure 2 Data protection methods based on federated learning; cloud servers are used to perform actions such as... Figure 3 Data protection methods based on federated learning in [the context of] [the study].

[0109] The present embodiment will be described and explained below through specific examples.

[0110] Figure 4 This is a flowchart illustrating a specific embodiment of a data protection method based on federated learning in this application. Figure 4 As shown, this federated learning-based data protection method includes the following steps:

[0111] In step S410, the key generation center generates system parameters and distributes them to the user terminal.

[0112] Specifically, step S410 includes steps S411 to S414.

[0113] Step S411: During the system initialization phase, the security parameter k0 is input to the Key Generating Centre (KGC). By running the corresponding key generation algorithm, the parameters {N, g, k0, p, q} of the public-key encryption system are output. For example, p and q are both prime numbers, the public-key encryption system is the Paillier encryption system, where the public key is pk = {N, g} and the private key is sk = λ = lcm(p-1, q-1). Subsequently, the KGC selects a random number r*, where the random number is an integer, i.e., r* ∈ Z. N * Subsequently, the corresponding hash value h is calculated based on the parameter q, where h = r *q The key generation center (KGC) sends the parameters {pk, sk, h} to each user terminal. (See reference) Figure 5 , Figure 5 This is a schematic diagram of the interactive system in a specific embodiment of this application. For example... Figure 5As shown, the interactive process includes a key management center 1, a user terminal 2, and a cloud server 3. The user terminal 2 includes a data set 4 respectively. The key management center 1 distributes system parameters to different user terminals 2. When the user terminal 2 performs horizontal federated learning, it uploads the data in the data set 4 to the cloud server 3. After the cloud server 3 processes the data, the user terminal 2 downloads the data from the cloud server 3 to implement the federated learning of the user terminal 2, while ensuring the data security of the horizontal federated learning of the user.

[0114] Step S412, the key generation center KGC selects a random number r according to the system parameter p and makes r < p. Then, two secret sharing polynomials with different coefficients are constructed. Exemplarily, the secret sharing polynomial here is the Shamir secret sharing polynomial; the moduli of the two Shamir secret sharing polynomials are selected as p, and p - r and r are respectively determined as the master keys to be shared in the Shamir secret sharing algorithm. Then, the Shamir secret sharing algorithm is run to generate 2n sub-key pairs, which are respectively denoted as {x i , G1(xi)} and {xi, G2(xi)}, where i = 1,..., N. The key generation center distributes the set {G1(x i ), G2(x i )} of the second items in the sub-key pairs to the user terminal i, and sends the set {x1, x2,..., x n} of the first items in the sub-key pairs to all user terminals.

[0115] Step S413, the key generation center KGC selects a super-increasing sequence KGC uses the selected super-increasing sequence and the public parameter g to further generate the public parameter G = {g1, g2,..., g t}, where KGC distributes the parameter set G and the super-increasing sequence to each participating user terminal, so that each user terminal subsequently encodes the data using the parameter G and decodes it using the corresponding super-increasing sequence .

[0116] Step S414, select n random numbers x i ∈Z P * as the private key, and calculate Y i = u xi as the public key of the signature, where u ∈ G1. Take the generator v ∈ G2, and distribute the system parameters {xi, Y i , u, v} to the i-th user terminal for generating signatures.

[0117] In step S420, the user trains a local model and encodes, encrypts, and signs the gradient data according to the parameters distributed by the key management center.

[0118] Specifically, step S420 includes steps S421 to S424.

[0119] Step S421, for each user model f(x) on the user terminal i W i ), where W i This represents the model's parameters. The user dataset is denoted as Di, and the user terminal uses dataset D... i Calculate the loss function L f (Di,W i ):

[0120]

[0121] Where Di = { <x i ,y i >;i=1,2,…,T},x i The input data is y. i These are the corresponding tags for the data.

[0122] Step S422: The user trains the model using the Stochastic Gradient Descent (SGD) algorithm and calculates the gradient data.

[0123]

[0124] The end user i obtains the set d of gradient data of the user model. i :

[0125] w ik =(d i1 d i2 , ..., d it )

[0126] d i ={d i1 d i2 , ..., d it}

[0127] Among them, w ik It is a t-dimensional vector.

[0128] Step S423: User i first sends a federated learning request to the cloud, sending the corresponding ID to the cloud. The cloud waits until it receives more than t of client requests, then the cloud server collects the IDs of all users participating in the federated learning; it then packages the IDs of all participating users and returns them to each user. Specifically, the user ID here is the user identifier from the aforementioned embodiment. Users then use the IDs of the users participating in the federated learning returned by the cloud from {x1, x2, ..., x...} n Select the corresponding x in} i Calculate the interpolation coefficients:

[0129]

[0130] Where, x i is the input data for the user model, and p is the system parameter sent by the key generation center.

[0131] User i according to β(x) i The subkey Si is further calculated as shown in the following formula:

[0132] S i =β(x i )G1(x i )+β(x i )G2(x i mod·p

[0133] Wherein, β(x) i ) represents the interpolation coefficients, p represents the system parameters sent by the key generation center, and G1(x) represents the interpolation coefficients. i ) and G2(x i ) are public parameters.

[0134] In step S424, the user encrypts the gradient set di using the parameters distributed by the Key Management Center (KGC). The encryption algorithm used here is an improved version of the original Paillier algorithm. This improved algorithm can package the gradient vector data and further encrypt it using a secretly shared subkey to ensure the security of each user's data and prevent collusion attacks. The specific encryption formula is shown below:

[0135]

[0136] The gradient data for different models on the user side are as follows:

[0137] d i ={d i1 d i2 , ..., d it}

[0138] Where, {g1,g2,....g t{h,N} are common parameters, Si is the subkey assigned to each user during system initialization, ri is the random number selected by the user, and r i ∈Z N Each user i applies the gradient set d according to the above formula. i Encryption yields ciphertext C i .

[0139] Subsequently, the user-side i calculates... Calculate m i The corresponding hash value is h i Then calculate the corresponding signature as δ. i , signature δ i The specific calculation is shown in the following formula:

[0140]

[0141]

[0142] Where a1, a2, a t Describing a super-increasing sequence, d i1 d i2 , ..., d it This represents the gradient data of different models for the user, m i The corresponding hash value is h i v represents the generator sent by the key generation center.

[0143] Finally, the user end will {C i ||δ i ||h i The data is uploaded to the cloud server and then awaits aggregation and update from the cloud server.

[0144] In step S430, the cloud server aggregates the data based on the encrypted data and signature uploaded by the user.

[0145] Specifically, step S430 includes steps S431 to S432.

[0146] Step S431: Upon receiving the encrypted data uploaded by the user, the cloud aggregates multiple user data sets based on the homomorphic property of the Paillier algorithm. The cloud server ensures that it has received data from all users who have participated in the horizontal federated learning process before performing the aggregation operation; otherwise, the aggregation result will not be correctly decrypted. Users will consider the aggregation result that cannot be correctly decrypted as an error and discard it. The specific calculation of cloud aggregation can be expressed as the formula:

[0147]

[0148] In the above formula, Ci represents the specific encrypted value received by the cloud platform from each user, w represents the number of users participating in the aggregation, and w is greater than the minimum threshold value for secret sharing; a1, a2, ..., a t Describing a super-increasing sequence, d i1 d i2 , ..., d it This represents the gradient data of different user models. The cloud server aggregates the encrypted data based on Paillier's homomorphic addition property. In the above scheme, the Shamir secret sharing method ensures the security and correctness of the algorithm and supports users not being online simultaneously. Furthermore, the secret sharing threshold ensures that multiple users are required to complete the aggregation, making the cloud aggregation results more reliable. Shamir secret sharing also ensures greater security for user data, thus preventing collusion attacks.

[0149] Step S432: The cloud further aggregates the signatures of users participating in federated learning, as shown in the following formula:

[0150]

[0151] Where, δ i represents the signature data of user terminal i, and w represents the total number of user terminals participating in federated learning.

[0152] The cloud performs the aggregation of encrypted data and signatures, and then returns the aggregation result and the corresponding signature {C}. i ||δ||δ1||h1...||δ k ||h k ||w} is given to each user terminal, and each user terminal will update the model according to the new model parameters.

[0153] In step S440, the user terminal participating in federated learning decrypts the encrypted aggregation result from the cloud to obtain the aggregation result, and updates the local model based on the aggregation result.

[0154] Specifically, step S440 includes steps S441 to S444.

[0155] Step S441: After obtaining the aggregation result, each user terminal will decrypt the aggregation result using its private key λ. The specific decryption algorithm is shown in the following formula:

[0156]

[0157] Where λ represents the private key, C represents the aggregation of ciphertext data, and g and N represent the public parameters generated by KGC, respectively.

[0158] After each client completes decryption, the client receives the following aggregated result:

[0159]

[0160] Where, {a1, a2, ..., a t} represents a super-increasing sequence, d i d represents the set of gradient data of the user model i ={d i1 d i2 , ..., d it}, where w represents the total number of users participating in federated learning. The aggregation result M mainly contains the aggregation results of each dimension of data, where the super-increasing sequence serves as the coefficient of each dimension's aggregation result.

[0161] Step S442, each client uses the signature δ, public key Yi, and hash value h. i Generators u and v are used, and the aggregation result M is validated using a bilinear mapping to determine the validity of the aggregation result. The specific calculation formula is as follows:

[0162]

[0163] Where δ represents the user's signature, M represents the aggregation result, and Yi represents the public key and h i This represents the hash value, where u and v are the generators sent from the key generation center to the user.

[0164] When the above formula is true, the user verifies the aggregation result and receives the aggregation result M; M is then decoded. When the above formula is false, the user determines that the aggregation result M is invalid.

[0165] In step S443, each user terminal decodes the aggregation result M using a super-incrementing sequence to further obtain the aggregation results of each dimension of data. The specific decoding algorithm is described below:

[0166]

[0167] The main inputs are the super-increasing sequence distributed to users by the key generation center KGC, the user's decryption result M, and the algorithm's output is the aggregate result (D1, D2, ..., D...) corresponding to each model. t The user terminal performs a modulo operation on the decryption result with the super-increasing value, thus obtaining the aggregated value of the lower-dimensional data. The difference between the two aggregated results, after removing the super-increasing coefficient, yields the aggregated value of the corresponding dimension. Each user obtains the aggregated gradient vector w′ of the corresponding model based on the aggregated result. ik Then update the corresponding local model.

[0168] Step S444: After obtaining the aggregation result of the corresponding model, each user terminal updates its local model parameters using the aggregation result. For each model parameter W... i Update to get the updated w i The specific formula is as follows:

[0169]

[0170] Where η represents the parameters of the model for user i. i w′ represents the learning rate when updating the model. ik W represents the aggregated gradient value of the model for user i in the k-th iteration. i This represents the original parameters of the user model after the last update, and w represents the number of users participating in federated learning. Each user updates its local independent model according to the above formula. This process is repeated iteratively until federated learning is complete, resulting in a more efficient and accurate local model for each user. Each user needs to send its encrypted local gradient dataset to the cloud server at each iteration.

[0171] In a specific embodiment of this application, each user terminal participating in federated learning uses a super-increasing sequence to encode and decode gradient data, thereby improving the efficiency of data aggregation while ensuring the correctness of the aggregation result. The encoded data is encrypted using the Paillier algorithm, which guarantees the security and privacy protection of the user terminal's gradient data. The user terminal further encrypts and protects the data using a secret sharing method. This secret sharing method ensures flexible user participation in federated learning, meaning that users can participate in federated learning according to their own needs, and prevents collusion attacks. Furthermore, the data is signed using an aggregation signature method. User terminals in the federated learning system can verify the cloud aggregation results through the aggregation signature, making the cloud aggregation results verifiable and thus improving the security of user terminal data.

[0172] This embodiment also provides a data protection device based on federated learning, which is used to implement the above embodiments and preferred embodiments; details already described will not be repeated. The terms "module," "unit," "subunit," etc., used below refer to combinations of software and / or hardware that perform a predetermined function. Although the device described in the following embodiments is preferably implemented in software, hardware implementation, or a combination of software and hardware, is also possible and contemplated.

[0173] Figure 6 This is a structural block diagram of the data protection device based on federated learning in this embodiment, such as... Figure 6 As shown, the device includes a transmitting module 10, a receiving module 20, and a processing module 30.

[0174] The sending module 10 is used to send a federated learning request to the cloud server, the federated learning request including a user identifier; it is also used to send encrypted data and signature data to the cloud server so that the cloud server generates an aggregation result.

[0175] The receiving module 20 is used to receive all user identifiers sent by the cloud server when the number of users receiving federated learning requests from the cloud server exceeds a preset threshold, and to obtain target input data based on the user identifiers; it is also used to receive aggregation results sent by the cloud server.

[0176] The processing module 30 is used to generate encrypted ciphertext data and signature data based on the target input data; it is also used to decrypt the aggregation results sent by the cloud server and update the user model based on the decrypted aggregation results to achieve data protection of the user model.

[0177] In some embodiments, the receiving module 20 is used to receive encrypted data and signature data sent by the user terminal.

[0178] The processing module 30 is used to aggregate the ciphertext data and signature data according to system parameters, the number of federated learning requests, and the super-incrementing sequence to obtain the aggregation result.

[0179] The sending module 10 is used to send the aggregation result to each user according to the correspondence between the signature data in the aggregation result and the user identifier, so that the user can update the user model according to the aggregation result.

[0180] It should be noted that the above modules can be functional modules or program modules, and can be implemented through software or hardware. For modules implemented through hardware, the above modules can reside in the same processor; or the above modules can be located in different processors in any combination.

[0181] It should be noted that the specific examples in this embodiment can refer to the examples described in the above embodiments and optional implementations, and will not be repeated in this embodiment.

[0182] It should be understood that the specific embodiments described herein are merely illustrative of the application and not intended to limit it. All other embodiments derived by those skilled in the art based on the embodiments provided in this application without inventive effort are within the scope of protection of this application.

[0183] Obviously, the accompanying drawings are merely some examples or embodiments of this application. Those skilled in the art can apply this application to other similar situations based on these drawings without any creative effort. Furthermore, it is understood that although the work done in this development process may be complex and lengthy, for those skilled in the art, certain design, manufacturing, or production modifications made based on the technical content disclosed in this application are merely conventional technical means and should not be considered as insufficient disclosure of this application.

[0184] The term "embodiment" in this application refers to a specific feature, structure, or characteristic described in connection with an embodiment that may be included in at least one embodiment of this application. The appearance of this phrase in various places in the specification does not necessarily imply the same embodiment, nor does it imply that it is mutually exclusive with or independent of other embodiments. It will be clearly or implicitly understood by those skilled in the art that the embodiments described in this application may be combined with other embodiments without conflict.

[0185] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are relatively specific and detailed, they should not be construed as limiting the scope of patent protection. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the appended claims.

Claims

1. A data protection method based on federated learning, characterized in that, When applied to a user terminal, the method includes: Send a federated learning request to the cloud server, the federated learning request including a user identifier; When the number of users receiving federated learning requests from the cloud server exceeds a preset threshold, the cloud server receives all user identifiers obtained by aggregating user identifiers from all user-end federated requests, and obtains target input data based on the user identifiers. Based on the target input data, encrypted ciphertext data and signature data of the user data are generated, and the ciphertext data and signature data are sent to the cloud server so that the cloud server generates an aggregation result; Receive and decrypt the aggregation result sent by the cloud server, and update the user model according to the decrypted aggregation result to achieve data protection of the user model; Before sending a federated learning request to the cloud server, the following steps are included: The parameters of the user model are encoded based on the system parameters and the super-incrementing sequence to generate the gradient data of the user model; both the system parameters and the super-incrementing sequence are generated by the key generation center. Based on the target input data, generate encrypted ciphertext data and signature data of the encrypted user data, including: Based on the target input data, the system parameters, the gradient data, and the subkey of the user model, encrypted ciphertext data of the user data is generated; the target input data is the local input data in the user model. Based on the gradient data and the system parameters, generate encrypted signature data for the user model; Receive and decrypt the aggregation result sent by the cloud server, and update the user model based on the decrypted aggregation result, including: Receive the aggregation result sent by the cloud server; use the private key in the system parameters to decrypt the encrypted aggregation result to obtain the aggregation result; the aggregation result includes the ciphertext aggregation result and the signature aggregation result; The system parameters and the signature aggregation result are used to determine whether the aggregation result is correct. When the aggregation result is determined to be correct, the super-incrementing sequence is used to decode the aggregation result to obtain the aggregation result of the multidimensional data; Based on the aggregation results of the multidimensional data, the aggregated gradient vector of the user model is obtained, and the parameters of the user model are updated using the aggregated gradient vector.

2. The data protection method based on federated learning according to claim 1, characterized in that, The step of generating encrypted ciphertext data and signature data of the user data based on the target input data further includes: Based on the target input data and the system parameters, a subkey for the user model is generated.

3. The data protection method based on federated learning according to claim 1, characterized in that, The step of updating the parameters of the user model using the aggregated gradient vector includes: The target parameters of the user model are determined based on the preset model update learning rate, the aggregated gradient vector, the number of federated learning requests, and the parameters of the user model. The parameters of the user model are updated to the target parameters of the user model in order to update the user model.

4. A data protection method based on federated learning, characterized in that, Applied to a cloud server, the method includes: Receive federated learning requests sent by the client and determine whether the number of users receiving federated learning requests exceeds a preset threshold. When it is determined that the number of users receiving federated learning requests exceeds a preset threshold, the user identifiers of all users who sent federated learning requests are collected to obtain a user identifier set; The user identifier set is sent to all users who sent federated learning requests, so that the users can encrypt their data. The system receives encrypted user data and encrypted user model signature data from the user client. Based on system parameters, the number of federated learning requests, and a super-increasing sequence, the encrypted data and signature data are aggregated to obtain an aggregation result. The encrypted user data is generated by the user client using target input data, system parameters, and the user model's subkey and gradient data. The encrypted user model signature data is generated by the user client based on the gradient data and system parameters. The target input data is the local input data in the user model. The user model's gradient data is generated by the user client encoding the user model's parameters based on system parameters and the super-increasing sequence. Both the system parameters and the super-increasing sequence are generated by a key generation center. Based on the correspondence between the signature data in the aggregation result and the user identifiers in the user identifier set, the aggregation result is sent to each user so that the user updates the user model according to the aggregation result; The user updates the user model based on the aggregation result, including: Receive the aggregation result sent by the cloud server; use the private key in the system parameters to decrypt the encrypted aggregation result to obtain the aggregation result; the aggregation result includes the ciphertext aggregation result and the signature aggregation result; The system parameters and the signature aggregation result are used to determine whether the aggregation result is correct. When the aggregation result is determined to be correct, the super-incrementing sequence is used to decode the aggregation result to obtain the aggregation result of the multidimensional data; Based on the aggregation results of the multidimensional data, the aggregated gradient vector of the user model is obtained, and the parameters of the user model are updated using the aggregated gradient vector.

5. A data protection device based on federated learning, characterized in that, For use on a user terminal, the device includes: a sending module, a receiving module, and a processing module; The sending module is used to send a federated learning request to the cloud server, the federated learning request including a user identifier; it is also used to send encrypted data and signature data to the cloud server so that the cloud server generates an aggregation result. The receiving module is configured to, when the number of users receiving federated learning requests from the cloud server exceeds a preset threshold, receive all user identifiers obtained by aggregating user identifiers from all user-end federated requests sent by the cloud server, and obtain target input data based on the user identifiers; it is also configured to receive aggregation results sent by the cloud server. The processing module is used to generate encrypted ciphertext data and signature data based on the target input data; it is also used to decrypt the aggregation result sent by the cloud server and update the user model based on the decrypted aggregation result to achieve data protection of the user model. The device is also used to encode the parameters of the user model according to the system parameters and the super-incrementing sequence to generate the gradient data of the user model; the system parameters and the super-incrementing sequence are both generated by the key generation center; Based on the target input data, encrypted ciphertext data and signature data are generated, including: Based on the target input data, the system parameters, the gradient data, and the subkey of the user model, encrypted ciphertext data is generated; the target input data is the local input data in the user model. Based on the gradient data and the system parameters, generate encrypted signature data for the user model; Decrypt the aggregation result sent by the cloud server, and update the user model based on the decrypted aggregation result, including: Using the private key in the system parameters, the encrypted aggregation result is decrypted to obtain the aggregation result; the aggregation result includes the ciphertext aggregation result and the signature aggregation result; The system parameters and the signature aggregation result are used to determine whether the aggregation result is correct. When the aggregation result is determined to be correct, the super-incrementing sequence is used to decode the aggregation result to obtain the aggregation result of the multidimensional data; Based on the aggregation results of the multidimensional data, the aggregated gradient vector of the user model is obtained, and the parameters of the user model are updated using the aggregated gradient vector.

6. A data protection device based on federated learning, characterized in that, The device, used in cloud servers, includes: a sending module, a receiving module, and a processing module; The receiving module is used to receive encrypted ciphertext data of encrypted user data and encrypted signature data of the user model sent by the user terminal; the encrypted ciphertext data of the encrypted user data is generated by the user terminal using target input data, system parameters, and the subkey and gradient data of the user model; the signature data of the encrypted user model is generated by the user terminal based on the gradient data and the system parameters; the target input data is the local input data in the user model; the gradient data of the user model is generated by the user terminal encoding the parameters of the user model based on the system parameters and the super-incrementing sequence; the system parameters and the super-incrementing sequence are both generated by the key generation center; The processing module is used to aggregate the ciphertext data and the signature data according to system parameters, the number of federated learning requests, and the super-incrementing sequence, respectively, to obtain an aggregation result. The sending module is used to send the aggregation result to each user according to the correspondence between the signature data in the aggregation result and the user identifiers in the user identifier set, so that the user updates the user model according to the aggregation result; the user identifier set is obtained by the cloud server by aggregating the user identifiers in all user-end federated requests; The user updates the user model based on the aggregation result, including: Receive encrypted aggregation results sent by the cloud server; use the private key in the system parameters to decrypt the encrypted aggregation results to obtain the aggregation results; the aggregation results include ciphertext aggregation results and signature aggregation results; The system parameters and the signature aggregation result are used to determine whether the aggregation result is correct. When the aggregation result is determined to be correct, the super-incrementing sequence is used to decode the aggregation result to obtain the aggregation result of the multidimensional data; Based on the aggregation result of the multidimensional data, the aggregated gradient vector of the user model is obtained, and the parameters of the user model are updated using the aggregated gradient vector; The device is further configured to receive a federated learning request sent by the user terminal before the receiving module receives the encrypted ciphertext data of the encrypted user data and the signature data of the encrypted user model sent by the user terminal, and determine whether the number of users receiving the federated learning request exceeds a preset threshold; when it is determined that the number of users receiving the federated learning request exceeds the preset threshold, the device gathers the user identifiers of all users who sent the federated learning request to obtain a user identifier set; and sends the user identifier set to all users who sent the federated learning request so that the users can encrypt the data.

7. A data protection system based on federated learning, characterized in that, The system includes: a user terminal and a cloud server; the user terminal is connected to the cloud server. The user terminal is used to execute the data protection method based on federated learning as described in any one of claims 1 to 3; The cloud server is used to execute the data protection method based on federated learning as described in claim 4.