Homomorphic encryption clustering-based personalized federated learning privacy protection method and system

Abstract

This invention belongs to the field of federated learning and provides a personalized federated learning privacy-preserving method and system based on homomorphic encryption clustering. In the client-side clustering stage, the framework utilizes the characteristics of homomorphic encryption to perform simple operations on the ciphertext of distribution features, and then performs accurate clustering of the client based on the decrypted results. This method significantly improves the accuracy of clustering while reducing computational resource consumption. In the client-side training stage, the framework sets up two models for each group: an in-group model and an out-of-group model. The in-group model refers to the model obtained by aggregating the models of users within the group, while the out-of-group model is formed by aggregating the group models of other groups. This framework adopts the idea of ​​proximal optimization, acquiring knowledge from the out-of-group model based on the in-group model, improving the model's generalization ability, and making it more suitable for scenarios that conform to the actual data distribution, aiming to address the data heterogeneity problem caused by class imbalance.

Description

Technical Field

[0001] This invention belongs to the field of federated learning technology, specifically relating to a personalized federated learning privacy protection method and system based on homomorphic encrypted clustering. Background Technology

[0002] The statements in this section are merely background information related to the present invention and do not necessarily constitute prior art.

[0003] Federated learning is a promising distributed neural network training method that enables multiple clients to collaboratively train a global model while keeping data locally, ensuring privacy and security. In federated learning, a central server coordinates the training process by aggregating model parameters uploaded by each client to generate a global model. This allows the global model to acquire knowledge from data from different clients without accessing local data. Through this collaborative training mechanism, clients jointly participate in training the global model while ensuring data privacy, achieving the dual goals of privacy protection and knowledge sharing.

[0004] However, in federated learning, the data distribution across different clients often varies significantly, commonly referred to as non-independent and identically distributed (i.i.d.) data. This means the global model may fail to generalize effectively on some clients, leading to a significant performance degradation on individual clients. Therefore, data heterogeneity is crucial in federated learning. To address data heterogeneity, research into personalized federated learning is becoming increasingly prevalent. For example, clustering federated learning is an emerging method designed to mitigate the impact of non-independent and identically distributed (i.i.d.) data. Sattler et al., for instance, utilized correlation metrics to calculate the similarity between clients, thereby achieving clustering. Ghosh et al. proposed a clustering federated learning framework based on a loss function. However, this method requires sending multiple models to each client in each round of communication to determine the optimal model, significantly increasing communication costs.

[0005] Existing federated learning methods that use client-uploaded model parameters for clustering require multiple rounds of model training before each clustering iteration, followed by clustering of the trained model parameters. This process significantly increases the computational cost and time overhead for the client, reducing the efficiency of federated learning. Furthermore, uploading model parameters to a central server for clustering before each iteration overloads communication costs, increases network burden, and impacts overall system performance. In practical applications, the number of model parameters often reaches millions, significantly increasing the computational complexity of the clustering process and consequently reducing the accuracy of the clustering results, thus affecting the model's training performance. After dividing clients into different groups through clustering, each group typically undergoes separate task training. However, in practice, data from a single group is often insufficient to effectively improve the model's generalization ability, thus limiting its robustness. Limited knowledge acquired from a single task cannot fully enhance the model's adaptability and robustness to different scenarios. Summary of the Invention

[0006] To address the aforementioned issues, this invention proposes a personalized federated learning privacy protection method and system based on homomorphic encrypted clustering. Addressing the problems of inaccurate client-side clustering, high computational and communication overhead, and insufficient knowledge sharing among multiple tasks in federated multi-task learning, this strategy significantly improves clustering accuracy while ensuring privacy and security. Simultaneously, by employing a data distribution-based approach, communication and computation costs are reduced, avoiding the overhead caused by uploading large amounts of model parameters in traditional methods. Furthermore, this invention effectively promotes knowledge transfer and sharing between different tasks, thereby improving the overall performance and generalization ability of the model. The solution is applicable to federated learning in non-independent, identically distributed scenarios.

[0007] According to some embodiments, the first solution of the present invention provides a personalized federated learning privacy protection method based on homomorphic encrypted clustering, which adopts the following technical solution:

[0008] Personalized federated learning privacy-preserving methods based on homomorphic cryptographic clustering include:

[0009] The client regularizes the local data distribution, receives the public key from the auxiliary server used for homomorphic encryption, encrypts the regularized data distribution to generate a ciphertext vector, and sends it to the central server.

[0010] The central server performs difference calculation on the ciphertext vector and sends the result to the auxiliary server. The auxiliary server receives the difference calculation result, decrypts it using the private key, and then segments, scrambles, and adds noise to the decrypted data to obtain a scrambled noise vector, which is then fed back to the central server.

[0011] The central server expands the scrambling noise vector to obtain an expanded vector, and then clusters all the expanded vectors.

[0012] The central server sends the global model to all clients, and the clients use the global model to train their own models on local data and then send them to the central server.

[0013] The central server aggregates client models within the same group based on clustering to obtain in-group models, and also aggregates each group with client models outside the group to obtain out-of-group models; it uses near-end optimization to obtain out-of-group models from in-group models, forming the final fused global model and sending it to each client.

[0014] The client uses a fusion global model to train on local data until the final federated model converges.

[0015] Furthermore, the central server performs difference calculations on the ciphertext vector and sends the results to the auxiliary server, specifically:

[0016] Receive the ciphertext vectors from all clients;

[0017] Choose one of the ciphertext vectors as the minuend and the remaining ciphertext vectors as the subtrahends. Calculate the difference between the two to obtain the difference calculation result, where the difference calculation result includes N-1 ciphertext vectors.

[0018] The difference calculation results are sent to the auxiliary server.

[0019] Furthermore, the auxiliary server receives the difference calculation result, decrypts it using a private key, and then segments, scrambles, and adds noise to the decrypted data to obtain a scrambled noise vector, which is then fed back to the central server. Specifically:

[0020] After receiving the difference calculation result, decrypt it using the private key;

[0021] Shuffle each vector in the decrypted difference calculation result using the same random seed;

[0022] Multiply each of the shuffled vectors by a noise vector to obtain the scrambled noise vector;

[0023] The scrambling noise vector is sent to the central server.

[0024] Furthermore, the central server expands the scrambling noise vector to obtain an expanded vector, and then clusters all the expanded vectors into groups, specifically:

[0025] For a randomly selected client j's perturbation noise vector, first, a vector containing C... g Insert the vector of all zeros of element j into the j*C-th element.g The extended vector is obtained at each position. Right now,

[0026]

[0027] For other client i, to obtain First The i-th subvector Treat it as a subtrahend, the other subvectors Treat it as the minuend, using other subvectors. Subtract respectively get i,j∈[1,N],i≠j,N is the total number of clients, andt is the number of iteration rounds. This represents the regularized data distribution across all clients;

[0028] Based on the above methods, through Extend to get any That is, all clients except j.

[0029] Furthermore, the central server aggregates client models within the same group based on clustering to obtain models within that group, specifically as follows:

[0030]

[0031] Among them, D i D is the local dataset of client i; r Let be the local dataset for the model in group r; m is the number of clients participating in this round of training, and m≤N; It is the i-th client model in round t. It is one-hot encoding, and each client corresponds to one. It contains C elements.

[0032] Furthermore, the aggregation of each group with the client model outside the group to obtain the external model specifically involves:

[0033]

[0034] Where {1:C}\r represents excluding all groups except group r. It is the client model of group s in round t, D s Let s be the local dataset of the model in group s, and D be the global dataset.

[0035] Furthermore, proximal optimization is used to obtain the out-of-group model from the in-group model, forming the final fused global model, specifically as follows:

[0036]

[0037] Among them, the out-of-group models that do not belong to the r-th group of client models are the models outside the group. l is the number of rounds of proximal optimization, and V is the strength of acquiring external knowledge. It is the client model of the rth group in the lth round. It is the client model of group r in round l-1, arg min represents the value of the variable that makes the objective function reach its minimum, and ||| is the L2 norm.

[0038] According to some embodiments, the second aspect of the present invention provides a personalized federated learning privacy protection system based on homomorphic encrypted clustering, employing the following technical solution:

[0039] A personalized federated learning privacy protection system based on homomorphic encrypted clustering includes a central server, auxiliary servers, and multiple clients. The process of federated multi-task learning performed by the central server, auxiliary servers, and multiple clients is as follows:

[0040] The client regularizes the local data distribution, receives the public key from the auxiliary server used for homomorphic encryption, encrypts the regularized data distribution to generate a ciphertext vector, and sends it to the central server.

[0041] The central server performs difference calculation on the ciphertext vector and sends the result to the auxiliary server. The auxiliary server receives the difference calculation result, decrypts it using the private key, and then segments, scrambles, and adds noise to the decrypted data to obtain a scrambled noise vector, which is then fed back to the central server.

[0042] The central server expands the scrambling noise vector to obtain an expanded vector, and then clusters all the expanded vectors.

[0043] The central server sends the global model to all clients, and the clients use the global model to train their own models on local data and then send them to the central server.

[0044] The central server aggregates client models within the same group based on clustering to obtain in-group models, and also aggregates each group with client models outside the group to obtain out-of-group models; it uses near-end optimization to obtain out-of-group models from in-group models, forming the final fused global model and sending it to each client.

[0045] The client uses a fusion global model to train on local data until the final federated model converges.

[0046] According to some embodiments, a third aspect of the present invention provides a computer-readable storage medium.

[0047] A computer-readable storage medium having a computer program stored thereon that, when executed by a processor, implements the steps of the privacy-preserving method for personalized federated learning based on homomorphic cryptographic clustering as described in the first aspect above.

[0048] According to some embodiments, a fourth aspect of the present invention provides a computer device.

[0049] A computer device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the program, implements the steps of the privacy-preserving method for personalized federated learning based on homomorphic cryptographic clustering as described in the first aspect above.

[0050] Compared with the prior art, the beneficial effects of the present invention are as follows:

[0051] The innovative method of this invention in the clustering stage reduces computational costs and time overhead: during the clustering stage, only homomorphic encryption of the data distribution is required, without the need for pre-training. This method avoids the computational costs and time overhead caused by multiple rounds of training in traditional schemes. Since the scale of the data distribution is much smaller than the scale of the model parameters, the computational overhead of homomorphic encryption of the data distribution is significantly lower than the pre-training process of the model parameters. Therefore, this invention has significant advantages in terms of computation and time overhead, and is particularly suitable for scenarios with limited computing resources in edge devices.

[0052] The innovative method of this invention in the clustering stage also reduces communication overhead: unlike traditional methods that require uploading millions of model parameters for clustering, this invention only requires uploading encrypted data of the data distribution before each clustering operation. This approach significantly reduces communication overhead and the demand for network bandwidth, thereby effectively improving the system's communication efficiency.

[0053] This invention improves clustering accuracy through an innovative method in the clustering stage: the clustering input of this invention relies on the underlying data distribution, rather than intermediate model parameters. Therefore, compared to clustering methods based on intermediate parameters, this invention achieves higher clustering accuracy. This is because the data distribution more accurately reflects the characteristic differences among clients, thereby improving the quality of the clustering results.

[0054] The innovative method employed in this invention during the clustering phase also enhances the model's generalization ability: During the training phase, this invention utilizes a proximal optimization method to fuse knowledge from multiple tasks, thereby improving the model's generalization capability. This method better adapts to real-world application scenarios, enhancing the model's robustness and applicability. Attached Figure Description

[0055] The accompanying drawings, which form part of this invention, are used to provide a further understanding of the invention. The illustrative embodiments of the invention and their descriptions are used to explain the invention and do not constitute an improper limitation of the invention.

[0056] Figure 1 This is a flowchart of a personalized federated learning privacy protection method based on homomorphic encrypted clustering in an embodiment of the present invention;

[0057] Figure 2 This is a flowchart of the client-side clustering strategy in an embodiment of the present invention;

[0058] Figure 3 This is scenario 1 (D) in the embodiment of the present invention. imain =0.3) Experimental evaluation results;

[0059] Figure 4 This is scenario 2 (D) in the embodiment of the present invention. imain =0.5) Experimental evaluation results;

[0060] Figure 5 This is scenario 3 (D) in the embodiment of the present invention. imain =0.75) Experimental evaluation results. Detailed Implementation

[0061] The present invention will be further described below with reference to the accompanying drawings and embodiments.

[0062] It should be noted that the following detailed description is illustrative and intended to provide further explanation of the invention. Unless otherwise specified, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.

[0063] It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the scope of exemplary embodiments according to the invention. As used herein, the singular form is intended to include the plural form as well, unless the context clearly indicates otherwise. Furthermore, it should be understood that when the terms "comprising" and / or "including" are used in this specification, they indicate the presence of features, steps, operations, devices, components, and / or combinations thereof.

[0064] Where there is no conflict, the embodiments and features in the embodiments of the present invention can be combined with each other.

[0065] Example 1

[0066] This embodiment provides a personalized federated learning privacy protection method based on homomorphic encrypted clustering. This embodiment uses the application of this method to a server as an example for illustration. It is understood that this method can also be applied to terminals, and can also be applied to systems including terminals, servers, and other components, and implemented through interaction between the terminal and the server. The server can be an independent physical server, a server cluster composed of multiple physical servers, or a distributed system. It can also be a cloud server providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network servers, cloud communication, middleware services, domain name services, CDN security services, and big data and artificial intelligence platforms. The terminal can be a smartphone, tablet, laptop, desktop computer, smart speaker, smartwatch, etc., but is not limited to these. The terminal and server can be directly or indirectly connected via wired or wireless communication, which is not limited herein. In this embodiment, the method includes the following steps:

[0067] The client regularizes the local data distribution, receives the public key from the auxiliary server used for homomorphic encryption, encrypts the regularized data distribution to generate a ciphertext vector, and sends it to the central server.

[0068] The central server performs difference calculation on the ciphertext vector and sends the result to the auxiliary server. The auxiliary server receives the difference calculation result, decrypts it using the private key, and then segments, scrambles, and adds noise to the decrypted data to obtain a scrambled noise vector, which is then fed back to the central server.

[0069] The central server expands the scrambling noise vector to obtain an expanded vector, and then clusters all the expanded vectors.

[0070] The central server sends the global model to all clients, and the clients use the global model to train their own models on local data and then send them to the central server.

[0071] The central server aggregates client models within the same group based on clustering to obtain in-group models, and also aggregates each group with client models outside the group to obtain out-of-group models; it uses near-end optimization to obtain out-of-group models from in-group models, forming the final fused global model and sending it to each client.

[0072] The client uses a fusion global model to train on local data until the final federated model converges.

[0073] First, such as Figure 2As shown, before the global training of federated learning begins, the auxiliary server generates a public and private key for homomorphic encryption and distributes the public key to all clients. Upon receiving the public key, each client first regularizes its local data distribution, mapping it to the range of 0 to 1. Then, the client uses the public key to encrypt the regularized data to obtain a ciphertext vector and uploads it to the central server. The central server performs difference calculations on the ciphertext and sends the result back to the auxiliary server in ciphertext form. The auxiliary server receives the ciphertext vector, decrypts it, and scrambles the decrypted vector data into segments. Next, the auxiliary server performs element-wise multiplication of each vector segment with a noise vector and returns the scrambled vector to the central server. The central server first expands the received vector into N vectors. Then, it uses the K-means++ algorithm to cluster these N vectors, thus completing the client-side clustering phase.

[0074] Next, the client-side training phase begins. First, the central server broadcasts the global model to all clients. Upon receiving the global model, each client trains it using local data and uploads the trained model back to the server. The server then aggregates models within each client group based on their grouping. Subsequently, the framework aggregates models outside each group. Specifically, each group corresponds to two models: one within the group and one outside the group. Next, the server uses a near-end optimization method to transfer knowledge from the outside-group models to the inside-group models. During this process, the inside-group models learn from their own group's knowledge to provide personalized services, while the outside-group models learn from their own group's knowledge to improve their generalization ability. Both coordinate and merge through knowledge transfer into a unified model, enabling its widespread application in federated learning tasks across various scenarios.

[0075] This embodiment mainly includes three roles: the client C participating in federated learning. l Central server S C Auxiliary server S A .like Figure 1 As shown, the specific steps of the solution are as follows:

[0076] Step 1: The auxiliary server generates a public-private key pair for homomorphic encryption and distributes the public key to all clients.

[0077] Step 2: After receiving the public key, the client first performs regularization on the local data distribution, then uses the public key to perform homomorphic encryption on the regularized data distribution to generate a ciphertext vector, and uploads the ciphertext vector to the central server.

[0078] Step 3: The central server performs simple calculations on the received ciphertext vector to obtain the difference calculation result, and then sends the difference calculation result back to the auxiliary server. Specifically:

[0079] Receive the ciphertext vectors from all clients;

[0080] Choose one of the ciphertext vectors as the minuend and the remaining ciphertext vectors as the subtrahends. Calculate the difference between the two to obtain the difference calculation result, where the difference calculation result includes N-1 ciphertext vectors.

[0081] The difference calculation results are sent to the auxiliary server.

[0082] Step 4: The auxiliary server uses its private key to decrypt the ciphertext vector of the difference calculation result and scrambles the decrypted data into segments; then, it adds a noise vector to the data, and finally returns the scrambled noise vector to the central server. Specifically:

[0083] After receiving the difference calculation result, decrypt it using the private key;

[0084] Shuffle each vector in the decrypted difference calculation result using the same random seed;

[0085] Multiply each of the shuffled vectors by a noise vector to obtain the scrambled noise vector;

[0086] The scrambling noise vector is sent to the central server.

[0087] Step 5: After receiving the scrambled noise vector data, the central server first expands the scrambled noise vector so that each client has an expanded vector. Then, it uses the K-means++ method to cluster all the expanded vectors, completing the client clustering.

[0088] Step 6: The central server broadcasts the global model to the clients participating in the training, and the clients use the global model to train on their local datasets. The trained models are then sent back to the central server.

[0089] Step 7: After receiving the client models, the central server aggregates client models belonging to the same group based on the clustering results, and also aggregates models from other groups. This results in two models: an in-group model and an out-of-group model.

[0090] Step 8: The central server uses near-end optimization to enable the model to acquire knowledge from outside the group, and then distributes the final model to each client according to the group.

[0091] Step 9: After receiving the model, the client trains it on the local dataset. During the training phase, steps 7-9 are executed iteratively.

[0092] Assume there are N clients in the system, and the global dataset D has C... g Data categories.

[0093] In step 1, the auxiliary server S A Generate public and private keys (P keys) for Fully Homomorphic Encryption. k ,S k ), and the public key P k Send to all clients C l .

[0094] In step 2, client i first performs local data distribution regularization, where i∈[1,N]. The regularization formula is:

[0095]

[0096] Where, n p n represents the number of samples in class p. min n represents the number of samples in the category with the smallest data volume. max This represents the number of samples in the category with the largest amount of data.

[0097] In the t-th iteration, the regularized data distribution of client i is represented as follows:

[0098]

[0099] Among them, C g Represents the total number of categories in the global dataset. This represents regularized data belonging to category iclient1. This indicates that it belongs to client C. g The data is regularized according to the category, where t represents the number of iteration rounds. Subsequently, the client uses the public key P... k Will Homomorphic encryption yields the ciphertext vector of client i at the t-th iteration. And Uploaded to S C After all clients perform the above operations, they obtain N ciphertext vectors, which are then uploaded to the central server.

[0100] In step 3, after receiving N ciphertext vectors, the central server first randomly selects a client j ciphertext vector. As the minuend, the remaining client i ciphertext vector As subtrahends, i,j∈[1,N]. Each of the remaining client i ciphertext vectors The difference is calculated by subtracting the values ​​of client j, resulting in the difference E(A). j ); where E(A) j It contains N-1 subvectors, specifically:

[0101]

[0102] Then E(A) j )Sent to S A The above calculation process is performed on all ciphertext vectors to obtain N difference calculation results. Each difference calculation result includes N-1 sub-vectors. Then, all ciphertext vectors are sent to the auxiliary server.

[0103] In step 4, the auxiliary server S A After receiving N difference calculation results, randomly select one difference calculation result E(A) j First, use the private key S k Decrypting it yields A j A j Contains N-1 subvectors That is, for all clients except j, the subvector is as follows:

[0104]

[0105] Immediately afterwards, S A For A j Each subvector Shuffled using the same random seed; that is, each subvector The internal elements have the same degree of disorder; each shuffled subvector is multiplied by a noise vector. Obtain the scrambled noise vector of client j Specifically as follows:

[0106]

[0107] in, Finally Return to central server S c After decrypting all the difference calculation results, they are segmented, shuffled, and noise is added to obtain N scrambled noise vectors. All the scrambled noise vectors are then sent back to the central server.

[0108] In step 5, the central server expands all the scrambling noise vectors separately, using the scrambling noise vector of client j. For example, due to However, the perturbation noise vector corresponding to client j needs to be expanded to an extended vector corresponding to each client i before clustering. Specifically, it consists of two steps:

[0109] First, expand It itself. First, let's consider a variable containing C. g Insert the vector of all zeros of element j into the j*C-th element. g One position; that is,

[0110]

[0111] so It contains N sub-vectors.

[0112] The second step is to expand the corresponding features of other clients. To obtain First The i-th subvector Treat it as a subtrahend, the other subvectors Treat it as the minuend, using other subvectors. minus Easy to obtain

[0113] For example, if we want to get

[0114] First, the first subvector For a vector consisting entirely of zeros, simply write it directly; for the second sub-vector... That is The second subvector minus the first subvector. For example... That is The Nth subvector minus the first subvector. (This is the beginning of the process.) The first subvector is taken as the subtrahend. Treat the other subvectors as minuends, and subtract them to obtain the final result. This method can be used to... Extend to any Δ∈[1,N]\j.

[0115] After obtaining the extension vectors corresponding to all clients Then, K-means++ is used to cluster these N extended vectors to obtain C groups. At this point, the clustering phase of this system is complete.

[0116] In step 6, the client training phase begins. First, the central server broadcasts the global model w to all clients. For client i, the global model w is used on its local dataset D. i w obtained during training i The optimization method is stochastic gradient descent.

[0117]

[0118] Where η is the learning rate and F is the loss function. This is the model for the i-th client in round t. Subsequently, Upload back to S c .

[0119] In step 7, the central server receives the client models that participated in this round of training. Next, based on the clustering results obtained in step 5, the clients are divided into multiple groups, with each group corresponding to two models: the in-group model and the out-of-group model. Out-of-group model Where r is the group number and t is the iteration round number. The model within a group is calculated by aggregating the models of all clients within the group using FedAvg (Federated Aggregation Algorithm).

[0120]

[0121] Among them, D i D is the local dataset of client i; r Let be the local dataset for the model in group r; m is the number of clients participating in this round of training, and m≤N; This is the model of the i-th client in round t. It is one-hot encoding, and each client corresponds to one. It contains C elements; when i belongs to the r-th group, at this time... Other situations

[0122] The out-of-group model is calculated by aggregating the group models from other groups (that is, all client models that do not belong to the r-th group):

[0123]

[0124] Where {1:C}\r represents excluding all groups except group r. It is the group model of group s in round t, D s It is the local dataset of the model in group s.

[0125] In step 8, each group corresponds to two models, namely the within-group model. and out-of-group model The central server utilizes Proximal Policy Optimization (PRO) to target... To acquire external knowledge The formula is as follows:

[0126]

[0127] Where l is the number of rounds of proximal optimization, and V is the strength of the external knowledge acquisition. It is the model of the r-th group in the l-th round. Let be the model of group r in round (l-1), ||| be the L2 norm, and arg min represent the value of the variable that minimizes the objective function. The formula can be understood as follows: our model acquires knowledge by approximating the distance between the in-group model and the out-of-group model. The penalty term V controls the strength of out-of-group knowledge acquisition; that is, when only the model's individualization ability is needed, we can set it to 0; when generalization is required, we can set a larger parameter value for V. The following shows our knowledge acquisition ability as V approaches infinity.

[0128] If V→∞, the gradient is Gradient descent:

[0129]

[0130] Where γ is the learning rate.

[0131] Assumption We can obtain:

[0132]

[0133] make Equation (12) can be simplified to:

[0134]

[0135]

[0136] This shows that our knowledge acquisition ability, assuming V approaches infinity, can approach the ability of FedAvg's direct aggregation model.

[0137] In step 9, each client C l Requires connection to central server S c The process involves multiple rounds of iterative communication until the federated model finally converges.

[0138] Experimental verification results:

[0139] The above solutions were tested on the public dataset Cifar10. The client's local dataset is D. i Divided into main data D imain and secondary data D isecondary Now let's assume three data distribution scenarios:

[0140] like Figure 3 As shown in Scenario 1: When the client's main data volume accounts for 0.3%, D imain =0.3. In this case, the primary data is assigned a sample from one category, and the secondary data is randomly assigned samples from the other categories.

[0141] like Figure 4 As shown, Scenario 2: When D imain When the value is 0.5, data samples from two categories are assigned to the primary data, and samples from the remaining categories are randomly assigned to the secondary data.

[0142] like Figure 5 As shown, Scenario 3: When D imain When the value is 0.75, data samples from three categories are assigned to the primary data, and samples from the remaining categories are randomly assigned to the secondary data.

[0143] Example 2

[0144] This embodiment provides a personalized federated learning privacy protection system based on homomorphic encrypted clustering, including a central server, auxiliary servers, and multiple clients. The process of federated multi-task learning performed by the central server, auxiliary servers, and multiple clients is as follows:

[0145] The client regularizes the local data distribution, receives the public key from the auxiliary server used for homomorphic encryption, encrypts the regularized local data to generate a ciphertext vector, and sends it to the central server.

[0146] The central server performs difference calculation on the ciphertext vector and sends the result to the auxiliary server. The auxiliary server receives the difference calculation result, decrypts it using the private key, and then segments, scrambles, and adds noise to the decrypted data to obtain a scrambled noise vector, which is then fed back to the central server.

[0147] The central server expands the scrambling noise vector to obtain an expanded vector, and then clusters all the expanded vectors.

[0148] The central server sends the global model to all clients, and the clients use the global model to train their own models on local data and then send them to the central server.

[0149] The central server aggregates client models within the same group based on clustering to obtain in-group models, and also aggregates each group with client models outside the group to obtain out-of-group models; it uses near-end optimization to obtain out-of-group models from in-group models, forming the final fused global model and sending it to each client.

[0150] The client uses a fusion global model to train on local data until the final federated model converges.

[0151] The descriptions of each embodiment in the above embodiments have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions in other embodiments.

[0152] Example 3

[0153] This embodiment provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps in the personalized federated learning privacy protection method based on homomorphic encrypted clustering as described in Embodiment 1 above.

[0154] Example 4

[0155] This embodiment provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the program, it implements the steps in the personalized federated learning privacy protection method based on homomorphic encrypted clustering as described in Embodiment 1 above.

[0156] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of hardware embodiments, software embodiments, or embodiments combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage and optical storage) containing computer-usable program code.

[0157] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0158] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0159] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0160] Those skilled in the art will understand that all or part of the processes in the above embodiments can be implemented by a computer program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. The storage medium can be a magnetic disk, optical disk, read-only memory (ROM), or random access memory (RAM), etc.

[0161] While the specific embodiments of the present invention have been described above in conjunction with the accompanying drawings, this is not intended to limit the scope of protection of the present invention. Those skilled in the art should understand that various modifications or variations that can be made by those skilled in the art without creative effort based on the technical solutions of the present invention are still within the scope of protection of the present invention.

Claims

1. A privacy-preserving method for personalized federated learning based on homomorphic encrypted clustering, characterized in that, include: The client performs regularization on the local data distribution, receives a public key for homomorphic encryption from the auxiliary server, encrypts the regularized local data distribution using the public key, generates a ciphertext vector, and sends it to the central server. The central server performs difference calculation on the ciphertext vector and sends the result to the auxiliary server. The auxiliary server receives the difference calculation result, decrypts the difference calculation result using the private key, and scrambles and adds noise to the decrypted data to obtain a scrambled noise vector, which is then fed back to the central server. The central server expands the scrambling noise vector to obtain an expanded vector, and then clusters all the expanded vectors. The central server sends the global model to all clients, and the clients use the global model to train their own models on local data and then send them to the central server. The central server aggregates client models within the same group based on clustering to obtain an in-group model; it also aggregates client models outside the group corresponding to each group to obtain an out-of-group model; using a near-end optimization method, based on the in-group model, it integrates the knowledge of the out-of-group model to form a final fused global model and sends it to each client. The client uses a fusion global model to train on local data until the final federated model converges.

2. The personalized federated learning privacy protection method based on homomorphic encrypted clustering as described in claim 1, characterized in that, The central server performs difference calculations on the ciphertext vector and sends the results to the auxiliary server, specifically as follows: Receive the ciphertext vectors from all clients; Choose one of the ciphertext vectors as the minuend and the remaining ciphertext vectors as the subtrahends. Calculate the difference between the two to obtain the difference calculation result, where the difference calculation result includes N-1 ciphertext vectors. The difference calculation results are sent to the auxiliary server.

3. The homomorphic encryption clustering-based personalized federated learning privacy protection method of claim 1, wherein, The auxiliary server receives the difference calculation result, decrypts the result using its private key, and then segments and scrambles the decrypted data, adding noise to obtain a scrambled noise vector, which is then fed back to the central server. Specifically: After receiving the difference calculation result, decrypt it using the private key; Shuffle each vector in the decrypted difference calculation result using the same random seed; Multiply each of the shuffled vectors by a noise vector to obtain the scrambled noise vector; The scrambling noise vector is sent to the central server.

4. The personalized federated learning privacy protection method based on homomorphic encrypted clustering as described in claim 1, characterized in that, The central server expands the scrambling noise vector to obtain expanded vectors, and then clusters all the expanded vectors into groups, specifically: For randomly selected clients j The perturbation noise vector, first containing a Inserting the all-zero vector of the nth element into the nth element The extended vector is obtained at each position. ;Right now, ； For other clients i To obtain First The Subvectors Treat it as a subtrahend, the other subvectors Treat it as the minuend, using other subvectors. Subtract respectively get , , It is the total number of clients. It is the number of iteration rounds. This represents the regularized data distribution across all clients; Based on the extended vector of client j mentioned above The generation method and the extended vector of other client i The generation method, through Extend to get any , That is, except All clients other than those mentioned above; in, This represents the local data distribution after adding noise to the j-th client. This represents the local data distribution of the first client after adding noise. This represents the local data distribution of the second client after adding noise. This represents the perturbation operation on a vector. This indicates the local data distribution after adding noise, selected as the subtrahend. This represents the distribution feature vector of the client. This represents the remaining clients excluding the j-th client.

5. The personalized federated learning privacy protection method based on homomorphic encrypted clustering as described in claim 1, characterized in that, The central server aggregates client models within the same group based on clustering to obtain models within that group, specifically: ； in, For the client Local dataset; For the first The group's model uses a local dataset; It is one-hot encoding, and each client corresponds to one. It contains C elements.

6. The homomorphic encryption clustering-based personalized federated learning privacy protection method of claim 1, wherein, The process of aggregating the external client models corresponding to each group to obtain the external model is as follows: ； in, Indicates exclusion All groups outside of the main group, It is the first Round The client models of the group are defined as follows: Ds is the local dataset of the model in the s-th group, and D is the global dataset.

7. The personalized federated learning privacy protection method based on homomorphic encrypted clustering as described in claim 1, characterized in that, Using a proximal optimization method, based on the within-group model, knowledge from the outside-group model is integrated to form the final fused global model, specifically: ； in, This is an out-of-group model, representing the aggregation results of client models that do not belong to group r. It is the number of rounds for near-end optimization. It controls the intensity of acquiring external knowledge. It is the first The first round Group's client model, It is the first The first round Group's client model, This represents the value of the variable that minimizes the objective function. It is a 2-norm.

8. A privacy protection system based on homomorphic encryption clustering personalized federated learning, characterized in that, The process of federated multi-task learning, comprising a central server, auxiliary servers, and multiple clients, specifically involves: The client performs regularization on the local data distribution, receives a public key for homomorphic encryption from the auxiliary server, encrypts the regularized local data distribution using the public key, generates a ciphertext vector, and sends it to the central server. The central server performs difference calculation on the ciphertext vector and sends the result to the auxiliary server. The auxiliary server receives the difference calculation result, decrypts the difference calculation result using the private key, and scrambles and adds noise to the decrypted data to obtain a scrambled noise vector, which is then fed back to the central server. The central server expands the scrambling noise vector to obtain an expanded vector, and then clusters all the expanded vectors. The central server sends the global model to all clients, and the clients use the global model to train their own models on local data and then send them to the central server. The central server aggregates client models within the same group based on clustering to obtain an in-group model; it also aggregates client models outside the group corresponding to each group to obtain an out-of-group model; using a near-end optimization method, based on the in-group model, it integrates the knowledge of the out-of-group model to form a final fused global model and sends it to each client. The client uses a fusion global model to train on local data until the final federated model converges.

9. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the program is executed by the processor, it implements the steps in the personalized federated learning privacy protection method based on homomorphic cryptographic clustering as described in any one of claims 1-7.

10. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, characterized in that, When the processor executes the program, it implements the steps in the personalized federated learning privacy protection method based on homomorphic cryptographic clustering as described in any one of claims 1-7.

Images