Systematic privacy-preserving federated learning method and system based on multi-receiver encryption and differential privacy
By combining multi-receiver encryption and differential privacy, the problem of privacy protection and performance imbalance in federated learning is solved, achieving efficient and secure data transmission and model updates, which is applicable to fields such as healthcare and finance.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- GUANGDONG UNIVERSITY OF FOREIGN STUDIES
- Filing Date
- 2025-02-26
- Publication Date
- 2026-07-03
AI Technical Summary
Existing federated learning technologies suffer from high computational and communication overhead, limited flexibility and scalability, and an imbalance between privacy protection and performance, making them difficult to adapt to dynamic environments and multi-user scenarios.
A method combining multi-receiver encryption and differential privacy is adopted. Differential privacy noise is added to the client for local model updates, and multi-receiver encryption technology is used for global model distribution to ensure that only authorized clients can decrypt the model, thereby reducing communication overhead and computational complexity.
It significantly improves the security and efficiency of federated learning, adapts to large-scale distributed environments, supports dynamic user access, complies with strict data protection regulations, and is suitable for sensitive data scenarios such as healthcare and finance.
Smart Images

Figure CN120146223B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to, but is not limited to, the field of federated learning technology, and particularly relates to a systematic privacy-preserving federated learning method and system based on multi-receiver encryption and differential privacy. Background Technology
[0002] With the development of artificial intelligence and big data technologies, federated learning, as an emerging distributed machine learning framework, can achieve collaborative modeling without directly accessing user data, effectively protecting data privacy. However, in practical applications, federated learning still faces many challenges, among which data privacy and model security issues are particularly prominent. Traditional federated learning relies on centralized aggregation servers, an architecture that carries potential risks such as sensitive data leakage and malicious attacks. Therefore, how to effectively protect user privacy while improving system robustness during federated learning has become a key issue of concern for both academia and industry.
[0003] In recent years, privacy protection methods based on encryption technology have gradually attracted widespread attention. Currently commonly used encryption methods include homomorphic encryption (HE), partial encryption, and secure multi-party computation (SMPC). These methods can achieve data privacy protection to a certain extent. Homomorphic encryption allows direct computation on encrypted data, and the decrypted result is consistent with the result of the operation on the plaintext data. However, homomorphic encryption has high computational overhead and low efficiency, making it unsuitable for large-scale real-time tasks, especially in distributed environments. Partial encryption balances privacy protection and computational efficiency by encrypting only parts of sensitive data, but its protection strength is insufficient and it is vulnerable to side-channel attacks or differential attacks. Secure multi-party computation achieves privacy protection through data segmentation and distributed processing, but it requires high synchronization among participants, resulting in high communication overhead and difficulty adapting to dynamic environments.
[0004] Traditional encryption methods are relatively inadequate in the following aspects:
[0005] The computational and communication overhead is high. Commonly used homomorphic encryption and SMPC methods have high computational complexity, which significantly increases computational and communication costs, especially when dealing with large-scale data or high-frequency model updates.
[0006] Limited flexibility and scalability. Homomorphic encryption and partial encryption involve complex key management in dynamic environments and do not support flexible user access. SMPC has high synchronization requirements for participants, making it difficult to adapt to complex distributed scenarios with multiple users.
[0007] There is an inadequate balance between privacy protection and performance. Homomorphic encryption provides strong privacy protection at the expense of performance, while partial encryption, although improving computational efficiency, offers insufficient protection.
[0008] In practical engineering applications, these methods are difficult to implement. Commonly used encryption methods require complex system integration and specialized knowledge support in real-world applications, increasing deployment difficulty and cost. Summary of the Invention
[0009] To address the problems existing in the prior art, this invention provides a systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy.
[0010] This invention is implemented as follows: a systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy, the method comprising:
[0011] S1: Initialize and distribute global model parameters
[0012] The server generates global model initial parameters W0 and distributes them to all legitimate clients using multi-receiver encryption technology.
[0013] Assign a unique identifier ID to each client i And use the master key MSK and public parameter PK to generate the corresponding encryption key SK. i ;
[0014] S2: Local model training on the client side
[0015] The client decrypts the global model and uses it based on the local private dataset D. i Train a local model and generate updated parameters W t+1 The training process is based on stochastic gradient descent (SGD) or its variants, as shown in the following formula:
[0016]
[0017] Among them, W t Here are the current model parameters, η is the learning rate, and L(·) is the loss function. The gradient of the loss function;
[0018] S3: Add privacy perturbations to client model parameters
[0019] The client adds differential privacy noise ξ to the locally updated parameters to prevent potential reverse engineering attacks. The noise follows a Laplace distribution, as shown in the following formula:
[0020]
[0021] Where Δ represents sensitivity and ∈ represents the privacy budget. By dynamically adjusting ∈ and Δ, privacy protection and model performance can be flexibly balanced in different scenarios;
[0022] S4: Client uploads parameters after disturbance
[0023] The client will perturb the parameter ΔW' i Uploaded to the server;
[0024] S5: Global Aggregation Module
[0025] The server receives perturbation parameters from all clients. And calculate the global model update parameters:
[0026]
[0027] Where S is the filtered set of clients;
[0028] S6: The server uses a multi-receiver encrypted distribution model for the global distribution.
[0029] The server employs identity-based multi-receiver encryption (MR-IBE) to update the global model parameters W. t+1 Perform multi-receiver encryption to generate ciphertext C. G Ensure that only authorized recipients can decrypt the encryption; the encryption process is as follows:
[0030] C G =Encrypt(PK,{ID i},W t+1 )
[0031] Ciphertext C G The encrypted message is distributed to authorized clients, who then use their private keys to decrypt it and update their local models. This encrypted message can be distributed to multiple recipients simultaneously, avoiding the redundant operation of generating a separate encrypted message for each recipient in traditional encryption methods, significantly reducing communication overhead; at the same time, it ensures the secure distribution of the global model; the client decrypts it using its private key and updates its local model parameters.
[0032] Another objective of this invention is to provide a systemic privacy-preserving federated learning device based on the aforementioned systemic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy, the device specifically comprising:
[0033] The server is responsible for the initialization, parameter aggregation, and distribution of the global model;
[0034] The client device is responsible for local model training, parameter decryption, and noise addition.
[0035] Furthermore, the server includes:
[0036] Computational unit: used to perform encryption, filtering, and aggregation operations;
[0037] Storage unit: Stores global model parameters and client identity information;
[0038] Communication module: Enables encrypted data transmission with the client.
[0039] Furthermore, the client device includes:
[0040] Computational unit: Used to perform local model training and decryption operations.
[0041] Storage unit: Stores local datasets and model parameters.
[0042] Communication module: transmits data with the server.
[0043] Another object of the present invention is to provide a computer device including a memory and a processor, the memory storing a computer program, which, when executed by the processor, causes the processor to perform the steps of the systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy.
[0044] Another object of the present invention is to provide a computer-readable storage medium storing a computer program that, when executed by a processor, causes the processor to perform the steps of the systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy.
[0045] Another objective of this invention is to provide an information data processing terminal for implementing the systematic privacy-preserving federated learning system based on multi-receiver encryption and differential privacy.
[0046] Based on the above technical solutions and the technical problems solved, the advantages and positive effects of the technical solution to be protected by this invention are as follows:
[0047] First, this invention proposes a systematic privacy-preserving federated learning method by combining Multi-Receiver Encryption (MRE) and Differential Privacy (DP) techniques, significantly improving the security, efficiency, and applicability of existing technologies. Firstly, this invention employs a dual privacy protection mechanism. During the local update phase, random noise is added using differential privacy to prevent data leakage. During the global distribution phase, MRE ensures that model parameters are decryptable only to authorized clients, effectively resisting attacks during transmission. Specifically, during the local update phase, noise is added to the client's local model update using differential privacy, making it impossible for attackers to recover the original data even if they obtain the model update. This technique effectively avoids the risk of data leakage and overcomes the limitations of traditional techniques that rely solely on encryption for privacy protection. Simultaneously, during the global distribution phase, this invention encrypts the model parameters using MRE, allowing only authorized clients to decrypt the corresponding model updates. This encryption scheme significantly improves the security of data transmission, solves the problems of eavesdropping and tampering attacks during transmission, and ensures comprehensive protection of data privacy during federated learning. Existing technologies suffer from two major drawbacks in privacy protection: firstly, model parameters during data transmission can be maliciously intercepted or tampered with, leading to privacy leaks or model corruption; secondly, while encryption technology plays a role in protecting data transmission, traditional encryption mechanisms often suffer from excessive computational and communication overhead, and the risk of information leakage during encrypted transmission. This dual protection significantly enhances the system's resistance to attacks and addresses the aforementioned two major privacy shortcomings, making it particularly suitable for scenarios with high privacy requirements, such as healthcare and finance.
[0048] Secondly, this invention optimizes the ciphertext generation and distribution process through multi-receiver encryption technology, solving the problem of excessive communication overhead and computational resource consumption in traditional encryption methods. Multi-receiver encryption allows the same ciphertext to be distributed to multiple recipients simultaneously, eliminating the need to generate ciphertext separately for each recipient, significantly reducing communication bandwidth requirements and computational costs, making it particularly suitable for large-scale distributed environments. Furthermore, this invention supports dynamically adjusting the differential privacy budget, flexibly balancing privacy protection strength and model performance according to specific scenarios, further enhancing the applicability and practicality of the method. Simultaneously, the modular design and dynamic scalability of this invention enable the system to be quickly deployed to distributed environments of different scales, supporting dynamic user access and efficient identity management, adapting to complex scenarios involving large scales and multiple users.
[0049] Finally, this invention is implemented based on a standard cryptography library, requiring low hardware specifications and incurring low implementation costs, thus possessing broad application prospects. Its high efficiency, security, and ease of expansion make this invention significantly innovative and practical in the field of privacy-preserving federated learning, capable of providing reliable solutions for multiple fields such as healthcare, finance, and the Internet of Things.
[0050] Secondly, by introducing a privacy protection scheme combining multi-receiver encryption and differential privacy, this invention significantly enhances data privacy security. This method effectively prevents data leaks and malicious attacks, and is particularly suitable for sensitive data scenarios such as finance and healthcare, while complying with stringent global data protection regulations such as the GDPR. This not only reduces the legal risks faced by enterprises due to privacy issues but also significantly enhances their brand reputation and market competitiveness.
[0051] This invention optimizes multi-receiver encryption technology based on traditional encryption schemes, significantly reducing communication overhead and computational resource consumption in large-scale distributed federated learning. By reducing bandwidth requirements and computational complexity, enterprises can deploy privacy-preserving systems at a lower cost, demonstrating significant economic advantages, especially in multi-user, large-scale scenarios.
[0052] While privacy protection technologies in federated learning have seen some development, most are currently limited to single applications of differential privacy or traditional encryption, and their protection against malicious clients is relatively weak. This invention is the first to introduce multi-receiver encryption technology into federated learning, achieving a balance between privacy, security, efficiency, and resource consumption through a dual privacy protection mechanism. This groundbreaking technical solution fills a technological gap in the field of privacy-preserving federated learning both domestically and internationally.
[0053] The technical solution of this invention strikes a balance between privacy protection and model performance, providing a new approach for the large-scale application of federated learning in sensitive data scenarios. Its efficient privacy protection mechanism and excellent scalability can meet the practical needs of fields such as finance, healthcare, and intelligent manufacturing, bringing direct application value and economic benefits to enterprises and users.
[0054] Traditional technologies generally believe that there is an irreconcilable conflict between privacy protection and model performance. This invention, however, proposes a comprehensive solution by combining differential privacy and multi-receiver encryption. By dynamically adjusting the differential privacy budget, this invention successfully achieves a win-win situation for both privacy protection and model training performance, breaking through the limitations of traditional thinking and overcoming inherent biases in privacy protection technologies.
[0055] The innovative technical solution of this invention not only provides a solution for current privacy-preserving federated learning, but also lays the foundation for the design and optimization of future large-scale distributed machine learning systems. Its systematic privacy-preserving method, with its balanced advantages in security, efficiency, and scalability, will become a core driving force for federated learning applications in sensitive data environments, providing important reference and guidance for subsequent technological development. Attached Figure Description
[0056] Figure 1This is a flowchart of a systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy provided by an example of the present invention;
[0057] Figure 2 This is a diagram of a systematic privacy-preserving federated learning system architecture based on multi-receiver encryption and differential privacy provided in an embodiment of the present invention.
[0058] Figure 3 This is a flowchart of multi-receiver encryption applied to federated learning, provided by an example of the present invention.
[0059] Figure 4 This is a performance comparison chart of this system with three common federated learning algorithms after adding noise on the Fashion-MINIST dataset, provided by an embodiment of the present invention.
[0060] Figure 5 This is a performance comparison chart of this system with three common federated learning algorithms after adding noise on the MINIST dataset, provided by an embodiment of the present invention.
[0061] Figure 6 This is a model performance table under the same privacy budget provided in the embodiments of the present invention. Detailed Implementation
[0062] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.
[0063] like Figure 1 As shown, this embodiment of the invention provides a systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy, the method comprising:
[0064] S1: Initialize and distribute global model parameters
[0065] The server generates global model initial parameters W0 and distributes them to all legitimate clients using multi-receiver encryption technology.
[0066] Assign a unique identifier ID to each client i And use the master key MSK and public parameter PK to generate the corresponding encryption key SK. i ;
[0067] S2: Local model training on the client side
[0068] The client is based on a local private dataset D i Train the model and generate updated parameters W t+1 The training process is based on stochastic gradient descent (SGD) or its variants, as shown in the following formula:
[0069]
[0070] Among them, W t Here are the current model parameters, η is the learning rate, and L(·) is the loss function. The gradient of the loss function;
[0071] S3: Add privacy perturbations to client model parameters
[0072] The client adds differential privacy noise ξ to the locally updated parameters to prevent potential reverse engineering attacks. The noise follows a Laplace distribution, as shown in the following formula:
[0073]
[0074] Where Δ represents sensitivity and ∈ represents the privacy budget. By dynamically adjusting ∈ and Δ, privacy protection and model performance can be flexibly balanced in different scenarios;
[0075] S4: Client uploads parameters after disturbance
[0076] The client will perturb the parameter ΔW' i Uploaded to the server;
[0077] S5: Global Aggregation Module
[0078] The server receives perturbation parameters from all clients. And calculate the global model update parameters:
[0079]
[0080] Where S is the filtered set of clients;
[0081] S6: The server uses a multi-receiver encrypted distribution model for the global distribution.
[0082] The server employs identity-based multi-receiver encryption (MR-IBE) to update the global model parameters W. t+1 Perform multi-receiver encryption to generate ciphertext C. G Ensure that only authorized recipients can decrypt the encryption; the encryption process is as follows:
[0083] C G =Encrypt(PK,{ID i},W t+1 )
[0084] Ciphertext C GThe encrypted message is distributed to authorized clients, who then use their private keys to decrypt it and update their local models. This encrypted message can be distributed to multiple recipients simultaneously, avoiding the redundant operation of generating a separate encrypted message for each recipient in traditional encryption methods, significantly reducing communication overhead; at the same time, it ensures the secure distribution of the global model; the client decrypts it using its private key and updates its local model parameters.
[0085] The server first generates global model initial parameters W0 and encrypts W0 using multi-receiver encryption technology. Then, it assigns a unique identity ID to each legitimate client. i The corresponding encryption key SK is generated using the master key MSK and the public parameter PK. i During this process, the server strictly manages the initial model parameters and client keys to ensure the correct generation and distribution of encryption keys, providing security for subsequent data transmission.
[0086] Each client is based on its local private dataset D i Model training is performed using stochastic gradient descent (SGD) or its variants to update model parameters. Specifically, each client updates the model parameters W at the current stage. t Calculate the loss function L(W) based on this. t ;D i gradient of ) Then follow the formula Calculate the updated model parameters. This process involves extracting gradient information from the signal data and performing numerical calculations to ensure the accuracy and efficiency of the training process.
[0087] After the client completes the local model update, to prevent reverse engineering attacks, each client updates the gradient update data ΔW. i Adding Laplace noise ξ to the updated parameter ΔW i ′=ΔW i +ξ. This noise ξ follows a Laplace(0,Δ / ε) distribution, where Δ is the sensitivity and ε is the privacy budget. By dynamically adjusting the noise parameters, the client can ensure model training performance while protecting the privacy of sensitive information during signal data processing.
[0088] Each client will process the perturbation parameter ΔW after differential privacy processing. i The signal data is uploaded to the server via a secure communication channel. During this stage, the signal data transmission is encrypted, and network protocols ensure its integrity and confidentiality throughout the transmission process. Upon receiving the signal data, the server performs a preliminary verification of the uploaded data to ensure that the data transmitted by each client conforms to the predetermined format and integrity requirements.
[0089] The server performs global aggregation on all received client perturbation parameters, obtaining the global model update parameter ΔW through mathematical operations such as averaging. This aggregation process integrates the local model information from each client at the signal data level, ensuring that the data maintains a certain degree of robustness and consistency during the fusion process. The aggregated global model parameters are subsequently updated to form a new global model W. t+1 .
[0090] After the global model update is complete, the server uses identity-based multi-receiver encryption to encrypt the updated model parameters, generating ciphertext. This ciphertext can be distributed to multiple authorized clients simultaneously, effectively reducing redundant computation by generating ciphertext for each client individually. Upon receiving the ciphertext, each client uses its respective private key SK. i The updated global model parameters are decrypted and used for subsequent local model updates, thus completing the entire process of secure global model distribution and signal data processing. For example... Figure 2 As shown, this embodiment of the invention provides a systemic privacy-preserving federated learning device based on the aforementioned systemic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy. The device specifically includes:
[0091] The server is responsible for the initialization, parameter aggregation, and distribution of the global model;
[0092] The client device is responsible for local model training, parameter decryption, and noise addition.
[0093] The server includes:
[0094] Computational unit: used to perform encryption, filtering, and aggregation operations;
[0095] Storage unit: Stores global model parameters and client identity information;
[0096] Communication module: Enables encrypted data transmission with the client.
[0097] The client device includes:
[0098] Computational unit: Used to perform local model training and decryption operations.
[0099] Storage unit: Stores local datasets and model parameters.
[0100] Communication module: transmits data with the server.
[0101] In this embodiment, identity-based multi-receiver encryption technology is employed to encrypt parameter updates transmitted by the server in the federated learning system. This technology allows multiple clients to simultaneously decrypt the encrypted global model issued by the server using their respective identity keys, thereby achieving secure data transmission and storage in a multi-party data-sharing environment.
[0102] To protect local client data and model privacy, this invention incorporates Laplace noise during the federated learning process to construct a differential privacy mechanism. This mechanism embeds noise in client model updates, ensuring that sensitive information from individual clients is not leaked during parameter aggregation, while maintaining the overall model's effectiveness and accuracy.
[0103] The server aggregates the differentially privacy-processed model update parameters uploaded by each client. The aggregation process performs predetermined mathematical operations on the server, integrating scattered local model information into a unified global model. This aggregation method achieves efficient model fusion and parameter updates while ensuring data privacy protection.
[0104] The global model, after global aggregation, is further encrypted using multi-receiver encryption technology and distributed to participating clients. The entire system comprises computer equipment, computer-readable storage media, and information data processing terminals. These devices, after storing the corresponding computer programs, can execute the federated learning method steps of this invention, achieving multi-party collaborative, systemic, privacy-preserving federated learning.
[0105] The present invention was tested, and the following is the experimental section: The data used in this invention are the public datasets Fashion-MINIST and MINIST dataset, both of which are real data. The MNIST task involves classifying handwritten digits (0-9), while the Fashion-MNIST task focuses on classifying various fashion items. The MNIST dataset contains 50,000 training samples and 10,000 test samples, each with 784 features and 10 categories. The Fashion-MNIST dataset has the same number of training and test samples as MNIST, 50,000 and 10,000 respectively, each with 784 features and also 10 categories.
[0106] Depend on Figure 4 and Figure 5 It can be seen that the method of the present invention, while rigorously improving privacy protection performance, is almost comparable to the most commonly used FedAvg, FedSGD, and FedAdam. Its average accuracy after convergence is less than 1% lower than that of FedAvg, FedSGD, and FedAdam, which fully demonstrates the advantage of the method of the present invention in improving privacy protection performance while maintaining high performance. Figure 6 As can be seen, after comparing the impact of noise addition on different algorithms under the same differential privacy budget (∈=2), the method of this invention significantly outperforms other algorithms, such as FedAvg, FedAdam, and FedSGD, on the MNIST and Fashion-MNIST datasets. On the MNIST dataset, the method of this invention achieves a test accuracy of 91% and an F1 score of 90%, surpassing FedAvg's 83% and 82%, FedAdam's 88%, and FedSGD's 83%. The recall of this invention also reaches 91%, showing a significant improvement. For the more challenging Fashion-MNIST dataset, the method of this invention performs strongly, with a test accuracy of 77%, an F1 score of 77%, and a recall of 75%. In comparison, FedAvg's accuracy is 72% (F1 score of 0.71), while FedAdam and FedSGD have even lower accuracies of only 66%. Figure 6 As shown, these results demonstrate that, under the same differential privacy budget, the present invention maintains superior performance even after the addition of noise, effectively showcasing its advantages in preserving both accuracy and privacy.
[0107] Example 1: Privacy-Preserving Federated Learning in Medical Data Sharing
[0108] In a healthcare data-sharing project, multiple healthcare institutions (such as hospitals and clinics) collaborate on federated learning to train a model that predicts patients' disease risk. Due to the sensitive nature of patient information, the institutions do not wish to directly share their data. The following is the specific implementation process:
[0109] 1) Global model initialization and distribution:
[0110] The central server generates the initial parameters for the global model and distributes the encrypted model parameters to each medical institution using identity-based multi-receiver encryption.
[0111] 2) Local model training:
[0112] Each healthcare institution trains its model based on its local patient dataset (such as electronic medical records) and uses the stochastic gradient descent algorithm to calculate and update parameters.
[0113] 3) Add privacy disturbances:
[0114] After each training iteration, each institution adds noise that satisfies differential privacy (Laplace distribution noise) to the updated model parameters to ensure the privacy of patient data.
[0115] 4) Upload parameters and global aggregation:
[0116] Each medical institution uploads the perturbed model parameters to the central server. The server receives and filters the legitimate client uploads and updates the global parameters using a weighted average.
[0117] 5) Global parameter distribution:
[0118] The updated global model parameters are re-encrypted using multi-receiver encryption technology and distributed to all medical institutions. Each institution decrypts the parameters and updates its local model.
[0119] This approach ensures that medical data is used in model training without leaving the local area, while protecting patient privacy and data security, and complying with data protection regulations such as the GDPR.
[0120] Example 2: Joint Fraud Detection System for Financial Institutions
[0121] Multiple financial institutions (such as banks and payment companies) need to collaborate to train a machine learning model to identify potential financial fraud, but the data from each institution is highly sensitive (such as transaction records and customer identification information). The following is the specific implementation process:
[0122] 1) Global model initialization and distribution:
[0123] The central server initializes a global model and distributes the model parameters to all participating financial institutions using multi-receiver encryption technology.
[0124] 2) Training on local data:
[0125] Each institution uses its local financial transaction dataset (such as payment records and transfer records) to train the model and calculate the updated model parameters.
[0126] 3) Differential privacy perturbation:
[0127] Financial institutions are adding differential privacy noise to their updated model parameters. The noise parameters are dynamically adjusted based on privacy budgets and data sensitivity to ensure that transaction data privacy is not compromised.
[0128] 4) Uploading and aggregation of disturbance parameters:
[0129] Each institution uploads its privacy-perturbed model parameters to the central server. The server then filters and aggregates the uploaded parameters from all participating institutions to calculate new global model parameters.
[0130] 5) Global model distribution and update:
[0131] The central server encrypts the updated global model parameters for multiple recipients and distributes the encrypted model parameters to each financial institution. Each institution then decrypts the parameters and updates its local model.
[0132] This method allows multiple financial institutions to jointly train a high-efficiency fraud detection model while protecting user privacy, thus improving model performance and ensuring data security and compliance.
[0133] It should be noted that embodiments of the present invention can be implemented in hardware, software, or a combination of both. The hardware portion can be implemented using dedicated logic; the software portion can be stored in memory and executed by a suitable instruction execution system, such as a microprocessor or dedicated-design hardware. Those skilled in the art will understand that the above-described devices and methods can be implemented using computer-executable instructions and / or included in processor control code, for example, such code provided on a carrier medium such as a disk, CD, or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The devices and modules of the present invention can be implemented by hardware circuitry such as very large-scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field-programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of the above-described hardware circuitry and software, such as firmware.
[0134] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any modifications, equivalent substitutions, and improvements made by those skilled in the art within the scope of the technology disclosed in the present invention, and within the spirit and principles of the present invention, should be covered within the scope of protection of the present invention.
Claims
1. A systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy, characterized in that, The method includes the following steps: Initialize global model parameters and distribute them to clients using multi-receiver encryption technology; The client trains the model based on a local private dataset and generates locally updated parameters. The client adds privacy-preserving perturbation noise that follows a Laplace distribution to the locally updated parameters; The client uploads updated parameters with added privacy perturbations to the server; The server performs global parameter aggregation based on the received client update parameters; The server performs multi-receiver encryption on the aggregated global parameters and distributes them to the client. The method specifically includes: S1: Initialize and distribute global model parameters The server generates initial parameters for the global model. It is distributed to all legitimate clients using multi-receiver encryption technology; Assign a unique identifier to each client and using the master key MSK and public parameters Generate the corresponding encryption key ; S2: Local model training on the client side The client is based on a local private dataset. Train the model and generate updated parameters The training process is based on stochastic gradient descent (SGD) or its variants, as shown in the following formula: ; in, These are the current model parameters. For learning rate, For loss function, The gradient of the loss function; S3: Add privacy perturbations to client model parameters The client adds differential privacy noise to the local update parameters. To prevent potential reverse engineering attacks; the noise follows a Laplace distribution, as shown in the following formula: ; in, For sensitivity, For privacy budget; through dynamic adjustment and It can flexibly balance privacy protection and model performance in different scenarios; S4: Client uploads parameters after perturbation The client will perturb the parameters Uploaded to the server; S5: Global Aggregation Module The server receives perturbation parameters from all clients. And calculate the global model update parameters: ; Where S is the filtered set of clients; S6: The server uses a multi-receiver encrypted distribution model for the global distribution. The server employs identity-based multi-receiver encryption technology to authenticate the updated global model parameters. Multi-receiver encryption is performed to generate ciphertext. Ensure that only authorized recipients can decrypt the encryption; the encryption process is as follows: ; ciphertext Distribute to authorized clients, who use their private keys to decrypt and update their local models; this ciphertext can be distributed to multiple recipients simultaneously; clients decrypt and update their local model parameters using their private keys.
2. The systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy as described in claim 1, characterized in that, The global parameter aggregation step uses a weighted average of the parameters from the client set.
3. An apparatus based on the systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy as described in any one of claims 1 to 2, characterized in that, The device includes: The server, which has a computing unit, a storage unit, and a communication module, is used to perform model initialization, parameter aggregation, and encrypted distribution. The client device, which has a computing unit, a storage unit, and a communication module, is used to perform local model training, parameter decryption, and privacy perturbation addition.
4. The systematic privacy-preserving federated learning device based on multi-receiver encryption and differential privacy as described in claim 3, characterized in that, The server includes: Computational unit: used to perform encryption, filtering, and aggregation operations; Storage unit: Stores global model parameters and client identity information; Communication module: Enables encrypted data transmission with the client.
5. The systematic privacy-preserving federated learning device based on multi-receiver encryption and differential privacy as described in claim 4, characterized in that, The client device includes: Computational unit: Used to perform local model training and decryption operations; Storage unit: Stores local datasets and model parameters; Communication module: transmits data with the server.
6. A computer device, characterized in that, The computer device includes a memory and a processor. The memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of the systematic privacy-preserving federated learning method based on multi-receiver encryption and differential privacy as described in claim 1.