A federated learning secure aggregation method and system supporting bidirectional verification
By employing encryption techniques based on the decision compound residue hypothesis and a verifiable secret-sharing mechanism based on Pedersen commitments, combined with vector homomorphic hashing, bidirectional verification between the client and server in federated learning is achieved. This solves the problem of high computation and communication costs in resource-constrained environments and ensures the security and reliability of the federated learning process.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XIAN UNIV OF POSTS & TELECOMM
- Filing Date
- 2026-01-09
- Publication Date
- 2026-06-05
AI Technical Summary
Existing federated learning security aggregation technologies struggle to strike a good balance between privacy protection, verifiable functionality, and system efficiency. In resource-constrained deployment environments, existing solutions suffer from excessively high computational and communication costs and are ill-equipped to effectively defend against forgery attacks and malicious behavior.
It employs encryption technology based on the decision compound residue hypothesis to protect client model updates, combines a verifiable secret sharing mechanism based on Pedersen commitments to ensure format correctness, and implements lightweight verification through vector homomorphic hashing to support client verification of the correctness of server aggregation results.
It achieves efficient two-way verification in resource-constrained environments, accurately identifies and isolates malicious clients, ensures the security and reliability of the federated learning process, reduces computational overhead, and is suitable for scenarios such as smartphones and in-vehicle devices.
Smart Images

Figure CN122160084A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to, but is not limited to, the field of secure aggregation technology for federated learning, and particularly relates to a secure aggregation method and system for federated learning that supports bidirectional verification. Background Technology
[0002] In the data-driven era, machine learning, with its superior data analysis and pattern prediction capabilities, has become a core driving force for the intelligent transformation of key fields such as fintech, smart healthcare, and autonomous driving. However, the traditional centralized machine learning paradigm relies on the collection and centralized processing of massive amounts of raw data. This process not only faces enormous data transmission and storage costs but also, against the backdrop of increasingly stringent data protection laws and regulations globally, raises serious risks of user data privacy breaches. Faced with the dual constraints of the "data silo" effect and privacy protection requirements, how to fully explore the value of data while effectively ensuring the data privacy and security of all participants has become a key challenge shared by industry and academia.
[0003] Federated learning, as an innovative distributed collaborative machine learning paradigm, offers an effective solution to the aforementioned challenges. Its core concept is "the model moves while the data remains stationary," meaning that the original data of each participant remains locally, and collaborative modeling is achieved only through the exchange of model update parameters. In a typical federated learning system, a central server coordinates the global training process: multiple client devices perform calculations based on local data, generate model updates, and upload them to the server; the server securely aggregates all received updates to optimize and generate a new generation of global model; this model is then distributed to each client to begin the next round of training. This mechanism fundamentally avoids the centralization and transfer of original data, significantly reducing the risk of direct data exposure, thus providing a compliant and feasible collaborative intelligence solution for fields with stringent data privacy and security requirements, such as healthcare, financial services, and smart cities.
[0004] While federated learning effectively avoids direct leakage of raw data through data localization, its distributed collaborative framework itself introduces new security and privacy challenges. The primary threat comes from the server side. Even if a client only uploads model parameters, a semi-honest or malicious aggregation server could still analyze continuous update sequences from a specific client to launch privacy inference attacks, thereby reconstructing or inferring the client's sensitive training data. More seriously, if an attacker controls the server or intermediate nodes in the communication link, they could maliciously tamper with the aggregation results or distribute incorrect global models, directly compromising the integrity of the training process and causing the final model to fail. Secondly, client-side misconduct also poses a serious threat. In actual deployments, some clients may send incomplete, incorrectly formatted, or non-compliant messages during interactions with other clients due to hardware or software failures, network anomalies, or malicious intent. Such behavior directly leads to incorrect aggregation computation, thus affecting the reliability of the entire federated learning system and the smooth progress of the training task.
[0005] To address these challenges, the research field has introduced various technologies to enhance the security of federated learning frameworks. Among these, secure aggregation protocols aim to protect the confidentiality of individual client updates, enabling the server to complete aggregation calculations without parsing the specific content of each update, thus effectively defending against privacy inference attacks from the server. Simultaneously, verifiability mechanisms have been proposed to ensure the trustworthiness of the distributed computing process. The core of this mechanism is the construction of bidirectional verification capabilities: on the one hand, the server can verify whether the updates submitted by the client conform to the predetermined format and consistency requirements of the protocol, thereby filtering and rejecting invalid or malicious input; on the other hand, the client can verify whether the aggregation result it receives is correctly calculated from all verified updates, thus confirming that the server has not tampered with the result. Implementing an efficient bidirectional verification mechanism suitable for practical deployment scenarios is crucial for building a trustworthy federated learning system.
[0006] However, existing technical solutions often struggle to achieve a good balance between privacy protection strength, verifiable functionality, and system efficiency. Some solutions focus on enhancing privacy through cryptographic means but lack effective verification mechanisms for client input compliance and the correctness of aggregation results. Other solutions, while providing strong verifiability guarantees, typically rely on complex multi-turn interactions or high-overhead cryptographic primitives, leading to a significant increase in computational and communication costs. Such overhead is often unbearable for federated learning networks composed of resource-constrained nodes such as mobile terminals and IoT devices. Therefore, developing a secure federated learning aggregation scheme that can adapt to resource-constrained deployment environments, while ensuring data privacy, and achieving efficient two-way verification to guarantee the correctness of the aggregation computation process and results remains a valuable and unresolved technical challenge. Summary of the Invention
[0007] To address the problems existing in the prior art, this invention provides a secure aggregation method for federated learning that supports two-way verification, and particularly relates to a secure aggregation method and system that supports verifiable client messages and server aggregation results.
[0008] This invention proposes a secure aggregation and bidirectional verification scheme for federated learning. During federated learning training, this invention employs encryption technology based on the decision compound residue hypothesis to protect model updates uploaded by clients, achieving privacy-preserving gradient aggregation. Simultaneously, by leveraging a verifiable secret-sharing mechanism based on Pedersen commitments, the server can verify the format correctness and consistency of shares generated by clients, thereby preventing invalid or malicious submissions. Furthermore, the server can accurately identify malicious clients uploading incorrect formats and remove them from the training process. In addition, by introducing a lightweight verification method based on vector homomorphic hashing, clients can efficiently verify the correctness of the aggregation results returned by the server, ensuring that the calculation results have not been tampered with.
[0009] This invention is implemented as follows: a secure aggregation method for federated learning that supports two-way verification includes: using encryption technology based on the decision compound residual hypothesis to protect client privacy, and proposing a two-way verification mechanism to ensure that the server can verify the correctness of client messages, while the client can verify the correctness of the aggregation results generated by the server. The scheme includes four stages: initialization, local training, server verification and aggregation, and client verification, as well as an additional error share detection and tracing stage. The error share detection and tracing stage is only executed when verification fails in the server verification and aggregation stage; otherwise, this stage is not executed. The aggregation server and client respectively initialize the public parameters and encryption / decryption keys required for subsequent steps; the client uses a mask to encrypt local model parameters, calculates the vector homomorphic hash value and commitment value, and secretly shares the mask before encrypting and sending it to other clients; the aggregation server confirms the client set, and the clients in the set aggregate mask shares and upload them to the server; the server verifies the correctness of the client shares, then generates the global model parameters for aggregation and calculates the verification value of the generated result; the client verifies the correctness of the aggregation parameters and updates its local model using the global model parameters.
[0010] Furthermore, the federated learning secure aggregation method includes the following steps:
[0011] Step 1, Initialization Phase: The aggregation server and client complete the initialization of various parameters, which will be used in subsequent steps in the scheme; this includes initializing basic parameters, public parameters based on Pedersen commitments for verifiable secret sharing, vector homomorphic hashing, and encryption / decryption keys.
[0012] Step 2, Local Training Phase: The client uses the local training dataset to generate local model parameters, then protects these parameters using encryption based on the decision compound residual hypothesis. It generates commitment values and secret share shares using a verifiable secret-sharing technique based on Pedersen commitments, and encrypts the secret share shares using ElGamal encryption. The aggregation server collects the data uploaded by the client.
[0013] Step 3, Server Verification and Aggregation Phase: After receiving the encrypted message, the client decrypts the ciphertext using ElGamal encryption technology, then performs share aggregation calculations and sends the result to the aggregation server. Upon receiving the message, the aggregation server performs secret reconstruction and then verifies the secret shared share. If verification is successful, parameter aggregation is performed; if verification fails, erroneous share detection and tracing are performed, malicious clients are removed, and verification is performed again.
[0014] Step 4, Client Verification Phase: After receiving the message broadcast by the aggregation server, the client verifies the global model parameters. If the verification is successful, the local model is updated; if the verification fails, the current round of aggregation is terminated.
[0015] An additional step, the error share detection and tracing phase: The aggregation server verifies that there is a format error in the secret shared share uploaded by the client, and further traces the generation of the error share back to the specific client; after confirmation, the malicious client is removed from the client set and refused to participate in subsequent federated learning training.
[0016] Furthermore, during the initialization phase, the aggregation server first selects a set of clients based on historical performance and sets basic parameters, generating large integers. Constructing a cyclic group and Define a hash function It then broadcasts all public parameters to all clients; subsequently, each client uses the security parameters. Generate your own public and private key pairs The system then sends the public key to the server and broadcasts it. At this point, the system has completed the unified generation and distribution of global parameters and the generation and exchange of client key pairs, laying the foundation for secure computation and communication in subsequent federated learning.
[0017] Furthermore, the initialization phase in step one specifically includes:
[0018] (1) Generation and broadcasting of system parameters
[0019] 1) The aggregation server selects clients to participate in training based on their historical performance and generates a unique index. Generate a client set for the clients participating in federated learning training. ,in In the description of this invention, Indicates the current client. Indicates other clients, i.e. ; Indicates the number of clients is The secret sharing threshold is ,in ; Indicates the current training round number;
[0020] 2) The aggregation server generates a large integer. Construct a class of order. The generator is and Cyclic group Construct a hash function ;
[0021] 3) The aggregation server generates and constructs a sequence of order. Cyclic group Randomly select generator ,in The dimension of the vector is the same as the dimension of the local model parameters;
[0022] 4) Aggregator server broadcasts common parameters Given a set The client in the middle.
[0023] (2) Client key generation
[0024] 1) All clients receive a security parameter. And generate public and private key pairs ;
[0025] 2) The client broadcasts the public key through the aggregation server. For other clients.
[0026] Furthermore, during the local training phase, each client calculates and generates local model parameters. Based on the global model parameters from the previous round, the client then performs a series of encryption and commitment operations: calculating encryption parameters. and vector hash value Generate commitment value and use verifiable secret sharing technology to The data is divided into shares, and then encrypted using ElGamal with the public keys of other clients to generate ciphertext. Finally, the client sends the calculated parameters to the aggregation server. The aggregation server then collects at least the threshold values. Messages from each client form a set If the quantity requirement is met, then all encrypted text will be... Broadcast to all clients; otherwise, terminate this round of aggregation. At this point, the system has completed the secure encryption of the client's local model, the distribution of commitments and secrets, and the server's collection and broadcast of encrypted data, providing the necessary input for subsequent aggregation and verification.
[0027] Furthermore, the local training phase in step two specifically includes:
[0028] (1) Local training on the client
[0029] 1) Each client uses its private local dataset to train the model and generate a local model, which in turn combines the global model parameters sent by the server to generate local model parameters. ;
[0030] 2) Each client randomly selects ,calculate ;
[0031] 3) Each client calculates the vector homomorphic hash value. ,in Represents local model parameters The Middle Each element value;
[0032] 4) Each client randomly selects a blinding factor. ,in Calculate commitment Construct two polynomials and And calculate and generate a set of commitment values. , ;
[0033] 5) Each client uses verifiable Shamir secret sharing technology. Will Perform segmentation and calculation Then, encryption is performed using the corresponding client's public key, employing the encryption algorithm in ElGamal encryption technology. Calculate and generate ciphertext ;
[0034] 6) Each client sends Give it to the aggregation server.
[0035] (2) Server collects data
[0036] 1) The aggregation server collects at least Messages from one client, the client set is... Otherwise, stop this round of aggregation;
[0037] 2) Aggregator server broadcasts encrypted messages For all clients.
[0038] Furthermore, during the server verification and aggregation phase, the client first receives and decrypts the ciphertext broadcast by the aggregation server, verifies its identity validity, and then aggregates all received secret shares into a single unit. And send it to the server. The aggregation server collects at least The aggregated shares of each client are used to reconstruct the master secret using verifiable secret sharing technology. The correctness of the share is verified using a commitment equation; if verification is successful, aggregation calculation continues; otherwise, the process proceeds to the error detection phase. After successful verification, the aggregation server calculates the global model parameters. and its vector hash verification value The system then broadcasts this information to participating clients. At this point, the system has completed the collaborative aggregation of secret shares, validity verification, and generation of the global model, providing reliable input for subsequent local verification of the aggregation results and model updates by the clients.
[0039] Furthermore, the server verification and aggregation phase in step three specifically includes:
[0040] (1) Client-side aggregation of secret shared shares
[0041] 1) Each client receives the encrypted message broadcast by the aggregation server. Decryption is performed using a private decryption key and the decryption algorithm in ElGamal encryption technology. Calculate and generate plaintext and determine ;
[0042] 2) Each client aggregates all the shares it receives and calculates... and ;
[0043] 3) Each client calculates its own aggregate share. Send to the aggregation server.
[0044] (2) Server verifies the correctness of the share
[0045] 1) The aggregation server collects at least Messages from one client, the client set is... Otherwise, stop this round of aggregation;
[0046] 2) The aggregation server receives messages from each client. Using verifiable Shamir secret sharing technology Reconstruct the message and calculate its generation. ;
[0047] 3) The aggregation server verifies whether the commitment is true and whether the equation is true. ;
[0048] 4) If the commitment is valid, it proves that the secret share format uploaded by the client is correct, and the next steps continue; if the commitment is invalid, the error share detection and tracing stage is carried out.
[0049] (3) Server aggregation
[0050] 1) The aggregation server aggregates and generates global model parameters, and calculates them. , ;
[0051] 2) The aggregation server aggregates and generates global model parameter validation values, and calculates... ;
[0052] 3) The aggregation server broadcasts global model parameters. and its verification value Give Clients in the collection.
[0053] Furthermore, during the client verification phase, each client first receives the global model parameters broadcast by the aggregation server. and its verification value Subsequently, the client verifies the correctness of the global model parameters: if correct, it updates the local model and proceeds to the next round of training; if not, it terminates the current aggregation round. At this point, the client has completed the verification of the aggregation results' correctness and, upon successful verification, reliably updated the local model, thus ensuring the security and effectiveness of the federated learning iteration process.
[0054] Furthermore, the client verification phase in step four specifically includes:
[0055] (1) Client verification and aggregation
[0056] 1) Each client receives a message broadcast by the aggregation server. ;
[0057] 2) Each client verifies whether the verification value returned by the aggregation server is correct, and calculates the equation. Check if the condition is met; if it is met, proceed to the next step; if it is not met, terminate the aggregation.
[0058] 3) Each client uses the global model parameters broadcast by the aggregation server. Update the local model, generate new local model parameters, and perform the next cycle of federated learning training until the convergence condition is met and the federated learning training ends.
[0059] Furthermore, in the error share detection and tracing phase, when the aggregation server detects an error in the aggregated share uploaded by a client, it first calculates the aggregate commitment value and verifies the shares submitted by each client, sending a list of failed commitments to the relevant clients. Upon receiving the list, the client cross-verifies the shares shared with it by other clients, identifies the specific client with the error, and generates a cryptographic proof based on the ElGamal ciphertext and its own private key, sending it to the server. The server verifies the proof and determines the source of the error based on the verification result: if the proof verification fails, the current client is identified as malicious and removed from the set; if the proof passes but the share commitment verification fails, the identified client is determined to be malicious and removed. Subsequently, the system re-performs the share verification step using the updated client set. Thus, through commitment technology and a proof mechanism, the system achieves accurate identification and isolation of malicious clients, thereby ensuring the security and correctness of the federated learning aggregation process.
[0060] Furthermore, the additional steps for error share detection and tracing specifically include:
[0061] 1) Aggregator server computing Then use the equation Verify the share uploaded by each client ;
[0062] 2) Send a list of commitments that failed verification. For the corresponding client ;
[0063] 3) Client Receive the list of commitments, use the equation Verify the share of each other client. ;
[0064] 4) Client Find the client that failed verification Use your own public and private keys , corresponding shared shares Ciphertext generated by ElGamal encryption technology The calculation proves it. ,in , , , , , ;
[0065] 5) Client sends proof The data is sent to the aggregation server, which continues the verification process.
[0066] 6) Aggregator server verification The verification results were obtained. ;if Verification failed, the server will send the client... Remove from client collection And repeat step 3; if Verification successful. Proceed to the next steps.
[0067] 7) Aggregator server verification Obtain the verification result ;if Verification failed, the server will send the client... Remove from client collection Then proceed to step 3 again.
[0068] Another object of the present invention is to provide a secure aggregation system for federated learning that supports two-way verification. The secure aggregation system for federated learning includes:
[0069] The initialization module is used to aggregate the initialization of various parameters by the server and client to generate the basic parameters required for subsequent steps; including the initialization of basic parameters, as well as verifiable secret sharing based on Pedersen commitments, public parameters and encryption / decryption keys based on vector homomorphic hashing;
[0070] The local training module is used by the client to generate local model parameters using the local training dataset and protect them using an encryption technique based on the decision compound residual hypothesis; at the same time, it generates a commitment value and a secret sharing share based on the verifiable secret sharing technique of Pedersen commitment and encrypts the secret sharing share using ElGamal encryption technology; the aggregation server collects the encrypted data uploaded by the client;
[0071] The server verification and aggregation module is used by the client to decrypt the ciphertext using ElGamal encryption technology after receiving data, perform share aggregation calculation, and send the result to the aggregation server. After receiving the data, the aggregation server performs secret reconstruction and verifies the secret shared share. If the verification is successful, parameter aggregation is performed; if the verification fails, error share detection and tracing are triggered.
[0072] The client-side verification module is used by the client to verify the global model parameters broadcast by the aggregation server; if the verification is successful, the local model is updated; if the verification fails, the current round of aggregation is terminated.
[0073] The error share detection and tracing module is used to trace the error share back to a specific client when the aggregation server verifies and finds an error share; after confirming a malicious client, it is removed from the client set and refused to participate in subsequent training.
[0074] Another object of the present invention is to provide a computer device including a memory and a processor, the memory storing a computer program, which, when executed by the processor, causes the processor to perform the steps of the federated learning secure aggregation method.
[0075] Another object of the present invention is to provide a computer-readable storage medium storing a computer program, which, when executed by a processor, causes the processor to perform the steps of the federated learning secure aggregation method.
[0076] Another objective of this invention is to provide an information data processing terminal for implementing the aforementioned federated learning secure aggregation system.
[0077] Based on the above technical solutions and the technical problems solved, the advantages and positive effects of the technical solution to be protected by this invention are as follows:
[0078] This invention provides a secure aggregation method for federated learning that supports two-way verification between the server and the client. This method combines verifiable secret sharing technology based on Pedersen commitments, ElGamal encryption technology, and vector homomorphic hashing technology. It clearly delineates the initialization phase, local training phase, server verification and aggregation phase, client verification phase, and an additional error share detection and tracing phase. This not only effectively addresses the limitations of existing secure aggregation technologies where verification mechanisms are unidirectional or absent, but also accurately traces and securely isolates malicious clients, overcoming the shortcomings of existing solutions in terms of insufficient location capabilities or high "false positive" costs when facing spoofing attacks. During the initialization phase, the aggregation server initializes the verifiable secret share and vector homomorphic hash parameters, while the client initializes the public and private key pairs, laying the foundation for subsequent two-way verification while ensuring communication security. During the local training phase, the client generates the mask's commitment value and the ciphertext of the secret share, ensuring both mask security and that the share cannot be replaced. During the server verification and aggregation phase, the aggregation server reconstructs the mask using the aggregated share uploaded by the client and verifies its correctness. Successful verification proves the share format is correct and ensures the accuracy of global training; failure triggers an error share detection and tracing phase, removing malicious clients. During the client verification phase, the client verifies the correctness of the server's aggregation result by calculating the vector homomorphic hash, protecting the accuracy of the local model from being affected. During the error share detection and tracing phase, the client and server collaborate to accurately locate and trace malicious clients and refuse their participation in subsequent federated learning training, ensuring the accuracy of federated learning training. Through the aforementioned complete phased mechanism, this invention achieves a two-way verification closed loop of "server verifying client – client verifying server," ensuring the credibility of both data submission and result return during training and realizing endogenous supervision of the entire lifecycle of federated learning. Furthermore, it can safely and accurately remove confirmed malicious clients from the participant set, avoiding accidental harm to honest clients and significantly improving the system's survivability and fairness in adversarial environments.
[0079] This invention achieves an integrated processing mechanism that combines efficient privacy protection with built-in fault tolerance, solving the problems of fragmented privacy computation and fault tolerance processing, and high computational overhead in traditional solutions. Existing solutions often use homomorphic encryption combined with simple secret sharing, where encryption and fault tolerance processes are often performed in series, leading to accumulated computational delays and requiring complex recovery protocols when clients disconnect. This invention, during the local training phase, collaboratively uses encryption technology based on the decisional compound residue hypothesis to protect model parameters, utilizes Pedersen commitments to bind random numbers, and employs ElGamal encryption to distribute secret shares. These operations can be executed in parallel, greatly improving client preprocessing efficiency. More importantly, the entire privacy protection process is naturally built on a verifiable secret sharing threshold architecture, enabling the system to embed the ability to handle client disconnections while performing privacy computation: aggregation can continue as long as at least a threshold number of valid shares are collected, without the need to design additional complex communication rounds and verification steps for fault tolerance, achieving a highly efficient unity of privacy protection and robust operation.
[0080] This invention significantly enhances the practicality and universality of the solution in resource-constrained scenarios, solving the dilemma that existing secure aggregation solutions are often difficult to implement due to excessive computational, storage, or communication overhead. While many existing solutions possess good security features, their designs are too theoretical and do not fully consider the computing power and battery limitations of practical devices such as mobile devices and IoT terminals. This invention, through systematic optimizations such as bidirectional lightweight verification, parallelized privacy computation, and precise low-overhead tracing, minimizes computational pressure while ensuring equal or even higher security levels. Its overall design fully considers edge-side resource constraints, enabling the solution to run not only in server cluster environments but also to be seamlessly deployed in typical federated learning scenarios such as smartphones, in-vehicle devices, or edge computing nodes. It truly achieves a balance between strong security and high practicality, powerfully promoting the reliable application of privacy-preserving federated learning technology in a wider range of fields. Attached Figure Description
[0081] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the embodiments of the present invention will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0082] Figure 1 This is a flowchart of the federated learning secure aggregation method provided in an embodiment of the present invention;
[0083] Figure 2 This is an interaction diagram of the federated learning secure aggregation method provided in an embodiment of the present invention;
[0084] Figure 3This is a schematic diagram of the federated learning secure aggregation method provided in an embodiment of the present invention;
[0085] Figure 4 This is a schematic diagram illustrating the runtime of the federated learning secure aggregation method provided in this embodiment of the invention under different client disconnection rates;
[0086] Figure 5 This is a schematic diagram illustrating the runtime of the federated learning security aggregation method provided in this embodiment of the invention under different proportions of malicious clients;
[0087] Figure 6 This is a schematic diagram illustrating the runtime of the federated learning secure aggregation method provided in this embodiment of the invention, along with other similar existing methods, under the condition that 20% of the clients are offline. Detailed Implementation
[0088] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.
[0089] To address the problems existing in the prior art, this invention provides a secure aggregation method for federated learning that supports bidirectional verification. The invention will now be described in detail with reference to the accompanying drawings.
[0090] like Figure 1 As shown, the federated learning secure aggregation method supporting bidirectional verification provided in this embodiment of the invention includes the following steps:
[0091] S101, Initialization Phase: The aggregation server and the client work together to initialize various system parameters and generate public information including basic parameters, verifiable secret sharing parameters based on Pedersen commitments, vector homomorphic hash public parameters, and encryption / decryption keys, providing the necessary foundation for subsequent phases.
[0092] S102, Local Training Phase: The client trains local model parameters based on the local dataset, then protects these parameters using encryption technology based on the decision compound residual hypothesis, and generates a commitment value and a secret sharing share based on the verifiable secret sharing technology of Pedersen commitment, before encrypting the share using the ElGamal encryption algorithm. The aggregation server is responsible for collecting the encrypted data uploaded by each client;
[0093] S103, Server Verification and Aggregation Phase: After receiving the ciphertext from the server, the client decrypts it using the ElGamal decryption algorithm, completes the share aggregation calculation, and sends the aggregation result to the aggregation server. Upon receiving the message, the aggregation server performs secret reconstruction and verifies the secret shared shares submitted by the client; if the verification passes, model aggregation is performed; otherwise, the process proceeds to the error share detection and tracing process, and re-verification is performed after removing the malicious client.
[0094] S104, Client Verification Phase: After receiving the global model parameters broadcast by the aggregation server, the client performs verification on them; if the verification is successful, the local model is updated; otherwise, the current aggregation process is terminated.
[0095] S10X, Error Share Detection and Tracing Phase: When the aggregation server detects an error in the format of a secret share uploaded by a client, it initiates a tracing mechanism to locate the specific client that generated the error share; after confirming malicious behavior, the client is removed from the current client set and prohibited from participating in subsequent federated learning training processes.
[0096] The federated learning secure aggregation method with two-way verification described in this embodiment achieves two-way reliable verification of the model parameter uploading process and the aggregation results by building a secure collaborative mechanism between the client and the aggregation server based on a combination of verifiable secret sharing and homomorphic encryption. This ensures that federated learning has tamper resistance, traceability and result reliability without disclosing the original data.
[0097] During the initialization phase, the aggregation server and client work together to generate the common parameters and key information required for system operation, including commitment parameters for secret sharing and verification, vector homomorphic hash parameters for integrity verification, and key pairs for encryption and decryption. This provides a unified cryptographic foundation and a consistent security environment for subsequent phases, avoiding security risks caused by inconsistencies in parameter understanding or implementation among different participants.
[0098] During the local training phase, each client trains the model parameters only on its local dataset, without disclosing any raw data. After training, the client encrypts the model parameters and generates corresponding secret share shares and commitment values based on a verifiable secret sharing mechanism. This ensures that no single participant can recover the plaintext parameters independently, while allowing subsequent verification of the share's legitimacy, thus striking a balance between privacy protection and verifiability.
[0099] During the server verification and aggregation phase, the client decrypts the ciphertext from the server and completes the share-level aggregation calculation, enabling the aggregation server to obtain a reconstructable aggregation result without accessing the plaintext parameters of individual clients. Before reconstruction, the aggregation server performs consistency and legality verification on the secret-shared shares submitted by each client, ensuring that they meet the expected commitment relationships and format constraints, thereby preventing malicious clients from submitting forged or tampered shares to disrupt the aggregation process. If an abnormal share is detected, the process is initiated to locate the source of the anomaly and prevent it from participating further.
[0100] During the client-side verification phase, after the aggregation server broadcasts the global model parameters, each client performs integrity and correctness verification on the model to ensure that the server has not tampered with or replaced the aggregation results. Only when verification passes does the client update its local model, thus achieving a reverse constraint on the server's behavior and forming a two-way trust mechanism.
[0101] During the error detection and tracing phase, when the server detects an incorrect share format or verification failure, it locates the specific client that generated the abnormal share based on the traceability characteristics of secret sharing and removes it from the current participant set to prevent it from continuously interfering with the subsequent training process. Through the above mechanism, this method achieves two-way verification, malicious behavior detection, and traceability processing between clients and servers in federated learning while ensuring privacy and security, thereby improving the security, reliability, and engineering usability of the model aggregation process.
[0102] The privacy protection method of this invention targets a typical scenario of multiple clients interacting with an aggregation server: a client-server scenario, where their interaction methods are as follows: Figure 2 As shown. The method of this invention mainly targets four stages: initialization, local training, server verification and aggregation, and client verification, as well as an additional error share detection and tracing stage. The federated learning scheme described in this invention operates as follows: the first round of joint training includes the above four stages; subsequent rounds of federated learning training only require three stages: local training, server verification and aggregation, and client verification. If server verification fails during the server verification and aggregation stage, an error share detection and tracing stage is performed to remove the malicious client, and then the server verification and aggregation stage is executed again. The initialization stage is then executed again in the next round of federated learning training. Figure 2 The initialization phase in the document describes the broadcast steps in a combined manner, and the same operation can be performed in actual deployment.
[0103] During the initialization phase, the aggregation server first selects the client set and sets basic parameters, then generates large integers. Constructing a cyclic group and Define a hash function It then broadcasts all public parameters to all clients; subsequently, each client uses the security parameters. Generate your own public and private key pairs The system then sends the public key to the server and broadcasts it. At this point, the system has completed the unified generation and distribution of global parameters and the generation and exchange of client key pairs, laying the foundation for secure computation and communication in subsequent federated learning.
[0104] During the local training phase, each client computes and generates local model parameters. Subsequently, the client performs a series of encryption and commitment operations: calculating encryption parameters. and vector hash value Generate commitment value and use verifiable secret sharing technology to The data is divided into shares, and then encrypted using ElGamal with the public keys of other clients to generate ciphertext. Finally, the client sends the calculated parameters to the aggregation server. The aggregation server then collects at least the threshold values. Messages from each client form a set If the quantity requirement is met, then all encrypted text will be... Broadcast to all clients; otherwise, terminate this round of aggregation. At this point, the system has completed the secure encryption of the client's local model, the distribution of commitments and secrets, and the server's collection and broadcast of encrypted data, providing the necessary input for subsequent aggregation and verification.
[0105] During the server verification and aggregation phase, the client first receives and decrypts the ciphertext broadcast by the aggregation server, verifies its identity validity, and then aggregates all received secret shares into a single unit. And send it to the server. The aggregation server collects at least the threshold value. The aggregated shares of each client are used to reconstruct the master secret using verifiable secret sharing technology. The correctness of the share is verified using a commitment equation; if verification is successful, aggregation calculation continues; otherwise, the process proceeds to the error detection phase. After successful verification, the aggregation server calculates the global model parameters. and its vector hash verification value The system then broadcasts this information to participating clients. At this point, the system has completed the collaborative aggregation of secret shares, validity verification, and generation of the global model, providing reliable input for subsequent local verification of the aggregation results and model updates by the clients.
[0106] During the client verification phase, each client first receives the global model parameters broadcast by the aggregation server. and its verification value Subsequently, the client verifies the correctness of the global model parameters: if correct, it updates the local model and proceeds to the next round of training; if not, it terminates the current aggregation round. At this point, the client has completed the verification of the aggregation results' correctness and, upon successful verification, reliably updated the local model, thus ensuring the security and effectiveness of the federated learning iteration process.
[0107] In the error share detection and tracing phase, when the aggregation server detects an error in the aggregated share uploaded by a client, it first calculates the aggregate commitment value and verifies the shares submitted by each client, sending a list of failed commitments to the relevant clients. Upon receiving the list, the client cross-verifies the shares shared with it by other clients to pinpoint the specific client with the error, and generates a cryptographic proof based on the ElGamal ciphertext and its own private key, sending it to the server. The server verifies the proof and determines the source of the error based on the verification result: if the proof verification fails, the current client is identified as malicious and removed from the set; if the proof passes but the share commitment verification fails, the identified client is identified as malicious and removed from the set. Subsequently, the system re-performs the share verification step using an updated client set. Thus, through commitment technology and a proof mechanism, the system achieves accurate identification and isolation of malicious clients, thereby ensuring the security of the federated learning aggregation process.
[0108] As a preferred embodiment, such as Figure 3 As shown, the single-mask encryption algorithm based on the decision composite residual hypothesis, the verifiable secret sharing technology based on Pedersen commitment, the ElGamal encryption technology, and the lightweight verification method based on vector homomorphic hashing provided by the embodiments of the present invention specifically include the following steps:
[0109] Step 1: Initialization phase.
[0110] The aggregation server and client complete the initialization of various parameters, which are used in subsequent steps in the scheme; including the initialization of verifiable secret sharing, vector homomorphic hash public parameters, and encryption / decryption keys.
[0111] Step 1.1: Generation and broadcasting of system parameters.
[0112] (1) The aggregation server dynamically adjusts the secret sharing threshold and verification strength based on the number of participating clients and historical credibility, and dynamically adjusts the number and threshold of clients participating in federated learning; the aggregation server generates a unique index for them. Then generate a client collection. ,in In the description of this invention, Indicates the current client. Indicates other clients, i.e. ; Indicates the number of clients is The secret sharing threshold is ,in ; Indicates the current training round number;
[0113] (2) The aggregation server generates a large integer obtained by multiplying two large prime numbers. Construct a cyclic group The order of the group is The generator of the group is and Construct a hash function ;
[0114] (3) The aggregation server generates and constructs a circular group. The order of the group is Randomly select generator as ,in The dimension of the vector is the same as the dimension of the local model parameters;
[0115] (4) Broadcast common parameters Give client collection All clients in the system.
[0116] Step 1.2: Client key pair generation.
[0117] (1) All clients receive a security parameter Each client generates a public-private key pair using security parameters. ;
[0118] (2) The client sends the public key The data is given to the aggregation server, which then broadcasts it to other clients.
[0119] Step 2: Local training phase.
[0120] The client generates local model parameters using the local training dataset, then protects these parameters with encryption. It generates commitment values and secret share shares using commitment and verifiable secret sharing techniques, and secures these shares using ElGamal encryption. The server collects data uploaded by the client.
[0121] Step 2.1: Local training on the client side.
[0122] (1) Each client uses its private local dataset to train the model and generate a local model. It then updates the local model and generates local model parameters by combining the global model parameters sent by the aggregation server. ;
[0123] (2) Each client randomly selects a mask. ,calculate ;
[0124] (3) Each client calculates the vector homomorphic hash value of the local model parameters. ,in Represents local model parameters The Middle Each element value;
[0125] (4) Each client randomly selects a blinding factor. ,in Calculate commitment Construct two polynomials and And calculate and generate a set of commitment values. , ;
[0126] (5) Each client uses verifiable Shamir secret sharing technology. Will Perform segmentation and calculation Then, encryption is performed using the corresponding client's public key, employing the encryption algorithm in ElGamal encryption technology. Calculate and generate ciphertext ;
[0127] (6) Each client sends Give it to the aggregation server.
[0128] Step 2.2: The server collects data.
[0129] (1) The aggregation server collects at least Messages from one client, the client set is... Otherwise, stop this round of aggregation;
[0130] (2) Broadcast ciphertext by aggregation server For all clients.
[0131] Step 3: Server verification and aggregation phase.
[0132] After receiving the message, the client decrypts the ciphertext, performs share aggregation calculation, and sends the result to the aggregation server. Upon receiving the message, the aggregation server performs secret recovery calculation and then verifies the data. If verification succeeds, aggregation proceeds; otherwise, erroneous share detection and tracing are performed.
[0133] Step 3.1: The client aggregates the secret shared shares.
[0134] (1) Each client receives the encrypted message broadcast by the aggregation server. Decryption is performed using a private decryption key and the decryption algorithm in ElGamal encryption technology. Calculate and generate plaintext and determine ;
[0135] (2) Each client aggregates all the shares it has received and calculates... and ;
[0136] (3) Each client calculates its own aggregate share. Send to the aggregation server.
[0137] Step 3.2: The server verifies the correctness of the share.
[0138] (1) The aggregation server collects at least Messages from one client, the client set is... Otherwise, stop this round of aggregation;
[0139] (2) The aggregation server receives messages from each client. Using verifiable Shamir secret sharing technology Reconstruct the message and calculate its generation. ;
[0140] (3) The aggregation server verifies whether the commitment is true and whether the equation is true. The specific calculation process is as follows:
[0141]
[0142] (4) If the commitment is valid, it proves that the secret share format uploaded by the client is correct, and the subsequent steps continue; if the commitment is invalid, the error share detection and tracing stage is carried out.
[0143] Step 3.3: Server aggregation.
[0144] (1) The aggregation server aggregates and generates global model parameters, and calculates the following formula:
[0145]
[0146]
[0147] (2) The aggregation server aggregates and generates global model parameter verification values, and calculates the following formula:
[0148]
[0149] (3) The aggregation server broadcasts global model parameters. and its verification value Give Clients in the collection.
[0150] Step 4: Client verification phase.
[0151] After receiving the message broadcast by the aggregation server, the client verifies the global model parameters. If the verification is successful, the local model is updated; if the verification fails, the current aggregation round is terminated.
[0152] Step 4.1: Client verification and aggregation.
[0153] (1) Each client receives a message broadcast by the aggregation server. ;
[0154] (2) Each client verifies whether the verification value returned by the aggregation server is correct, and calculates the equation. Check if the condition is met; if it is met, proceed to the next step; if it is not met, terminate the aggregation.
[0155] (3) Each client uses the global model parameters broadcast by the aggregation server. Update the local model, generate new local model parameters, and perform federated learning training for the next cycle until the convergence condition is met and the aggregation ends.
[0156] Additional steps: Error share detection and traceability steps.
[0157] The aggregation server verifies that there is a format error in the secret sharing share uploaded by the client, and further attributes the generation of the erroneous share to the specific client; after confirmation, the malicious client is removed from the client set and refused to participate in subsequent federated learning training.
[0158] (1) Aggregation server computing Then use the equation Verify the share uploaded by each client ;
[0159] (2) Send a list of commitments that failed to be verified. For the corresponding client ;
[0160] (3) Client Receive the list of commitments, use the equation Verify the share of each other client. ;
[0161] (4) Client Find the client that failed verification Use your own public and private keys , corresponding shared shares Ciphertext generated by ElGamal encryption technology The calculation proves it. ,in , , , , , ;
[0162] (5) The client sends proof The data is sent to the aggregation server, which continues the verification process.
[0163] (6) Aggregator server verification The verification results were obtained. ;if Verification failed, the server will send the client... Remove from client collection And repeat step 3; if Verification successful. Proceed to the next steps.
[0164] (7) Aggregator server verification Obtain the verification result ;if Verification failed, the server will send the client... Remove from client collection Then proceed to step 3 again.
[0165] The federated learning secure aggregation system provided in this embodiment of the invention includes:
[0166] The initialization module is used to aggregate the initialization of various parameters by the server and client to generate the basic parameters required for subsequent steps; including the initialization of basic parameters, as well as verifiable secret sharing based on Pedersen commitments, public parameters and encryption / decryption keys based on vector homomorphic hashing;
[0167] The local training module is used by the client to generate local model parameters using the local training dataset and protect them using an encryption technique based on the decision compound residual hypothesis; at the same time, it generates a commitment value and a secret sharing share based on the verifiable secret sharing technique of Pedersen commitment and encrypts the secret sharing share using ElGamal encryption technology; the aggregation server collects the encrypted data uploaded by the client;
[0168] The server verification and aggregation module is used by the client to decrypt the ciphertext using ElGamal encryption technology after receiving data, perform share aggregation calculation, and send the result to the aggregation server. After receiving the data, the aggregation server performs secret reconstruction and verifies the secret shared share. If the verification is successful, parameter aggregation is performed; if the verification fails, error share detection and tracing are triggered.
[0169] The client-side verification module is used by the client to verify the global model parameters broadcast by the aggregation server; if the verification is successful, the local model is updated; if the verification fails, the current round of aggregation is terminated.
[0170] The error share detection and tracing module is used to trace the error share back to a specific client when the aggregation server verifies and finds an error share; after confirming a malicious client, it is removed from the client set and refused to participate in subsequent training.
[0171] II. Application Examples. To demonstrate the inventiveness and technical value of the technical solution of this invention, this section provides application examples of the technical solution of the claims on specific products or related technologies.
[0172] With the improvement of computing power and the continuous growth of data scale, artificial intelligence technology has developed rapidly. Among them, machine learning and deep learning have become the mainstream paradigms for current intelligent system research and application. These technologies have been widely used in important fields such as computer vision, natural language processing, intelligent recommendation, autonomous driving, and medical auxiliary diagnosis. As a key technology in the artificial intelligence system, machine learning encompasses various learning paradigms such as supervised learning, unsupervised learning, and reinforcement learning. Through continuous modeling and optimization of data, it achieves iterative updates of model parameters, thereby improving the model's capabilities in representation learning, pattern recognition, predictive analysis, and decision support. However, with the widespread deployment of artificial intelligence systems, their security and privacy issues have become increasingly prominent, becoming a major challenge restricting the implementation and large-scale application of the technology. During model training and inference, machine learning systems may face various security threats, such as model theft, adversarial example attacks, data poisoning attacks, and member inference attacks. These attacks may not only cause a significant decline in model performance or even failure, but may also lead to the leakage of sensitive training data or allow the system to be maliciously manipulated, thus causing serious security risks.
[0173] Meanwhile, with the continuous improvement and strict enforcement of data security and privacy protection laws and regulations, the problem of data silos has become increasingly prominent. Different institutions or organizations often find it difficult to directly share raw data due to factors such as privacy protection, compliance requirements, and commercial interests, thus limiting cross-domain and cross-institutional joint modeling and collaborative analysis capabilities. To alleviate these contradictions, federated learning technology has emerged. This technology enables multi-party collaborative training of a global model by exchanging only model parameters, gradients, or other intermediate results without exposing local raw data, thus balancing data privacy protection and model performance improvement to a certain extent. Although federated learning avoids direct sharing of raw data at the data level, its training process still carries potential privacy risks. For example, attackers may use techniques such as gradient inversion or parameter analysis to infer the local training data of participating parties from shared model updates. Therefore, how to achieve a stronger privacy protection mechanism within the federated learning framework remains one of the key issues in current research.
[0174] Secure aggregation, as an important privacy enhancement technique, aims to ensure that the server only receives the overall results of the participants' updates during the aggregation phase, without knowing the specific model parameters or gradient information of any individual participant. Compared with differential privacy methods, secure aggregation typically does not require injecting additional noise into model updates, thus avoiding a significant trade-off between privacy protection and model accuracy under certain conditions. Compared with general cryptographic techniques such as homomorphic encryption, secure aggregation schemes are more efficient in terms of computational complexity and communication overhead, making them more suitable for practical deployment in large-scale federated learning scenarios. In existing research on secure aggregation in federated learning, how to achieve efficient and robust aggregation of local model parameters while ensuring privacy has always been a core issue. Meanwhile, with the continuous improvement of application requirements, simply ensuring privacy is no longer sufficient to meet the security requirements of practical systems. How to further ensure the correctness, usability, and verifiability of the aggregation results, and prevent manipulation by malicious clients or servers, has also gradually become an important research direction for the development of secure aggregation and federated learning technologies.
[0175] Based on practical application scenarios and combined with the federated learning security aggregation scheme supporting two-way verification proposed in this invention, a collaborative mechanism is adopted, consisting of four stages: initialization, local training, server verification and aggregation, and client verification, plus an additional stage for error share detection and tracing. This ensures the security of client privacy data and the verifiability and correctness of parameters during federated learning model training. In this process, the server and client can collaboratively achieve two-way verification, jointly protecting the correctness of model parameters. On one hand, the aggregation server can verify the secret shared shares uploaded by the client and further accurately trace and isolate malicious clients; on the other hand, the client can efficiently verify the global model parameters generated by the aggregation server, preventing the global model parameters from being forged or tampered with by malicious servers or other active adversaries, thereby negatively impacting the accuracy of the client's local model.
[0176] In summary, this invention proposes a secure aggregation method for federated learning that supports two-way verification. This method employs verifiable secret sharing technology to achieve client disconnection tolerance and share legitimacy verification, and combines a vector homomorphic hashing mechanism to lightweightly verify the integrity of the aggregation results. At the encryption level, an encryption algorithm based on the decision compound residue hypothesis is used to protect local model parameters. Pedersen commitments are used to bind random values and generate verifiable commitments, and the ElGamal encryption algorithm is used to achieve secure distribution and decryption of secret shares. This method can securely aggregate model parameters without exposing the local data of each client, and supports server verification of the verifiability of client-submitted data, as well as client verification of the correctness of the aggregation results returned by the server. Thus, it achieves a good balance between efficiency and security, and is suitable for federated learning scenarios with high requirements for privacy and reliability.
[0177] like Figure 2 The diagram illustrates the framework for secure aggregation using federated learning. The federated learning framework employed in this scheme is largely consistent with existing technologies, namely, the client generates local model parameters, and a single mask and a cryptographic algorithm based on the decision compound residual hypothesis are used to protect the client's privacy data. The client uses a verifiable secret sharing technique based on Pedersen commitments and a lightweight verification method based on vector homomorphic hashing to achieve two-way verification, ensuring the correctness of the global model parameters generated by secure aggregation. This invention optimizes and adjusts existing federated learning frameworks, making them more efficient, reducing time overhead, and effectively tracing malicious clients and refusing their participation in secure aggregation.
[0178] like Figure 4 As shown in the figure, the running time of the proposed solution under different client disconnection rates is compared. It can be clearly seen from the figure that the increase in the client disconnection rate does not have a non-negligible impact on the efficiency of the proposed solution.
[0179] like Figure 5 As shown in the figure, the running time of the proposed solution under different proportions of malicious clients is compared. It can be clearly seen from the figure that the increase in the proportion of malicious clients has a very small impact on the efficiency of the proposed solution and can be ignored.
[0180] like Figure 6 As shown, the running time of the proposed solution is compared with other similar existing methods (VerifyNet, VerifyFL, LightVerify) under the condition that 20% of the clients are disconnected. Obviously, the proposed solution (Our Scheme) has the shortest running time and the highest efficiency.
[0181] Example 1: Overall Implementation of the Two-Way Verification Federated Learning Secure Aggregation Process
[0182] In a federated learning environment consisting of one aggregation server and twelve clients, the server first broadcasts the system's public parameters, and the clients generate their own public-private key pairs and synchronize their parameters. Each client trains its model parameters on its local dataset, blinds the model parameters with a random mask, encrypts them, and sends them to the server. Simultaneously, the client converts the model parameter mask into a secret shared share, generates a corresponding commitment value, encrypts the share, and uploads it to the server. The server performs consistency verification and secret reconstruction on the received shares. After successful verification, the server aggregates, removes the mask, generates a global model, and broadcasts it.
[0183] Upon receiving the global model, the client verifies its integrity and consistency. If verification passes, the client updates its local model and proceeds to the next training round. If the client detects model inconsistency or verification failure, it terminates the current training round and refuses to update. Through this process, a two-way constraint relationship is established between the server and the client, thereby ensuring the credibility and security of the aggregation process.
[0184] Example 2: Server-side abnormal share detection and traceability processing
[0185] During the verification phase, the server detects that a secret share uploaded by a client is inconsistent with its commitment, triggering an anomaly detection process. The server and the relevant client collaborate to generate traceable proof to pinpoint the specific client identity that generated the abnormal share.
[0186] After confirming abnormal client behavior, the client is removed from the participant set and prevented from participating in subsequent training processes. Then, aggregation and validation are re-performed for the remaining clients. This mechanism prevents malicious clients from continuously interfering with the model training process, ensuring the overall stability of the system.
[0187] Example 3: Reverse verification of server aggregation results by the client
[0188] After the server generates and broadcasts the global model, each client performs consistency and integrity verification on the model to determine whether the server has tampered with or replaced the aggregation result. If the verification fails, the client refuses to update its local model and stops training for the current round.
[0189] By implementing validation constraints on the client side, the server is prevented from unilaterally manipulating the model results, thereby creating constraints on server behavior at the system level and improving the credibility of the aggregation results and the transparency of the system.
[0190] Example 4: Implementation of Cooperative Operation of System Modules
[0191] The system deployment includes an initialization module, a local processing module, a server processing module, a client verification module, and an error tracing module. These modules work together through a network interface. The local processing module only processes local data and generates encrypted shares, the server processing module only handles aggregation and verification logic, and the error tracing module only activates when an anomaly is detected.
[0192] Data interaction between modules is limited to encrypted information, commitment values, and verification information, and does not contain any original data content, thereby effectively reducing the risk of data leakage while ensuring the coordinated operation of the system.
[0193] Example 5: Execution mode using non-volatile storage media
[0194] The instructions for the federated learning security aggregation program are stored in a non-volatile computer-readable storage medium. When the processor executes the instructions, it automatically completes the operation process, including parameter initialization, local training protection, secret sharing generation, server verification aggregation, client verification, and error tracing.
[0195] This implementation enables the method to be deployed as software on cloud servers and edge node devices, exhibiting good portability and scalability, and is suitable for federated learning application scenarios of different scales and network conditions.
[0196] It should be noted that embodiments of the present invention can be implemented in hardware, software, or a combination of both. The hardware portion can be implemented using dedicated logic; the software portion can be stored in memory and executed by a suitable instruction execution system, such as a microprocessor or dedicated-design hardware. Those skilled in the art will understand that the above-described devices and methods can be implemented using computer-executable instructions and / or included in processor control code, for example, such code provided on a carrier medium such as a disk, CD, or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The devices and modules of the present invention can be implemented by hardware circuitry such as very large-scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field-programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of the above-described hardware circuitry and software, such as firmware.
[0197] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any modifications, equivalent substitutions, and improvements made by those skilled in the art within the scope of the technology disclosed in the present invention, and within the spirit and principles of the present invention, should be covered within the scope of protection of the present invention.
Claims
1. A secure aggregation method for federated learning that supports two-way verification, characterized in that, This method achieves a balance between privacy protection and result reliability by constructing a collaborative mechanism for verifiable secret sharing and bidirectional consistency verification between the client and the aggregation server. It includes the following steps: During the initialization phase, public parameters for secret sharing verification, integrity verification, and encryption / decryption are generated and broadcast, and the secret sharing threshold and verification strength are dynamically adjusted based on the number of participating clients and historical trustworthiness. During the local training phase, each client trains model parameters based on local data and then encrypts and uploads the model parameters after converting them into verifiable secret sharing shares and corresponding commitment values. During the server processing phase, the secret shared share is verified and reconstructed. If the verification is successful, a global model is generated and broadcast. If the verification fails, error tracing is initiated and abnormal participants are removed. During the client-side processing phase, the global model is validated. If the validation passes, the local model is updated; otherwise, the current training round is terminated, thus forming a two-way validation closed loop between the server and the client.
2. The method according to claim 1, characterized in that, The secret shared share is generated based on a commitment mechanism, enabling the aggregation server to verify share consistency without recovering the plaintext model parameters of a single client.
3. The method according to claim 1, characterized in that, When a verification failure is detected, the abnormal client is located through a tracing mechanism and removed from the participating set.
4. A method for error detection and tracing in secure aggregation of federated learning, characterized in that, This method identifies and isolates abnormal behavior by constructing a "share consistency verification and client traceability mechanism," which includes the following steps: Perform format consistency and commitment consistency verification on the uploaded secret sharing shares; When verification fails, collaborating parties generate traceable proof to pinpoint the source of the anomaly. Clients exhibiting abnormal behavior will be removed from the participant set and prevented from participating in subsequent training.
5. The method according to claim 4, characterized in that, The traceability proof is constructed based on the client's encrypted information of its generated shares, making the abnormal behavior attributable.
6. The method according to claim 4, characterized in that, The aggregation process is re-executed after the abnormal client is removed to obtain a valid global model.
7. A federated learning security aggregation system supporting two-way verification, characterized in that, This system achieves a closed-loop methodology by collaboratively deploying modules for "local protection, server verification, client verification, and error tracing," which includes: The initialization module is used to generate and broadcast common parameters; The local processing module is used to train the model on the client side and generate encrypted secret share and commitment value; The server processing module is used to perform share verification, secret reconstruction, and global model generation. The client-side validation module is used to perform validation on the global model. The error tracing module is used to locate and remove abnormal clients when verification fails.
8. The system according to claim 7, characterized in that, The local processing module performs privacy protection processing on the model parameters when generating secret shared shares.
9. The system according to claim 7, characterized in that, The server processing module only performs global model generation and broadcasting after verification.
10. A non-volatile computer-readable storage medium having executable instructions stored thereon that cause a processor to perform the method of claim 1.