Intelligent vehicle network data sharing method based on homomorphic encryption enhanced federated learning
By constructing a three-layer architecture for federated learning in the Internet of Vehicles (IoV) and a homomorphic encryption enhancement method, the computational complexity and privacy leakage issues of federated learning in IoV scenarios are solved. It achieves end-to-end encrypted protection, is compatible with in-vehicle ARM architecture, improves encryption efficiency and model accuracy, and is suitable for IoV data sharing.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- THE THIRD RES INST OF MIN OF PUBLIC SECURITY
- Filing Date
- 2026-03-31
- Publication Date
- 2026-06-19
AI Technical Summary
Existing federated learning solutions in the Internet of Vehicles (IoV) scenario suffer from problems such as high computational complexity of homomorphic encryption, incompatibility with in-vehicle ARM architecture, difficulty in balancing encryption efficiency and model accuracy, centralized key management, and lack of end-to-end protection, thus hindering large-scale deployment.
A three-layer architecture for federated learning in the Internet of Vehicles (IoV) is constructed, employing a homomorphic encryption-enhanced federated learning method. This includes system initialization and key system construction, local model training at vehicle nodes, homomorphic encryption protection during local model upload, secure aggregation of encrypted states on the central server, and homomorphic encryption protection during global model distribution. The CKKS homomorphic encryption algorithm is optimized using the NEON instruction set and combined with distributed threshold cryptography and national cryptographic algorithms to achieve end-to-end encrypted state protection.
It achieves end-to-end encrypted protection, eliminates the risk of privacy leakage, meets compliance requirements, breaks through the bottleneck of computing power adaptation in vehicles, achieves a balance between encryption efficiency and model accuracy, and has high adaptability and scalability, adapting to the data sharing needs of the entire Internet of Vehicles scenario.
Smart Images

Figure CN122247588A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of vehicle network data security technology, specifically to a vehicle network data sharing method based on homomorphic encryption and enhanced federated learning. Background Technology
[0002] With the large-scale deployment of the intelligent connected vehicle industry, a single high-level autonomous vehicle can generate over 50GB of multi-source heterogeneous data per second. This data is the core foundation for autonomous driving algorithm iteration, intelligent traffic management, and vehicle health management, making the need for cross-vehicle and cross-entity data sharing extremely urgent. Vehicle data processing must adhere to the principles of in-vehicle processing, local storage, and anonymization. Traditional centralized data sharing models require uploading raw data to a central server, which not only faces extremely high risks of leakage and tampering but also fails to meet compliance requirements, while also incurring excessively high transmission and storage costs.
[0003] However, existing federated learning frameworks have fatal security flaws: intermediate model parameters contain sensitive features of the original data, and attackers can accurately reconstruct private information such as vehicle trajectories and perception images through gradient inversion, member inference, collusion attacks, etc. At the same time, existing solutions generally ignore the risks of server collusion and parameter tampering in the global model distribution process, and have not formed a complete protection system.
[0004] Homomorphic encryption technology enables direct computation of ciphertext, and the decrypted result is identical to the plaintext result. It is the optimal path for achieving full-process encrypted protection in federated learning, fundamentally resisting attacks caused by parameter leakage. However, existing homomorphic encryption federated learning schemes face insurmountable bottlenecks in the vehicle-to-everything (V2X) scenario: homomorphic encryption computational complexity is extremely high, and existing schemes, based on x86 server architecture, cannot adapt to the computing power constraints of in-vehicle ARM architecture embedded domain controllers; encryption efficiency and model accuracy are difficult to balance, with low-precision schemes sacrificing model performance and high-precision schemes incurring unbearable computational overhead; simultaneously, issues such as centralized key management, lack of end-to-end protection, and poor adaptability to dynamic V2X scenarios prevent large-scale deployment.
[0005] To address this, the present invention proposes a data sharing method for vehicle networks based on homomorphic encryption and enhanced federated learning. Summary of the Invention
[0006] In response to the shortcomings of existing technologies and industry pain points, the core objective of this invention is to provide a data sharing method for vehicle networks based on homomorphic encryption and enhanced federated learning.
[0007] The technical solution adopted by this invention to solve its technical problem is: a data sharing method for vehicle-to-everything (V2X) networks based on homomorphic encryption-enhanced federated learning, which constructs a full-link encrypted protection system for local model upload and global model distribution in V2X federated learning, and realizes encrypted processing of model parameters throughout their entire lifecycle based on homomorphic encryption technology to resist privacy threats such as gradient inversion, node collusion, and malicious server attacks, while adapting to the computing power constraints of in-vehicle embedded devices. Specifically, it includes the following steps: S1: System initialization and key system construction, complete the three-layer architecture networking of vehicle network federated learning, define the collaborative training model, configure homomorphic encryption parameters, complete the generation and distribution of public and private keys based on the distributed threshold cryptography mechanism, and establish a full-link encrypted communication system; S2: Local model training of vehicle nodes. Each vehicle node participating in collaborative training completes iterative model training within the local security domain based on locally collected multi-source sensitive data of the Internet of Vehicles, and outputs the plaintext gradient parameters and weight parameters of the local model. S3: Homomorphic encryption enhancement protection in the local model upload process. In view of the hardware computing power constraints of the vehicle ARM architecture, the CKKS homomorphic encryption algorithm optimized by the NEON instruction set is adopted to perform batch floating-point homomorphic encryption on the local model parameters. After generating the encrypted model parameters, they are uploaded to the central cloud server through the encrypted communication link. S4: Central server secure aggregation of encrypted state. The central server receives encrypted model parameters uploaded by all vehicle nodes. Based on the encrypted operation characteristics of homomorphic encryption, it uses the federated averaging algorithm to complete the weighted average aggregation under encrypted state. No parameter decryption is required throughout the process, generating global encrypted model parameters. S5: Homomorphic encryption secondary protection in the global model distribution process. The aggregated encrypted global model parameters are subjected to secondary encrypted calibration and signature authentication, and distributed to each participating vehicle node through an encrypted communication link to resist the risk of server forging aggregation results and colluding with malicious nodes. S6: Model decryption update and convergence judgment. The vehicle node receives the encrypted global model parameters, completes collaborative decryption based on the distributed threshold private key, updates the local model with the decrypted global model parameters, and repeats steps S2-S5 until the model loss converges to the preset threshold, completing collaborative training and realizing secure sharing of vehicle network data.
[0008] Preferably, the three-layer architecture of the vehicle-to-everything (V2X) federated learning in step S1 includes an onboard node layer, an edge aggregation layer, and a central cloud server layer. The onboard node layer is an intelligent connected vehicle equipped with an ARM-based embedded onboard domain controller. The locally collected V2X sensitive data includes vehicle trajectory data, LiDAR point cloud data, camera image data, vehicle sensor signal data, driving behavior data, and battery operating status data. The collaborative training model is any of the following adapted to the V2X scenario: Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), or Spatiotemporal Graph Convolutional Network (STGCN). The model input is multi-source heterogeneous V2X data, and the output is the target results of autonomous driving trajectory prediction, traffic flow warning, vehicle fault diagnosis, and driving behavior analysis. The homomorphic encryption parameters are the polynomial order N, the modulus scaling factor Δ, and the ciphertext modulus Q of the CKKS homomorphic encryption scheme, wherein the polynomial order N is set to 2^14~2^16 to meet the requirements of balancing onboard computing power and encryption accuracy.
[0009] As a preferred embodiment, the distributed threshold cryptography mechanism described in step S1 adopts the (t,n) threshold cryptography scheme, where n is the total number of vehicle nodes participating in collaborative training, t is the decryption threshold, and t>n / 2; the public key is collaboratively generated by all vehicle nodes and made public across the network, and the private key is split into n private key fragments and distributed to each vehicle node. A single node cannot independently complete the decryption of the ciphertext, and at least t nodes are required to provide private key fragments for collaborative decryption to resist decryption attacks colluded by the server and a few malicious nodes.
[0010] As a preferred option, the CKKS homomorphic encryption algorithm optimized by the NEON instruction set in step S3 is designed for the single instruction multiple data (SIMD) extended architecture of ARM architecture vehicle devices. It constructs a four-level pipelined encryption computing structure, including parameter encoding level, NTT transformation level, public key encryption level, and ciphertext packing level. It uses NEON 128-bit vector instructions to achieve parallel encoding and operation of 4-way 32-bit floating-point numbers, which increases the parallelism of single-round encryption by 4 times and reduces the encryption computing power consumption and processing latency of the vehicle end.
[0011] As a preferred embodiment, the batch floating-point homomorphic encryption described in step S3 specifically involves: dividing the weight parameters and gradient parameters of the local model into multiple parameter blocks by layer, with each parameter block containing 4096 to 8192 floating-point parameters; using the CKKS homomorphic encryption packaging technology, encoding all parameters within a single parameter block into the same ciphertext polynomial; thus, homomorphic protection of batch parameters can be achieved with a single encryption, reducing the number of encryption attempts and the amount of ciphertext transmitted.
[0012] As a preferred embodiment, the secure aggregation in step S4 specifically involves the central server employing the FedAvg federated averaging algorithm. Based on the additive homomorphic characteristics of homomorphic encryption, it performs weighted addition and scalar multiplication operations on the parameters of the secure model of each node in secure state. The weighting weight is the proportion of the local training sample size of each vehicle node to the total sample size. The entire aggregation process only operates on the ciphertext and cannot obtain any plaintext parameter information, thus completely resisting gradient inversion attacks and parameter theft attacks.
[0013] As a preferred embodiment, the secondary encrypted calibration and signature authentication in step S5 specifically involves: the central server performing encrypted re-randomization processing on the aggregated encrypted global model parameters to refresh the ciphertext noise distribution and prevent attackers from restoring plaintext information through multiple rounds of ciphertext comparison; simultaneously, generating SM2 national cryptographic algorithm digital signatures and timestamps for the encrypted global model parameters, which are then sent to the vehicle-mounted nodes along with the ciphertext. The vehicle-mounted nodes verify the integrity and legitimacy of the global model through public key verification, preventing the server from forging aggregation results and tampering with model parameters.
[0014] Preferably, the collaborative decryption in step S6 is as follows: after receiving the encrypted global model parameters, the vehicle-mounted node uses the locally stored private key to partially decrypt the ciphertext, generates a fragmented decryption result, and uploads it to the edge aggregation node; after collecting at least t fragmented decryption results, the edge aggregation node completes the full decryption, generates the plaintext global model parameters, and distributes them to the vehicle-mounted nodes in the corresponding areas; the complete private key will not be reconstructed throughout the decryption process, and a single node or a few colluding nodes cannot obtain the plaintext information.
[0015] Preferably, the preset threshold for model convergence judgment in step S6 is a model loss function value ≤ 0.05, or the number of iterations reaches a preset maximum number of iterations; after model convergence, the global model obtained by collaborative training is deployed on the vehicle terminal for autonomous driving trajectory prediction, traffic flow warning, vehicle fault diagnosis, and intelligent road network collaboration scenarios, and the original vehicle network data does not leave the vehicle's local security domain throughout the process.
[0016] Preferably, a vehicle-to-everything (V2X) data sharing system based on homomorphic encryption and enhanced federated learning is used to perform the method described in any one of claims 1-9, comprising: The system initialization and key management module is used to perform system networking, parameter configuration, distributed key generation and distribution in step S1. The local model training module is deployed on the vehicle node and is used to perform local model iterative training in step S2. The homomorphic encryption protection module is deployed on the vehicle node and is used to perform NEON-optimized CKKS homomorphic encryption and parameter batch packaging in step S3. The secure aggregation module is deployed on the central cloud server and is used to perform the secure federated average aggregation in step S4. The global model protection module is deployed on the central cloud server and is used to perform the encrypted rerandomization calibration, digital signature and encrypted distribution in step S5; The collaborative decryption and model update module is deployed on vehicle nodes and edge aggregation nodes to perform threshold collaborative decryption, model update and convergence judgment in step S6. The modules are connected via a national cryptographic standard SM4 encrypted communication link to achieve secure protection of the entire process of vehicle network data sharing.
[0017] The advantages of this invention are: 1. End-to-end encrypted protection eliminates privacy risks at the source while meeting regulatory compliance requirements. This invention constructs an end-to-end encrypted protection system from local model upload to global model distribution. The entire process utilizes homomorphic encryption technology to achieve encrypted transmission and aggregation of model parameters, providing 100% protection against mainstream privacy attacks such as gradient inversion, member inference, and attribute inference. Simultaneously, a distributed threshold cryptography mechanism is used to construct a decentralized key system, completely eliminating the single point of leakage and server collusion risks associated with centralized key management. The original data never leaves the vehicle's local security domain, achieving a unified approach to data value mining and privacy protection.
[0018] 2. Hardware-level algorithm optimization overcomes the bottleneck of computing power adaptation in automotive applications, achieving the optimal balance between encryption efficiency and model accuracy. This invention targets ARM architecture automotive domain controllers, optimizing the CKKS homomorphic encryption algorithm based on the NEONSIMD instruction set, and constructing a four-level pipelined parallel encryption structure. This improves the encryption computing efficiency of the automotive end by 8-10 times, controls the single-round encryption latency to within 20ms, and keeps the computing power utilization rate below 15%, fully adapting to automotive-grade computing power constraints. At the same time, through parameter batch packaging technology, while ensuring that the relative error of model parameter encryption is ≤1e-5, the number of encryption times and the amount of ciphertext transmitted are significantly reduced. The final model accuracy is almost indistinguishable from plaintext federated learning, completely solving the industry pain point of homomorphic encryption where "accuracy and efficiency cannot be achieved simultaneously".
[0019] 3. High adaptability and scalability, possessing strong value for large-scale industrial promotion. This invention adopts a three-tier architecture of "vehicle-mounted nodes - edge aggregation - central cloud," which can dynamically access and collaboratively train ultra-large-scale vehicle-mounted nodes through edge pre-aggregation, perfectly matching the characteristics of scenarios with a large number of vehicle-to-everything (V2X) nodes and an open network environment. The technical solution has strong versatility and can seamlessly adapt to the data sharing needs of the entire V2X scenario, such as autonomous driving trajectory prediction, urban traffic flow control, vehicle fault warning, and driving behavior analysis. It can be quickly deployed without large-scale architectural adjustments and can directly support the compliant and large-scale data sharing applications of the intelligent connected vehicle industry. Attached Figure Description
[0020] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0021] Figure 1 The overall process of a data sharing method for vehicle-to-everything (V2X) networks based on homomorphic encryption and enhanced federated learning; Figure 2 For the three-layer system architecture of the connected vehicle network, federated learning is required. Figure 3 Homomorphic encryption protection process for local model upload; Figure 4 For the central server's secure aggregation process; Figure 5 This is a secondary protection process for the global model distribution stage; Figure 6 Deployment architecture for autonomous driving trajectory prediction scenarios. Detailed Implementation
[0022] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0023] This invention employs the following technical solution to construct a homomorphic encryption-enhanced federated learning method with end-to-end encrypted state protection. The specific steps are as follows: S1: System Initialization and Key System Construction The following steps were taken to complete the three-layer architecture of the connected vehicle federated learning network, define the collaborative training model, configure homomorphic encryption parameters, build a decentralized key system based on a distributed threshold cryptography mechanism, and establish end-to-end encrypted communication: Three-tier network architecture: Constructing a three-level federated learning architecture consisting of "vehicle node layer - edge aggregation layer - central cloud server layer" to adapt to the characteristics of distributed scenarios in the Internet of Vehicles (IoV). Vehicle node layer: Composed of intelligent connected vehicles equipped with ARM architecture automotive-grade domain controllers, it serves as the local training and data holding node for federated learning, responsible for local data collection, model training, homomorphic encryption and decryption. All raw data is stored in the vehicle's local secure encrypted domain and is not transmitted externally. Edge aggregation layer: Composed of automotive-grade edge servers deployed in roadside units (RSUs) and urban edge data centers, it is responsible for the access management, identity authentication, fragmentation, decryption and aggregation, and communication relay of vehicle nodes within the area, reducing the computing pressure on the central server and long-distance transmission latency. The central cloud server layer consists of a cluster of cloud servers deployed in compliant data centers within my country. It is responsible for global training task management, secure aggregation of encrypted models, global model protection and distribution, meeting compliance requirements for domestic storage of automotive data, and does not access any raw data or plaintext model parameters. All nodes undergo identity authentication, using the national cryptographic algorithm SM9 to issue and verify digital certificates for node identities, preventing unauthorized node access.
[0024] Model and Training Parameter Definitions: For the target scenario of vehicle-to-everything (V2X) data sharing, the following deep learning model architectures are defined: a CNN-LSTM hybrid model is used for autonomous driving trajectory prediction, a spatiotemporal graph convolutional network (STGCN) is used for traffic flow prediction, and a lightweight CNN model is used for vehicle fault diagnosis. All models use 32-bit floating-point parameters to adapt to the floating-point operation characteristics of CKKS homomorphic encryption. Training hyperparameters are defined as follows: learning rate 0.001~0.01, batch size 32~128, maximum iterations 50~200, and model convergence threshold of validation set loss function value ≤0.05.
[0025] Homomorphic encryption parameter configuration: The CKKS homomorphic encryption scheme is adopted to balance encryption accuracy, computational overhead and ciphertext volume for the vehicle networking scenario. The core parameters are configured as follows: polynomial order N=2^14~2^16, modulus scaling factor Δ=2^40, and ciphertext modulus Q is a modulus chain composed of 60-bit primes. The encryption accuracy ensures that the relative error of the model parameters is ≤1e-5, and the encryption computational overhead is minimized while ensuring the model accuracy.
[0026] Construction of a distributed threshold key system: A decentralized key system is constructed using a (t,n) threshold cryptography scheme, where n is the total number of vehicle nodes participating in collaborative training, t is the decryption threshold, and the threshold is set. This ensures that decryption can only be completed with the participation of more than half of the honest nodes, thus preventing attacks by a collusion of a minority of nodes. The specific process is as follows: All vehicle-mounted nodes collaboratively generate a system public key PK, and the public key is publicly available across the entire network. All nodes can use the public key to perform encryption. The system private key sk is split into n private key fragments sk_1, sk_2, ..., sk_n. Each vehicle node holds only one private key fragment, and no single node can independently complete the ciphertext decryption. Decryption requires at least t nodes to provide private key fragments to complete collaborative decryption and reconstruct the plaintext result. The complete private key will not be reconstructed throughout the process, eliminating the risk of private key leakage.
[0027] Encrypted communication link establishment: All communication between nodes uses the national cryptographic SM4 symmetric encryption algorithm to establish a TLS1.3 encrypted communication link. All data transmission is end-to-end encrypted to prevent eavesdropping and tampering during transmission, thus building underlying communication security protection.
[0028] S2: Local Model Training for Vehicle Nodes Each participating vehicle node completes training data preprocessing and model training within its local security domain, as detailed below: Local data preprocessing: The local collected multi-source sensitive data of the Internet of Vehicles, including vehicle trajectory data, LiDAR point cloud data, camera image data, vehicle sensor signals, and driving behavior data, are cleaned, denoised, normalized, and feature extracted. The data is divided into training set and validation set in a 7:3 ratio to build a local training dataset. All data is stored in the vehicle's local secure encrypted domain and is not transmitted to the outside world.
[0029] Local model iterative training: Based on the global model parameters of the current round (initialized model parameters are used in the first round), the Adam / SGD stochastic gradient descent optimizer is used to complete a single round of iterative training on the local training dataset. The model loss function is calculated through the backpropagation algorithm, and the model weight parameters and gradient parameters are updated. After training, the local model plaintext parameters W_local are output, including the weights and bias parameters of the convolutional layer and the fully connected layer.
[0030] S3: Enhanced Homomorphic Encryption Protection During Local Model Upload To address the hardware computing power constraints of automotive ARM architecture, efficient homomorphic encryption is performed on the plaintext parameters of the local model. This involves three main steps: parameter block packaging, NEON instruction set optimized encryption, and ciphertext signature uploading. The specific operations are as follows: Model parameter segmentation and packaging: Taking advantage of the batch processing characteristics of CKKS homomorphic encryption, the plaintext parameters of the local model are processed in a hierarchical segmentation: the model is divided into multiple parameter blocks according to the network layer. Each parameter block contains 4096~8192 consecutive 32-bit floating-point parameters. Through CKKS' SIMD packaging technology, all floating-point parameters in a single parameter block are encoded into the same ciphertext polynomial, realizing homomorphic protection of batch parameters in a single encryption, greatly reducing the number of encryptions and ciphertext size, and reducing computational overhead and transmission volume.
[0031] Homomorphic Encryption Optimized for NEON Instruction Set: For the NEON Single Instruction Multiple Data (SIMD) extension architecture of ARM-based automotive devices, the core computational steps of CKKS homomorphic encryption are optimized through pipelined parallelism. A four-level pipelined encryption computation structure is constructed to achieve full-process parallel processing of the encryption encryption. Parameter encoding level: The NEON 128-bit vector loading instruction loads four 32-bit floating-point parameters into the vector register in parallel, and simultaneously performs scaling, rounding, and encoding operations on the four parameters, encoding the floating-point parameters into polynomial coefficients, thus improving the parallelism of encoding by 4 times. NTT Transform Stage: Performs number theory transformation (NTT) on the encoded polynomial, transforming the polynomial from the time domain to the frequency domain. Parallel computation of butterfly operations is achieved through NEON vector instructions, completing 4-way butterfly operations simultaneously. The NTT transformation speed is improved by 3 to 5 times. Public-key encryption level: Through NEON vector multiplication instructions, parallel multiplication operations of frequency domain polynomials and public-key polynomials are completed, and four sets of polynomial multiplications are completed at the same time, improving the core encryption operation speed by 4 times; Encryption Packaging Level: The encrypted polynomial undergoes an inverse NTT transformation, is packaged to generate the final ciphertext, and parallel storage and format encapsulation of the ciphertext data are completed using NEON vector storage instructions. The four-stage pipeline architecture enables a fully streamlined encrypted computation process. After processing a set of data at one stage, the next stage can immediately begin processing the next set of data, and the subsequent stage synchronously processes the output data of the previous stage, significantly improving encryption throughput and reducing encryption latency and computing power consumption at the vehicle-mounted terminal.
[0032] Ciphertext Signature and Upload: After completing the homomorphic encryption of all parameter blocks, the encrypted model parameter Enc(W_local) is generated. The encrypted model parameter is digitally signed and timestamped using the national cryptographic SM2 algorithm. It is then uploaded to the central cloud server through an encrypted communication link. At the same time, the local training sample size of the node is also uploaded for subsequent aggregate weight calculation.
[0033] S4: Central Server Secure Aggregation The central server receives the encrypted model parameters uploaded by all vehicle nodes. Based on the homomorphic properties of addition and scalar multiplication in homomorphic encryption, it performs federated average aggregation in encrypted form without decryption. The specific operation is as follows: Ciphertext validity verification: The central server receives the encrypted model parameters and digital signatures uploaded by each node, verifies the validity of the signatures using the node's public key, confirms that the ciphertext has not been tampered with during transmission, and removes illegal node data that fails to verify the signature.
[0034] Concealed Federated Average Aggregation: The FedAvg federated averaging algorithm is adopted, based on the concealed operation characteristics of homomorphic encryption, to complete the weighted average aggregation under concealed conditions. Let the number of nodes participating in this round of training be K, the local sample size of the i-th node be n_i, the total sample size be N=Σn_i, the aggregation weight be ω_i=n_i / N, and the aggregation formula be:
[0035] Based on the additive homomorphic property of CKKS homomorphic encryption, the result of the weighted addition operation on the ciphertext, after decryption, is completely consistent with the weighted average result of the plaintext parameters, ensuring aggregation accuracy. Throughout the aggregation process, the server only performs operations on the ciphertext and cannot obtain any plaintext parameter information, completely resisting gradient inversion attacks and parameter theft attacks.
[0036] Enc(W_global) of the aggregated encrypted global model is re-randomized to refresh the noise distribution and random factor of the ciphertext, preventing attackers from recovering plaintext information through multiple rounds of ciphertext comparison and differential analysis. At the same time, it eliminates the noise accumulated during the aggregation process, thereby improving the security of the ciphertext and the decryption accuracy.
[0037] S5: Homomorphic encryption secondary protection during global model distribution Secondary protection and signature authentication are performed on the aggregated dense global model parameters to achieve full dense protection during the global model distribution process. The specific operations are as follows: Closed-state calibration and integrity verification: The parameters of the closed-state global model after re-randomization are calibrated in a closed-state format to ensure that the parameter block matches the decryption format of the vehicle node; at the same time, an SM3 hash digest is generated for the closed-state global model for subsequent integrity verification of the vehicle node.
[0038] Digital signature and timestamp encryption: Using the central server's SM2 private key, a digital signature is generated for the encrypted global model parameters, hash digest, training rounds, and timestamps. The signature, timestamp, and encrypted global model parameters are encapsulated together to prevent the server from forging aggregation results and tampering with model parameters, while also resisting replay attacks.
[0039] Encrypted distribution: The encapsulated encrypted global model parameters are distributed to each edge aggregation node through an encrypted communication link, and then forwarded by the edge nodes to the vehicle nodes in the corresponding areas. The entire global model is transmitted and stored in encrypted form, eliminating the risk of eavesdropping and reverse attack during the distribution process.
[0040] S6: Model Decryption Update and Convergence Judgment The vehicle-mounted node receives the encrypted global model parameters, obtains the plaintext global model through distributed threshold collaborative decryption, and completes model updates and convergence judgments. The specific operations are as follows: Legality and integrity verification: After receiving the encrypted global model parameters, the vehicle node first verifies the legality of the digital signature using the central server's public key to confirm the trustworthiness of the model source; then it calculates the SM3 hash digest of the ciphertext and compares it with the sent digest to confirm that the ciphertext is complete and has not been tampered with. If the verification fails, the model parameters for that round are discarded and a retransmission is requested.
[0041] Distributed threshold collaborative decryption: A (t,n) threshold decryption scheme is used to securely decrypt the encrypted global model. The specific process is as follows: Each vehicle node uses its locally held private key to shard sk_i, partially decrypts the encrypted global model parameters, generates a sharded decryption result Dec_i(Enc(W_global)), signs the sharded result, and uploads it to its respective edge aggregation node. After the edge aggregation node collects at least t valid fragment decryption results, it completes the full decryption based on the threshold cryptography reconstruction algorithm, generating the plaintext global model parameter W_global. The complete private key will not be reconstructed throughout the process, and a single node or a few colluding nodes cannot obtain the plaintext information. The edge aggregation node will send the decrypted plaintext global model parameters to the vehicle-mounted nodes in the corresponding area via an encrypted link.
[0042] Model update and convergence determination: The vehicle node receives the plaintext global model parameters, replaces the local model parameters, and completes the current round of model update; then, it calculates the model loss function value on the local validation set. If the loss function value is ≤ the preset convergence threshold of 0.05, or the number of iterations reaches the preset maximum number of iterations, the model is determined to have converged and training is terminated; if it has not converged, steps S2-S6 are repeated to enter the next round of iteration training until the model converges.
[0043] After model convergence, the entire collaborative training process is completed. Each vehicle node obtains a high-precision global model, enabling secure sharing and value mining of vehicle-to-everything (V2X) data. The entire process ensures that raw data remains within the vehicle's local security domain, and all model parameters undergo end-to-end secure protection, eliminating the risk of sensitive information leakage and fully complying with relevant automotive data security laws and regulations. The trained model can be directly deployed on-board units for core V2X scenarios such as autonomous driving trajectory prediction, traffic flow warning, vehicle fault diagnosis, and intelligent road network collaboration.
[0044] Example 1: Specific Implementation of Autonomous Driving Trajectory Prediction Scenarios The application scenario of this embodiment is the collaborative training of trajectory prediction models for advanced autonomous vehicles. The goal is to train a high-precision vehicle trajectory prediction model by sharing historical trajectory data and environmental perception data from multiple vehicles, predicting the vehicle's driving trajectory within the next 5 seconds, and improving the safety and accuracy of autonomous driving decisions.
[0045] 1. Implementation Environment and Parameter Configuration Hardware environment: The vehicle nodes consist of 100 intelligent connected vehicles equipped with automotive-grade domain controllers based on the ARM Cortex-A76 architecture. The domain controllers have a computing power of 30 TOPS and 8GB of memory, meeting automotive-grade safety requirements. The edge aggregation nodes consist of 10 edge servers deployed on urban roadsides, with a single node computing power of 200 TOPS. The central cloud server is deployed in a compliant data center within my country, using a server cluster with 32-core CPUs and 128GB of memory to meet the requirements for domestic data storage.
[0046] Model architecture: The model adopts a CNN-LSTM hybrid model adapted for autonomous driving trajectory prediction, including 3 convolutional layers (for spatiotemporal feature extraction), 2 LSTM layers (for temporal feature extraction), 2 fully connected layers, and an output layer. The total number of parameters in the model is 1.28 million, using 32-bit floating-point parameters. The inputs are historical vehicle trajectory data, surrounding vehicle status, and road environment data, and the output is the vehicle trajectory prediction result for the next 5 seconds.
[0047] Homomorphic encryption parameters: The CKKS homomorphic encryption scheme is adopted, with a polynomial order N=2^14, a modulus scaling factor Δ=2^40, and the ciphertext modulus Q is a modulus chain composed of 60-bit primes. The encryption accuracy guarantees that the relative error of the parameters is ≤1e-5.
[0048] Threshold key parameters: The (t,n) threshold cryptography scheme is adopted, where n=100 and t=51, meaning that at least 51 nodes are required to complete collaborative decryption, thus resisting collusion attacks by no more than 50 malicious nodes.
[0049] Training parameters: learning rate 0.001, batch size 64, maximum number of iterations 100, model convergence threshold is validation set average displacement error (ADE) ≤ 0.8m.
[0050] Compliance Configuration: All raw data is stored in the vehicle's local secure encrypted domain. Communication uses the national cryptographic SM4 encryption algorithm, signature verification uses the national cryptographic SM2 algorithm, and hash digest uses the national cryptographic SM3 algorithm, fully complying with national cryptographic management and automotive data security regulations.
[0051] 2. Implementation Steps (1) System initialization and key system construction The system completes the networking and identity authentication of 100 vehicle-mounted nodes, 10 edge servers, and a central cloud server; issues SM9 digital certificates to all nodes; and establishes TLS 1.3 encrypted communication links. It also completes the architecture definition and parameter initialization of the trajectory prediction model, and distributes the initial model to all vehicle-mounted nodes. All vehicle-mounted nodes collaboratively generate the system public key, and complete the generation and distribution of private key fragments, with each vehicle-mounted node holding a unique private key fragment. Finally, it completes the configuration and network-wide synchronization of homomorphic encryption parameters, training parameters, and convergence thresholds.
[0052] (2) Local model training of vehicle-mounted nodes Each vehicle-mounted node locally collects historical vehicle trajectory data, LiDAR perception data, vehicle sensor data, and surrounding traffic environment data. Data cleaning, normalization, and feature engineering are performed to construct a local training dataset, with each node containing 8,000 to 20,000 local samples. Based on the initial model, the Adam optimizer is used to complete a single round of model training on the local training dataset. After training, the plaintext parameters of the local model are output.
[0053] (3) Homomorphic encryption protection for local models The plaintext parameters of the local model are divided into layers and blocks, with each parameter block containing 8192 floating-point parameters. The parameter blocks are encoded into ciphertext polynomials using CKKS packaging technology. A four-level pipeline encryption algorithm optimized with the NEON instruction set is used to perform homomorphic encryption on all parameter blocks. The average latency of a single encryption round is 18.6ms, and the domain controller's computing power utilization rate is 12.3%, which does not affect the operation of the vehicle's core functions at all. After encryption, an SM2 digital signature and timestamp are generated for the encrypted model parameters, which are uploaded to the corresponding edge aggregation node through an encrypted link and then forwarded to the central cloud server.
[0054] (4) Central server encrypted security aggregation The central server receives the encrypted model parameters uploaded by all nodes, verifies the legality of digital signatures, and removes illegal node data. Based on the additive homomorphic characteristics of CKKS homomorphic encryption, the FedAvg algorithm is used to complete the weighted average aggregation under encrypted conditions to generate encrypted global model parameters. The encrypted global model is then subjected to re-randomization processing to refresh the ciphertext noise distribution and generate SM3 hash digest.
[0055] (5) Global model secondary protection and distribution SM2 digital signatures and timestamps are generated for the parameters of the encrypted global model. After encapsulation, they are sent to each edge aggregation node through an encrypted link and then forwarded to the vehicle node. After receiving the data, the vehicle node verifies the digital signature and hash digest to confirm the legality and integrity of the model.
[0056] (6) Collaborative decryption and model iteration The vehicle-mounted node uses its local private key to partially decrypt the encrypted global model, generates a fragmented decryption result, and uploads it to the edge aggregation node. After collecting at least 51 fragmented decryption results, the edge node completes the full decryption, generates plaintext global model parameters, and sends them to the vehicle-mounted node. The vehicle-mounted node updates its local model with the global model and calculates the average displacement error on the local validation set. If the convergence threshold is not reached, it enters the next round of iterative training.
[0057] When the iteration reached the 86th round, the average displacement error of the model dropped to 0.76m, reaching the convergence threshold, and the training was terminated, completing the co-training process.
[0058] 3. Implementation Results and Comparative Experiments To verify the performance of the present invention, four sets of comparative tests were set up, namely: Control group 1: Traditional centralized model training, where all nodes upload raw data to a central server for centralized training, with no privacy protection; Control group 2: Standard plaintext FedAvg federated learning, without homomorphic encryption protection; Control group 3: Traditional CKKS homomorphic encrypted federated learning, without NEON optimization, threshold key, and global model protection; Experimental group: The method of the present invention.
[0059] The experimental results are shown in the table below:
[0060] The experimental results show that: The model prediction accuracy of this invention is 0.76m, which is almost the same as the unprotected plaintext FedAvg scheme (0.75m), and is 40.6% higher than the traditional homomorphic encryption scheme (1.28m), achieving the optimal balance between encryption efficiency and model accuracy; The single-wheel encryption latency of the vehicle-mounted terminal of this invention is only 18.6ms, which is 89.2% lower than that of the traditional homomorphic encryption scheme, and the computing power utilization rate is only 12.3%, which perfectly adapts to the computing power constraints of the vehicle-mounted terminal. This invention can resist gradient inversion attacks and 50-node collusion attacks 100%, and its privacy protection capabilities are far superior to existing solutions, completely solving the privacy leakage risk of federated learning. This invention ensures that the original data does not leave the vehicle's local storage throughout the entire process, adopts the national cryptographic algorithm system, and fully complies with the relevant laws and regulations on automotive data security, achieving optimal compliance.
[0061] Example 2: Specific Implementation of Urban Traffic Flow Prediction Scenario The application scenario of this embodiment is road network traffic prediction for urban intelligent traffic management. By aggregating the trajectory data, speed data, and location data of 5,000 intelligent connected vehicles in the city, a traffic flow prediction model is trained collaboratively to predict the urban road network traffic in the next 15 to 60 minutes, thereby realizing intelligent optimization of traffic signals, congestion warning, and road network diversion.
[0062] 1. Implementation Environment and Parameter Configuration Participating nodes: 5,000 intelligent connected vehicles in the city, all equipped with ARM architecture vehicle domain controllers; Edge nodes: 50 roadside edge servers within the city, responsible for the access and pre-aggregation of nodes within the area; Central Platform: The city traffic control center's domestic cloud platform, responsible for global aggregation and model distribution; Model architecture: Spatiotemporal Graph Convolutional Network (STGCN), adapted for spatiotemporal traffic prediction of road networks; Homomorphic encryption parameters: polynomial order N=2^15, threshold key parameters t=2501, n=5000; Training parameters: maximum number of iterations: 150; convergence threshold: traffic prediction accuracy ≥ 92%.
[0063] 2. Implementation Steps Using the two-level dense state aggregation alternative scheme of the present invention, the vehicle-mounted nodes in the region upload the encrypted parameters to the roadside edge server. After the edge nodes complete the regional dense state pre-aggregation, they upload the data to the central platform. The central platform completes the cross-regional global dense state aggregation, generates a dense state global model, and then distributes it to the vehicle-mounted nodes through the edge nodes to complete collaborative decryption and model update.
[0064] 3. Implementation Results After the model converges, the traffic flow prediction accuracy reaches 92.7%, which is almost the same as the accuracy of the centralized training scheme (93.5%). The end-to-end latency of a single iteration is controlled within 80ms, and it can support 5,000 vehicle nodes to participate in training at the same time. The success rate of defending against gradient inversion attacks and collusion attacks reaches 100%, with no risk of original data leakage. It fully meets the requirements of traffic data security management and can be directly applied to urban intelligent traffic control systems.
[0065] Example 3: Specific Implementation of New Energy Vehicle Battery Fault Early Warning Scenarios The application scenario of this embodiment is battery fault early warning for new energy vehicles. By sharing the battery operation data of 3,000 new energy vehicles of the same model, a battery fault diagnosis model is trained collaboratively to predict faults such as battery thermal runaway and capacity decay in advance, thereby improving vehicle driving safety.
[0066] 1. Implementation Environment and Parameter Configuration Participating nodes: 3,000 new energy vehicles equipped with ARM architecture vehicle domain controllers, which locally collect sensor data such as battery voltage, current, temperature, and SOC; Model architecture: Lightweight CNN fault diagnosis model, including 2 convolutional layers and 2 fully connected layers; Homomorphic encryption parameters: polynomial order N=2^14, threshold key parameters t=1501, n=3000; Training parameters: maximum number of iterations: 60; convergence threshold: fault prediction accuracy ≥ 95%.
[0067] 2. Implementation Steps The collaborative training is completed according to steps S1-S6 of this invention. In view of the high sensitivity of battery data, the homomorphic encryption parameters are optimized to improve the encryption accuracy. At the same time, the NEON pipeline encryption algorithm is optimized to control the single-round encryption delay to within 10ms, which is suitable for the low computing power allocation requirements of the vehicle domain controller.
[0068] 3. Implementation Results After model convergence, the accuracy rate of battery fault warning reached 95.8%, which is 33.2% higher than the accuracy rate of local training model for single vehicle. The success rate of defending against model reverse attacks reached 100%, and it is impossible to deduce the original operating data of vehicle battery from model parameters, thus protecting the privacy of user vehicle data. The model can be directly deployed on the vehicle terminal to achieve a 15-minute early warning of battery faults, which greatly improves the driving safety of new energy vehicles.
[0069] The foregoing has shown and described the basic principles, main features, and advantages of the present invention. Those skilled in the art should understand that the present invention is not limited to the above embodiments. The embodiments and descriptions in the specification are merely illustrative of the principles of the invention. Various changes and modifications can be made to the invention without departing from its spirit and scope, and all such changes and modifications fall within the scope of the claimed invention.
Claims
1. A data sharing method for vehicle-to-everything (V2X) networks based on homomorphic encryption and enhanced federated learning, characterized in that, A secure protection system is constructed for the entire chain of federated learning in the Internet of Vehicles (IoV), from local model upload to global model distribution. Based on homomorphic encryption technology, secure processing of model parameters is achieved throughout their entire lifecycle to resist privacy threats such as gradient inversion, node collusion, and malicious server attacks. Simultaneously, it adapts to the computing power constraints of in-vehicle embedded devices. The specific steps include: S1: System initialization and key system construction, complete the three-layer architecture networking of vehicle network federated learning, define the collaborative training model, configure homomorphic encryption parameters, complete the generation and distribution of public and private keys based on the distributed threshold cryptography mechanism, and establish a full-link encrypted communication system; S2: Local model training of vehicle nodes. Each vehicle node participating in collaborative training completes iterative model training within the local security domain based on locally collected multi-source sensitive data of the Internet of Vehicles, and outputs the plaintext gradient parameters and weight parameters of the local model. S3: Homomorphic encryption enhancement protection in the local model upload process. In view of the hardware computing power constraints of the vehicle ARM architecture, the CKKS homomorphic encryption algorithm optimized by the NEON instruction set is adopted to perform batch floating-point homomorphic encryption on the local model parameters. After generating the encrypted model parameters, they are uploaded to the central cloud server through the encrypted communication link. S4: Central server secure aggregation of encrypted state. The central server receives encrypted model parameters uploaded by all vehicle nodes. Based on the encrypted operation characteristics of homomorphic encryption, it uses the federated averaging algorithm to complete the weighted average aggregation under encrypted state. No parameter decryption is required throughout the process, generating global encrypted model parameters. S5: Homomorphic encryption secondary protection in the global model distribution process. The aggregated encrypted global model parameters are subjected to secondary encrypted calibration and signature authentication, and distributed to each participating vehicle node through an encrypted communication link to resist the risk of server forging aggregation results and colluding with malicious nodes. S6: Model decryption update and convergence judgment. The vehicle node receives the encrypted global model parameters, completes collaborative decryption based on the distributed threshold private key, updates the local model with the decrypted global model parameters, and repeats steps S2-S5 until the model loss converges to the preset threshold, completing collaborative training and realizing secure sharing of vehicle network data.
2. The method according to claim 1, characterized in that, The three-layer architecture of the vehicle-to-everything (V2X) federated learning described in step S1 includes an onboard node layer, an edge aggregation layer, and a central cloud server layer. The onboard node layer is an intelligent connected vehicle equipped with an ARM-based embedded onboard domain controller. The locally collected V2X sensitive data includes vehicle trajectory data, LiDAR point cloud data, camera image data, vehicle sensor signal data, driving behavior data, and battery operating status data. The collaborative training model is any of the following adapted to the V2X scenario: Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), or Spatiotemporal Graph Convolutional Network (STGCN). The model input is multi-source heterogeneous V2X data, and the output is the target results of autonomous driving trajectory prediction, traffic flow warning, vehicle fault diagnosis, and driving behavior analysis. The homomorphic encryption parameters are the polynomial order N, the modulus scaling factor Δ, and the ciphertext modulus Q of the CKKS homomorphic encryption scheme, where the polynomial order N is set to 2^14~2^16 to meet the requirements of balancing onboard computing power and encryption accuracy.
3. The method according to claim 1, characterized in that, The distributed threshold cryptography mechanism described in step S1 adopts the (t,n) threshold cryptography scheme, where n is the total number of vehicle nodes participating in collaborative training, t is the decryption threshold, and t>n / 2. The public key is generated collaboratively by all vehicle nodes and made public across the network. The private key is split into n private key fragments and distributed to each vehicle node. A single node cannot independently complete the decryption of the ciphertext. At least t nodes are required to provide private key fragments for collaborative decryption to resist decryption attacks colluded by the server and a few malicious nodes.
4. The method according to claim 1, characterized in that, The CKKS homomorphic encryption algorithm optimized by the NEON instruction set described in step S3 is designed for the single instruction multiple data (SIMD) extended architecture of ARM architecture vehicle devices. It constructs a four-level pipelined encryption computing structure, including parameter encoding level, NTT transformation level, public key encryption level, and ciphertext packing level. It uses NEON 128-bit vector instructions to achieve parallel encoding and operation of 4-way 32-bit floating-point numbers, which increases the parallelism of single-round encryption by 4 times and reduces the encryption computing power consumption and processing latency of the vehicle end.
5. The method according to claim 1, characterized in that, The batch floating-point homomorphic encryption described in step S3 is as follows: the weight parameters and gradient parameters of the local model are divided into multiple parameter blocks by layer. Each parameter block contains 4096 to 8192 floating-point parameters. Through the CKKS homomorphic encryption packaging technology, all parameters in a single parameter block are encoded into the same ciphertext polynomial. Homomorphic protection of batch parameters can be achieved by completing a single encryption, reducing the number of encryptions and the amount of ciphertext transmitted.
6. The method according to claim 1, characterized in that, The secure aggregation described in step S4 is as follows: The central server uses the FedAvg federated averaging algorithm. Based on the additive homomorphic characteristics of homomorphic encryption, it performs weighted addition and scalar multiplication operations on the parameters of the secure model of each node in secure state. The weighting weight is the proportion of the local training sample size of each vehicle node to the total sample size. The entire aggregation process only operates on the ciphertext and cannot obtain any plaintext parameter information, thus completely resisting gradient inversion attacks and parameter theft attacks.
7. The method according to claim 1, characterized in that, The secondary encrypted calibration and signature authentication described in step S5 are as follows: The central server performs encrypted re-randomization processing on the aggregated encrypted global model parameters, refreshes the ciphertext noise distribution, and prevents attackers from restoring plaintext information through multiple rounds of ciphertext comparison; at the same time, it generates SM2 national cryptographic algorithm digital signatures and timestamps for the encrypted global model parameters, and sends them to the vehicle-mounted nodes along with the ciphertext. The vehicle-mounted nodes verify the integrity and legality of the global model through public key verification, preventing the server from forging aggregation results and tampering with model parameters.
8. The method according to claim 1, characterized in that, The collaborative decryption described in step S6 is as follows: after receiving the encrypted global model parameters, the vehicle node uses the locally stored private key to partially decrypt the ciphertext, generates the fragmented decryption result, and uploads it to the edge aggregation node. After collecting at least t fragment decryption results, the edge aggregation node completes the full decryption, generates plaintext global model parameters, and distributes them to the vehicle-mounted nodes in the corresponding areas. The complete private key will not be reconstructed throughout the decryption process, and a single node or a few colluding nodes cannot obtain the plaintext information.
9. The method according to claim 1, characterized in that, The preset threshold for model convergence judgment in step S6 is that the model loss function value is ≤0.05, or the number of iterations reaches the preset maximum number of iterations. After the model converges, the global model obtained by collaborative training is deployed on the vehicle terminal for autonomous driving trajectory prediction, traffic flow warning, vehicle fault diagnosis, and intelligent road network collaboration scenarios. The original vehicle network data does not leave the vehicle's local security domain throughout the entire process.
10. A vehicle-to-everything (V2X) data sharing system based on homomorphic encryption and enhanced federated learning, characterized in that: For performing the method according to any one of claims 1-9, comprising: The system initialization and key management module is used to perform system networking, parameter configuration, distributed key generation and distribution in step S1. The local model training module is deployed on the vehicle node and is used to perform local model iterative training in step S2. The homomorphic encryption protection module is deployed on the vehicle node and is used to perform NEON-optimized CKKS homomorphic encryption and parameter batch packaging in step S3. The secure aggregation module is deployed on the central cloud server and is used to perform the secure federated average aggregation in step S4. The global model protection module is deployed on the central cloud server and is used to perform the encrypted rerandomization calibration, digital signature and encrypted distribution in step S5; The collaborative decryption and model update module is deployed on vehicle nodes and edge aggregation nodes to perform threshold collaborative decryption, model update and convergence judgment in step S6. The modules are connected via a national cryptographic standard SM4 encrypted communication link to achieve secure protection of the entire process of vehicle network data sharing.