为了解决联邦学习中存在的隐私泄露、异构数据下表现不佳的问题,提出了一种可验证的隐私保护个性化联邦学习方案。该方案使用同态加密来保护用户的隐私信息,在密文上计算模型更新的相似度来为用户定制个性化模型,基于环上误差学习困难问题实现了个性化更新的可验证。理论和实验分析表明,所提方案实现了隐私保护,服务器和用户均无法获得其他用户的本地更新和个性化更新,并且隐私保护产生的额外计算开销和通信开销也是可接受的。在非独立同分布和独立同分布场景下,所提方案在2个公开数据集上的准确率高于联邦平均和已有个性化方案。
To address privacy leakage and performance degradation in federated learning with heterogeneous data, we propose a verifiable privacy-preserving personalized federated learning scheme. In the scheme, the privacy of users is guaranteed through homomorphic encryption. Personalized model customization is enabled by calculating similarities over ciphertexts. Based on the ring learning with errors problem, users can verify the correctness of personalized updates. Theoretical and experimental analysis shows that the proposed scheme effectively preserves user privacy, ensuring that neither the server nor the user can access others’ local or personalized updates. Furthermore, the additional computational and communication overhead incurred by privacy preservation remains within acceptable limits. Experimental results on two public datasets show that the proposed scheme achieves higher accuracy than federated averaging and other personalized schemes under both independently and non-independently distributed data settings.
[1] 王方伟, 谢美云, 李青茹, 等. 自适应裁剪的差分隐私联邦学习框架[J]. 西安电子科技大学学报, 2023, 50(4): 111-120. Wang F W, Xie M Y, Li Q R, et al. Differentially private federated learning framework with adaptive clipping [J]. Journal of Xidian University, 2023, 50(4): 111-120. (in Chinese)
[2] 李志鹏, 国雍, 陈耀佛, 等. 基于数据生成的类别均衡联邦学习[J]. 计算机学报, 2023, 46(3): 609-625. Li Z P, Guo Y, Chen Y F, et al. Class-balanced federated learning based on data generation [J]. Chinese Journal of Computers, 2023, 46(3): 609-625. (in Chinese)
[3] Melis L, Song C, De Cristofaro E, et al. Exploiting unintended feature leakage in collaborative learning [C]//2019 IEEE Symposium on Security and Privacy, 2019: 691-706.
[4] Chamikapa M P A, Liu D, Camtepe S, et al. Local differential privacy for federated learning [C]//European Symposium on Research in Computer Security, 2022: 195-216.
[5] Zhao L, Wang Q, Zou Q, et al. Privacy-preserving collaborative deep learning with unreliable participants [J]. IEEE Transactions on Information Forensics and Security, 2019, 15: 1486-1500.
[6] Bonawitz K, Ivanov V, Kreuter B, et al. Practical secure aggregation for privacy-preserving machine learning [C]//2017 ACM SIGSAC Conference on Computer and Communications Security, 2017: 1175-1191.
[7] Song J, Wang W, Gadekallu T R, et al. EPPDA: an efficient privacy-preserving data aggregation federated learning protocol [J]. IEEE Transactions on Network Science and Engineering, 2023, 10(5): 3047-3057.
[8] Aono Y, Hayashi T, Wang L, et al. Privacy-preserving deep learning via additively homomorphic encryption [J]. IEEE Transactions on Information Forensics and Security, 2017, 13(5): 1333-1345.
[9] Zhang C, Li S, Xia J, et al. Batchcrypt: efficient homomorphic encryption for cross-silo federated learning [C]//2020 USENIX Annual Technical Conference, 2020: 493-506.
[10] Wang J, Xu G, Lei W, et al. CPFL: an effective secure cognitive personalized federated learning mechanism for industry 4.0[J]. IEEE Transactions on Industrial Informatics, 2022, 18(10): 7186-7195.
[11] Tan A Z, Yu H, Cui L, et al. Towards personalized federated learning [J]. IEEE Transactions on Neural Networks and Learning Systems, 2023, 34(12): 9587-9603.
[12] Duan M, Liu D, Chen X, et al. Self-balancing federated learning with global imbalanced data in mobile systems [J]. IEEE Transactions on Parallel and Distributed Systems, 2020, 32(1): 59-71.
[13] Wu Q, Chen X, Zhou Z, et al. Fedhome: cloud-edge based personalized federated learning for in-home health monitoring [J]. IEEE Transactions on Mobile Computing, 2020, 21(8): 2818- 2832.
[14] Huang Y, Chu L, Zhou Z, et al. Personalized cross-silo federated learning on non-IID data [C]//AAAI Conference on Artificial Intelligence, 2021, 35(9): 7865-7873.
[15] Wei K, Li J, Ma C, et al. Personalized federated learning with differential privacy and convergence guarantee [J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 4488-4503
[16] Hu R, Guo Y, Li H, et al. Personalized federated learning with differential privacy [J]. IEEE Internet of Things Journal, 2020, 7(10): 9530-9539.
[17] Cheon J H, Kim A, Kim M, et al. Homomorphic encryption for arithmetic of approximate numbers [C]//International Conference on the Theory and Application of Cryptology and Information Security, 2017: 409-437.
[18] Liu X, Li H, Xu G, et al. Privacy-enhanced federated learning against poisoning adversaries [J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 4574-4588.
[19] Ma Z, Ma J, Miao Y, et al. ShieldFL: mitigating model poisoning attacks in privacy-preserving federated learning [J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1639- 1654.
