CN114650128A - Aggregation verification method for federated learning - Google Patents
Aggregation verification method for federated learning Download PDFInfo
- Publication number
- CN114650128A CN114650128A CN202210329985.7A CN202210329985A CN114650128A CN 114650128 A CN114650128 A CN 114650128A CN 202210329985 A CN202210329985 A CN 202210329985A CN 114650128 A CN114650128 A CN 114650128A
- Authority
- CN
- China
- Prior art keywords
- client
- clients
- chameleon hash
- secret
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000002776 aggregation Effects 0.000 title claims abstract description 73
- 238000004220 aggregation Methods 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012795 verification Methods 0.000 title claims abstract description 36
- 241000122205 Chamaeleonidae Species 0.000 claims abstract description 119
- 230000006870 function Effects 0.000 claims abstract description 54
- 230000008569 process Effects 0.000 claims description 19
- 230000004931 aggregating effect Effects 0.000 claims description 8
- 238000006116 polymerization reaction Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 abstract description 8
- 238000012545 processing Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- OWNRRUFOJXFKCU-UHFFFAOYSA-N Bromadiolone Chemical compound C=1C=C(C=2C=CC(Br)=CC=2)C=CC=1C(O)CC(C=1C(OC2=CC=CC=C2C=1O)=O)C1=CC=CC=C1 OWNRRUFOJXFKCU-UHFFFAOYSA-N 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Power Engineering (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a federated learning aggregation verification method, which is characterized in that a secret share of a client chameleon hash function random number is added into a secret share ciphertext generated in a key sharing stage, and a homomorphic chameleon hash value of a model parameter is generated by taking the random number, a public parameter of the chameleon hash function and the model parameter as the input of the chameleon hash function in a generation stage of a model parameter ciphertext. And in the decryption stage, the server decrypts the secret share of the random number in the secret shares decrypted by the client to obtain the corresponding random number. And in the verification stage, the random number obtained by decryption of the server, the aggregation result of the model parameters and the public parameter of the chameleon hash function are used as input to obtain homomorphic chameleon hash values of the aggregation result, the homomorphic chameleon hash values are multiplied and then compared with the homomorphic chameleon hash values of the aggregation result, and the aggregation result is verified according to the homomorphism of the chameleon hash function. The number of information interaction rounds is reduced, and the aggregation rate is improved.
Description
Technical Field
The invention belongs to the technical field of information encryption, and particularly relates to an aggregation verification method for federated learning.
Background
Federated learning is a distributed machine learning framework that allows participating clients to upload model parameters to co-train a model rather than directly upload private training data. Therefore, the privacy of the original data of the client can be effectively protected. However, the existing research shows that the attacker can still reversely deduce the original training data through the uploaded model-related parameters.
In order to protect the security of the client private parameters, at present, a verifiable security aggregation protocol is usually adopted to process the interactive data, so that the server obtains the global model parameters without revealing the private parameters of a single client. The existing verifiable security aggregation protocol adopts a commitment scheme to ensure the consistency of aggregation at a server, which causes the security aggregation protocol to need to share the related information of additionally opening the commitment in the aggregation stage and the verification stage, thereby increasing the communication traffic and the number of interaction rounds and reducing the aggregation rate.
Disclosure of Invention
In order to solve the problems of more information interaction times and low aggregation efficiency in the prior art, the invention provides an aggregation verification method for federated learning, which has the characteristics of less aggregation verification interaction times, higher aggregation verification efficiency and the like
The aggregation verification method for federated learning provided by the embodiment of the invention comprises the following steps:
each client sends two public keys in the two generated public and private key pairs to a server, the server broadcasts a received public key set to each client connected with the server, and the clients receiving the public key set form a first client set;
for any client in the first set of clients: adding the secret shares of the random number of the client chameleon hash function into the secret shares, sending each generated secret share ciphertext to the server by each client, broadcasting the received secret share ciphertext set to each client connected with the server by the server, and forming a second client set by the clients receiving the secret share ciphertext set;
for any client in the second set of clients: taking the public parameter, the random number and the model parameter of the chameleon hash function of the client as the input of the chameleon hash function, and generating a homomorphic chameleon hash value of the model parameter;
the server broadcasts the received model parameter ciphertext and the homomorphic chameleon hash value set to the clients connected with the server, and the clients receiving the model parameter ciphertext and the homomorphic chameleon hash value set form a third client set;
for any client in the third set of clients: decrypting the received secret share ciphertexts of other clients, sending the decrypted secret shares to the server, and forming a fourth client set by the clients which are still connected with the server after the sending is finished;
reconstructing and decrypting secret shares in the server for clients belonging to the second set of clients but not to a third set of clients;
aggregating the model parameters of the clients in the third client set based on the random number and other secret values obtained by decryption to obtain an aggregation result;
sending the aggregation result and the random number of each client in the third client set to each client in the fourth client set;
for any client in the fourth set of clients: and taking the public parameter of the chameleon hash function of the client, the aggregation result and the sum of the random numbers of the clients in the third client set as the input of the chameleon hash function, generating a homomorphic chameleon hash value of the aggregation result, and comparing the product of the homomorphic chameleon hash value of the aggregation result and the homomorphic chameleon hash value of the clients in the third client set.
Further, the federally-learned aggregation verification method further includes:
for the server: if the number of the clients forming the current data set to be broadcasted or the fourth client set is smaller than a preset secret sharing threshold value, the data set to be broadcasted is not broadcasted, and the data set to be broadcasted is any one of the public key set, the secret share ciphertext set, the model parameter ciphertext and the homomorphic chameleon hash value set.
Further, the federally-learned aggregation verification method further includes:
for any client in any set of clients: and if the number of the clients forming the currently received data set is smaller than the preset secret sharing threshold value, stopping data transmission with the server, wherein the received data set is any one of the public key set, the secret share ciphertext set, the model parameter ciphertext and the homomorphic chameleon hash value set.
Further, the pair of any client in the first set of clients: adding the secret shares of the random number of the client chameleon hash function into the secret shares, and each client sends each generated secret share ciphertext to the server, wherein the method comprises the following steps:
calculating first symmetric keys between the client and the other clients respectively based on a first private key of the client and a first public key of each other client, and encrypting secret shares between the client and each other client respectively based on the first symmetric keys to generate secret share ciphertext:
ki1,j1←KA.Agree(ski1,pkj1)
wherein k isi1,j1For the first symmetric key, i1 and j1 are client identifications in the first set of clients, kai1Is the first private key, pk, of the clientj1The first public key of the other client side;
by passing
Obtaining the secret share ciphertext, wherein cti1,j1For the secret share ciphertext, se. enc () is the ciphertext encryption algorithm, ki1,j1For the first symmetric key, i1 and j1 are client identifications in the first set of clients,is a secret share of the client's second private key,is a secret share of the first seed parameter,changing a secret share of a random number of a chameleon hash function for the client.
Further, the process of generating the model parameter ciphertext includes: for any client in the second set of clients: calculating second symmetric keys between the client and other clients respectively based on a second private key of the client and a second public key of each other client, taking the second symmetric keys as second seed parameters of a pseudo-random generator of the client, and encrypting model parameters of the client based on the first seed parameters and the second seed parameters of the client to generate a model parameter ciphertext:
maki2,j2←KA.Agree(mski2,mpkj2)
mak thereini2,j2For the second symmetric key, i2 and j2 are client identifications in the second set of clients, kai2Is a second private key, mpk, of the clientj2A second public key of the other client;
by passing
Obtaining the model parameter ciphertext, wherein msxi2For the model parameter ciphertext, xi2For the model parameters of the client, PRG (b)i2) For the first pseudo-random bit string, PRG () is the pseudo-random generator, bi2Is a first sub-parameter, U, of the client2For the second set of clients, a PRG (mak)i2,j2) Is a second pseudo-random bit string, maki2,j2Mod is the second seed parameter of the client, modulo operation, B is the dimension of the model parameter,
further, the generating a homomorphic chameleon hash value of the model parameter by using the public parameter of the chameleon hash function of the client, the random number and the model parameter as the input of the chameleon hash function includes: by passing
chi2←CH.Hash(CHpp,xi2,ri2)
Obtaining homomorphic chameleon hash values of the model parameters, wherein chi2The Hash () is chameleon hash function, the CHpp is the public parameter of chameleon hash function, xi2Is a model parameter of the client, ri2Is the random number of the client.
Further, the reconstructing and decrypting, in the server, the secret shares of the clients belonging to the second set of clients but not belonging to a third set of clients includes:
reconstructing and decrypting the secret share of the second private key of the client which belongs to the second client set but does not belong to the third client set to obtain a second symmetric key of the client:
wherein mskjJ is an identification of a client belonging to the second set of clients but not to a third set of clients, ss.recon () is a secret reconstruction algorithm,is a secret share of the second private key, is U4For the fourth set of clients, t is a preset secret sharing threshold of the secret reconstruction algorithm;
by passing
makj,i3←KA.Agree(mskj,mpki3)
Obtaining a second symmetric key of the client, wherein makj,i3For the second symmetric key of the client, kajIs said second private key, mpki3I3 is a second public key of a client in the third set of clients, and is an identifier of the client in the third set of clients;
reconstructing the secret shares of the first seed parameters and the secret shares of the random numbers of the clients in the third client set respectively to obtain the first seed parameters and the random numbers of the clients:
wherein b isi3As a first sub-parameter of the client, ss.recon () is a secret reconstruction algorithm,i3 being a secret share of the first seed parameter of the client, i4 being an identification of the client of the third set of clients, U4 being an identification of the client of the fourth set of clients4And t is a preset secret sharing threshold value of the secret reconstruction algorithm for the fourth client set.
Further, the aggregating the model parameters of the clients in the third client set based on the random number obtained by decryption and other secret values to obtain an aggregated result includes:
aggregating the model parameters of the clients in the third client set based on the decrypted second symmetric key of the client, the first seed parameter of the client and the random number to obtain an aggregation result:
wherein y is the polymerization result, xi3Model parameters of the clients in the third set of clients, i3 is an identification of the clients in the third set of clients, U3For the third set of clients, msxi3Model parameter ciphertext, PRG (b), for a client in the third set of clientsi3) For a first pseudo-random bit string, PRG (mak), in the third set of clientsj,i3) A second pseudo-random bit string for clients belonging to the second set of clients but not to a third set of clients,
further, for any client in the fourth set of clients: taking the public parameter of the chameleon hash function of the client, the aggregation result and the sum of the random numbers of the clients in the third client set as the input of the chameleon hash function, generating the homomorphic chameleon hash value of the aggregation result, and comparing the product of the homomorphic chameleon hash value of the aggregation result and the homomorphic chameleon hash value of the clients in the third client set, including: by passing
To carry outComparison in whichIs a homomorphic chameleon hash value of the aggregated result,and the product of homomorphic chameleon hash values of the clients in the third client set.
Further, the federally-learned aggregation verification method further includes:
for any client in the second set of clients: and decrypting the received secret share ciphertext of the other client and the client based on the first symmetric key of the client to obtain two client identifications, and stopping the decryption of the secret share ciphertext if the two client identifications obtained by decryption are not corresponding to the client identification and the client identification.
The federated learning aggregation verification method provided by the invention can add the secret share of the client chameleon hash function random number into the secret share ciphertext generated in the key sharing stage, and generates the homomorphic chameleon hash value of the model parameter by taking the random number, the public parameter of the chameleon hash function and the model parameter as the input of the chameleon hash function in the generation stage of the model parameter ciphertext. And in the decryption stage of the server, the server decrypts the secret share of the random number in the secret shares decrypted by the client to obtain the corresponding random number. And in the verification stage, the client takes the random number obtained by decryption of the server, the aggregation result of the model parameters and the public parameter of the chameleon hash function as input to obtain the homomorphic chameleon hash value of the aggregation result, multiplies the homomorphic chameleon hash values of the model parameters of the clients participating in the aggregation process, compares the product with the homomorphic chameleon hash value of the aggregation result, and verifies the aggregation result according to the homomorphism of the chameleon hash function. Compared with the existing verification scheme, the method does not need to share the related information of the extra opening commitment, reduces the number of information interaction rounds and improves the aggregation rate.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow diagram of a federated learned aggregation validation method provided in accordance with an exemplary embodiment;
fig. 2 is a flow diagram of specific interactions of a federated learned aggregation validation method provided in accordance with an exemplary embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention. Referring to fig. 1, an embodiment of the present invention provides an aggregation verification method for federated learning, which may include the following steps:
101. and each client sends the two public keys in the generated two public and private key pairs to the server.
102. The server broadcasts the received public key set to each client connected with the server, and the clients receiving the public key set form a first client set. For any client in the first set of clients:
103. and adding the secret shares of the random number of the chameleon hash function of the client into the secret shares, and transmitting each generated secret share ciphertext to the server by each client.
104. And the server broadcasts the received secret share ciphertext set to each client connected with the server, and the clients receiving the secret share ciphertext set form a second client set. For any client in the second set of clients:
105. and taking the public parameter, the random number and the model parameter of the chameleon hash function of the client as the input of the chameleon hash function to generate a homomorphic chameleon hash value of the model parameter.
106. And the server broadcasts the received model parameter ciphertext and the homomorphic chameleon hash value set to each client connected with the server, and the clients receiving the model parameter ciphertext and the homomorphic chameleon hash value set form a third client set. For any client in the third set of clients:
107. and decrypting the received secret share ciphertexts of other clients, sending the decrypted secret shares to the server, and forming a fourth client set by the clients which are still connected with the server after the sending is finished.
108. Reconstructing and decrypting the secret shares in the server for clients belonging to the second set of clients but not to the third set of clients;
109. aggregating the model parameters of the clients in the third client set based on the random number and other secret values obtained by decryption to obtain an aggregation result;
1010. and sending the aggregation result and the random number of each client in the third client set to each client in the fourth client set. For any client in the fourth set of clients:
1011. and taking the public parameter of the chameleon hash function of the client, the aggregation result and the sum of the random numbers of the clients in the third client set as the input of the chameleon hash function, generating homomorphic chameleon hash values of the aggregation result, and comparing the products of the homomorphic chameleon hash values of the aggregation result and the homomorphic chameleon hash values of the clients in the third client set.
Specifically, in the process of performing aggregation verification, the cryptographic algorithm that needs to be used includes:
symmetric encryption algorithm (se.kgen, se.enc, se.dec):
SE.KGen(1κ) → k: with a safety parameter 1κOutputting a symmetric key k for input; .
Enc (k, m) → ct: generating a ciphertext ct by taking the symmetric key k and the message m as input;
dec (k ', ct) → m': with the symmetric key k 'and the ciphertext message ct as inputs, the output message m' satisfies ct ═ se.
Key agreement protocol (ka. param, ka. kgen, ka. agre):
KA.Param(1κ) → KApp: with a safety parameter 1κOutputting the common parameter KApp for input;
kgen (KApp) → (pk, sk): the algorithm generates a public and private key pair (pk, sk) of the algorithm for a user;
KA.Agree(ski,pkj)→ki,j: the algorithm takes the private key sk of the user iiAnd public key pk of user jjFor input, a negotiation key (private key) k is outputi,j。
The key agreement protocol is such that user i and user j generate the same key ki,jThat is to say
ki,j=KA.Agree(ski,pkj)=KA.Agree(skj,pki)=kj,i
In the invention, the key negotiated by the key negotiation algorithm can be used as a session key generated between the client i and the client j and a mask value generated in pair by the client i and the client j.
Secret sharing scheme (ss.share, ss.recon):
the secret sharing algorithm takes a secret value s and a threshold value t and a user set U as input, and secret shares of each user i belonging to the U are outputWhere | U | ═ N.
User collectionWhen the secret value is V | ≧ t, the secret reconstruction algorithm can recover the secret value s, otherwise, the output is null (i.e., ×).
The pseudo-random generator PRG may expand a short random string x into a long pseudo-random bit string PRG (x).
Chameleon hash algorithm (ch.gen, ch.hash, ch.hashcheck, ch.adapt):
CH.Gen(1κ) → (CHpp, TD): the algorithm takes a safety parameter kappa as input and outputs a common parameter CHpp and a trapdoor TD.
Hash (CHpp, m, r) → hash: and outputting the hash by taking the public parameter CHpp, the message m to be hashed and the random number r as input.
Hashcheck (CHpp, m, r, hash) → 0/1: if the verification passes the algorithm, 1 is output, and if the verification fails, 0 is output.
Adapt (TD, m, r, hash, m ') → r': the algorithm may output a new random number r 'with a trapdoor TD, a hash value hash, an original message m, an original random number r, and a new message m', such that ch.
In contrast to the general hash function, in addition to the need to satisfy collision resistance, the chameleon property needs to be satisfied, i.e., for any given m and m', one can find for any r
r '← CH.Adapt (TD, m, r, hash, m') satisfying
CH.Hash(CHpp,m,r)=CH.Hash(CHpp,m′,r′)。
And satisfy homomorphism, i.e.
CH.Hash(CHpp,m1+m2,r1+r2)=CH.Hash(CHpp,m1,r1)·CH.Hash(CHpp,m2,r2)。
Based on the encryption algorithm, referring to the flow of aggregation verification shown in fig. 2, before aggregation is performed, the process proceeds firstGenerating a line-common parameter, initializing a security parameter k, inputting the vectorWherein R is the modulus and d is the dimension of the vector; polymerization numberWherein B is more than or equal to N.R, and N is the number of clients participating in training in each round.
Param (1) is generated as a public parameter for key agreementκ)→KApp。
Gen (1) running chameleon Hash common parameter generation algorithmκ)→CHpp。
In the key generation and distribution phase:
for client i: two pairs of public and private keys (pk) are respectively generated according to KAppi,ski) Wen K, KA, KGen (KApp) and (mpk)i,mski) And (3) either ae o e, i.e. pkiAnd mpkiAnd sending the data to a server.
For the server: recording the client end set receiving the message as U1I.e., the first set of clients, willBroadcast to set U1The client in (1).
In the key sharing phase:
for client i: receiving a message from a serverTo generate the seed of the pseudo-random generator PRG, random extraction bi. To calculate homomorphic chameleon hash values, r is randomly extractedi. Generating msk through secret sharing algorithmi,biAnd riIs given. J ∈ U of calculation and client1Symmetric key k between \ { i }i,j←KA.Agree(ski,pkj) And computing a corresponding secret share ciphertext The ciphertext cti,jAnd sending the data to a server and storing the data locally.
For a server: recording the client end set receiving the message as U2I.e. the second set of clients, will receive cti,jIs correspondingly sent to the set U2The client in (1).
In the stage of collecting the double mask ciphertext and homomorphic chameleon hash value:
for client i: computing symmetric Key maki,j←KA.Agree(mski,mpkj) Key maki,jAs a seed for a pseudo-random generator PRG, and then generating a model parameter ciphertext WhereinIs referred to as modulo arithmetic. Homomorphic chameleon hash value ch for calculating model parametersi. Msx to be generatediAnd chiAnd sending the data to a server.
For the server: recording the client end set receiving the message as U3I.e. the third set of clients, will receiveBroadcast to set U3The client in (1).
In the decryption stage:
for client i: according to a symmetric key ki,j←KA.Agree(ski,pkj) To which it receivesTo carry outDecrypting and decrypting the model parameter ciphertext and collecting b in the third client side setjAnd rjAnd msk in the set dropped from the second set of clientsjIs sent to the server.
For the server: recording the set of clients receiving the message as U4And reconstructing the secret to obtain an aggregation value and sending the aggregation value to the clients in the fourth client set.
In the whole process, the secret share of the client chameleon hash function random number is added into a secret share ciphertext generated in a key sharing stage, and in the generation stage of the model parameter ciphertext, the random number, the public parameter of the chameleon hash function and the model parameter are used as the input of the chameleon hash function to generate a homomorphic chameleon hash value of the model parameter. And in the decryption stage of the server, the server decrypts the secret shares of the random numbers in the secret shares decrypted by the client to obtain the corresponding random numbers. In the verification stage, the client side takes the random number obtained by decryption of the server, the aggregation result of the model parameters and the public parameters of the chameleon hash function as input to obtain the homomorphic chameleon hash value of the aggregation result, multiplies the homomorphic chameleon hash values of the model parameters of the client sides participating in the aggregation process, compares the product with the homomorphic chameleon hash value of the aggregation result, and verifies the aggregation result according to the homomorphism of the chameleon hash function. Compared with the existing verification scheme, the method does not need to share the related information of the extra opening commitment, reduces the number of information interaction rounds and improves the aggregation rate.
In some embodiments of the invention, in order to protect the security of the truthful participant's private model parameters (e.g. gradients) during the aggregation process, they are prevented from being detected by the adversary mentioned above. And the protocol can tolerate the disconnection of part of the clients in the midway, namely the disconnection of part of the clients in the midway, and the normal operation of the federal study is not influenced.
For the server: and if the number of the clients forming the current data set to be broadcasted or the fourth client set is less than a preset secret sharing threshold value, the data set to be broadcasted is not broadcasted, and the data set to be broadcasted is any one of a public key set, a secret share ciphertext set, a model parameter ciphertext set and a homomorphic chameleon hash value set.
For any client in any set of clients: and if the number of the clients forming the currently received data set is less than a preset secret sharing threshold value, stopping data transmission with the server, wherein the received data set is any one of a public key set, a secret share ciphertext set, a model parameter ciphertext and a homomorphic chameleon hash value set. And
for any client in the second set of clients: and decrypting the received secret share ciphertext of the other client and the client based on the first symmetric key of the client to obtain two client identifications, and stopping the decryption of the secret share ciphertext if the two client identifications obtained by decryption are not corresponding to the client identification and the client identification.
Thus, the security of the private model parameters (such as gradient) of honest participants can be protected, and the private model parameters can be prevented from being detected by the enemy. But also ensures that the integrity of the aggregate prevents an adversary from accepting a fake aggregate result by a honest client. And in the aggregation process, part of the clients can be tolerated to be disconnected midway, namely part of the clients are disconnected midway, and the normal operation of federal learning is not influenced.
A complete polymerization verification process after completion is as follows: adding a secret sharing threshold t in the common parameter generation stage
In the key generation and distribution stage:
for client i: KApp generates two pairs of public and private keys respectively(pki,ski) Wen K, KA, KGen (KApp) and (mpk)i,mski) And (3) either ae o e, i.e. pkiAnd mpkiAnd sending the data to a server.
For a server: recording the client end set receiving the message as U1If | U1If l < t, the subsequent processing steps are aborted.Broadcast to set U1The client in (1).
In the key sharing phase:
for client i 1: receiving a message from a serverFirst, verify if | U1If | ≧ t and all public keys are different, preventing the server from forging the client data; otherwise, the subsequent processing steps are aborted.
Random decimation biGenerating seed of pseudo random generator PRG, randomly extracting r for calculating chameleon hash valuei1. Generating msk through secret sharing algorithmi1,bi1And ri1Is given. Wherein Calculating and client j 1E U1Symmetric keys between i1
ki1,j1←KA.Agree(ski1,pkj1)
Wherein k isi1,j1For the first symmetric key, i1 and j1 are the client identities in the first set of clients, kai1Is the first private key, pk, of the clientj1A first public key of other clients;
by passing
Obtaining a secret share ciphertext, wherein cti1,j1For the secret share ciphertext, se. enc () is a ciphertext encryption algorithm, ki1,j1I1 and j1 are client identifications in the first set of clients,is a secret share of the client's second private key,is a secret share of the first seed parameter,a secret share of the random number of the chameleon hash function is changed for the client.
The ciphertext cti1,j1And sending the data to a server and storing the data locally.
Recording the set of clients receiving the message as U for the server2If | U2If l < t, the subsequent processing is terminated. To received cti1,j1Is correspondingly sent to the set U2The client in (1).
In the stage of collecting the double mask ciphertext and homomorphic chameleon Hash values:
for client i 2:
firstly, for the received message from the server endVerify if | U2And | ≧ t. If | U2If l is less than t, the subsequent processing process is terminated. Computing symmetric keys after passing verification
maki2,j2←KA.Agree(mski2,mpkj2)
Mak thereini2,j2For the second symmetric key, i2 and j2 are the client identities in the second set of clients, kai2Is the second private key, mpk, of the clientj2A second public key for other clients;
by passing
Obtaining a model parameter ciphertext, wherein msxi2For model parameter ciphertext, xi2As model parameters of the client, PRG (b)i2) For the first pseudo-random bit string, PRG () for the pseudo-random generator, bi2Is a first sub-parameter, U, of the client2Is a second set of clients, PRG (mak)i2,j2) For a second pseudo-random bit string, maki2,j2Mod is the second seed parameter for the client, mod is the modulo operation, B is the dimension of the model parameters,
by passing
chi2←CH.Hash(CHpp,xi2,ri2)
Obtaining homomorphic chameleon hash values of the model parameters, wherein chi2Hash () is chameleon hash function, CHpp is public parameter of chameleon hash function, x is homomorphic chameleon hash value of model parameteri2Is a model parameter of the client, ri2Is the random number of the client. If any operation in the above process fails, the subsequent operation is directly suspended, otherwise the msx is generatedi2And chi2And sending the data to a server.
For the server:
recording the client end set receiving the message as U3If | U3If | < t, the subsequent processing flow is stopped, and msx is used after the verification is passedi2And chi2Is sent to U3The client in (1).
In the decryption stage:
for client i 3:
view received set of clients U3If the value of (1) is greater than or equal to t, if the value of (b) is less than t, the subsequent processing flow is directly stopped. After passing the verification, each client can be according to the symmetric key ki,j←KA.Agree(ski,pkj) To the receivedCarry out decryption to obtainIf i2 and j2 are verified as j', the subsequent process flow is terminated as it is. And after the verification is passed, sending the related secret shares obtained by decryption to the server.
For the server:
recording the client end set receiving the message as U4If | U4If l < t, the subsequent processing flow is stopped. After the verification is passed, reconstructing and decrypting the secret share of the second private key for the clients which belong to the second client set but do not belong to the third client set to obtain a second symmetric key of the client:
wherein mskjIs a second private key, j is the identity of a client belonging to the second set of clients but not to the third set of clients, ss.recon () is a secret reconstruction algorithm,is a secret share of the second private key, is U4And t is a preset secret sharing threshold value of the secret reconstruction algorithm, and is the fourth client set.
By passing
makj,i3←KA.Agree(mskj,mpki3)
Get a guestSecond symmetric key of the client, wherein makj,i3Agent () is the key agreement algorithm, msk, for the second symmetric key of the clientjIs a second private key, mpki3I3 is the identity of the client in the third set of clients, which is the second public key of the client in the third set of clients.
Respectively reconstructing the secret share of the first seed parameter of the client and the secret share of the random number in the third client set to obtain the first seed parameter of the client and the random number:
wherein b isi3As a first seed parameter for the client, ss.recon () is a secret reconstruction algorithm,i3 is the secret share of the first seed parameter of the client, i3 is the identity of the client in the third set of clients, i4 is the identity of the client in the fourth set of clients, U4And t is a preset secret sharing threshold value of the secret reconstruction algorithm, and is the fourth client set.
For each client in the third set of clients, the secret is reconstructed using a secret sharing algorithm:
and aggregating the model parameters of the clients in the third client set based on the decrypted second symmetric key of the client, the first seed parameter of the client and the random number to obtain an aggregation result:
wherein y is the result of polymerization, xi3For the model parameters of the clients in the third set of clients, i3 isIdentification of clients in the third set of clients, U3For a third set of clients, msxi3Model parameter ciphertext, PRG (b), for a client in the third set of clientsi3) For the first pseudo-random bit string, PRG (mak), in the third set of clientsj,i3) A second pseudo-random bit string for clients belonging to the second set of clients but not to the third set of clients,
for any client in the fourth set of clients: by passing
Performing a verification comparison whereinThe homomorphic chameleon hash value of the aggregated result,is the product of homomorphic chameleon hash values of the clients in the third set of clients. After the verification is passed, the polymerization process is reliable, and the model obtained by polymerization can be used.
In the specific implementation process of the invention, a homomorphic chameleon hash algorithm based on discrete logarithm hypothesis can be adopted:
whereinIs a cyclic group of order p, g1,g2,…,gdH is a group element, trapdoor αiSatisfy the requirement ofWhere i ∈ [ d ]]。
The chameleon hash function can meet the requirements of correctness, homomorphism and collision resistance.
The key agreement protocol (ka.param, ka.kgen, ka.agene) may be adopted as:
KA.param(1κ) → KApp, whereinWherein,for a cyclic group of order p with generator g, H is a hash algorithm, which may use SHA-256, SM3, etc.
KA.Agree(ski,pkj)→ki,jWherein ski=xiIs the private key of the user i,negotiating a key for user j's public key, user i, j
The pseudo-random generator PRG may employ AES-CTR or the like.
The symmetric encryption algorithm may use AES or the cryptographic algorithm SM4, etc.
The verifiability of the aggregation process can be performed based on the homomorphism and collision resistance of the chameleon hash algorithm. For example: the aggregated results can be forged if an adversary is presentSo that a certain honest client i is verified, i.e. passes
Due to the fact thatjAll generated in the client honesty, i.e. chj=CH.Hash(CHpp,xj,rj) According to the homomorphism of the chameleon hash function, the method can know
Will obtainAndall satisfy chameleon hash value of h*This contradicts the collision resistance of chameleon hash, which also proves the verifiability of the aggregated results.
Through adopting chameleon hash function, thereby avoid using the promise scheme thereby at the verification stage, only need one round can, avoided the extra communication round number that the promise was opened. Construction based on discrete logarithm at the same timeHash algorithm ofThe output being a group elementIndependent of the length of the input parameter m. This increases verifiability while ensuring additional increased traffic O (N) in each round of federal learning, regardless of the size of the model parameter vector d.
In the federated learning aggregation verification method provided by the above embodiment of the present invention, the chameleon hash function is adopted, and the use of the commitment scheme is avoided, so that in the verification stage, only one round is needed to avoid the number of extra communication rounds committed to open, and meanwhile, the communication traffic of protocol interaction is reduced, and the verification efficiency is improved.
While, for purposes of simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present invention is not limited by the illustrated ordering of acts, as some steps may occur in other orders or concurrently with other steps in accordance with the invention. Further, those skilled in the art will appreciate that the embodiments described in this specification are presently preferred and that no acts or modules are required by the invention.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The steps in the method of each embodiment of the present invention may be sequentially adjusted, combined, and deleted according to actual needs, and the technical features described in each embodiment may be replaced or combined.
The modules and sub-modules in the device and the terminal of the embodiments of the invention can be combined, divided and deleted according to actual needs.
In the embodiments provided in the present invention, it should be understood that the disclosed terminal, apparatus and method may be implemented in other ways. For example, the above-described terminal embodiments are merely illustrative, and for example, the division of a module or a sub-module is only one logical division, and there may be other divisions when the terminal is actually implemented, for example, a plurality of sub-modules or modules may be combined or integrated into another module, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules or sub-modules described as separate components may or may not be physically separate, and the components described as modules or sub-modules may or may not be physical modules or sub-modules, may be located in one place, or may be distributed on a plurality of network modules or sub-modules. Some or all of the modules or sub-modules can be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, each functional module or sub-module in each embodiment of the present invention may be integrated into one processing module, or each module or sub-module may exist alone physically, or two or more modules or sub-modules may be integrated into one module. The integrated modules or sub-modules may be implemented in the form of hardware, or may be implemented in the form of software functional modules or sub-modules.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software unit executed by a processor, or in a combination of the two. The software cells may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. The aggregation verification method for federated learning is characterized by comprising the following steps:
each client sends two public keys in the generated two public and private key pairs to a server, the server broadcasts a received public key set to each client connected with the server, and the clients receiving the public key sets form a first client set;
for any client in the first set of clients: adding the secret shares of the random number of the client chameleon hash function into the secret shares, sending each generated secret share ciphertext to the server by each client, broadcasting the received secret share ciphertext set to each client connected with the server by the server, and forming a second client set by the clients receiving the secret share ciphertext set;
for any client in the second set of clients: taking a public parameter, a random number and a model parameter of the chameleon hash function of the client as the input of the chameleon hash function, and generating a homomorphic chameleon hash value of the model parameter;
the server broadcasts the received model parameter ciphertext and the homomorphic chameleon hash value set to each client connected with the server, and the clients receiving the model parameter ciphertext and the homomorphic chameleon hash value set form a third client set;
for any client in the third set of clients: decrypting the received secret share ciphertext of other clients, sending the decrypted secret share to the server, and forming a fourth client set by the clients which are still connected with the server after the sending is finished;
reconstructing and decrypting secret shares in the server for clients belonging to the second set of clients but not to a third set of clients;
aggregating the model parameters of the clients in the third client set based on the random number and other secret values obtained by decryption to obtain an aggregation result;
sending the aggregation result and the random number of each client in the third client set to each client in the fourth client set;
for any client in the fourth set of clients: and taking the public parameter of the chameleon hash function of the client, the aggregation result and the sum of the random numbers of the clients in the third client set as the input of the chameleon hash function, generating a homomorphic chameleon hash value of the aggregation result, and comparing the product of the homomorphic chameleon hash value of the aggregation result and the homomorphic chameleon hash value of each client in the third client set.
2. The method of claim 1, further comprising:
for the server: if the number of the clients forming the current data set to be broadcasted or the fourth client set is smaller than a preset secret sharing threshold value, the data set to be broadcasted is not broadcasted, and the data set to be broadcasted is any one of the public key set, the secret share ciphertext set, the model parameter ciphertext and the homomorphic chameleon hash value set.
3. The method of claim 2, further comprising:
for any client in any set of clients: and if the number of the clients forming the currently received data set is smaller than the preset secret sharing threshold value, stopping data transmission with the server, wherein the received data set is any one of the public key set, the secret share ciphertext set, the model parameter ciphertext and the homomorphic chameleon hash value set.
4. The method of claim 1, wherein for any client in the first set of clients: adding the secret shares of the random number of the client chameleon hash function into the secret shares, and each client sends each generated secret share ciphertext to the server, wherein the method comprises the following steps:
calculating first symmetric keys between the client and the other clients respectively based on a first private key of the client and a first public key of each other client, and encrypting secret shares between the client and each other client respectively based on the first symmetric keys to generate secret share ciphertext:
ki1,j1←KA.Agree(ski1,pkj1)
wherein k isi1,j1For the first symmetric key, i1 and j1 are client identifications in the first set of clients, kai1Is the first private key, pk, of the clientj1The first public key of the other client side;
by passing
Obtaining the secret share ciphertext, wherein cti1,j1For the secret share ciphertext, se. enc () is the ciphertext encryption algorithm, ki1,j1For the first symmetric key, i1 and j1 are client identifications in the first set of clients,is a secret share of the client's second private key,is a secret share of the first seed parameter,changing a secret share of a random number of a chameleon hash function for the client.
5. The method according to claim 4, wherein the generation process of the model parameter ciphertext comprises: for any client in the second set of clients: calculating second symmetric keys between the client and other clients respectively based on a second private key of the client and a second public key of each other client, taking the second symmetric keys as second seed parameters of a pseudo-random generator of the client, and encrypting model parameters of the client based on the first seed parameters and the second seed parameters of the client to generate a model parameter ciphertext:
maki2,j2←KA.Agree(mski2,mpkj2)
mak thereini2,j2For the second symmetric key, i2 and j2 are client identifications in the second set of clients, kai2Is a second private key, mpk, of the clientj2A second public key of the other client;
by passing
Obtaining the model parameter ciphertext, wherein msxi2For the model parameter ciphertext, xi2For the model parameters of the client, PRG (b)i2) For the first pseudo-random bit string, PRG () for the pseudo-random generator, bi2Is a first sub-parameter, U, of the client2For the second set of clients, a PRG (mak)i2,j2) For a second pseudo-random bit string, maki2,j2Mod is the second seed parameter of the client, modulo operation, B is the dimension of the model parameter,
6. the method of claim 5, wherein the taking the common parameter of the chameleon hash function of the client, the random number, and the model parameter as inputs of the chameleon hash function to generate a homomorphic chameleon hash value of the model parameter comprises: by passing
chi2←CH.Hash(CHpp,xi2,ri2)
Obtaining homomorphic chameleon hash values of the model parameters, wherein chi2The Hash () is chameleon hash function, the CHpp is the public parameter of chameleon hash function, xi2Is a model parameter of the client, ri2Is the random number of the client.
7. The method of claim 6, wherein the reconstructing and decrypting the secret shares in the server for the clients belonging to the second set of clients but not to a third set of clients comprises:
reconstructing and decrypting the secret share of the second private key of the client which belongs to the second client set but does not belong to the third client set to obtain a second symmetric key of the client:
wherein mskjJ is an identification of a client belonging to the second set of clients but not to a third set of clients, ss.recon () is a secret reconstruction algorithm,is a secret share of the second private key, is U4For the fourth set of clients, t is a preset secret sharing threshold of the secret reconstruction algorithm;
by passing
makj,i3←KA.Agree(mskj,mpki3)
Obtaining a second symmetric key of the client, wherein makj,i3For the second symmetric key of the client, kajIs said second private key, mpki3I3 is a second public key of a client in the third set of clients, and is an identifier of the client in the third set of clients;
reconstructing the secret shares of the first seed parameters and the secret shares of the random numbers of the clients in the third client set respectively to obtain the first seed parameters and the random numbers of the clients:
wherein b isi3As a first seed argument of the client, ss.recon () is a secret reconstruction algorithm,i3 being a secret share of the first seed parameter of the client, i4 being an identification of the client of the third set of clients, U4 being an identification of the client of the fourth set of clients4And t is a preset secret sharing threshold value of the secret reconstruction algorithm for the fourth client set.
8. The method according to claim 7, wherein the aggregating model parameters of each client in the third set of clients based on the decrypted random number and other secret values to obtain an aggregated result comprises:
aggregating the model parameters of the clients in the third client set based on the decrypted second symmetric key of the client, the first seed parameter of the client and the random number to obtain an aggregation result:
wherein y is the polymerization result, xi3I3 is the model parameter of the client in the third client setIdentification of clients in the set, U3For the third set of clients, msxi3Model parameter ciphertext, PRG (b), for a client in the third set of clientsi3) For a first pseudo-random bit string, PRG (mak), in the third set of clientsj,i3) A second pseudo-random bit string for clients belonging to the second set of clients but not to a third set of clients,
9. the method of claim 8, wherein for any client in the fourth set of clients: taking the public parameter of the chameleon hash function of the client, the aggregation result and the sum of the random numbers of the clients in the third client set as the input of the chameleon hash function, generating the homomorphic chameleon hash value of the aggregation result, and comparing the product of the homomorphic chameleon hash value of the aggregation result and the homomorphic chameleon hash value of the clients in the third client set, including: by passing
10. The method of claim 4, further comprising:
for any client in the second set of clients: and decrypting the received secret share ciphertext of the other client and the client based on the first symmetric key of the client to obtain two client identifications, and stopping the decryption of the secret share ciphertext if the two client identifications obtained by decryption are not corresponding to the client identification and the client identification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210329985.7A CN114650128B (en) | 2022-03-31 | 2022-03-31 | Aggregation verification method for federal learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210329985.7A CN114650128B (en) | 2022-03-31 | 2022-03-31 | Aggregation verification method for federal learning |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114650128A true CN114650128A (en) | 2022-06-21 |
CN114650128B CN114650128B (en) | 2024-10-11 |
Family
ID=81995142
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210329985.7A Active CN114650128B (en) | 2022-03-31 | 2022-03-31 | Aggregation verification method for federal learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114650128B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115189950A (en) * | 2022-07-12 | 2022-10-14 | 华东师范大学 | Verifiable gradient security aggregation method and system based on multi-party security calculation |
CN115186285A (en) * | 2022-09-09 | 2022-10-14 | 闪捷信息科技有限公司 | Parameter aggregation method and device for federal learning |
CN115378572A (en) * | 2022-07-12 | 2022-11-22 | 启明星辰信息技术集团股份有限公司 | Decentralized multi-server security aggregation system and method |
CN115913572A (en) * | 2022-11-17 | 2023-04-04 | 国网智能电网研究院有限公司 | Data verification method, device, equipment, medium and system for mimicry storage system |
CN116049897A (en) * | 2023-03-30 | 2023-05-02 | 北京华隐熵策数据科技有限公司 | Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption |
CN116996235A (en) * | 2023-09-26 | 2023-11-03 | 中电科大数据研究院有限公司 | Security authentication method, device and system for joint modeling |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110086599A (en) * | 2019-04-24 | 2019-08-02 | 电子科技大学 | Hash calculation method and label decryption method based on homomorphism chameleon hash function |
WO2021232754A1 (en) * | 2020-05-22 | 2021-11-25 | 深圳前海微众银行股份有限公司 | Federated learning modeling method and device, and computer-readable storage medium |
-
2022
- 2022-03-31 CN CN202210329985.7A patent/CN114650128B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110086599A (en) * | 2019-04-24 | 2019-08-02 | 电子科技大学 | Hash calculation method and label decryption method based on homomorphism chameleon hash function |
WO2021232754A1 (en) * | 2020-05-22 | 2021-11-25 | 深圳前海微众银行股份有限公司 | Federated learning modeling method and device, and computer-readable storage medium |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115189950A (en) * | 2022-07-12 | 2022-10-14 | 华东师范大学 | Verifiable gradient security aggregation method and system based on multi-party security calculation |
CN115378572A (en) * | 2022-07-12 | 2022-11-22 | 启明星辰信息技术集团股份有限公司 | Decentralized multi-server security aggregation system and method |
CN115189950B (en) * | 2022-07-12 | 2023-07-25 | 华东师范大学 | Verifiable gradient security aggregation method and system based on multiparty security calculation |
CN115186285A (en) * | 2022-09-09 | 2022-10-14 | 闪捷信息科技有限公司 | Parameter aggregation method and device for federal learning |
CN115913572A (en) * | 2022-11-17 | 2023-04-04 | 国网智能电网研究院有限公司 | Data verification method, device, equipment, medium and system for mimicry storage system |
CN116049897A (en) * | 2023-03-30 | 2023-05-02 | 北京华隐熵策数据科技有限公司 | Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption |
CN116049897B (en) * | 2023-03-30 | 2023-12-01 | 北京华隐熵策数据科技有限公司 | Verifiable privacy protection federal learning method based on linear homomorphic hash and signcryption |
CN116996235A (en) * | 2023-09-26 | 2023-11-03 | 中电科大数据研究院有限公司 | Security authentication method, device and system for joint modeling |
CN116996235B (en) * | 2023-09-26 | 2023-12-05 | 中电科大数据研究院有限公司 | Security authentication method, device and system for joint modeling |
Also Published As
Publication number | Publication date |
---|---|
CN114650128B (en) | 2024-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114650128A (en) | Aggregation verification method for federated learning | |
CN110740033B (en) | Block chain multi-party data sharing method based on secret sharing technology | |
CN107342859B (en) | Anonymous authentication method and application thereof | |
Eslami et al. | Certificateless aggregate signcryption: Security model and a concrete construction secure in the random oracle model | |
CN107438006B (en) | Full multi-receiver label decryption method of the anonymity without certificate | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN114338045A (en) | Information data verifiability safety sharing method and system based on block chain and federal learning | |
CN114219483B (en) | Method, equipment and storage medium for sharing block chain data based on LWE-CPBE | |
CN113507374A (en) | Threshold signature method, device, equipment and storage medium | |
CN101431414A (en) | Authentication group key management method based on identity | |
CN111797427A (en) | Block chain user identity supervision method and system considering privacy protection | |
CN107248909A (en) | It is a kind of based on SM2 algorithms without Credential-Security endorsement method | |
CN105187425B (en) | Facing cloud calculus communication system safety without certificate thresholding decryption method | |
CN104754570B (en) | Key distribution and reconstruction method and device based on mobile internet | |
CN111049647B (en) | Asymmetric group key negotiation method based on attribute threshold | |
CN110120871B (en) | Broadcast encryption method and system with fixed private key and ciphertext length | |
CN114491578A (en) | Security data aggregation method for privacy calculation | |
Zhou et al. | An efficient identity authentication scheme with dynamic anonymity for VANETs | |
CN113329371B (en) | 5G Internet of vehicles V2V anonymous authentication and key agreement method based on PUF | |
CN111565108B (en) | Signature processing method, device and system | |
CN114070549A (en) | Key generation method, device, equipment and storage medium | |
CN114900283B (en) | Deep learning user gradient aggregation method based on multiparty security calculation | |
CN111541669A (en) | Broadcast encryption method and system | |
CN116232759A (en) | Mist-blockchain assisted smart grid aggregation authentication method | |
CN114915402A (en) | Verifiable privacy recommendation system based on secure multi-party computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |