CN116582242A - Safe federal learning method of ciphertext and plaintext hybrid learning mode - Google Patents

Safe federal learning method of ciphertext and plaintext hybrid learning mode Download PDF

Info

Publication number
CN116582242A
CN116582242A CN202310401778.2A CN202310401778A CN116582242A CN 116582242 A CN116582242 A CN 116582242A CN 202310401778 A CN202310401778 A CN 202310401778A CN 116582242 A CN116582242 A CN 116582242A
Authority
CN
China
Prior art keywords
training
client
model
protocol
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310401778.2A
Other languages
Chinese (zh)
Inventor
毛云龙
杨轩麟
张天陵
仲盛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
Original Assignee
Nanjing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University filed Critical Nanjing University
Priority to CN202310401778.2A priority Critical patent/CN116582242A/en
Publication of CN116582242A publication Critical patent/CN116582242A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a safe federation learning method of a ciphertext plaintext hybrid learning mode, which comprises a first stage of encryption training protocol, a second stage of partial plaintext training protocol and selection and judgment of a current protocol; the client judges which stage of protocol should be used for the round training according to the index in the self training process and the given judging method, and sends the judging result to the server, the server decides the round protocol according to the judging result uploaded by the client and notifies the round protocol to the client, and the client and the server perform training and communication according to the protocol content to complete the round of training. According to the application, by selecting proper training protocols in different periods of global training, the efficiency of federal learning training is improved while the privacy of user data is protected, the calculation efficiency is effectively improved, the bandwidth consumed by data transmission of all parties is reduced, and finally, the efficient deep neural network model training based on multiparty data is realized.

Description

Safe federal learning method of ciphertext and plaintext hybrid learning mode
Technical Field
The application relates to a scheme for safely and efficiently carrying out multiparty collaborative training on a neural network model under a federal learning scene based on homomorphic encryption, in particular to a scheme for carrying out efficient training through dividing model parameters and a discrimination scheme for selecting a global training protocol.
Background
With the increase of mobile internet users and the improvement of computing power of intelligent devices, machine learning, particularly a deep machine learning algorithm, is playing an increasingly important role in the interaction of internet enterprises and users. For example, many businesses accurately push information that users wish to understand to users by collecting usage data in their mobile applications or devices, and grasping the users' usage habits based on this data by training a machine learning model. In practical application training, the deep neural network is a model structure of a common learning algorithm.
The application aims to safely and efficiently carry out multiparty training neural network models, and we need to introduce the construction of a unilateral machine learning model, namely the construction process of the machine learning model of an independent client.
The collected attributes of what is called things are features, and the attributes that are expected to be inferred from features are labels. If the size, the color and the root and the stem of the watermelon are characterized, the sweetness of the watermelon is a mark which we want; the display card model, the operating system and the CPU of the computer are characterized, and the running performance of the computer is a mark which we want.
While the machine learning model can be abstracted as a mapping from features to labels, the desire to obtain a mapping that is as accurate as possible requires knowledge learning, i.e. a certain number of (feature, label) examples need to be given for the machine to construct the mapping. Finally, the effect that the machine can obtain accurate results on more generalized data is achieved.
Let D be the data set of the data set, x is a feature and y is a label. The machine will build a model f: R by learning the data in D d R, f (x) =y, we also need a loss function to evaluate the model performance: f (D) = Σ (x,y)∈D l (F (x), y), wherein l (F (x), y) gives the loss value, and the mapping F corresponding to the minimum time of F (D) is obtained after the machine learning model is constructed.
The deep neural network is a discriminant model that can be trained using a back-propagation algorithm. The weight update can be solved for using a random gradient descent method using the following equation:
where, oc is the learning rate and C is the cost function. The choice of this function is related to the type of learning (e.g., supervised learning, unsupervised learning, reinforcement learning) and the activation function. For example, to supervise learning over a multi-classification problem, a common option is to use ReLU as the activation function and cross entropy as the cost function.
The Softmax function is defined as
Wherein p is j Representing the probability of category j, and x j And x k Representing inputs to units j and k, respectively.
Cross entropy is defined as C= sigma j d j log(p j ) Wherein d is j Representing the target probability, p, of the output unit j j Representing the probability output to element j after the activation function has been applied.
However, these services often need to collect a large amount of user privacy data as a training model, and as the consciousness of protecting the privacy of personal data of users increases, enterprises want to collect the user use data on their own servers and train on the basis, so that not only is the suspicion of infringement of the user privacy, but also for the user group with the privacy requirement growing gradually, it is increasingly difficult to want to collect enough training samples. In addition, the operation of using private data of enterprises can be strictly supervised, data uniformly stored in the enterprise server also has the risk of being stolen by malicious attackers, and once the data are stolen, the attack on the rights and interests of users is difficult to predict. For these reasons, conventional centralized training methods have failed to accommodate today's business and social needs. For this reason, in 2016, google proposed a new machine learning scenario, federal learning, which is a distributed training scheme, gradually replacing the original learning scheme.
Formally, compared with machine learning of a single machine, federal learning designs two entities, namely a client and a server, with N clients each holding a data set D i Details of the federal learning process are shown in algorithm 1, which is to train a new model locally by using own data set after each client obtains a new model from the server; and then transmitting the new model parameters to the server, and the server aggregates the new model parameters of each client to obtain a new global model and finally transmits the new global model to each client. And the machine learning model which can adapt to each client data set is obtained step by step in a circulating and reciprocating way.
In the federal learning algorithm, the user does not upload own privacy data to the server, but instead trains the data of the model, but a great deal of subsequent research shows that under various circumstances, the intermediate gradient result obtained based on the user data is transmitted with the same possibility of revealing the user privacy, so that other security encryption technologies, such as homomorphic encryption technologies, are mostly used in the current federal learning. The homomorphic encryption technology is a public key encryption technology, and an attacker cannot easily acquire plaintext information from ciphertext obtained by encryption of the public key encryption technology, but allows other people to use the ciphertext to perform certain calculation, and ensures that the final decrypted result is the same as or similar to the result of the same calculation based on the plaintext. Therefore, the homomorphic encryption is carried out on the data uploaded to the server by the client, so that the privacy of the user data is ensured, and the original training algorithm can be normally carried out.
Among all homomorphic encryption algorithms, the semi-homomorphic encryption algorithm is more applied to FedAVG scenes in federal learning. A typical homomorphic encryption would involve the following algorithms:
·GenKey(1 λ ) → (pk, sk): homomorphic encryption generates a key pair, λ is called a security factor, to generate a random public key pk and a private key sk, both of which are often determined by λ in length.
Enc (m, pk) →c: and an algorithm for encrypting the plaintext by using the public key, wherein m is the plaintext to be encrypted, pk is a public key generated in advance, and the algorithm takes the m and the public key as inputs and outputs the encrypted ciphertext.
Dec (c, sk) →m: an algorithm for decrypting ciphertext by using a secret key, wherein c is the ciphertext to be decrypted, sk is a private key corresponding to an encryption public key pk, the algorithm takes the secret key and the secret key as input, outputs decrypted plaintext, and the result is the same as the plaintext which is originally taken as input, namely Dec (Enc (m, pk), sk) =m.
·Add(c 1 ,c 2 )→c sum : the sum of the two ciphertexts is calculated, and the result is equal to the result of the plain text sum after decryption.
Namely Dec (c) 1 ,sk)+Dec(c 2 ,sk)=Dec(c sum Sk). The addition between ciphertexts appearing hereinafter refers to the addition of the ciphertexts by using the Add function without additional description.
If homomorphic encryption has a ciphertext addition algorithm conforming to the last condition, the homomorphic encryption is said to meet the addition homomorphic property. Similarly, if a ciphertext multiplication operation can be implemented, it is said to satisfy the multiplication homography. Different homomorphic encryption methods often have differences in the capabilities of addition homomorphism and multiplication homomorphism, and some have limitations on the range of encryption numbers, the operation times and the like. Whereas we focus on encryption methods with additive homomorphic properties, such methods with only one homomorphic encryption property are also called "semi-homomorphic encryption".
The semi-homomorphic encryption algorithm used in the present application, the Paillier algorithm, is described below.
·GenKey(1 λ )→(pk,sk):
1. For a given λ, paillier first finds out the prime number p, q, where p, q needs to be guaranteed to meet gcd (pq, (p-1) (q-1))=1, which is easily met when the lengths of p, q are the same or very close.
2. Let n=pq, α=1 cm (p-1, q-1) g is randomly chosen at zn×2 (g=n+1 can be chosen directly when p, q are equal and L (g) α mod n 2 ) The inverse element exists in the mode n sense, and is set as mu, wherein the functionThe value in the sense of the modulus n,
3. finally, paillier sets the doublet (n, g), (α, μ) as the current public and private keys, respectively.
·Enc(m,pk=(n,g))→c:
1. Each time encryption is performed, the encryptor randomly selects an integer r in (0, n) and meets gcd (r, n) =1;
2. let m be the plaintext to be encrypted (0.ltoreq.m < n), calculate c=g m r n (modn 2 ) C is the ciphertext obtained by the encryption;
·Dec(c,sk=(α,μ))→m:
the decrypting side calculates m=l (c) α modn 2 ) Mu mod n, m is the result of decryption, add (c) 1 ,c 2 )→c sum
Calculate the sum of two ciphertexts, calculate c=c with two ciphertexts 1 ·c 2 modn 2 C is the added ciphertext
·Mul(c 1 B) to c): paillier also supports ciphertext c 1 Multiplying a plaintext constant b, resulting in
Next, we briefly prove the correctness of the Paillier encryption and decryption algorithm, and the properties of homomorphic addition and homomorphic multiplication of ciphertext and plaintext constants:
encryption/decryption correctness: let the plaintext to be encrypted be m, the public and private keys be (n, g), (α, μ), the result of encryption be c=g m r n (modn 2 ) The following steps are:
Dec(c,sk=(α,μ))=L(c α modn 2 )·μ modn
=L((g m r n modn 2 ) α modn 2 )·μ modn
=L(g r modn 2 )·μ modn
according to the Feima's theorem we have x p-1 Three 1mod p, x q-1 Three 1mod q is defined by α=lcm (p-1, q-1), we have x α ≡1mod n, and hence, for a particular x:
g α three 1mod n, r α Three 1mod n
Thus we can set g α =1+q g n,r α =1+q r n and substituting it into c α The method can obtain:
c α ≡(1+q g n) m ·(1+q r n) n modn 2 ≡(1+q g nm)·(1+q r n 2 )modn 2
≡(1+q g nm)modn 2
the above procedure uses a simple binomial theorem.
According to the definition of the function L and the above formula we have:
the same principle can be obtained:
according to the definition of μ we have:
bringing the above results into the Dec function we get:
the decrypted ciphertext is the same as the original plaintext, and the correctness of encryption and decryption is verified.
Homomorphic addition correctness: let the plaintext m 1 ,m 2 The ciphertexts obtained after encryption by using the same public and private keys are c respectively 1 ,c 2 We have:
the ciphertext after the plaintext addition is obtained by performing addition operation under our definition (under the condition that overflow does not occur), namely homomorphic addition is verified.
Homomorphic multiplication correctness of constant multiplication: let m be plaintext, b be constant factor, c be ciphertext obtained after m encryption, then:
c=g m r n modn 2
Mul(c,b)=c b =(g m r n ) b modn 2 =g mb r nb modn 2
wherein r is nb As an interference term, which has proven not to affect the final decrypted result, the multiplicative homomorphism correctness is verified.
However, the present inventors have found that the above-mentioned techniques have at least the following technical problems:
in FedAVG federal learning processes based on semi-homomorphic encryption, a lot of time is often consumed for encrypting/decrypting the model raw data, and particularly in a scene with a smaller local data set, the time required for encryption/decryption may be longer than that required for training the local model. In addition, the data transmitted between the client and the server are mainly encrypted model data, and the time required for communication is proportional to the size of the ciphertext under the condition of fixed communication bandwidth. Thus, if a trainer uses a more complex deep learning model containing more parameters in order to improve the effect of the model, the communication overhead of each participant will also increase significantly, so that a contradiction is generated between the safety and the training efficiency.
For a federal learning protocol, the two requirements are often mutually exclusive, training an efficient model and maintaining low computational/communication overhead. However, if multiple protocols with different effects can be used in one training, the advantages of each protocol can be exerted to the greatest extent in different periods.
In the process of transmitting model parameters to a server by a client for aggregation, in order to avoid privacy exposure such as parameters, the client only transmits encrypted ciphertext, however, if the model parameters are encrypted and decrypted in each training round, a large amount of expenditure is caused, and the transmitted ciphertext occupies a large amount of communication bandwidth.
Therefore, the patent designs a two-stage federal learning scheme based on semi-homomorphic encryption aiming at the defect of the efficiency of the existing scheme in the training scene, and designs a judging method for judging when to switch between two training stages.
Disclosure of Invention
The application provides a safe federal learning method of a ciphertext and plaintext hybrid learning mode, which uses a federal learning scheme of a two-stage training protocol and a stage discrimination method, and can give a current and high-efficiency training protocol aiming at different contradiction degrees of privacy and efficiency of different training stages of a deep neural network, so that the cost of computing resources and network bandwidth in training is greatly reduced.
The embodiment of the application provides a safe federal learning method of a ciphertext plaintext hybrid learning mode, which is characterized by comprising a first stage encryption training protocol, a second stage partial plaintext training protocol and a selection judgment of a current protocol;
if the local models of the clients converge rapidly, namely the local models of the clients have larger differences, adopting a traditional semi-homomorphic encryption aggregation scheme, firstly carrying out a round of global model training on the clients by the clients, encrypting the updated gradient values by using a semi-homomorphic encryption algorithm, and uploading the encrypted gradient values to a server, and then transmitting the data back to the client for decryption by the server after the received data are aggregated;
if the convergence rate of the local model of the client begins to slow down and even basically converges to a minimum point, namely, the local model of each client is similar, a rapid aggregation scheme is used, and a server selects part of clients aiming at the statistical information distribution of parameters of each client and interacts with the part of clients to transfer the parameters to complete rapid aggregation;
the client judges which stage of protocol should be used for the round training according to the index in the self training process and the given judging method, and sends the judging result to the server, the server decides the round protocol according to the judging result uploaded by the client and notifies the round protocol to the client, and the client and the server perform training and communication according to the protocol content to complete the round of training. When semi-homomorphic encryption is used, the model parameters are encrypted ciphertext binary codes after being compressed to plaintext. When the fast aggregation protocol is used, the high order is binary code mapped by using a Hash function, and the low order is binary code of a parameter plaintext.
The technical scheme of the application is further defined as follows: the encryption training protocol of the first stage comprises the following specific steps:
setting the current t-th round and training a global model theta by the previous round (t-1) Training super parameters to phi, encrypting and decrypting public key pk and private key sk, hopefully outputting the round model theta (t)
For the client, the ith client performs a training process of the first-stage protocol, D i For its dataset or a subset thereof, the procedure of the client i first phase protocol comprises:
1.new training of client in localModel
2.The model is determined by the parameters of the model, where the parameters are compression encoded;
3. obtained using public key encryption
4. Transmitting to the server
5. Receiving Enc (m) (t) ,pk)
6. Decryption using private key to obtain m (t) ←Dec(Enc(m (t) ,pk),sk)
7. Decoding the compression parameters to obtain θ (t) ←Decode(m (t) );
The process of the server side for carrying out the first-stage protocol comprises the following steps:
1. collecting the i-th client uploadi=1,2,…,N
2.The ciphertext is aggregated by homomorphic encryption addition,
3.Enc(m (t) pk): and sending the aggregated ciphertext to each client.
Preferably, the second stage protocol is provided that all parameters consist of fixed point numbers of K bits, and the high K is calculated high The bit is regarded as the high order of the parameter, the remaining K low =K-K high The bit is considered as the low bit;
let the parameter omega for each K bit be omega with the high order and the position omega respectively high ,ω low Then ω is expressed asSimplified to ω= [ ω ] hig ,ω low ];
Setting the t-th round of the current position, and obtaining a global model of theta from the previous round (t-1) Training super parameters to phi, encrypting and decrypting public key pk, private key sk, and outputting a round model theta (t)
Preferably, the partial plaintext training protocol of the second stage protocol comprises the following steps:
1) Collecting high-low level parameters of each client;
setting the high and low statistics values which the server side wants to collect as s and l respectively;
for client i:
1.new model trained locally by client
2.Taking out the high position
3.
Encrypting the high bits by using a hash function so that the server obtains the number of clients with the same high bits;
4.the low level is directly transmitted to the server without exposing parameters; exposing parameters of low order bits alone hardly causes privacy leakage.
5. Sending h to a server i ,l i
For the server side:
collecting high and low statistics from clients:
h←(h 1 ,h 2 ,…,h N ),l←(l 1 ,l 2 ,…,l N )
and (5) carrying out parameter statistics on hash values:
s j ←(h 1,j ,h 2,j ,...,h N,j ),j=1,2,...,m
s←(s 1 ,s 2 ,...,s m )
2) Determining the high-order representation of each parameter;
the independent selection or top-K selection mode is adopted to enable the server to obtain the representation of the j-th parameter, and the Sel is used i The parameter index list representing the ith client representative is then returned to the corresponding client;
the independent selection is to directly mark the highest frequency in the statistical hash value of each parameter as h j The hash values of all j-th parameters are equal to h j Can represent the j-th parameter; for the relative average of the representative sets of clients and the relative average of the time spent by the clients, the smallest Sel of the clients currently representing the jth parameter is selected i And j is added to Sel i And (3) neutralizing.
The top-K selection mode is realized by adopting multiple rounds, and each round only obtains one Sel i Delete Sel i The representative parameters, the rest repeated selection is stopped until the number of the rest parameters is lower than the initial set threshold value, and the rest non-representative parameters are normalized to 0; in each round, sel is temporarily generated i ' the first K names of the same number of hash values of each parameter represent the parameter to traverse the parameter once to obtain Sel i ' then, the set Sel with the largest number of elements is taken i As a result of this round.
3) Finally, aggregation and training are carried out
After the current representation is determined, the client side sends ciphertext of the corresponding parameter to the server side according to the parameter which can be represented by the client side, the server side determines the low level of the client side which needs to participate in aggregation and returns the result to each client side, meanwhile, each client side also receives the high level result which is selected by the server side, and the server side uses the high level set as a guide to participate in transmission together by scrambling and adding a new index.
Preferably, the selecting and distinguishing of the current protocol adopts a naive threshold strategy, and the specific steps include:
1) Selecting a series of test sets, and enabling a model to directly train on the test sets by using a protocol of a first stage to obtain curves of a plurality of indexes, and obtaining inflection points of the convergence speed change of the model from the inside of the curves;
2) And setting a threshold condition by using the obtained inflection point, selecting a protocol of the second stage for training when the test accuracy is higher than the threshold, and selecting a protocol of the first stage for training when the test accuracy is lower than the threshold.
Preferably, the training of the selected discrimination model of the current protocol is based on a discrimination strategy of model learning, and the lambda model is used for predicting the original model theta p The state at the current time in federal learning; the method comprises the following specific steps:
collecting an original model θ p M training results on m disjoint datasets demarcated by Ds: a data set distributed with the actual test;
let each training be divided into n rounds, original model θ p Training M times on different data sets for respectively obtained parameters and index conditions 1 ,M 2 ,...,M m Representation, wherein M i =(M i,1 ,M i,2 ,...,M i,n ),i=1,2,…,m;
Dividing the index M into a plurality of groups beta 1, beta 2 and … with fixed sizes, and setting each group to contain training information of continuous B rounds, then beta i ={M j,(i-1)B+1 ,...,M j,iB };j=1,2,3…,m;
For each group of each training, judging the original model theta according to the obtained parameters and index conditions p In which state is beta i Labeling l i E {1,2,3}, then { beta } i ,l i -forming a sample in the data set used to train the model a; based on the final created data setD M Selecting a prediction model of a proper structure, using D M Training the data set to obtain a required lambda model; the 1,2,3 correspond to the following three different state phases:
1. a rapid convergence phase: the model is in a stage of rapid parameter convergence in the stage, the accuracy rate is rapidly increased, and the loss function is continuously reduced;
2. slow convergence phase: the whole model still tends to be in a convergence state, but the convergence speed is far smaller than that in a rapid convergence stage, or a fluctuation condition in a small range occurs;
3. long tail effect stage: the model achieves the training bottleneck, the performance tends to be stable, and the index oscillates in a small range.
The application also discloses a safe federal learning system of the ciphertext plaintext hybrid learning mode, which is characterized by comprising:
the client obtains parameters from the server by the method, performs model training by locally utilizing the parameters, and sends the trained parameters to the server;
and the server is used for receiving the parameters sent by each client and aggregating, and then sending the aggregated result back to each client.
The technical scheme provided by the embodiment of the application has at least the following technical effects or advantages:
the application provides a high-efficiency two-stage ciphertext plaintext hybrid federal learning method which consists of a first-stage encryption training protocol, a second-stage partial plaintext training protocol and a discrimination strategy for selecting a current protocol. By selecting proper training protocols in different periods of global training, the efficiency of federal learning training is improved while the privacy of user data is protected, and compared with the traditional federal learning method based on semi-homomorphic encryption, the computing efficiency is effectively improved, the bandwidth consumed by transmitting data by all parties is reduced, and finally efficient deep neural network model training based on multiparty data is realized.
In addition, the technical scheme has clear thought, simple design and strong portability, and has a large operation space. The user can select one scheme route to finish the work according to the self condition.
Drawings
Fig. 1 is a schematic overall flow chart of a two-stage federal learning method based on homomorphic encryption in an embodiment.
Fig. 2 is a schematic flow chart of a first-stage protocol in the embodiment.
Fig. 3 is a schematic flow chart of a second stage protocol in the embodiment.
FIG. 4 is a flow chart illustrating training and use of a phase protocol discriminant model in an embodiment.
Detailed Description
The embodiment discloses a federal learning scheme using a two-stage training protocol for semi-homomorphic encryption. The technical scheme relates to two functional entities: the system comprises a server and a client. The clients hold the respective privacy data and need to interact with the server by using limited computing resources, so that a trained plaintext model is finally obtained. The computing resources of the server are sufficient, and the server is mainly responsible for aggregating ciphertext parameters from each client and sending the results of each round back to the client.
The technical scheme mainly comprises three parts:
firstly, a traditional semi-homomorphic encryption aggregation scheme used when the local model of each client has a large difference is adopted, each client firstly carries out a round of global model training locally, the updated gradient value is encrypted by using a semi-homomorphic encryption algorithm and then uploaded to a server, and the server carries out aggregation on the result and then transmits the result back to the client for decryption;
secondly, a rapid aggregation scheme is used when the model parts of all the clients are similar, and the server selects part of the clients aiming at the statistical information distribution of the parameters of all the clients and interacts with the part of the clients to complete rapid aggregation.
Thirdly, in order to make the training protocol of the current round as efficient as possible, the client determines the protocol applicable to the round through a discrimination scheme before determining each round of protocol, and then determines the finally used protocol through a designed voting strategy. When each round starts, each client firstly judges which stage of protocol should be used for training by using indexes in the self training process and a given judging method, and then sends a judging result to the server. And the server side decides the round of protocol according to the uploading result of each client side and notifies the round of protocol to each client side. And then, training and communicating the client and the server according to the protocol content.
After determining the protocol used by the present round, the training of the present round is started using the corresponding protocol. In the initial stage of model training, namely in the stage of rapid model convergence, or in the stage of reduced model efficiency in the later training, the encrypted federal learning training mode is adopted to carry out complete aggregation on the parameters of each client, so that the model can be rapidly converged to a reasonable level.
The application can effectively complete the neural network model training based on a plurality of client data by the server, and simultaneously ensures that the privacy of the client is not revealed under a certain attack strength.
In order to better understand the above technical solutions, the following detailed description will refer to fig. 1 to fig. 4 and specific embodiments of the present disclosure.
The embodiment provides a federal learning protocol with two stages of ciphertext plaintext mixture, which consists of a first stage of encryption training and a second stage of partial plaintext training protocol, and a discrimination strategy for selecting a current protocol. The embodiment ensures the safety of the federal learning process and also accelerates the efficiency.
Each client can locally judge and select the current protocol through a phase judging method: when the model can quickly converge, the first-stage protocol is adopted for training, and when the convergence speed of the model starts to slow down and even basically converges to a very small point, the second-stage protocol is adopted for training. In consideration of the complexity of practical training, the embodiment provides a single machine method based on an approximate data set, which trains out a neural network model taking the index of the current model as input and outputting a protocol suitable for the round of use. As shown in fig. 4, the training method of the model is as follows:
1) Naive threshold strategy
A series of test sets are selected, the model is directly trained on the test sets by using a first-stage protocol, curves of a plurality of indexes are obtained, and inflection points of the convergence speed change of the model can be obtained from the inside. When the obtained inflection point is used for setting a relevant threshold condition, if the convergence speed is obviously slowed down when the test accuracy is higher than 80% according to an index curve, the condition can be set in formal training, when the accuracy is higher than 80%, the training is performed by using the second-stage protocol, and when the accuracy drops back to 80%, the training is performed by replacing the first-stage protocol.
2) Discrimination strategy based on model learning
Since our goal is to predict the training phase of the current model based on its parameters, accuracy, and loss function, which is what a machine learning model can do, it is possible to train such a machine learning model Λ with a small-scale but not significantly different data set distribution from the original data set:
let M 1 ,M 2 ,...,M m Is a certain model theta p And training the parameters and index conditions obtained respectively m times on different data sets. This round of training is completed. The stage of the model can be judged according to the result, and the model is generally one of the following three types:
1. a rapid convergence phase: the model is in a stage of rapid parameter convergence at the stage, and the model is characterized in that the accuracy rate is rapidly increased, the loss function is continuously reduced and the like;
2. slow convergence phase: the whole model still tends to be in a convergence state, but the convergence speed is far lower than that of the former stage, and occasionally a fluctuation condition in a small range can occur;
3. long tail effect stage: the model achieves the training bottleneck, the performance is basically stable, and the index can oscillate in a small range.
In summary, the following training method of Λ model can be obtained: suppose we wish to predict another model θ with the Λ model p In-line connectionThe state at the current moment in bang study for which we collected the model θ p M training results on M disjoint data sets divided by Ds, and if each training is divided into n rounds, the result can be M 1 ,M 2 ,...,M m Representation, wherein M i =(M i,1 ,M i,2 ,...,M i,n ) I=1, 2, where, m. in order to embody the rate of change, M is divided into packets of fixed size β1, beta 2..assuming each group contains training information for consecutive B-rounds, there is beta i ={M (j,i-1)B+1 ,...,M j,iB }. for each group of each training, according to the three conditions of the previous model, certain strategies are used to judge which state is beta i Labeling l i E {1,2,3}, then { beta } i ,l i The data set used to train the model constitutes one example. Assuming that the data set thus finally created is D M Finally, a prediction model with a proper structure is selected and D is used M Training the data set to obtain the required lambda model.
Next, as shown in fig. 1, each client sends its own stage to the server, and the server overall opinion can directly take the most weight or compare the weight of each client with the weight of each client, and this embodiment gives a voting strategy, and of course, the strategy is adjusted according to the actual situation, and then overall judgment is performed to obtain the protocol of which stage is used in this round, and the result is sent back to each client. The method comprises the following specific steps:
setting the current t-th round and training a global model theta by the previous round (t-1) Training super parameters to phi, encrypting and decrypting public key pk and private key sk, hopefully outputting the round model theta (t)
For clients, we consider the training process of the ith client for the first-stage protocol, D i For its dataset or a subset thereof.
The client i performs the procedure of the first phase protocol:
1.the client trains the new model locally,
2.the model is determined by the parameters of the model, where the parameters are compression encoded, the parameters used can be considered floating point numbers, and need to be mapped to non-negative integers within a reasonable range that can be encrypted.
3. Obtained using public key encryption
4. Transmitting to the server
5. Receiving Enc (m) (t) ,pk),
6. Decryption using private key to obtain m (t) ←Dec(Enc(m (t) ,pk),sk),
7. Decoding the compression parameters to obtain θ (t) ←Decode(m (t) ),
The server executes the process of the first stage protocol:
1. collecting the i-th client uploadi=1,2,…,N,
2.Here, the ciphertext is aggregated, and homomorphic encryption addition is used.
3.Enc(m (t) Pk): and sending the aggregated ciphertext to each client.
As shown in fig. 2, each client performs compression encoding on all parameters, and the homomorphic encryption scheme adopted in this embodiment is a Paillier scheme specific to an integer, see background art 5 for details, so that possible floating point numbers need to be compressed into integers first, a simple compression scheme is provided herein, and a plaintext with a possibly very long length L is segmented according to a length B, and for each segment, it is noted that:
(a B-1 a B-2 …a 0 ) 2
this binary string can be directly seen as a binary number to complete the bijection to integer. After the parameters are compressed and encoded, encryption can be performed, and then the ciphertext is sent to the server. The server directly performs aggregation, and since the homomorphism of the Paillier algorithm can ensure that data is not leaked to the server, the server can also complete aggregation, which is referred to as homomorphism addition and multiplication. And then the server sends the result back to the client, the client decrypts the result by using the private key of the client, and then the code is decompressed.
When the global model has converged to a certain degree, a great deal of repetition is implied by the uploaded parameters, the difference between local model parameters obtained by updating the global model once by each client is not great, and the waste of local resources and communication bandwidth is caused by the traditional training. Thus, for those models with close parameter distributions, it is necessary to use a lightweight aggregation approach for them, i.e. to elicit the protocol for the second stage, if necessary, with the following stages to avoid the huge computation required for such large encryption.
As shown in fig. 3: when the clients have mostly converged slowly, a total of m parameters are described, and many parameters are likely to be very close to each other, and the parameters are reflected in the code, that is, for a certain parameter, the high order of the clients are the same, and only the low order of the clients are different, so that the client only needs to know what parameters need to be represented by the client, namely Sei of the client i i And (3) collecting, and then sending the ciphertext of the whole high-order hash value of the index parameter to the server. In addition, the low-order plain text of all parameters can be directly sent to the server by the client because the overall safety is not affected even if the low-order plain text is leaked. Then, for each parameter, the server uses the hash value to determine which clients have the same high order for the parameter, and the hash function property ensures that if the hash values are the same, the high order parameters are the sameAlso, the low order bits of this parameter can be averaged with the low order bits of these clients. And processing each parameter in this way, and finally obtaining the low level of each aggregation parameter by the server, wherein the high level only needs to comprehensively and respectively send the sent binary combinations back to each client.
In the second stage protocol, it is assumed that all parameters of the model consist of fixed-point numbers of K bits, and the high K is calculated high The bit is regarded as the high order of the parameter, the remaining K low =K-K high The bit bits are considered as low order bits. Assume that for each K bit the parameter ω is higher and lower, respectively ω hig ,ω low Then ω can be expressed asExpressed in simplified terms as ω= [ ω ] high ,ω low ],
The meaning of some mathematical symbols is given below for convenience of the following representation and description:
n: the number of clients to be used in the network,
·θ i ={θ i,1 ,θ i,2 ,...,θ i,m i=1, 2,..: the local model held by the client i,
|ω|: the length of the parameter omega, in bits,
·ω i ∈θ i : a certain parameter in the client i model,
high (ω): high K of parameters high The number of individual components of the bit,
low (ω): low K of parameters low The number of individual components of the bit,
·[ω h ,ω l ]: represents a K high bit number and another K low The result of high and low bit concatenation of the number of bits,
hash (x): a hash function, common to all clients,
·Sel i : the set of parameter indices represented by client i, initially empty,
setting the t-th round of the current position, and obtaining a global model of theta from the previous round (t-1) Training super parameters to phi, encrypting and decrypting public key pk and private key sk, hopefully outputting the round model theta (t)
The core idea of the second stage is light weight aggregation, the obtained final model consists of m parameters, if the high order and the low order of each parameter are separated, the second stage protocol is used for training, the high order of the corresponding parameters of each client side is required to be consistent, and then the aggregation method of the server side is not direct addition in the first stage protocol, but directly selects the highest frequency in the high order as a representative, and the result obtained by averaging with the low order of the client side with the same high order is spliced. It is apparent that only the low order bits need to be calculated and the low order bits do not have to be encrypted, since the core of the parameter is the high order bits, which can greatly improve efficiency.
The second stage protocol provided in this embodiment firstly collects the high-low level parameters of each client, then determines the high level representation of each parameter, and finally performs aggregation and training, and specifically includes the following steps:
1) High and low level parameter collection
Let the high and low statistics value that the server wants to collect be s, l
For client i:
1.the client trains the new model locally,
2.the high-order part is taken out,
3.
the high-order bit still needs encryption, and in order to enable the server to obtain the number of clients with the same high-order bit, a hash function is used;
4.the low level can not expose parameters and can be directly transmitted to a server;
5. sending h to a server i ,l i
Aiming at a server side:
collecting high and low statistics from clients:
h←(h 1 ,h 2 ,…,h N ),l←(l 1 ,l 2 ,…,l N )
and (5) carrying out parameter statistics on hash values:
s j ←(h 1,j ,h 2,j ,...,h N,j ),j=1,2,...,m
s←(s 1 ,s 2 ,...,s m )
2) Selecting a representative
The present embodiment provides two methods in the selection representative stage: independent selection and top-K selection, the purpose is to make the server obtain the representation of the j-th parameter and use Sel i The list of parameter indices representing the ith client representation is then returned to the corresponding client.
The independent selection is relatively easy to realize, and the highest frequency in the hash value is counted as h directly for each parameter j So that the hash value of all j-th parameters is equal to h j Can represent the j-th parameter. However, for the relative average of the representative set of clients, corresponding to the relative average of the time spent by the clients, we select Sel from the clients currently representing the jth parameter i The smallest one and adding j to Sel i And (3) neutralizing.
Top-K selection needs multiple rounds of implementation, and each round only obtains one Sel i And delete Sel i The representative parameters, the rest of repeated selection is stopped until the number of the rest parameters is lower than a given threshold value, and the rest of the non-representative parameters are normalized to 0; in each round, sel is temporarily generated i ' we recognize for each parameter, unlike independent selectionThe same number of the hash values can be represented by the first K names, and the Sel can be obtained after traversing the parameters i ' then, the set Sel with the largest number of elements is taken i As a result of this round.
3) Aggregation and training
After the representative is well determined, the client can send the ciphertext of the corresponding parameter to the server according to the parameter which the client can represent, the server determines which low-order clients are to participate in aggregation and returns the result to each client, and each client can receive the high-order result selected by the server.
In summary, the specific implementation mode provided by the application completes the scheme of two-stage protocol federal learning based on homomorphic encryption and a protocol with one stage judgment.
The foregoing is merely a preferred embodiment of the application, and it should be noted that modifications could be made by those skilled in the art without departing from the principles of the application, which modifications would also be considered to be within the scope of the application.

Claims (7)

1. A safe federation learning method of ciphertext plaintext hybrid learning mode is characterized by comprising a first stage encryption training protocol, a second stage partial plaintext training protocol and a selection judgment of a current protocol;
if the local model of the client is converged rapidly, a traditional semi-homomorphic encryption aggregation scheme is adopted, each client firstly carries out a round of global model training locally and encrypts an updated gradient value by using a semi-homomorphic encryption algorithm and then uploads the encrypted gradient value to a server, and the server aggregates received data and then transmits the aggregated data back to the client for decryption;
if the local model convergence speed of the client begins to slow down and even converges to a minimum point, a rapid aggregation scheme is used, and a server selects part of clients aiming at the statistical information distribution of the parameters of each client and interacts with the part of clients to complete rapid aggregation;
the client judges which stage of protocol should be used for the round training according to the index in the self training process and the given judging method, and sends the judging result to the server, the server decides the round protocol according to the judging result uploaded by the client and notifies the round protocol to the client, and the client and the server perform training and communication according to the protocol content to complete the round of training.
2. The secure federal learning method of ciphertext plaintext hybrid learning mode of claim 1, wherein: the encryption training protocol of the first stage comprises the following specific steps:
setting the current t-th round and training a global model theta by the previous round (t-1) Training super parameters to phi, encrypting and decrypting public key pk and private key sk, hopefully outputting the round model theta (t)
For the client, the ith client performs a training process of the first-stage protocol, D i For its dataset or a subset thereof, the procedure of the client i first phase protocol comprises:
1.new model trained locally by client
2.The model is determined by the parameters of the model, where the parameters are compression encoded;
3. obtained using public key encryption
4. Transmitting to the server
5. Slave servicesEnd-receiver Enc (m (t) ,pk)
6. Decryption using private key to obtain m (t) ←Dec(Enc(m (t) ,pk),sk)
7. Decoding the compression parameters to obtain θ (t) ←Decode(m (t) );
The process of the server side for carrying out the first-stage protocol comprises the following steps:
1. collecting the i-th client uploadi=1,2,...,N
2.The ciphertext is aggregated by homomorphic encryption addition,
3.Enc(m (t) pk): and sending the aggregated ciphertext to each client.
3. The secure federal learning method of ciphertext plaintext hybrid learning mode of claim 1, wherein: the second stage protocol is to set all parameters to be composed of fixed point number of K bit, and to increase K high The bit is regarded as the high order of the parameter, the remaining K low =K-K high The bit is considered as the low bit;
let the parameter omega for each K bit be omega with the high order and the position omega respectively high ,ω low Then ω is expressed asSimplified to ω= [ ω ] high ,ω low ];
Setting the t-th round of the current position, and obtaining a global model of theta from the previous round (t-1) Training super parameters to phi, encrypting and decrypting public key pk, private key sk, and outputting a round model theta (t)
4. The secure federal learning method of ciphertext plaintext hybrid learning mode of claim 3, wherein: the partial plaintext training protocol of the second stage protocol comprises the following steps:
1) Collecting high-low level parameters of each client;
setting the high and low statistics values which the server side wants to collect as s and l respectively;
for client i:
1.new model trained locally by client
2.Taking out the high position
3.
Encrypting the high bits by using a hash function so that the server obtains the number of clients with the same high bits;
4.the low level is directly transmitted to the server without exposing parameters;
5. sending h to a server i ,l i
For the server side:
collecting high and low statistics from clients:
h←(h 1 ,h 2 ,...,h N ),l←(l 1 ,l 2 ,...,l N )
and (5) carrying out parameter statistics on hash values:
s j ←(h 1,j ,h 2,j ,...,h N,j ),j=1,2,...,m
s←(s 1 ,s 2 ,...,s m )
2) Determining the high-order representation of each parameter;
the independent selection or top-K selection mode is adopted to enable the server to obtain the representation of the j-th parameter, and the Sel is used i The parameter index list representing the ith client representative is then returned to the corresponding client;
the independent selection is to directly mark the highest frequency in the statistical hash value of each parameter as h j The hash values of all j-th parameters are equal to h j Can represent the j-th parameter; for the relative average of the representative sets of clients and the relative average of the time spent by the clients, the smallest Sel of the clients currently representing the jth parameter is selected i And j is added to Sel i Neutralizing;
the top-K selection mode is realized by adopting multiple rounds, and each round only obtains one Sel i Delete Sel i The representative parameters, the rest repeated selection is stopped until the number of the rest parameters is lower than the initial set threshold value, and the rest non-representative parameters are normalized to 0; in each round, sel is temporarily generated i ' the first K names of the same number of hash values of each parameter represent the parameter to traverse the parameter once to obtain Sel i ' then, the set Sel with the largest number of elements is taken i As a result of this round;
3) Finally, aggregation and training are carried out
After the current representation is determined, the client side sends ciphertext of the corresponding parameter to the server side according to the parameter which can be represented by the client side, the server side determines the low level of the client side which needs to participate in aggregation and returns the result to each client side, meanwhile, each client side also receives the high level result which is selected by the server side, and the server side uses the high level set as a guide to participate in transmission together by scrambling and adding a new index.
5. The secure federal learning method of ciphertext plaintext hybrid learning mode of claim 1, wherein: the training of the selection discrimination model of the current protocol adopts a naive threshold strategy, and the specific steps comprise:
1) Selecting a series of test sets, and enabling a model to directly train on the test sets by using a protocol of a first stage to obtain curves of a plurality of indexes, and obtaining inflection points of the convergence speed change of the model from the inside of the curves;
2) And setting a threshold condition by using the obtained inflection point, selecting a protocol of the second stage for training when the test accuracy is higher than the threshold, and selecting a protocol of the first stage for training when the test accuracy is lower than the threshold.
6. The secure federal learning method of ciphertext plaintext hybrid learning mode of claim 1, wherein: the training of the selected discrimination model of the current protocol is based on a discrimination strategy of model learning, and an A model is used for predicting an original model theta p The state at the current time in federal learning; the method comprises the following specific steps:
collecting an original model θ p M training results on m disjoint datasets demarcated by Ds: a data set distributed with the actual test;
let each training be divided into n rounds, original model θ p Training M times on different data sets for respectively obtained parameters and index conditions 1 ,M 2 ,...,M m Representation, wherein M i =(M i,1 ,M i,2 ,...,M i,n ),i=1,2,…,m;
Dividing the index M into a plurality of groups beta 1, beta 2 and … with fixed sizes, and setting each group to contain training information of continuous B rounds, then beta i ={M j,(i-1)B+1 ,...,M j,iB };j=1,2,3…,m;
For each group of each training, judging the original model theta according to the obtained parameters and index conditions p In which state is beta i Labeling l i E {1,2,3}, then { beta } i ,l i -forming an instance of the dataset used to train the Λ model; based on the last created dataset D M Selecting a prediction model of a proper structure, using D M Training data setTraining to obtain a required lambda model; the 1,2,3 correspond to the following three different state phases:
1. a rapid convergence phase: the model is in a stage of rapid parameter convergence in the stage, the accuracy rate is rapidly increased, and the loss function is continuously reduced;
2. slow convergence phase: the whole model still tends to be in a convergence state, but the convergence speed is far smaller than that in a rapid convergence stage, or a fluctuation condition in a small range occurs;
3. long tail effect stage: the model achieves the training bottleneck, the performance tends to be stable, and the index oscillates in a small range.
7. A secure federal learning system for ciphertext plaintext hybrid learning modes, comprising:
the client obtains parameters from the server by the method based on any one of claims 1-6, then locally uses the parameters for model training, and sends the trained parameters to the server;
and the server is used for receiving the parameters sent by each client and aggregating, and then sending the aggregated result back to each client.
CN202310401778.2A 2023-04-14 2023-04-14 Safe federal learning method of ciphertext and plaintext hybrid learning mode Pending CN116582242A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310401778.2A CN116582242A (en) 2023-04-14 2023-04-14 Safe federal learning method of ciphertext and plaintext hybrid learning mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310401778.2A CN116582242A (en) 2023-04-14 2023-04-14 Safe federal learning method of ciphertext and plaintext hybrid learning mode

Publications (1)

Publication Number Publication Date
CN116582242A true CN116582242A (en) 2023-08-11

Family

ID=87533060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310401778.2A Pending CN116582242A (en) 2023-04-14 2023-04-14 Safe federal learning method of ciphertext and plaintext hybrid learning mode

Country Status (1)

Country Link
CN (1) CN116582242A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117313869A (en) * 2023-10-30 2023-12-29 浙江大学 Large model privacy protection reasoning method based on model segmentation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117313869A (en) * 2023-10-30 2023-12-29 浙江大学 Large model privacy protection reasoning method based on model segmentation
CN117313869B (en) * 2023-10-30 2024-04-05 浙江大学 Large model privacy protection reasoning method based on model segmentation

Similar Documents

Publication Publication Date Title
Dong et al. Eastfly: Efficient and secure ternary federated learning
US8837727B2 (en) Method for privacy preserving hashing of signals with binary embeddings
Fang et al. Privacy-preserving and communication-efficient federated learning in Internet of Things
Boufounos et al. Secure binary embeddings for privacy preserving nearest neighbors
Zhu et al. Distributed additive encryption and quantization for privacy preserving federated deep learning
Dong et al. A fast secure dot product protocol with application to privacy preserving association rule mining
US20080273693A1 (en) Efficient encoding processes and apparatus
Okada et al. Improving key mismatch attack on NewHope with fewer queries
Newman et al. Spectrum: High-bandwidth anonymous broadcast
Chu et al. Random linear network coding for peer-to-peer applications
CN116582242A (en) Safe federal learning method of ciphertext and plaintext hybrid learning mode
CN116523074A (en) Dynamic fairness privacy protection federal deep learning method
Zhu et al. Enhanced federated learning for edge data security in intelligent transportation systems
Yu et al. Certificateless multi-source signcryption with lattice
KR100951034B1 (en) Method of producing searchable keyword encryption based on public key for minimizing data size of searchable keyword encryption and method of searching data based on public key through that
Xiao et al. Cryptanalysis of Compact‐LWE and Related Lightweight Public Key Encryption
Fang et al. Flfe: a communication-efficient and privacy-preserving federated feature engineering framework
Chakraborti et al. {Distance-Aware} Private Set Intersection
CN115834062A (en) Enterprise data transmission encryption method for data hosting service
WO2023069631A1 (en) Memory and communications efficient protocols for private data intersection
Miao et al. Robust asynchronous federated learning with time-weighted and stale model aggregation
WO2022026755A1 (en) Secure massively parallel computation for dishonest majority
Xie et al. On the Gini-impurity preservation for privacy random forests
Abidin et al. Security of authentication with a fixed key in quantum key distribution
Li et al. Outsourcing privacy-preserving ID3 decision tree over horizontally partitioned data for multiple parties

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination