A privacy preserving federated learning scheme using homomorphic encryption and secret sharing

Abstract

The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

Appendix A: Correctness analysis

We illustrate why server can successfully restore \(\sum _{i\in U}{k_i}\).

In round 2, the server S has \(\vert U'\vert \)(\(\vert U'\vert >t \)) shares of \(k_m(m\in U)\), that is, \(y_{m,i}=f_m(x_i)\). S uses t of \( \vert U'\vert \) shares \( y_{m,i}(i=1,2,...,t)\) from each \(k_m\)to construct:

$$\begin{aligned} F(x)=\sum \limits _{i=1}^t{\sum \limits _{m\in U}{y_{m,i}\frac{\prod \limits _{1\le j\le t, j\ne i}{(x-x_j)} }{\prod \limits _{1\le j\le t, j\ne i}{(x_j-x_i)}}}}\ \textrm{mod}\ q \end{aligned}$$

(A1)

Then considering t of \(\vert U'\vert \) shares \(y_{m,i}(i=1,2,...,t)\) can be selected to restore \( k_m \) according Lagrange interpolation formula:

$$\begin{aligned} \begin{aligned} k_m=&F_m(0)\\=&-\sum \limits _{i=1}^t{y_{m,i}\frac{\prod \limits _{1\le j\le t, j\ne i}{x_j}}{\prod \limits _{1\le j\le t, j\ne i}{(x_j-x_i)}}}\ \textrm{mod}\ q \end{aligned} \end{aligned}$$

(A2)

so there is:

$$\begin{aligned} \begin{aligned} F(0)=&-\sum \limits _{i=1}^t{\sum \limits _{m\in U}{y_{m,i}\frac{\prod \limits _{1\le j\le t, j\ne i}{x_j}}{\prod \limits _{1\le j\le t, j\ne i}{(x_j-x_i)}}}}\ \textrm{mod}\ q\\ =&-\sum \limits _{m\in U}{\sum \limits _{i=1}^t}{y_{m,i}\frac{\prod \limits _{1\le j\le t, j\ne i}{x_j}}{\prod \limits _{1\le j\le t, j\ne i}{(x_j-x_i)}}}\ \textrm{mod}\ q\\ =&\sum \limits _{m\in U}{F_m(0)}\ \textrm{mod}\ q\\ =&\sum \limits _{m\in U}{k_m}\ \textrm{mod}\ q\\ \end{aligned} \end{aligned}$$

(A3)

We can see the server restores \( \sum _{m\in U}{k_m} \) correctively owning to the homomorphism of secret sharing.