Enabling Privacy-Preserving and Publicly Auditable Federated Learning
Huang Zeng, Anjia Yang, Jian Weng, Min-Rong Chen, Fengjun Xiao, Yi Liu, Ye Yao
TL;DR
The paper tackles the lack of public auditability and privacy in federated learning under potential malicious participants. It introduces a unified protocol that combines a robust aggregation algorithm, a multiplication-related PRVG masking scheme, zero sharing, and blockchain-based training records to enable public verifiability without revealing gradients or models. Privacy is protected through masked gradients and secret-sharing mechanisms, while auditability is provided by the TRCD that allows third parties to trace the training process and verify the integrity of updates and the initial model signature, all while maintaining comparable accuracy to standard FL in experiments on MNIST with simulated adversaries. This approach enables trustworthy, auditable, privacy-preserving FL suitable for real-world deployments, with practical trade-offs in computation and communication overheads."
Abstract
Federated learning (FL) has attracted widespread attention because it supports the joint training of models by multiple participants without moving private dataset. However, there are still many security issues in FL that deserve discussion. In this paper, we consider three major issues: 1) how to ensure that the training process can be publicly audited by any third party; 2) how to avoid the influence of malicious participants on training; 3) how to ensure that private gradients and models are not leaked to third parties. Many solutions have been proposed to address these issues, while solving the above three problems simultaneously is seldom considered. In this paper, we propose a publicly auditable and privacy-preserving federated learning scheme that is resistant to malicious participants uploading gradients with wrong directions and enables anyone to audit and verify the correctness of the training process. In particular, we design a robust aggregation algorithm capable of detecting gradients with wrong directions from malicious participants. Then, we design a random vector generation algorithm and combine it with zero sharing and blockchain technologies to make the joint training process publicly auditable, meaning anyone can verify the correctness of the training. Finally, we conduct a series of experiments, and the experimental results show that the model generated by the protocol is comparable in accuracy to the original FL approach while keeping security advantages.