Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FedPoP: Federated Learning Meets Proof of Participation

Devriş İşler, Elina van Kempen, Seoyeon Hwang, Nikolaos Laoutaris

TL;DR

FedPoP tackles the need for auditable participation in privacy-preserving federated learning by marrying secure aggregation with a privacy-preserving proof of participation. It leverages $(t,n)$-threshold signatures to enable joint participation proofs and an Oblivious PRF to verify possession of a group witness without exposing client identities, achieving soundness, privacy, anonymity, and unlinkability. A proof-of-concept implementation (Flower + SecAgg+) demonstrates modest per-round overhead ($ ext{≈}0.97$ seconds) and a fast client proof time ($ ext{≈}0.0612$ seconds), supporting practical deployment. The approach offers a scalable path to ownership protection and regulatory compliance in FL without public ledgers or heavy cryptographic work for clients.

Abstract

Federated learning (FL) offers privacy preserving, distributed machine learning, allowing clients to contribute to a global model without revealing their local data. As models increasingly serve as monetizable digital assets, the ability to prove participation in their training becomes essential for establishing ownership. In this paper, we address this emerging need by introducing FedPoP, a novel FL framework that allows nonlinkable proof of participation while preserving client anonymity and privacy without requiring either extensive computations or a public ledger. FedPoP is designed to seamlessly integrate with existing secure aggregation protocols to ensure compatibility with real-world FL deployments. We provide a proof of concept implementation and an empirical evaluation under realistic client dropouts. In our prototype, FedPoP introduces 0.97 seconds of per-round overhead atop securely aggregated FL and enables a client to prove its participation/contribution to a model held by a third party in 0.0612 seconds. These results indicate FedPoP is practical for real-world deployments that require auditable participation without sacrificing privacy.

FedPoP: Federated Learning Meets Proof of Participation

TL;DR

FedPoP tackles the need for auditable participation in privacy-preserving federated learning by marrying secure aggregation with a privacy-preserving proof of participation. It leverages -threshold signatures to enable joint participation proofs and an Oblivious PRF to verify possession of a group witness without exposing client identities, achieving soundness, privacy, anonymity, and unlinkability. A proof-of-concept implementation (Flower + SecAgg+) demonstrates modest per-round overhead ( seconds) and a fast client proof time ( seconds), supporting practical deployment. The approach offers a scalable path to ownership protection and regulatory compliance in FL without public ledgers or heavy cryptographic work for clients.

Abstract

Federated learning (FL) offers privacy preserving, distributed machine learning, allowing clients to contribute to a global model without revealing their local data. As models increasingly serve as monetizable digital assets, the ability to prove participation in their training becomes essential for establishing ownership. In this paper, we address this emerging need by introducing FedPoP, a novel FL framework that allows nonlinkable proof of participation while preserving client anonymity and privacy without requiring either extensive computations or a public ledger. FedPoP is designed to seamlessly integrate with existing secure aggregation protocols to ensure compatibility with real-world FL deployments. We provide a proof of concept implementation and an empirical evaluation under realistic client dropouts. In our prototype, FedPoP introduces 0.97 seconds of per-round overhead atop securely aggregated FL and enables a client to prove its participation/contribution to a model held by a third party in 0.0612 seconds. These results indicate FedPoP is practical for real-world deployments that require auditable participation without sacrificing privacy.

Paper Structure

This paper contains 24 sections, 5 theorems, 2 equations, 10 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Securely Aggregated Federated Learning
  5. Threshold Signatures
  6. Oblivious Pseudorandom Function
  7. System Overview and Security Requirements
  8. System Model
  9. Threat Model
  10. Security Requirements (SR)
  11. Intuition
  12. $\mathsf{FedPoP}$ Design
  13. $\mathsf{FedPoP}$ Architecture
  14. Security Definition
  15. Our Proposed $\mathsf{FedPoP}$ Instance
  16. ...and 9 more sections

Key Result

Theorem 1

Our $\mathsf{FedPoP}$ is secure according to Definition def:pomsecdef against any non-uniform PPT adversary $\mathcal{A}$ corrupting $t-1$ clients denoted by $\mathcal{C}\xspace_c$ assuming that the threshold signature is secure, the oblivious pseudorandom function is secure, and the hash function i

Figures (10)

  • Figure 1: $\mathsf{FedPoP}$ Architecture.
  • Figure 2: $\mathsf{Generate}$ Phase.
  • Figure 3: $\mathsf{Prove}$ Phase.
  • Figure 4: Client threshold signature setup time in seconds.
  • Figure 5: FL Server-side computation time for secure aggregation in seconds.
  • ...and 5 more figures

Theorems & Definitions (14)

  • Definition 1
  • Theorem 1
  • proof
  • Claim 1
  • Theorem 2
  • proof
  • Claim 2
  • proof
  • Lemma 1: Anonymity
  • proof
  • ...and 4 more