Xue Yang,Zifeng Liu,Xiaohu Tang,Rongxing Lu,Bo Liu

2024-05-31

Abstract:With the emergence of privacy leaks in federated learning, secure aggregation protocols that mainly adopt either homomorphic encryption or threshold secret sharing have been widely developed for federated learning to protect the privacy of the local training data of each client. However, these existing protocols suffer from many shortcomings, such as the dependence on a trusted third party, the vulnerability to clients being corrupted, low efficiency, the trade-off between security and fault tolerance, etc. To solve these disadvantages, we propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully modify the variant ElGamal encryption technique to achieve homomorphic addition operation, which has two important advantages: 1) The server and each client can freely select public and private keys without introducing a trust third party and 2) Compared to the variant ElGamal encryption, the plaintext space is relatively large, which is more suitable for the deep model. Besides, for the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into 1-D, which can greatly reduce encryption and decryption times as well as communication for ciphertext transmission. Detailed security analyses show that our proposed scheme achieves the semantic security of both individual local gradients and the aggregated result while achieving optimal robustness in tolerating both client collusion and dropped clients. Extensive simulations demonstrate that the accuracy of our scheme is almost the same as the non-private approach, while the efficiency of our scheme is much better than the state-of-the-art homomorphic encryption-based secure aggregation schemes. More importantly, the efficiency advantages of our scheme will become increasingly prominent as the number of model parameters increases.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning

Yuqi Zhang,Xiangyang Li,Qingcai Luo,Yang Wang,Yanzhao Shen

DOI: https://doi.org/10.1145/3625343.3625344

2023-01-01

Abstract:In recent years, Federal Learning has received much attention becourse it can train models by updating gradients without contacting users’ true data. However, adversaries also can track users’ privacy from the shared gradient. In this paper, we aim to solve three major issues during the process of federated learning: 1) how to protect users’ privacy during training; 2) How to verify the correctness of the aggregation results returned from the server; 3) How to reduce communication costs while ensuring training security. So we propose a verifiable aggregation scheme that can effectively verify the results of server aggregation. Specifically, we follow the classic double mask aggregation scheme, and use Paillier homomorphic encryption algorithm to implement the message authentication code with additive homomorphic property. Users can compare their local codes with server’s aggregation results to verify the correctness of the aggregation results and improve model’s accuracy. In our framework, we adopt a Top-k gradient selection scheme to reduce models’ communication and computing overhead. Experimental results indicate that our training framework is feasible and efficient.

Yanling Li,Junzuo Lai,Rong Zhang,Meng Sun

DOI: https://doi.org/10.1016/j.ins.2023.119830

IF: 8.1

2024-01-01

Information Sciences

Abstract:Federated learning (FL) is a distributed machine learning framework that aims to provide privacy for local datasets while learning a global machine learning model. However, the updates exchanged in FL may indirectly reveal information about the local training datasets. To protect the confidentiality of updates, various solutions using cryptographic schemes such as secret sharing, differential privacy, and homomorphic encryption have been developed. The solutions using secret sharing often have high communication costs, while those using differential privacy require a trade-off between accuracy and privacy. Homomorphic encryption has been used to address these challenges to reduce communication costs and provide provable security. However, existing solutions based on homomorphic encryption require clients to use the same public-private key pair, which may lead to local updates disclosure. To address the existing challenges, we propose a secure and efficient multi-key aggregation protocol (MKAgg) that utilizes homomorphic encryption. The protocol allows clients to drop out at any point during the process. We construct MKAgg based on a two-server model and adopt a proxy re-encryption scheme with additively homomorphic properties to implement secure and efficient ciphertext transformation and calculation. We provide security proof to demonstrate that our MKAgg protocol meets the required security standards. Furthermore, we perform an efficiency analysis of MKAgg and evaluate its performance on various datasets. The results affirm that MKAgg is both effective and efficient for aggregation in the multi-key setting. We then apply MKAgg in FL and develop a multi-key privacy-preserving neural network scheme called MKPNFL. We analyze the security of MKPNFL and conduct tests using real-world datasets. The results demonstrate that MKPNFL is secure and practical for real-world applications.

Xue Yang,Minjie Ma,Xiaohu Tang

DOI: https://doi.org/10.1016/j.future.2024.06.002

IF: 7.307

2024-06-07

Future Generation Computer Systems

Abstract:As one of the most important methods of privacy computing, federated learning has attracted much attention as it makes data available but invisible (i.e., uploading gradients instead of raw data). However, adversaries may still recover some private information such as tabs, memberships or even training data, from gradients. Additionally, the malicious server may return the incorrect or forged aggregated result to clients for certain illegal interests. To ensure verifiability and privacy-preservation, in this paper, we present a verifiable secure aggregation scheme under the dual-server federated learning framework. Specifically, we combine the learning with error (LWE) cryptosystem with the secret sharing technique to guarantee the privacy of the aggregated result and each client's local gradient. Meanwhile, we skillfully design a double-verification protocol, including the server-side and client-side verification, to efficiently verify the correctness of the aggregated result and ensure data availability. Specifically, two servers mutually verify the correctness of the aggregated result through the linear homomorphic hash technique. After passing the server-side mutual verification, the malicious server may still directly broadcast the forged aggregated result to clients. Our client-side verification protocol can ensure data availability to identify the correct aggregation result sent by the semi-trusted server. To the best of our knowledge, existing solutions do not take data availability into account. Extensive experimental comparisons with the state-of-the-art schemes demonstrate the effectiveness and efficiency of the proposed scheme in terms of accuracy, computational cost and communication overhead.

computer science, theory & methods

Shisong Yang,Yuwen Chen,Zhen Yang,Bowen Li,Huan Liu

DOI: https://doi.org/10.1109/tgcn.2023.3277251

2023-01-01

IEEE Transactions on Green Communications and Networking

Abstract:Federated learning has been a paradigm for privacy-preserving machine learning, but recently gradient leakage attacks threaten privacy in federated learning. Secure aggregation for federated learning is an approach to protect users’ privacy from these attacks. Especially in federated learning with large-scale mobile devices, e.g., smartphones, secure aggregation should be dropout-resilient and have low communication overhead in addition to protecting privacy. However, existing studies still suffer from performance degradation and security risk, since the number of the dropped users increases. To address these problems, we propose an effective and high dropout-resilience secure aggregation protocol based on homomorphic Pseudorandom Generator and Paillier, which can guarantee privacy while tolerating up to almost 50% of users dropping out in both the honest but curious and actively malicious settings, and the performance of aggregation in computation and communication is independent to the dropped users. To further improve performance, we reduce the number of the ciphertexts through a homomorphic Pseudorandom Generator in the multiplicative group of integers, and decrease the running time of the server-side aggregation by computing discrete logarithms fast in Paillier. Experimental evaluation shows that the proposed protocol reduces the communication overhead by $3\times $ while achieving $2\times $ computation speedup over the prior dropout-resilience scheme.

Xianyu Mu,Youliang Tian,Zhou,Jinbo Xiong

DOI: https://doi.org/10.1109/nana63151.2024.00079

2024-01-01

Abstract:With the increasing awareness of user privacy protection and the improvement of domestic and international privacy protection laws, coalitional learning has become the current machine learning framework to protect user privacy. However, there are still specific security threats in coalitional learning, i.e., semi-honest servers obtain the corresponding privacy information by launching reverse inference attacks on the user’s local model gradient. Although effective against the attacks of semi-honest adversaries, previous research schemes resulted in huge computational costs and poor robustness. Therefore, in this paper, we propose a federated learning security aggregation protocol based on lightweight cryptography algorithms, which can significantly reduce the computational costs at the user’s end and is robust to users offline. First, this paper constructs an efficient secure aggregation protocol based on lightweight cryptographic algorithms, which significantly reduces the computational costs required on the user side. Second, an effective reconfiguration algorithm is designed in order to prevent the aggregation failure caused by the auxiliary computing nodes going offline. Finally, this paper demonstrates the security of the protocol through security analysis. In addition, this paper shows through experimental results that the scheme achieves a significant efficiency improvement, and the number of required communication rounds is reduced to two.

Irem Ergun,Hasin Us Sami,Basak Guler

DOI: https://doi.org/10.48550/arXiv.2112.12872

2021-12-24

Abstract:Secure aggregation is a popular protocol in privacy-preserving federated learning, which allows model aggregation without revealing the individual models in the clear. On the other hand, conventional secure aggregation protocols incur a significant communication overhead, which can become a major bottleneck in real-world bandwidth-limited applications. Towards addressing this challenge, in this work we propose a lightweight gradient sparsification framework for secure aggregation, in which the server learns the aggregate of the sparsified local model updates from a large number of users, but without learning the individual parameters. Our theoretical analysis demonstrates that the proposed framework can significantly reduce the communication overhead of secure aggregation while ensuring comparable computational complexity. We further identify a trade-off between privacy and communication efficiency due to sparsification. Our experiments demonstrate that our framework reduces the communication overhead by up to 7.8x, while also speeding up the wall clock training time by 1.13x, when compared to conventional secure aggregation benchmarks.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory

Xinchi Qiu,Heng Pan,Wanru Zhao,Chenyang Ma,Pedro Porto Buarque de Gusmão,Nicholas D. Lane

2023-05-19

Abstract:The majority of work in privacy-preserving federated learning (FL) has been focusing on horizontally partitioned datasets where clients share the same sets of features and can train complete models independently. However, in many interesting problems, such as financial fraud detection and disease detection, individual data points are scattered across different clients/organizations in vertical federated learning. Solutions for this type of FL require the exchange of gradients between participants and rarely consider privacy and security concerns, posing a potential risk of privacy leakage. In this work, we present a novel design for training vertical FL securely and efficiently using state-of-the-art security modules for secure aggregation. We demonstrate empirically that our method does not impact training performance whilst obtaining 9.1e2 ~3.8e4 speedup compared to homomorphic encryption (HE).

Machine Learning,Artificial Intelligence,Cryptography and Security

YU Shengxing,CHEN Zhong

DOI: https://doi.org/10.11959/j.issn.1000−436x.2023015

2023-01-01

Abstract:In order to solve the problems of data security and communication overhead in federated learning, an efficient and secure federated aggregation framework based on homomorphic encryption was proposed.In the process of federated learning, the privacy and security issues of user data need to be solved urgently.However, the computational cost and communication overhead caused by the encryption scheme would affect the training efficiency.Firstly, in the case of protecting data security and ensuring training efficiency, the Top-K gradient selection method was used to screen model gradients, reducing the number of gradients that need to be uploaded.A candidate quantization protocol suitable for multi-edge terminals and a secure candidate index merging algorithm were proposed to further reduce communication overhead and accelerate homomorphic encryption calculations.Secondly, since model parameters of each layer of neural networks had characteristics of the Gaussian distribution, the selected model gradients were clipped and quantized, and the gradient unsigned quantization protocol was adopted to speed up the homomorphic encryption calculation.Finally, the experimental results show that in the federated learning scenario, the proposed framework can protect data privacy, and has high accuracy and efficient performance.

Xuan Jin,Yuanzhi Yao,Nenghai Yu,,

DOI: https://doi.org/10.52396/justc-2022-0116

2023-01-01

JUSTC

Abstract:Federated learning allows multiple mobile participants to jointly train a global model without revealing their local private data. Communication-computation cost and privacy preservation are key fundamental issues in federated learning. Existing secret sharing-based secure aggregation mechanisms for federated learning still suffer from significant additional costs, insufficient privacy preservation, and vulnerability to participant dropouts. In this paper, we aim to solve these issues by introducing flexible and effective secret sharing mechanisms into federated learning. We propose two novel privacy-preserving federated learning schemes: federated learning based on one-way secret sharing (FLOSS) and federated learning based on multishot secret sharing (FLMSS). Compared with the state-of-the-art works, FLOSS enables high privacy preservation while significantly reducing the communication cost by dynamically designing secretly shared content and objects. Meanwhile, FLMSS further reduces the additional cost and has the ability to efficiently enhance the robustness of participant dropouts in federated learning. Foremost, FLMSS achieves a satisfactory tradeoff between privacy preservation and communication-computation cost. Security analysis and performance evaluations on real datasets demonstrate the superiority of our proposed schemes in terms of model accuracy, privacy preservation, and cost reduction.

Qi Gao,Yi Sun,Xingyuan Chen,Fan Yang,Youhe Wang

DOI: https://doi.org/10.3390/electronics13040671

IF: 2.9

2024-02-07

Electronics

Abstract:The federated learning on large-scale mobile terminals and Internet of Things (IoT) devices faces the issues of privacy leakage, resource limitation, and frequent user dropouts. This paper proposes an efficient secure aggregation method based on multi-homomorphic attributes to realize the privacy-preserving aggregation of local models while ensuring low overhead and tolerating user dropouts. First, based on EC-ElGamal, the homomorphic pseudorandom generator, and the Chinese remainder theorem, an efficient random mask secure aggregation method is proposed, which can efficiently aggregate random masks and protect the privacy of the masks while introducing secret sharing to achieve tolerance of user dropout. Then, an efficient federated learning secure aggregation method is proposed, which guarantees that the computation and communication overheads of users are only O(L); also, the method only performs two rounds of communication to complete the aggregation and allows user dropout, and the aggregation time does not increase with the dropout rate, so it is suitable for resource-limited devices. Finally, the correctness, security, and performance of the proposed method are analyzed and evaluated. The experimental results indicate that the aggregation time of the proposed method is linearly related to the number of users and the model size, and it decreases as the number of dropped out users increases. Compared to other schemes, the proposed method significantly improves the aggregation efficiency and has stronger dropout tolerance, and it improves the efficiency by about 24 times when the number of users is 500 and the dropout rate is 30%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jinhyun So,Ramy E. Ali,Basak Guler,Jiantao Jiao,Salman Avestimehr

2023-07-27

Abstract:Secure aggregation is a critical component in federated learning (FL), which enables the server to learn the aggregate model of the users without observing their local models. Conventionally, secure aggregation algorithms focus only on ensuring the privacy of individual users in a single training round. We contend that such designs can lead to significant privacy leakages over multiple training rounds, due to partial user selection/participation at each round of FL. In fact, we show that the conventional random user selection strategies in FL lead to leaking users' individual models within number of rounds that is linear in the number of users. To address this challenge, we introduce a secure aggregation framework, Multi-RoundSecAgg, with multi-round privacy guarantees. In particular, we introduce a new metric to quantify the privacy guarantees of FL over multiple training rounds, and develop a structured user selection strategy that guarantees the long-term privacy of each user (over any number of training rounds). Our framework also carefully accounts for the fairness and the average number of participating users at each round. Our experiments on MNIST and CIFAR-10 datasets in the IID and the non-IID settings demonstrate the performance improvement over the baselines, both in terms of privacy protection and test accuracy.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory

Fucai Luo,Saif Al-Kuwari,Haiyan Wang,Xingfu Yan

2023-05-22

Abstract:Federated learning (FL) allows a large number of clients to collaboratively train machine learning (ML) models by sending only their local gradients to a central server for aggregation in each training iteration, without sending their raw training data. Unfortunately, recent attacks on FL demonstrate that local gradients may leak information about local training data. In response to such attacks, Bonawitz \textit{et al.} (CCS 2017) proposed a secure aggregation protocol that allows a server to compute the sum of clients' local gradients in a secure manner. However, their secure aggregation protocol requires at least 4 rounds of communication between each client and the server in each training iteration. The number of communication rounds is closely related not only to the total communication cost but also the ML model accuracy, as the number of communication rounds affects client dropouts. In this paper, we propose FSSA, a 3-round secure aggregation protocol, that is efficient in terms of computation and communication, and resilient to client dropouts. We prove the security of FSSA in honest-but-curious setting and show that the security can be maintained even if an arbitrarily chosen subset of clients drop out at any time. We evaluate the performance of FSSA and show that its computation and communication overhead remains low even on large datasets. Furthermore, we conduct an experimental comparison between FSSA and Bonawitz \textit{et al.}'s protocol. The comparison results show that, in addition to reducing the number of communication rounds, FSSA achieves a significant improvement in computational efficiency.

Cryptography and Security

Zhaosen Shi,Zeyu Yang,Alzubair Hassan,Fagen Li,Xuyang Ding

DOI: https://doi.org/10.1007/s11235-022-00982-3

2022-12-09

Telecommunication Systems

Abstract:The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

telecommunications

Jiao Zhang,Xiong Li,Wei Liang,Pandi Vijayakumar,Fayez Alqahtani,Amr Tolba

DOI: https://doi.org/10.1109/jiot.2024.3400389

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:As a typical privacy-aware machine learning paradigm, federated learning (FL) provides facilities to individually train edge clients with their private data and aggregate the central global model. In this way, privacy leakage can be prevented. Massive communication overhead caused by exchanging updated weights between clients and the server is one of the main obstacles in this strategy. Prior work advocates compressing the weights by employing quantization, gradient sparsification, and knowledge distillation approaches. However, most of them cannot be readily applied to secure aggregation in privacy-aware FL. Some research has made great progress in directly utilizing benchmark secure aggregation protocols on top of the non-privacy-aware FL. Graph-based and gradient-based sparsification has been widely adopted in previous studies. However, the results of reducing communication costs are still unsatisfactory. In this paper, we present a novel communication-efficient privacy-ware FL algorithm from a distinct perspective. We design a new Two-Phase Sparsification with Secure Aggregation (TPSSA) algorithm. In the subnetwork phase, we identify sparse subnetworks by freezing the initial random weights in sufficiently overparametrized networks. All edge clients collaboratively train to discover their subnetwork inside a dense randomly weighted neural network. Then the server aggregates to compute the global model. In the gradient phase, for each pair of edge clients, we introduce pairwise multiplicative random masks to identify the sparsification pattern. Then updates from surviving clients can be correctly cancelled out during the aggregation process in the server. Theoretical analysis reveals convergence, privacy and performance guarantee. We show improvements in accuracy, communication, and computation over traditional and sparsified secure aggregation benchmarks on two real-world datasets.

Zoe Lin Jiang,Hui Guo,Yijian Pan,Yang Liu,Xuan Wang,Jun Zhang

DOI: https://doi.org/10.1109/cscloud-edgecom52276.2021.00019

2021-01-01

Abstract:Federated learning is a privacy preserving machine learning paradigm which trains model on distributed datasets. Homomorphic encryption can be used to protect local model parameters during model aggregation. However, most homomorphic encryption only supports single key. To enhance security, we should allow different clients encrypt their local models by different keys. In this paper, we propose a secure neural network in federated learning and support multiple keys. A double-trapdoor encryption scheme is adapted. We rely on two non-colluding cloud servers. The clients upload the encrypted local models to the first cloud server, which can be decrypted by the second server using one trapdoor. To avoid privacy leakage, the first cloud server runs ciphertext perturbation before sending data to the second server. The aggregated model will be sent back to clients for decryption individually. Benchmark dataset is used for evaluation and the experimental results show that our scheme is competitive in terms of accuracy with some sacrifice of efficiency.

Rouzbeh Behnia,Mohammadreza Ebrahimi,Arman Riasi,Sherman S. M. Chow,Balaji Padmanabhan,Thang Hoang

2023-08-31

Abstract:Secure aggregation protocols ensure the privacy of users' data in the federated learning settings by preventing the disclosure of users' local gradients. Despite their merits, existing aggregation protocols often incur high communication and computation overheads on the participants and might not be optimized to handle the large update vectors for machine learning models efficiently. This paper presents e-SeaFL, an efficient, verifiable secure aggregation protocol taking one communication round in aggregation. e-SeaFL allows the aggregation server to generate proof of honest aggregation for the participants. Our core idea is to employ a set of assisting nodes to help the aggregation server, under similar trust assumptions existing works placed upon the participating users. For verifiability, e-SeaFL uses authenticated homomorphic vector commitments. Our experiments show that the user enjoys five orders of magnitude higher efficiency than the state of the art (PPML 2022) for a gradient vector of a high dimension up to $100,000$.

Cryptography and Security

Hao Sun,Xiubo Chen,Kaiguo Yuan

DOI: https://doi.org/10.32604/cmc.2024.049159

2024-01-01

Abstract:Federated learning ensures data privacy and security by sharing models among multiple computing nodes instead of plaintext data. However, there is still a potential risk of privacy leakage, for example, attackers can obtain the original data through model inference attacks. Therefore, safeguarding the privacy of model parameters becomes crucial. One proposed solution involves incorporating homomorphic encryption algorithms into the federated learning process. However, the existing federated learning privacy protection scheme based on homomorphic encryption will greatly reduce the efficiency and robustness when there are performance differences between parties or abnormal nodes. To solve the above problems, this paper proposes a privacy protection scheme named Federated Learning-Elastic Averaging Stochastic Gradient Descent (FL-EASGD) based on a fully homomorphic encryption algorithm. First, this paper introduces the homomorphic encryption algorithm into the FL-EASGD scheme to prevent model plaintext leakage and realize privacy security in the process of model aggregation. Second, this paper designs a robust model aggregation algorithm by adding time variables and constraint coefficients, which ensures the accuracy of model prediction while solving performance differences such as computation speed and node anomalies such as downtime of each participant. In addition, the scheme in this paper preserves the independent exploration of the local model by the nodes of each party, making the model more applicable to the local data distribution. Finally, experimental analysis shows that when there are abnormalities in the participants, the efficiency and accuracy of the whole protocol are not significantly affected.

Diogo Pereira,Paulo Ricardo Reis,Fábio Borges

DOI: https://doi.org/10.3390/s24041299

IF: 3.9

2024-02-17

Sensors

Abstract:In the era of big data, millions and millions of data are generated every second by different types of devices. Training machine-learning models with these data has become increasingly common. However, the data used for training are often sensitive and may contain information such as medical, banking, or consumer records, for example. These data can cause problems in people's lives if they are leaked and also incur sanctions for companies that leak personal information for any reason. In this context, Federated Learning emerges as a solution to the privacy of personal data. However, even when only the gradients of the local models are shared with the central server, some attacks can reconstruct user data, allowing a malicious server to violate the FL principle, which is to ensure the privacy of local data. We propose a secure aggregation protocol for Decentralized Federated Learning, which does not require a central server to orchestrate the aggregation process. To achieve this, we combined a Multi-Secret-Sharing scheme with a Dining Cryptographers Network. We validate the proposed protocol in simulations using the MNIST handwritten digits dataset. This protocol achieves results comparable to Federated Learning with the FedAvg protocol while adding a layer of privacy to the models. Furthermore, it obtains a timing performance that does not significantly affect the total training time, unlike protocols that use Homomorphic Encryption.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhen Yang,Shisong Yang,Yunbo Huang,José-Fernán Martínez,Lourdes López,Yuwen Chen

DOI: https://doi.org/10.1007/s10207-023-00670-6

2023-01-01

International Journal of Information Security

Abstract:Federated learning is emerged as an attractive paradigm regarding the data privacy problem, clients train the deep neural network on their local datasets, there is no need to upload their local data to a center server, and gradients are shared instead. However, recent studies show that adversaries can reconstruct the training images at high resolution from the gradients, such a break of data privacy is possible even in trained deep networks. To protect data privacy, a secure aggregation scheme against inverting attack is proposed for federated learning. The gradients are encrypted before sharing, and an adversary is unable to launch various attacks based on gradients. To improve the efficiency of data aggregation schemes, a new way of building shared keys is proposed, and a client build shared keys with 2 a other clients, but not all the clients in the system. Besides, the gradient inversion attacks are also tested, and a gradient inversion attack is proposed, which enable the adversary to reconstruct the training data based on gradient. The simulation results show the proposed scheme can protect an honest but curious parameter server from reconstructing the training data.