Lingchen Zhao,Qian Wang,Qin Zou,Yan Zhang,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2019.2939713

2018-01-01

Abstract:With powerful parallel computing GPUs and massive user data, neural-network-based deep learning can well exert its strong power in problem modeling and solving, and has archived great success in many applications such as image classification, speech recognition and machine translation etc. While deep learning has been increasingly popular, the problem of privacy leakage becomes more and more urgent. Given the fact that the training data may contain highly sensitive information, e.g., personal medical records, directly sharing them among the users (i.e., participants) or centrally storing them in one single location may pose a considerable threat to user privacy. In this paper, we present a practical privacy-preserving collaborative deep learning system that allows users to cooperatively build a collective deep learning model with data of all participants, without direct data sharing and central data storage. In our system, each participant trains a local model with their own data and only shares model parameters with the others. To further avoid potential privacy leakage from sharing model parameters, we use functional mechanism to perturb the objective function of the neural network in the training process to achieve $\epsilon $ -differential privacy. In particular, for the first time, we consider the existence of unreliable participants , i.e., the participants with low-quality data, and propose a solution to reduce the impact of these participants while protecting their privacy. We evaluate the performance of our system on two well-known real-world datasets for regression and classification tasks. The results demonstrate that the proposed system is robust against unreliable participants, and achieves high accuracy close to the model trained in a traditional centralized manner while ensuring rigorous privacy protection.

Meng Hao,Hongwei Li,Guowen Xu,Sen Liu,Haomiao Yang

DOI: https://doi.org/10.1109/icc.2019.8761267

2019-05-01

Abstract:Deep learning has been applied in many areas, such as computer vision, natural language processing and emotion analysis. Differing from the traditional deep learning that collects users’ data centrally, federated deep learning requires participants to train the networks on private datasets and share the training results, and hence has more gratifying efficiency and stronger security. However, it still presents some privacy issues since adversaries can deduce users’ privacy from local outputs, such as gradients. While the problem of private federated deep learning has been an active research issue, the latest research findings are still inadequate in terms of security, accuracy and efficiency. In this paper, we propose an efficient and privacy-preserving federated deep learning protocol based on stochastic gradient descent method by integrating the additively homomorphic encryption with differential privacy. Specifically, users add noises to each local gradients before encrypting them to obtain the optical performance and security. Moreover, our scheme is secure to honest-but-curious server setting even if the cloud server colludes with multiple users. Besides, our scheme supports federated learning for large-scale users scenarios and extensive experiments demonstrate our scheme has high efficiency and high accuracy compared with non-private model.

L. T. Phong,Lihua Wang,Yoshinori Aono,Takuya Hayashi,S. Moriai

DOI: https://doi.org/10.1109/TIFS.2017.2787987

IF: 7.231

2018-05-01

IEEE Transactions on Information Forensics and Security

Abstract:We present a privacy-preserving deep learning system in which many learning participants perform neural network-based deep learning over a combined dataset of all, without revealing the participants’ local data to a central server. To that end, we revisit the previous work by Shokri and Shmatikov (ACM CCS 2015) and show that, with their method, local data information may be leaked to an honest-but-curious server. We then fix that problem by building an enhanced system with the following properties: 1) no information is leaked to the server and 2) accuracy is kept intact, compared with that of the ordinary deep learning system also over the combined dataset. Our system bridges deep learning and cryptography: we utilize asynchronous stochastic gradient descent as applied to neural networks, in combination with additively homomorphic encryption. We show that our usage of encryption adds tolerable overhead to the ordinary deep learning system.

Computer Science

Guowen Xu,Guanlin Li,Shangwei Guo,Tianwei Zhang,Hongwei Li

DOI: https://doi.org/10.48550/arXiv.2207.04604

2022-07-11

Abstract:Decentralized deep learning plays a key role in collaborative model training due to its attractive properties, including tolerating high network latency and less prone to single-point failures. Unfortunately, such a training mode is more vulnerable to data privacy leaks compared to other distributed training frameworks. Existing efforts exclusively use differential privacy as the cornerstone to alleviate the data privacy threat. However, it is still not clear whether differential privacy can provide a satisfactory utility-privacy trade-off for model training, due to its inherent contradictions. To address this problem, we propose D-MHE, the first secure and efficient decentralized training framework with lossless precision. Inspired by the latest developments in the homomorphic encryption technology, we design a multiparty version of Brakerski-Fan-Vercauteren (BFV), one of the most advanced cryptosystems, and use it to implement private gradient updates of users'local models. D-MHE can reduce the communication complexity of general Secure Multiparty Computation (MPC) tasks from quadratic to linear in the number of users, making it very suitable and scalable for large-scale decentralized learning systems. Moreover, D-MHE provides strict semantic security protection even if the majority of users are dishonest with collusion. We conduct extensive experiments on MNIST and CIFAR-10 datasets to demonstrate the superiority of D-MHE in terms of model accuracy, computation and communication cost compared with existing schemes.

Cryptography and Security

Emmanuel Antwi-Boasiako,Shijie Zhou,Yongjian Liao,Qihe Liu

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00107

2020-01-01

Abstract:In this paper, privacy preservation in Distributed Deep Neural Networks (DDNN) is re-visited. We focus on the use of Homomorphic Encryption (HE) in the DDNN. Although HE provides some level of effective way to bring privacy to the DDNN, its use is usually associated with high overheads, especially communication cost between the Honest-but-Curious (HbC) cloud server and participants. To this end, we propose an alternative approach for privacy preservation in the DDNN. Ability to select and encrypt selected gradients homomorphically, is the main appeal of this paper and has proven to provide good privacy, reduce communication cost to a considerable level (ie. 0.04MB and 0.13MB when 1% and 10% of total gradients are selected, encrypted and shared respectively) whilst maintaining acceptable level of accuracy. A learning with error (LWE) based additive Homomorphic Encryption is used and comparison is made with closely related works to show how efficient our approach is. Furthermore, we propose the use of non-malleable code to protect the integrity of ciphertexts that are transmitted between participants and the HbC cloud server. This paper is the first to combine partial sharing and Homomorphic Encryption in the DDNN.

Yipeng Dong,Lei Zhang,Lin Xu

DOI: https://doi.org/10.1007/978-981-97-0834-5_9

2024-01-01

Abstract:Federated learning enables collaborative training of the global model by participants with diverse data sources while preserving data privacy. However, the traditional federated learning architecture faces some challenges, including single-point of server failure and privacy disclosure. To address these challenges, this paper proposes a distributed federated learning scheme based on multi-key homomorphic encryption, which fundamentally solves the problems of server single-point failure and malicious behavior, while effectively protecting the data privacy of participants. The trusted execution environment (TEE) is used to detect the quality of the models and to prevent some malicious participants from executing malicious behavior. Furthermore, an incentive mechanism is designed to encourage participants to actively and honestly perform training tasks. Our scheme satisfies privacy, robustness, and fairness criteria, as demonstrated in our analysis.

Hangyu Zhu,Rui Wang,Yaochu Jin,Kaitai Liang,Jianting Ning

DOI: https://doi.org/10.1016/j.neucom.2021.08.062

IF: 6

2021-11-01

Neurocomputing

Abstract:Homomorphic encryption is a very useful gradient protection technique used in privacy preserving federated learning. However, existing encrypted federated learning systems need a trusted third party to generate and distribute key pairs to connected participants, making them unsuited for federated learning and vulnerable to security risks. Moreover, encrypting all model parameters is computationally intensive, especially for large machine learning models such as deep neural networks. In order to mitigate these issues, we develop a practical, computationally efficient encryption based protocol for federated deep learning, where the key pairs are collaboratively generated without the help of a trusted third party. By quantization of the model parameters on the clients and an approximated aggregation on the server, the proposed method avoids encryption and decryption of the entire model. In addition, a threshold based secret sharing technique is designed so that no one can hold the global private key for decryption, while aggregated ciphertexts can be successfully decrypted by a threshold number of clients even if some clients are offline. Our experimental results confirm that the proposed method significantly reduces the communication costs and computational complexity compared to existing encrypted federated learning without compromising the performance and security.

computer science, artificial intelligence

Guangfeng Yan,Shanxiang Lyu,Hanxu Hou,Zhiyong Zheng,Linqi Song

2024-02-02

Abstract:This paper introduces a privacy-preserving distributed learning framework via private-key homomorphic encryption. Thanks to the randomness of the quantization of gradients, our learning with error (LWE) based encryption can eliminate the error terms, thus avoiding the issue of error expansion in conventional LWE-based homomorphic encryption. The proposed system allows a large number of learning participants to engage in neural network-based deep learning collaboratively over an honest-but-curious server, while ensuring the cryptographic security of participants' uploaded gradients.

Cryptography and Security

Xianglong Zhang,Anmin Fu,Huaqun Wang,Chunyi Zhou,Zhenzhu Chen

DOI: https://doi.org/10.1109/icc40277.2020.9148628

2020-01-01

Abstract:Due to the complexity of the data environment, many organizations prefer to train deep learning models together by sharing training sets. However, this process is always accompanied by the restriction of distributed storage and privacy. Federated learning addresses this challenge by only sharing gradients with the server without revealing training sets. Unfortunately, existing research has shown that the server could extract information of the training sets from shared gradients. Besides, the server may falsify the calculated result to affect the accuracy of the trained model. To solve the above problems, we propose a privacy-preserving and verifiable federated learning scheme. Our scheme focuses on processing shared gradients by combining the Chinese Remainder Theorem and the Paillier homomorphic encryption, which can realize privacy-preserving federated learning with low computation and communication costs. In addition, we introduce the bilinear aggregate signature technology into federated learning, which effectively verifies the correctness of aggregated gradient. Moreover, the experiment shows that even with the added verification function, our scheme still has high accuracy and efficiency.

Emmanuel Antwi-Boasiako,Shijie Zhou,Yongjian Liao,Qihe Liu,Yuyu Wang,Kwabena Owusu-Agyemang

DOI: https://doi.org/10.1016/j.jisa.2021.102949

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Distributed or Collaborative Deep Learning, has recently gained more recognition due to its major advantage of allowing two or more learning participants to contribute and enjoy better accuracy from large and varied training datasets. Despite this advantage, it also presents key privacy issues that have to be managed. In this survey paper, an overview of Distributed or Collaborative Deep Learning has been presented. We first classify Collaborative or Distributed Deep Learning into Direct, Indirect and Peer-to-peer approaches and indicate some of their related privacy issues. We then discuss general cryptographic algorithms and other techniques that can be used for privacy preservation and also indicate their advantages and disadvantages in the Distributed Deep Learning setting. Furthermore, some fundamental theories employed in this area of research have been presented which paves the way for a comprehensive review and comparison of existing privacy approaches, most of which are based on Homomorphic Encryption. Finally, we highlight some challenges in this research domain and propose future directions. Our work reveals the following: Collaborative Deep Learning is more associated with the training stage of Deep Learning than the inference stage. Homomorphic Encryption provides a good approach for preserving the privacy of training datasets in the Collaborative Deep Learning and can become more popular if some problems associated with its use such as increased communication and computation costs are brought low. Privacy preservation in the Collaborative Deep Learning has great future prospects and attempts should be made towards providing more quantum robust and collusion resistant solutions.

Zhaosen Shi,Zeyu Yang,Alzubair Hassan,Fagen Li,Xuyang Ding

DOI: https://doi.org/10.1007/s11235-022-00982-3

2022-12-09

Telecommunication Systems

Abstract:The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

telecommunications

Ping Li,Jin Li,Zhengan Huang,Tong Li,Chong-Zhi Gao,Siu-Ming Yiu,Kai Chen

DOI: https://doi.org/10.1016/j.future.2017.02.006

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:Deep learning has attracted a lot of attention and has been applied successfully in many areas such as bioinformatics, imaging processing, game playing and computer security etc. On the other hand, deep learning usually requires a lot of training data which may not be provided by a sole owner. As the volume of data gets huge, it is common for users to store their data in a third-party cloud. Due to the confidentiality of the data, data are usually stored in encrypted form. To apply deep learning to these datasets owned by multiple data owners on cloud, we need to tackle two challenges: (i) the data are encrypted with different keys, all operations including intermediate results must be secure; and (ii) the computational cost and the communication cost of the data owner(s) should be kept minimal. In our work, we propose two schemes to solve the above problems. We first present a basic scheme based on multi-key fully homomorphic encryption (MK-FHE), then we propose an advanced scheme based on a hybrid structure by combining the double decryption mechanism and fully homomorphic encryption (FHE). We also prove that these two multi-key privacy-preserving deep learning schemes over encrypted data are secure.

Maoguo Gong,Jialun Feng,Yu Xie

DOI: https://doi.org/10.1016/j.neunet.2019.10.001

IF: 7.8

2019-01-01

Neural Networks

Abstract:In multi-party deep learning, multiple participants jointly train a deep learning model through a central server to achieve common objectives without sharing their private data. Recently, a significant amount of progress has been made toward the privacy issue of this emerging multi-party deep learning paradigm. In this paper, we mainly focus on two problems in multi-party deep learning. The first problem is that most of the existing works are incapable of defending simultaneously against the attacks of honest-but-curious participants and an honest-but-curious server without a manager trusted by all participants. To tackle this problem, we design a privacy-enhanced multi-party deep learning framework, which integrates differential privacy and homomorphic encryption to prevent potential privacy leakage to other participants and a central server without requiring a manager that all participants trust. The other problem is that existing frameworks consume high total privacy budget when applying differential privacy for preserving privacy, which leads to a high risk of privacy leakage. In order to alleviate this problem, we propose three strategies for dynamically allocating privacy budget at each epoch to further enhance privacy guarantees without compromising the model utility. Moreover, it provides participants with an intuitive handle to strike a balance between the privacy level and the training efficiency by choosing different strategies. Both analytical and experimental evaluations demonstrate the promising performance of our proposed framework.

Jiachen Shen,Yekang Zhao,Shitao Huang,Yongjun Ren

DOI: https://doi.org/10.3390/electronics13224478

IF: 2.9

2024-11-20

Electronics

Abstract:Federated learning avoids centralizing data in a central server by distributing the model training process across devices, thus protecting privacy to some extent. However, existing research shows that model updates (e.g., gradients or weights) exchanged during federated learning may still indirectly leak sensitive information about the original data. Currently, single-key homomorphic encryption methods applied in federated learning cannot solve the problem of privacy leakage that may be caused by the collusion between the participant and the federated learning server, whereas existing privacy-preserving federated learning schemes based on multi-key homomorphic encryption in semi-honest environments have deficiencies and limitations in terms of security and application conditions. To this end, this paper proposes a privacy-preserving federated learning scheme based on multi-key fully homomorphic encryption to cope with the potential risk of privacy leakage in traditional federated learning. We designed a multi-key fully homomorphic encryption scheme, mMFHE, that encrypts by aggregating public keys and requires all participants to jointly participate in decryption sharing, thus ensuring data security and privacy. The proposed privacy-preserving federated learning scheme encrypts the model updates through multi-key fully homomorphic encryption, ensuring confidentiality under the CRS model and in a semi-honest environment. As a fully homomorphic encryption scheme, mMFHE supports homomorphic addition and homomorphic multiplication for more flexible applications. Our security analysis proves that the scheme can withstand collusive attacks by up to N−1 users and servers, where N is the total number of users. Performance analysis and experimental results show that our scheme reduces the complexity of the NAND gate, which reduces the computational load and improves the efficiency while ensuring the accuracy of the model.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yan Feng,Xue Yang,Weijun Fang,Shu-Tao Xia,Xiaohu Tang,Jun Shao,Tao Xiong

2020-01-01

Abstract:Although federated learning improves privacy of training data by exchanging model updates rather than raw data, many research results show that sharing the model updates may still involve risks. To alleviate this problem, many privacy-preserving techniques have been introduced to federated learning. However, considering deep learning models in federated learning, the resulting schemes either cannot implement non-linear activation functions well, or cannot remain the same model accuracy as the original training, or suffer from unaffordable costs. In this paper, we customize a \emph{practical privacy-preserving method for federated deep learning}, which is versatile and applicable to most state-of-the-art models, such as ResNet and DenseNet. In particular, this method can support non-linear activation functions well on the encrypted domain, hence supporting semi-trusted clients to efficiently train deep neural network locally over encrypted model iterates (i.e., protecting the privacy of the model for server-side). Meanwhile, it can be combined with the secret sharing technique to further ensure the semi-trusted server cannot obtain local gradients of each client (i.e., protect the privacy of training data for client-side). Detailed security analysis and extensive experiments demonstrate that the proposed method can achieve privacy-preservation without sacrificing model accuracy and introducing too much extra costs.

Jianzhe Zhao,Chenxi Huang,Wenji Wang,Rulin Xie,Rongrong Dong,Stan Matwin

DOI: https://doi.org/10.1007/s11227-023-05378-x

IF: 3.3

2023-05-27

The Journal of Supercomputing

Abstract:Federated learning (FL) is an emerging distributed machine learning paradigm without revealing private local data for privacy-preserving. However, there are still limitations. On one hand, user’ privacy can be deduced from local outputs. On the other hand, privacy, efficiency, and accuracy are hard to fulfill for conflicting goals. To tackle these problems, we propose a novel privacy-preserving FL (HEFL-LDP) algorithm, which integrates semi-homomorphic encryption and local differential privacy. With the reduction of computational and communication burden, HEFL-LDP resists model inversion attacks and membership inference attacks from a server or malicious client. Moreover, a new utility optimization strategy with accuracy-oriented privacy parameter adjustment and model shuffling is proposed to solve the problem of accuracy decline. The security and cost of the algorithm are verified through theoretical analysis and proof. Comprehensive experimental evaluations on the MNIST dataset and CIFAR-10 dataset demonstrate that HEFL-LDP significantly reduces the privacy budget and outperforms existing algorithms in computational cost and accuracy.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Hao Xue,Zheng Huang,Huijuan Lian,Weidong Qiu,Jie Guo,Shen Wang,Zheng Gong

DOI: https://doi.org/10.1109/dsc.2018.00067

2018-01-01

Abstract:With the increasing of the data quantity and the continuous development in data mining applications, the introduction of deep learning is imminent. However, the combination of data mining and deep learning still faces many challenges in distributed large-scale environment, and one of the most immediate issues is to ensure the privacy of data when running deep mining in cloud. In this paper, we propose a scheme combined the multi-key fully homomorphic encryption with the neural networks. With the scheme, participates protect their data with the fully homomorphic encryption which could achieve the requirements of preserving the privacy of distributed data in deep mining.

Qi Jia,Linke Guo,Yuguang Fang,Guirong Wang

DOI: https://doi.org/10.1109/tnse.2018.2859420

IF: 6.6

2019-01-01

IEEE Transactions on Network Science and Engineering

Abstract:With the dramatic growth of data in both amount and scale, distributed machine learning has become an important tool for the massive data to finish the tasks as prediction, classification, etc. However, due to the practical physical constraints and the potential privacy leakage of data, it is infeasible to aggregate raw data from all data owners for the learning purpose. To tackle this problem, the distributed privacy-preserving learning approaches are introduced to learn over all distributed data without exposing the real information. However, existing approaches have limits on the complicated distributed system. On the one hand, traditional privacy-preserving learning approaches rely on heavy cryptographic primitives on training data, in which the learning speed is dramatically slowed down due to the computation overheads. On the other hand, the complicated system architecture becomes a barrier in the practical distributed system. In this paper, we propose an efficient privacy-preserving machine learning scheme for hierarchical distributed systems. We modify and improve the collaborative learning algorithm. The proposed scheme not only reduces the overhead for the learning process but also provides the comprehensive protection for each layer of the hierarchical distributed system. In addition, based on the analysis of the collaborative convergency in different learning groups, we also propose an asynchronous strategy to further improve the learning efficiency of hierarchical distributed system. At the last, extensive experiments on real-world data are implemented to evaluate the privacy, efficacy, and efficiency of our proposed schemes.

Yili Jiang,Kuan Zhang,Yi Qian,Liang Zhou

DOI: https://doi.org/10.1109/tifs.2022.3181848

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Distributed learning is proposed as a promising technique to reduce heavy data transmissions in centralized machine learning. By allowing the participants training the model locally, raw data is unnecessarily uploaded to the centralized cloud server, reducing the risks of privacy leakage as well. However, the existing studies have shown that an adversary is able to derive the raw data by analyzing the obtained machine learning models. To tackle this challenge, the state-of-the-art solutions mainly depend on differential privacy and encryption techniques (e.g., homomorphic encryption). Whereas, differential privacy degrades data utility and leads to inaccurate learning, while encryption based approaches are not effective to all machine learning algorithms due to the limited operations and excessive computation cost. In this work, we propose a novel scheme to resolve the privacy issues from the anonymous authentication approach. Different from the two types of existing solutions, this approach is generalized to all machine learning algorithms without reducing data utility, while guaranteeing privacy preservation. In addition, it can be integrated with detection schemes against data poisoning attacks and free-rider attacks, being more practical for distributed learning. To this end, we first design a pairing-based certificateless signature scheme. Based on the signature scheme, we further propose an anonymous and efficient authentication protocol which supports dynamic batch verification. The proposed protocol guarantees the desired security properties while being computationally efficient. Formal security proof and analysis have been provided to demonstrate the achieved security properties, including confidentiality, anonymity, mutual authentication, unlinkability, unforgeability, forward security, backward security, and non-repudiation. In addition, the performance analysis reveals that our proposed protocol significantly reduces the time consumption in batch verification, achieving high computational efficiency.