Chen Chaochao,Li Liang,Fang Wenjing,Zhou Jun,Wang Li,Wang Lei,Yang Shuang,Liu Alex,Wang Hao

2020-01-01

Abstract: Nowadays, the utilization of the ever expanding amount of data has made a huge impact on web technologies while also causing various types of security concerns. On one hand, potential gains are highly anticipated if different organizations could somehow collaboratively share their data for technological improvements. On the other hand, data security concerns may arise for both data holders and data providers due to commercial or sociological concerns. To make a balance between technical improvements and security limitations, we implement secure and scalable protocols for multiple data holders to train linear regression and logistic regression models. We build our protocols based on the secret sharing scheme, which is scalable and efficient in applications. Moreover, our proposed paradigm can be generalized to any secure multiparty training scenarios where only matrix summation and matrix multiplications are used. We demonstrate our approach by experiments which shows the scalability and efficiency of our proposed protocols, and finally present its real-world applications.

Kai Wan,Xin Yao,Hua Sun,Mingyue Ji,Giuseppe Caire

DOI: https://doi.org/10.1109/tit.2024.3422087

IF: 2.5

2024-08-24

IEEE Transactions on Information Theory

Abstract:Secure aggregation, which is a core component of federated learning, aggregates locally trained models from distributed users at a central server. The "secure" nature of such aggregation consists of the fact that no information about the local users' data must be leaked to the server except the aggregated local models. In order to guarantee security, some keys may be shared among the users (this is referred to as the key sharing phase). After the key sharing phase, each user masks its trained model which is then sent to the server (this is referred to as the model aggregation phase). This paper follows the information theoretic secure aggregation problem originally formulated by Zhao and Sun, with the objective to characterize the minimum communication cost from the users in the model aggregation phase. Due to user dropouts, which are common in real systems, the server may not receive all messages from the users. A secure aggregation scheme should tolerate the dropouts of at most users, where is a system parameter. The optimal communication cost is characterized by Zhao and Sun, but with the assumption that the keys stored by the users could be any random variables with arbitrary dependency. On the motivation that uncoded groupwise keys are more convenient to be shared and could be used in large range of applications besides federated learning, in this paper we add one constraint into the above problem, namely, that the key variables are mutually independent and each key is shared by a group of users, where is another system parameter. To the best of our knowledge, all existing secure aggregation schemes (with information theoretic security or computational security) assign coded keys to the users. We show that if , a new secure aggregation scheme with uncoded groupwise keys can achieve the same optimal communication cost as the best scheme with coded keys; if , uncoded groupwise key sharing is strictly sub-optimal. Finally, we also implement our proposed secure aggregation scheme into Amazon EC2, which are then compared with the existing secure aggregation schemes with offline key sharing.

computer science, information systems,engineering, electrical & electronic

Siqing Zhang,Yong Liao,Pengyuan Zhou

DOI: https://doi.org/10.48550/arXiv.2312.04937

2023-12-11

Abstract:Leveraging federated learning (FL) to enable cross-domain privacy-sensitive data mining represents a vital breakthrough to accomplish privacy-preserving learning. However, attackers can infer the original user data by analyzing the uploaded intermediate parameters during the aggregation process. Therefore, secure aggregation has become a critical issue in the field of FL. Many secure aggregation protocols face the problem of high computation costs, which severely limits their applicability. To this end, we propose AHSecAgg, a lightweight secure aggregation protocol using additive homomorphic masks. AHSecAgg significantly reduces computation overhead without compromising the dropout handling capability or model accuracy. We prove the security of AHSecAgg in semi-honest and active adversary settings. In addition, in cross-silo scenarios where the group of participants is relatively fixed during each round, we propose TSKG, a lightweight Threshold Signature based masking key generation method. TSKG can generate different temporary secrets and shares for different aggregation rounds using the initial key and thus effectively eliminates the cost of secret sharing and key agreement. We prove TSKG does not sacrifice security. Extensive experiments show that AHSecAgg significantly outperforms state-of-the-art mask-based secure aggregation protocols in terms of computational efficiency, and TSKG effectively reduces the computation and communication costs for existing secure aggregation protocols.

Cryptography and Security

Yongchao He,Wenfei Wu,Yanfang Le,Ming Liu,ChonLam Lao

DOI: https://doi.org/10.1145/3575693.3575708

2023-01-01

Abstract:Key-value stream aggregation is a common operation in distributed systems, which requires intensive computation and network resources. We propose a generic in-network aggregation service for key-value streams, ASK, to accelerate the aggregation operations in diverse distributed applications. ASK is a switch-host co-designed system, where the programmable switch provides a best-effort aggregation service, and the host runs a daemon to interact with applications. ASK makes in-depth optimization tailored to traffic characteristics, hardware restrictions, and network unreliable natures: it vectorizes multiple key-value tuples' aggregation of one packet in one switch pipeline pass, which improves the per-host's goodput; it develops a lightweight reliability mechanism for keyvalue stream's asynchronous aggregation, which guarantees computation correctness; it designs a hot-key agnostic prioritization for key-skewed workloads, which improves the switch memory utilization. We prototype ASK and use it to support Spark and BytePS. The evaluation shows that ASK could accelerate pure keyvalue aggregation tasks by up to 155 times and big data jobs by 3-5 times, and be backward compatible with existing INA-empowered distributed training solutions with the same speedup.

Kunal Talwar,Shan Wang,Audra McMillan,Vojta Jina,Vitaly Feldman,Pansy Bansal,Bailey Basile,Aine Cahill,Yi Sheng Chan,Mike Chatzidakis,Junye Chen,Oliver Chick,Mona Chitnis,Suman Ganta,Yusuf Goren,Filip Granqvist,Kristine Guo,Frederic Jacobs,Omid Javidbakht,Albert Liu,Richard Low,Dan Mascenik,Steve Myers,David Park,Wonhee Park,Gianni Parsa,Tommy Pauly,Christian Priebe,Rehan Rishi,Guy Rothblum,Michael Scaria,Linmao Song,Congzheng Song,Karl Tarbe,Sebastian Vogt,Luke Winstrom,Shundong Zhou

2024-07-19

Abstract:We revisit the problem of designing scalable protocols for private statistics and private federated learning when each device holds its private data. Locally differentially private algorithms require little trust but are (provably) limited in their utility. Centrally differentially private algorithms can allow significantly better utility but require a trusted curator. This gap has led to significant interest in the design and implementation of simple cryptographic primitives, that can allow central-like utility guarantees without having to trust a central server. Our first contribution is to propose a new primitive that allows for efficient implementation of several commonly used algorithms, and allows for privacy accounting that is close to that in the central setting without requiring the strong trust assumptions it entails. {\em Shuffling} and {\em aggregation} primitives that have been proposed in earlier works enable this for some algorithms, but have significant limitations as primitives. We propose a {\em Samplable Anonymous Aggregation} primitive, which computes an aggregate over a random subset of the inputs and show that it leads to better privacy-utility trade-offs for various fundamental tasks. Secondly, we propose a system architecture that implements this primitive and perform a security analysis of the proposed system. Our design combines additive secret-sharing with anonymization and authentication infrastructures.

Cryptography and Security,Machine Learning

Xiang Zhang,Kai Wan,Hua Sun,Shiqiang Wang,Mingyue Ji,Giuseppe Caire

2024-10-29

Abstract:Secure aggregation is concerned with the task of securely uploading the inputs of multiple users to an aggregation server without letting the server know the inputs beyond their summation. It finds broad applications in distributed machine learning paradigms such as federated learning (FL) where multiple clients, each having access to a proprietary dataset, periodically upload their locally trained models (abstracted as inputs) to a parameter server which then generates an aggregate (e.g., averaged) model that is sent back to the clients as an initializing point for a new round of local training. To enhance the data privacy of the clients, secure aggregation protocols are developed using techniques from cryptography to ensure that the server infers no more information of the users' inputs beyond the desired aggregated input, even if the server can collude with some users. Although laying the ground for understanding the fundamental utility-security trade-off in secure aggregation, the simple star client-server architecture cannot capture more complex network architectures used in practical systems. Motivated by hierarchical federated learning, we investigate the secure aggregation problem in a $3$-layer hierarchical network consisting of clustered users connecting to an aggregation server through an intermediate layer of relays. Besides the conventional server security which requires that the server learns nothing beyond the desired sum of inputs, relay security is also imposed so that the relays infer nothing about the users' inputs and remain oblivious. For such a hierarchical secure aggregation (HSA) problem, we characterize the optimal multifaceted trade-off between communication (in terms of user-to-relay and relay-to-server communication rates) and secret key generation efficiency (in terms of individual key and source key rates).

Information Theory

Kaiping Xue,Bin Zhu,Qingyou Yang,David S. L. Wei,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2019.2961966

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Secure data aggregation has been widely studied in the area of the smart grid. Many existing schemes have studied protecting user's privacy in data aggregation by using advanced cryptographic tools. However, they usually introduce a large computation burden to smart meters in limited computing power or require a trusted authority. How to ensure the efficiency on the user side while preserving user's privacy still has not been well addressed. In this article, we consider the scenario where there does not exist a trusted authority and users in the smart grid may dynamically change, and propose an efficient and robust data aggregation scheme without a trusted authority for the smart grid. Our proposed scheme not only ensures user's privacy and efficiency but also supports flexible dynamic user management with no need of involving a trusted authority. Analysis of security and performance shows that our scheme can guarantee stronger security features, while ensuring efficiency in terms of computation, communication, and storage overhead.

Yaniv Ben-Itzhak,Helen Möllering,Benny Pinkas,Thomas Schneider,Ajith Suresh,Oleksandr Tkachenko,Shay Vargaftik,Christian Weinert,Hossein Yalame,Avishay Yanai

DOI: https://doi.org/10.1109/SaTML59370.2024.00031

2024-05-17

Abstract:Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and (ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands or even millions of (mobile) participants.

Cryptography and Security,Information Theory,Machine Learning

Taeho Jung,XuFei Mao,Xiang-Yang Li,Shaojie Tang,Wei Gong,Lan Zhang

DOI: https://doi.org/10.1109/INFCOM.2013.6567071

2013-04-12

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either assume to have a secure channel or suffer from high complexity. Here we consider how an external aggregator or multiple parties learn some algebraic statistics (e.g., summation, product) over participants' data while any individual's input data is kept secret to others (the aggregator and other participants). We assume channels in our construction are insecure. That is, all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We successfully guarantee data confidentiality under this weak assumption while limiting both the communication and computation complexity to at most linear.

Cryptography and Security

Yuqi Zhang,Xiangyang Li,Qingcai Luo,Yang Wang,Yanzhao Shen

DOI: https://doi.org/10.1145/3625343.3625344

2023-01-01

Abstract:In recent years, Federal Learning has received much attention becourse it can train models by updating gradients without contacting users’ true data. However, adversaries also can track users’ privacy from the shared gradient. In this paper, we aim to solve three major issues during the process of federated learning: 1) how to protect users’ privacy during training; 2) How to verify the correctness of the aggregation results returned from the server; 3) How to reduce communication costs while ensuring training security. So we propose a verifiable aggregation scheme that can effectively verify the results of server aggregation. Specifically, we follow the classic double mask aggregation scheme, and use Paillier homomorphic encryption algorithm to implement the message authentication code with additive homomorphic property. Users can compare their local codes with server’s aggregation results to verify the correctness of the aggregation results and improve model’s accuracy. In our framework, we adopt a Top-k gradient selection scheme to reduce models’ communication and computing overhead. Experimental results indicate that our training framework is feasible and efficient.

Zuoqi Tang,Feifei Shao,Long Chen,Yunan Ye,Chao Wu,Jun Xiao

DOI: https://doi.org/10.1007/978-3-030-93049-3_14

2021-01-01

Abstract:Federated learning (FL) was originally proposed as a new distributed machine learning paradigm that addresses the data security and privacy protection issues with a global model trained by ubiquitous local data. Currently, FL techniques have been applied in some data-sensitive areas such as finance, insurance, and healthcare. Although FL has broad application scenarios, there are still some significant and fundamental challenges, one of which is the training on Not independently and identically distributed (Non-IID) data. More concretely, the global model aggregation and collaboration of a massive number of participants on the Non-IID data remain an unsolved problem. We find that most of the model aggregation optimization algorithms in the literature suffer from significant accuracy loss in the Non-IID setting for FL . To this end, in this paper, we propose a novel model aggregation algorithm terms FedSV , which dynamically updates global model aggregation weights according to each local participant’s contribution in each training round. Furthermore, to evaluate the participants’ contribution, we propose a quantization algorithm based on Local Federated Shapley Value , which dynamically computes the contribution by the properties of the participant. Extensive experiments on Non-IID data partition, such as CIFAR-10 and MNIST, demonstrate that our approach can improve accuracy during training compared with existing methods.

Xue Yang,Zifeng Liu,Xiaohu Tang,Rongxing Lu,Bo Liu

DOI: https://doi.org/10.1109/tsc.2024.3451165

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:In light of the emergence of privacy breaches in federated learning, secure aggregation protocols, which mainly adopt either homomorphic encryption or threshold secret sharing techniques, have been extensively developed to preserve the privacy of each client's local gradient. Nevertheless, many existing schemes suffer from either poor capability of privacy protection or expensive computational and communication overheads. Accordingly, in this paper, we propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully design a multi-private key secure aggregation algorithm that achieves homomorphic addition operation, with two important benefits: 1) both the server and each client can freely select public and private keys without introducing a trusted third party, and 2) the plaintext space is relatively large, making it more suitable for deep models. Besides, for dealing with the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into one dimension, which greatly reduces encryption and decryption times as well as communication for ciphertext transmission. Detailed security analyses show that our proposed scheme can achieve semantic security of both individual local gradients and the aggregated result while achieving optimal robustness in tolerating client collusion. Extensive simulations demonstrate that the accuracy of our scheme is almost the same as the non-private approach, while the efficiency of our scheme is much better than the state-of-the-art baselines. More importantly, the efficiency advantages of our scheme will become increasingly prominent as the number of model parameters increases.

computer science, information systems, software engineering

Ning Li,Ming Zhou,Haiyang Yu,Yuwen Chen,Zhen Yang

DOI: https://doi.org/10.1109/jiot.2023.3330813

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:As many countries have promulgated laws to protect users’ data privacy, how to legally use users’ data has become a hot topic. With the emergence of federated learning (also known as collaborative learning), multiple participants can create a common, robust, and secure machine learning model while addressing key issues in data sharing such as privacy, security, accessibility, etc. Unfortunately, existing research shows that federated learning is not as secure as it claims, gradient leakage and the correctness of aggregation results are still key problems. Recently, some scholars try to address these security problems in federated learning by cryptography and verification techniques. However, there are some issues in this scheme that remain unsolved. First, some solutions cannot guarantee the correctness of the aggregation results. Second, existing state-of-the-art federated learning schemes have a costly computational and communication overhead. In this paper, we propose SVFLC, a secure and verifiable federated learning scheme with chain aggregation to solve these problems. We first design a privacy-preserving method that can solve the problem of gradient leakage and defend against collusion attacks by semi-honest users. Then, we create a verifiable method based on a homomorphic hash function, which can ensure the correctness of the weighted aggregation results. Besides, the SVFLC can also track users who encounter calculation errors during the aggregation process. Additionally, the extensive experiment results on real-world datasets demonstrate that the SVFLC is efficient, compared with other solutions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Taeho Jung,Xufei Mao,Xiang-Yang Li,Shao-Jie Tang,Wei Gong,Lan Zhang

DOI: https://doi.org/10.1109/infcom.2013.6567071

2013-01-01

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's privately owned data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either require secure pair-wise communication channels or suffer from high complexity. In this paper, we consider how an external aggregator or multiple parties can learn some algebraic statistics (e.g., sum, product) over participants' privately owned data while preserving the data privacy. We assume all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We propose several protocols that successfully guarantee data privacy under this weak assumption while limiting both the communication and computation complexity of each participant to a small constant.

James Henry Bell,Kallista A. Bonawitz,Adrià Gascón,Tancrède Lepoint,Mariana Raykova

DOI: https://doi.org/10.1145/3372297.3417885

2020-10-30

Abstract:Secure aggregation is a cryptographic primitive that enables a server to learn the sum of the vector inputs of many clients. Bonawitz et al. (CCS 2017) presented a construction that incurs computation and communication for each client linear in the number of parties. While this functionality enables a broad range of privacy preserving computational tasks, scaling concerns limit its scope of use. We present the first constructions for secure aggregation that achieve polylogarithmic communication and computation per client. Our constructions provide security in the semi-honest and the semi-malicious settings where the adversary controls the server and a δ-fraction of the clients, and correctness with up to δ-fraction dropouts among the clients. Our constructions show how to replace the complete communication graph of Bonawitz et al., which entails the linear overheads, with a k-regular graph of logarithmic degree while maintaining the security guarantees. Beyond improving the known asymptotics for secure aggregation, our constructions also achieve very efficient concrete parameters. The semi-honest secure aggregation can handle a billion clients at the per-client cost of the protocol of Bonawitz et al. for a thousand clients. In the semi-malicious setting with 10 4 clients, each client needs to communicate only with 3% of the clients to have a guarantee that its input has been added together with the inputs of at least 5000 other clients, while withstanding up to 5% corrupt clients and 5% dropouts. We also show an application of secure aggregation to the task of secure shuffling which enables the first cryptographically secure instantiation of the shuffle model of differential privacy.

Xue Yang,Zifeng Liu,Xiaohu Tang,Rongxing Lu,Bo Liu

2024-05-31

Abstract:With the emergence of privacy leaks in federated learning, secure aggregation protocols that mainly adopt either homomorphic encryption or threshold secret sharing have been widely developed for federated learning to protect the privacy of the local training data of each client. However, these existing protocols suffer from many shortcomings, such as the dependence on a trusted third party, the vulnerability to clients being corrupted, low efficiency, the trade-off between security and fault tolerance, etc. To solve these disadvantages, we propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully modify the variant ElGamal encryption technique to achieve homomorphic addition operation, which has two important advantages: 1) The server and each client can freely select public and private keys without introducing a trust third party and 2) Compared to the variant ElGamal encryption, the plaintext space is relatively large, which is more suitable for the deep model. Besides, for the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into 1-D, which can greatly reduce encryption and decryption times as well as communication for ciphertext transmission. Detailed security analyses show that our proposed scheme achieves the semantic security of both individual local gradients and the aggregated result while achieving optimal robustness in tolerating both client collusion and dropped clients. Extensive simulations demonstrate that the accuracy of our scheme is almost the same as the non-private approach, while the efficiency of our scheme is much better than the state-of-the-art homomorphic encryption-based secure aggregation schemes. More importantly, the efficiency advantages of our scheme will become increasingly prominent as the number of model parameters increases.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning

Mohammed Alghazwi,Dewi Davies-Batista,Dimka Karastoyanova,Fatih Turkmen

2024-03-22

Abstract:Aggregate statistics play an important role in extracting meaningful insights from distributed data while preserving privacy. A growing number of application domains, such as healthcare, utilize these statistics in advancing research and improving patient care.

Cryptography and Security

Hua Sun

2023-07-25

Abstract:Secure aggregation usually aims at securely computing the sum of the inputs from $K$ users at a server. Noticing that the sum might inevitably reveal information about the inputs (when the inputs are non-uniform) and typically the users (not the server) desire the sum (in applications such as federated learning), we consider a variant of secure aggregation where the server is oblivious, i.e., the server only serves as a communication facilitator/helper to enable the users to securely compute the sum and learns nothing in the process. Our communication protocol involves one round of messages from the users to the server and one round of messages from the server to each user such that in the end each user only learns the sum of all $K$ inputs and the server learns no information about the inputs. For this secure aggregation with an oblivious server problem, we show that to compute $1$ bit of the sum securely, each user needs to send at least $1$ bit to the server, the server needs to send at least $1$ bit to each user, each user needs to hold a key of at least $2$ bits, and all users need to collectively hold at least $K$ key bits. In addition, when user dropouts are allowed, the optimal performance remains the same, except that the minimum size of the key held by each user increases to $K$ bits, per sum bit.

Information Theory

Mohamad Mansouri,Melek Önen,Wafa Ben Jaballah,Mauro Conti

DOI: https://doi.org/10.56553/popets-2023-0009

2023-01-01

Proceedings on Privacy Enhancing Technologies

Abstract:Secure aggregation consists of computing the sum of data collected from multiple sources without disclosing these individual inputs. Secure aggregation has been found useful for various applications ranging from electronic voting to smart grid measurements. Recently, federated learning emerged as a new collaborative machine learning technology to train machine learning models. In this work, we study the suitability of secure aggregation based on cryptographic schemes to federated learning. We first provide a formal definition of the problem and suggest a systematic categorization of existing solutions. We further investigate the specific challenges raised by federated learning and analyze the recent dedicated secure aggregation solutions based on cryptographic schemes. We finally share some takeaway messages that would help a secure design of federated learning and identify open research directions in this topic. Based on the takeaway messages, we propose an improved definition of secure aggregation that better fits federated learning.