Qun Zhou,Wenting Shen

DOI: https://doi.org/10.1007/s10586-024-04558-5

2024-06-17

Cluster Computing

Abstract:Federated learning, as an emerging framework for distributed machine learning, has received widespread attention. In federated learning, the cloud server and the users cooperatively train a model by sharing gradients rather than local private data. However, the users' private data may still be exposed by the shared gradients. Furthermore, the cloud server may perform incorrect aggregation operations on the gradients sent by users and send a forged or previous aggregated gradient to the users. In this paper, we propose PPFLV, a privacy-preserving federated learning scheme with verifiability. Specifically, to protect the users' privacy, we design an efficient double gradient blinding and encryption method to blind and encrypt the users' local gradients. Furthermore, we propose a novel double gradient verification method that can achieve secure verification while resisting replay attacks in the verification phase. With the proposed verification method, the users only require to perform lightweight operations to verify the correctness of the aggregated encrypted gradients and recover the aggregated gradient from the aggregated encrypted gradients. The experimental results show that PPFLV achieves comparable classification accuracy to the basic federated learning scheme while providing privacy protection and verifiability. Furthermore, PPFLV exhibits lower computation and communication overhead compared to related schemes.

computer science, information systems, theory & methods

Jiaqi Zhao,Hui Zhu,Fengwei Wang,Rongxing Lu,Zhe Liu,Hui Li

DOI: https://doi.org/10.1109/tifs.2022.3176191

IF: 7.231

2022-06-29

IEEE Transactions on Information Forensics and Security

Abstract:Over the past years, the increasingly severe data island problem has spawned an emerging distributed deep learning framework—federated learning, in which the global model can be constructed over multiple participants without directly sharing their raw data. Despite its promising prospect, there are still many security challenges in federated learning, such as privacy preservation and integrity verification. Furthermore, federated learning is usually performed with the assistance of a center, which is prone to cause trust worries and communicational bottlenecks. To tackle these challenges, in this paper, we propose a privacy-preserving and verifiable decentralized federated learning framework, named PVD-FL, which can achieve secure deep learning model training under a decentralized architecture. Specifically, we first design an efficient and verifiable cipher-based matrix multiplication (EVCM) algorithm to execute the most basic calculation in deep learning. Then, by employing EVCM, we design a suite of decentralized algorithms to construct the PVD-FL framework, which ensures the confidentiality of both global model and local update and the verification of every training step. Detailed security analysis shows that PVD-FL can well protect privacy against various inference attacks and guarantee training integrity. In addition, the extensive experiments on real-world datasets also demonstrate that PVD-FL can achieve lossless accuracy and practical performance.

computer science, theory & methods,engineering, electrical & electronic

Huang Zeng,Anjia Yang,Jian Weng,Min-Rong Chen,Fengjun Xiao,Yi Liu,Ye Yao

2024-05-07

Abstract:Federated learning (FL) has attracted widespread attention because it supports the joint training of models by multiple participants without moving private dataset. However, there are still many security issues in FL that deserve discussion. In this paper, we consider three major issues: 1) how to ensure that the training process can be publicly audited by any third party; 2) how to avoid the influence of malicious participants on training; 3) how to ensure that private gradients and models are not leaked to third parties. Many solutions have been proposed to address these issues, while solving the above three problems simultaneously is seldom considered. In this paper, we propose a publicly auditable and privacy-preserving federated learning scheme that is resistant to malicious participants uploading gradients with wrong directions and enables anyone to audit and verify the correctness of the training process. In particular, we design a robust aggregation algorithm capable of detecting gradients with wrong directions from malicious participants. Then, we design a random vector generation algorithm and combine it with zero sharing and blockchain technologies to make the joint training process publicly auditable, meaning anyone can verify the correctness of the training. Finally, we conduct a series of experiments, and the experimental results show that the model generated by the protocol is comparable in accuracy to the original FL approach while keeping security advantages.

Cryptography and Security

Lifeng Liu,Yifan Hu,Jiawei Yu,Fengda Zhang,Gang Huang,Jun Xiao,Chao Wu

DOI: https://doi.org/10.1145/3387168.3387211

2019-01-01

Abstract:Currently, training neural networks often requires a large corpus of data from multiple parties. However, data owners are reluctant to share their sensitive data to third parties for modelling in many cases. Therefore, Federated Learning (FL) has arisen as an alternative to enable collaborative training of models without sharing raw data, by distributing modelling tasks to multiple data owners. Based on FL, we premodel sent a novel and decentralized approach to training encrypted models with privacy-preserved data on Blockchain. In our approach, Blockchain is adopted as the machine learning environment where different actors (i.e., the model provider, the data provider) collaborate on the training task. During the training process, an encryption algorithm is used to protect the privacy of data and the trained model. Our experiments demonstrate that our approach is practical in real-world applications.

Yanli Ren,Yerong Li,Guorui Feng,Xinpeng Zhang

DOI: https://doi.org/10.1109/jiot.2022.3194930

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a distributed machine learning framework, which allows multiple users to collaboratively train and obtain a global model with high accuracy. Currently, FL is paid more attention by researchers and a growing number of protocols are proposed. This article first analyzes the security vulnerabilities of the VerifyNet and VeriFL protocols, and proposes a new aggregation protocol for FL. We use additive homomorphic encryption and double masking to simultaneously protect the user’s local model and the aggregated global model while most of the existing protocols only consider the privacy of the local model. Also, linear homomorphic hash and digital signature are used to achieve traceable verification, which means the users can not only verify the aggregation results, but also be able to identify the wrong epoch if the results are wrong. In summary, our protocol can realize the privacy of the local model and global model and achieve verification traceability even if the cloud server colludes with malicious users. The experimental results show that the proposed protocol improves the security of FL without decreasing the efficiency of the users and classification accuracy of the training model.

Xue Jiang,Xuebing Zhou,Jens Grossklags

DOI: https://doi.org/10.2478/popets-2022-0045

2022-03-03

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Vertical federated learning (VFL), a variant of federated learning, has recently attracted increasing attention. An active party having the true labels jointly trains a model with other parties (referred to as passive parties ) in order to use more features to achieve higher model accuracy. During the prediction phase, all the parties collaboratively compute the predicted confidence scores of each target record and the results will be finally returned to the active party. However, a recent study by Luo et al . [28] pointed out that the active party can use these confidence scores to reconstruct passive-party features and cause severe privacy leakage. In this paper, we conduct a comprehensive analysis of privacy leakage in VFL frameworks during the prediction phase. Our study improves on previous work [28] regarding two aspects. We first design a general gradient-based reconstruction attack framework that can be flexibly applied to simple logistic regression models as well as multi-layer neural networks. Moreover, besides performing the attack under the white-box setting, we give the first attempt to conduct the attack under the black-box setting. Extensive experiments on a number of real-world datasets show that our proposed attack is effective under different settings and can achieve at best twice or thrice of a reduction of attack error compared to previous work [28]. We further analyze a list of potential mitigation approaches and compare their privacy-utility performances. Experimental results demonstrate that privacy leakage from the confidence scores is a substantial privacy risk in VFL frameworks during the prediction phase, which cannot be simply solved by crypto-based confidentiality approaches. On the other hand, processing the confidence scores with information compression and randomization approaches can provide strengthened privacy protection.

Haiqin Weng,Juntao Zhang,Feng Xue,Tao Wei,Shouling Ji,Zhiyuan Zong

2020-01-01

Abstract:Federated learning enables mutually distrusting participants to collaboratively learn a distributed machine learning model without revealing anything but the model's output. Generic federated learning has been studied extensively, and several learning protocols, as well as open-source frameworks, have been developed. Yet, their over pursuit of computing efficiency and fast implementation might diminish the security and privacy guarantees of participant's training data, about which little is known thus far. In this paper, we consider an honest-but-curious adversary who participants in training a distributed ML model, does not deviate from the defined learning protocol, but attempts to infer private training data from the legitimately received information. In this setting, we design and implement two practical attacks, reverse sum attack and reverse multiplication attack, neither of which will affect the accuracy of the learned model. By empirically studying the privacy leakage of two learning protocols, we show that our attacks are (1) effective - the adversary successfully steal the private training data, even when the intermediate outputs are encrypted to protect data privacy; (2) evasive - the adversary's malicious behavior does not deviate from the protocol specification and deteriorate any accuracy of the target model; and (3) easy - the adversary needs little prior knowledge about the data distribution of the target participant. We also experimentally show that the leaked information is as effective as the raw training data through training an alternative classifier on the leaked information. We further discuss potential countermeasures and their challenges, which we hope may lead to several promising research directions.

Runhua Xu,Nathalie Baracaldo,Yi Zhou,Ali Anwar,James Joshi,Heiko Ludwig

DOI: https://doi.org/10.48550/arXiv.2103.03918

IF: 5.414

2021-03-05

Machine Learning

Abstract:Federated learning (FL) has been proposed to allow collaborative training of machine learning (ML) models among multiple parties where each party can keep its data private. In this paradigm, only model updates, such as model weights or gradients, are shared. Many existing approaches have focused on horizontal FL, where each party has the entire feature set and labels in the training data set. However, many real scenarios follow a vertically-partitioned FL setup, where a complete feature set is formed only when all the datasets from the parties are combined, and the labels are only available to a single party. Privacy-preserving vertical FL is challenging because complete sets of labels and features are not owned by one entity. Existing approaches for vertical FL require multiple peer-to-peer communications among parties, leading to lengthy training times, and are restricted to (approximated) linear models and just two parties. To close this gap, we propose FedV, a framework for secure gradient computation in vertical settings for several widely used ML models such as linear models, logistic regression, and support vector machines. FedV removes the need for peer-to-peer communication among parties by using functional encryption schemes; this allows FedV to achieve faster training times. It also works for larger and changing sets of parties. We empirically demonstrate the applicability for multiple types of ML models and show a reduction of 10%-70% of training time and 80% to 90% in data transfer with respect to the state-of-the-art approaches.

Kalikinkar Mandal,Guang Gong

DOI: https://doi.org/10.48550/arXiv.2004.02264

2020-04-05

Cryptography and Security

Abstract:Federated Learning (FL) enables a large number of users to jointly learn a shared machine learning (ML) model, coordinated by a centralized server, where the data is distributed across multiple devices. This approach enables the server or users to train and learn an ML model using gradient descent, while keeping all the training data on users' devices. We consider training an ML model over a mobile network where user dropout is a common phenomenon. Although federated learning was aimed at reducing data privacy risks, the ML model privacy has not received much attention. In this work, we present PrivFL, a privacy-preserving system for training (predictive) linear and logistic regression models and oblivious predictions in the federated setting, while guaranteeing data and model privacy as well as ensuring robustness to users dropping out in the network. We design two privacy-preserving protocols for training linear and logistic regression models based on an additive homomorphic encryption (HE) scheme and an aggregation protocol. Exploiting the training algorithm of federated learning, at the core of our training protocols is a secure multiparty global gradient computation on alive users' data. We analyze the security of our training protocols against semi-honest adversaries. As long as the aggregation protocol is secure under the aggregation privacy game and the additive HE scheme is semantically secure, PrivFL guarantees the users' data privacy against the server, and the server's regression model privacy against the users. We demonstrate the performance of PrivFL on real-world datasets and show its applicability in the federated learning system.

Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yunbo Yang,Xiang Chen,Yuhao Pan,Jiachen Shen,Zhenfu Cao,Xiaolei Dong,Xiaoguo Li,Jianfei Sun,Guomin Yang,Robert Deng

DOI: https://doi.org/10.1109/tifs.2024.3477924

IF: 7.231

2024-10-26

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning (FL) allows multiple parties, each holding a dataset, to jointly train a model without leaking any information about their own datasets. In this paper, we focus on vertical FL (VFL). In VFL, each party holds a dataset with the same sample space and different feature spaces. All parties should first agree on the training dataset in the ID alignment phase. However, existing works may leak some information about the training dataset and cause privacy leakage. To address this issue, this paper proposes OpenVFL, a vertical federated learning framework with stronger privacy-preserving. We first propose NCLPSI, a new variant of labeled PSI, in which both parties can invoke this protocol to get the encrypted training dataset without leaking any additional information. After that, both parties train the model over the encrypted training dataset. We also formally analyze the security of OpenVFL. In addition, the experimental results show that OpenVFL achieves the best trade-offs between accuracy, performance, and privacy among the most state-of-the-art works.

computer science, theory & methods,engineering, electrical & electronic

Xiaopeng Yu,Jie Feng,Wei Zhao,Haomiao Yang,Dianhua Tang

DOI: https://doi.org/10.1007/s12083-023-01512-x

IF: 3.488

2023-07-12

Peer-to-Peer Networking and Applications

Abstract:Federated learning is an emerging paradigm of distributed collaborative machine learning , which allows different data nodes to train together for building a better model. Recently, privacy-preserving federated logistic regression has been widely concerned by academia and industry, which exploits techniques such as secure multi-party computation (MPC), homomorphic encryption (HE), and differential privacy (DP) to train shared model among different data nodes. However, MPC-based schemes could not efficiently handle high-dimensional sparse data and have high communication burden; HE-based schemes have potential information leakage risks and high computational burden; DP-based schemes affect the speed of model convergence and cause a loss of model accuracy. Besides, some of the existing schemes require a trusted third-party (TTP) coordinator, which greatly increases the complexity of training. To address these problems, in this paper, combining the HE and secret sharing (SS), we present a peer-to-peer privacy-preserving vertical federated logistic regression (VFLR) without TTP, which can securely train a shared model over vertically partitioned large-scale data from two data nodes. Moreover, to ensure the security of the training process, the proposed scheme secretly shares model weights between two data nodes, rather than reveals them to both parties during model training. Furthermore, the proposed scheme utilizes the single instruction multiple data (SIMD) and batching to achieve parallel processing and time amortization. Finally, the experimental evaluations demonstrate that the proposed scheme has less training time and better model performance than existing schemes.

computer science, information systems,telecommunications

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Xue Yang,Minjie Ma,Xiaohu Tang

DOI: https://doi.org/10.1016/j.future.2024.06.002

IF: 7.307

2024-06-07

Future Generation Computer Systems

Abstract:As one of the most important methods of privacy computing, federated learning has attracted much attention as it makes data available but invisible (i.e., uploading gradients instead of raw data). However, adversaries may still recover some private information such as tabs, memberships or even training data, from gradients. Additionally, the malicious server may return the incorrect or forged aggregated result to clients for certain illegal interests. To ensure verifiability and privacy-preservation, in this paper, we present a verifiable secure aggregation scheme under the dual-server federated learning framework. Specifically, we combine the learning with error (LWE) cryptosystem with the secret sharing technique to guarantee the privacy of the aggregated result and each client's local gradient. Meanwhile, we skillfully design a double-verification protocol, including the server-side and client-side verification, to efficiently verify the correctness of the aggregated result and ensure data availability. Specifically, two servers mutually verify the correctness of the aggregated result through the linear homomorphic hash technique. After passing the server-side mutual verification, the malicious server may still directly broadcast the forged aggregated result to clients. Our client-side verification protocol can ensure data availability to identify the correct aggregation result sent by the semi-trusted server. To the best of our knowledge, existing solutions do not take data availability into account. Extensive experimental comparisons with the state-of-the-art schemes demonstrate the effectiveness and efficiency of the proposed scheme in terms of accuracy, computational cost and communication overhead.

computer science, theory & methods

Xiangyun Tang,Meng Shen,Qi Li,Liehuang Zhu,Tengfei Xue,Qiang Qu

DOI: https://doi.org/10.1109/tdsc.2023.3239007

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Federated learning (FL) protects training data in clients by collaboratively training local machine learning models of clients for a global model, instead of directly feeding the training data to the server. However, existing studies show that FL is vulnerable to various attacks, resulting in training data leakage or interfering with the model training. Specifically, an adversary can analyze local gradients and the global model to infer clients’ data, and poison local gradients to generate an inaccurate global model. It is extremely challenging to guarantee strong privacy protection of training data while ensuring the robustness of model training. None of the existing studies can achieve the goal. In this paper, we propose a robust privacy-preserving federated learning framework (PILE), which protects the privacy of local gradients and global models, while ensuring their correctness by gradient verification where the server verifies the computation process of local gradients. In PILE, we develop a verifiable perturbation scheme that makes confidential local gradients verifiable for gradient verification. In particular, we build two building blocks of zero-knowledge proofs for the gradient verification without revealing both local gradients and global models. We perform rigorous theoretical analysis that proves the security of PILE and evaluate PILE on both passive and active membership inference attacks. The experiment results show that the attack accuracy under PILE is between $[50.3\%,50.9\%]$ , which is close to the random guesses. Particularly, compared to prior defenses that incur the accuracy losses ranging from 2% to 13%, the accuracy loss of PILE is negligible, i.e., only $\pm 0.3\%$ accuracy loss.

Zhaosen Shi,Zeyu Yang,Alzubair Hassan,Fagen Li,Xuyang Ding

DOI: https://doi.org/10.1007/s11235-022-00982-3

2022-12-09

Telecommunication Systems

Abstract:The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

telecommunications

Junkai Wang,Ling Xiong,Zhicai Liu,Huan Wang,Chunlin Li

DOI: https://doi.org/10.1016/j.compeleceng.2024.109189

IF: 4.152

2024-03-21

Computers & Electrical Engineering

Abstract:Machine Learning as a Service (MLaaS) has been widely used, such as logistic regression models trained in the cloud to provide people with classification predictions. However, these services allow the cloud to collect data from a large number of users, which could raise privacy concerns. With sharing of local models rather than user data, Federated Learning (FL) alleviates data privacy. But, in FL setting the difference between the predictive value provided by the optimal model and the shared global model (called maturing model) that approximates it is not significant, which still raises a security risk. In this paper, we design a flexible and privacy-preserving FL system to tackle these issues. This system makes the training process divide into two stages by analyzing whether the metrics of the iterative global gradient reach a set threshold or not. The two stages are implemented with Re-Encryption and CKKS homomorphism, which not only enables a secure aggregation in the cloud, but also maintains the security of the maturing model. Through detailed analysis, we prove the security of our protocol. Moreover, quantitative comparisons in the final experiments demonstrates that our scheme can achieve trade-off between accuracy, training time cost and communication overhead.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Vaikkunth Mugunthan,Anton Peraire-Bueno,Lalana Kagal

DOI: https://doi.org/10.48550/arXiv.2002.08423

IF: 5.414

2020-02-19

Machine Learning

Abstract:Federated learning is a technique that enables distributed clients to collaboratively learn a shared machine learning model while keeping their training data localized. This reduces data privacy risks, however, privacy concerns still exist since it is possible to leak information about the training dataset from the trained model's weights or parameters. Setting up a federated learning environment, especially with security and privacy guarantees, is a time-consuming process with numerous configurations and parameters that can be manipulated. In order to help clients ensure that collaboration is feasible and to check that it improves their model accuracy, a real-world simulator for privacy-preserving and secure federated learning is required. In this paper, we introduce PrivacyFL, which is an extensible, easily configurable and scalable simulator for federated learning environments. Its key features include latency simulation, robustness to client departure, support for both centralized and decentralized learning, and configurable privacy and security mechanisms based on differential privacy and secure multiparty computation. In this paper, we motivate our research, describe the architecture of the simulator and associated protocols, and discuss its evaluation in numerous scenarios that highlight its wide range of functionality and its advantages. Our paper addresses a significant real-world problem: checking the feasibility of participating in a federated learning environment under a variety of circumstances. It also has a strong practical impact because organizations such as hospitals, banks, and research institutes, which have large amounts of sensitive data and would like to collaborate, would greatly benefit from having a system that enables them to do so in a privacy-preserving and secure manner.

Yuqi Zhang,Xiangyang Li,Qingcai Luo,Yang Wang,Yanzhao Shen

DOI: https://doi.org/10.1145/3625343.3625344

2023-01-01

Abstract:In recent years, Federal Learning has received much attention becourse it can train models by updating gradients without contacting users’ true data. However, adversaries also can track users’ privacy from the shared gradient. In this paper, we aim to solve three major issues during the process of federated learning: 1) how to protect users’ privacy during training; 2) How to verify the correctness of the aggregation results returned from the server; 3) How to reduce communication costs while ensuring training security. So we propose a verifiable aggregation scheme that can effectively verify the results of server aggregation. Specifically, we follow the classic double mask aggregation scheme, and use Paillier homomorphic encryption algorithm to implement the message authentication code with additive homomorphic property. Users can compare their local codes with server’s aggregation results to verify the correctness of the aggregation results and improve model’s accuracy. In our framework, we adopt a Top-k gradient selection scheme to reduce models’ communication and computing overhead. Experimental results indicate that our training framework is feasible and efficient.

Ning Li,Ming Zhou,Haiyang Yu,Yuwen Chen,Zhen Yang

DOI: https://doi.org/10.1109/jiot.2023.3330813

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:As many countries have promulgated laws to protect users’ data privacy, how to legally use users’ data has become a hot topic. With the emergence of federated learning (also known as collaborative learning), multiple participants can create a common, robust, and secure machine learning model while addressing key issues in data sharing such as privacy, security, accessibility, etc. Unfortunately, existing research shows that federated learning is not as secure as it claims, gradient leakage and the correctness of aggregation results are still key problems. Recently, some scholars try to address these security problems in federated learning by cryptography and verification techniques. However, there are some issues in this scheme that remain unsolved. First, some solutions cannot guarantee the correctness of the aggregation results. Second, existing state-of-the-art federated learning schemes have a costly computational and communication overhead. In this paper, we propose SVFLC, a secure and verifiable federated learning scheme with chain aggregation to solve these problems. We first design a privacy-preserving method that can solve the problem of gradient leakage and defend against collusion attacks by semi-honest users. Then, we create a verifiable method based on a homomorphic hash function, which can ensure the correctness of the weighted aggregation results. Besides, the SVFLC can also track users who encounter calculation errors during the aggregation process. Additionally, the extensive experiment results on real-world datasets demonstrate that the SVFLC is efficient, compared with other solutions.

computer science, information systems,telecommunications,engineering, electrical & electronic