边缘计算下的可验证分层隐私保护联邦学习方案

doi:10.3778/j.issn.1002-8331.2407-0515

摘要/Abstract

摘要： 边缘计算下的联邦学习能够促进设备协作，提升学习效率，有效改善现有学习方式的不足，然而在联邦学习过程中，参与者的敏感信息可能通过本地模型泄露、恶意服务器可能反馈错误结果。针对边缘计算下联邦学习过程中存在的隐私泄露以及错误结果反馈问题，提出一种“云-边-端”协同的可验证分层隐私保护联邦学习方案（verifiable hierarchical privacy protection federated learning，VHPPFL）。在该方案中，终端设备层通过添加掩码来保护本地模型；边缘服务器层通过差分隐私和同态加密技术来保护聚合模型；利用分阶段验证聚合来保证聚合结果正确性并减少验证开销。在FashionMNIST数据集上的实验表明，该方案能够以较高效率实现对模型参数保护以及正确性验证。

关键词: 边缘计算, 联邦学习, 隐私保护, 正确性验证

Abstract: Federated learning under edge computing can promote device collaboration, improve learning efficiency, and effectively improve the shortcomings of existing learning methods. However, in the federated learning process, the sensitive information of participants may be leaked through the local model, and the aggregation server may feedback wrong results. Aiming at the problems of privacy leakage and wrong result feedback in federated learning process of edge computing, this paper proposes a verifiable hierarchical privacy protection federated learning, VHPPFL. In this scheme, the terminal device layer protects the local model by adding mask. The edge server layer protects the aggregation model by differential privacy and homomorphic encryption. Validating aggregation results in stages ensures correctness and reduces validation overhead. Experiments on FashionMNIST dataset show that this scheme can protect model parameters and verify model correctness with high efficiency.

Key words: edge computing, federal learning, privacy protection, correctness verification

张磊, 叶前呈, 纪莉莉. 边缘计算下的可验证分层隐私保护联邦学习方案[J]. 计算机工程与应用, 2025, 61(21): 309-323.

ZHANG Lei, YE Qiancheng, JI Lili. Verifiable Hierarchical Privacy Protection Federated Learning Scheme for Edge Computing[J]. Computer Engineering and Applications, 2025, 61(21): 309-323.

参考文献

[1] SHI W S, CAO J, ZHANG Q, et al. Edge computing: vision and challenges[J]. IEEE Internet of Things Journal, 2016, 3(5): 637-646.
[2] FILHO C P, MARQUES E, CHANG V, et al. A systematic literature review on distributed machine learning in edge computing[J]. Sensors, 2022, 22(7): 2665.
[3] MCMAHAN H B, MOORE E, RAMAGE D, et al. Communication-efficient learning of deep networks from decentralized data[C]//Proceedings of the International Conference on Artificial Intelligence and Statistics, 2016.
[4] LIN F P, HOSSEINALIPOUR S, MICHELUSI N, et al. Delay-aware hierarchical federated learning[J]. IEEE Transactions on Cognitive Communications and Networking, 2024, 10(2): 674-688.
[5] HE X, PENG C G, TAN W J. Fast and accurate deep leakage from gradients based on Wasserstein distance[J]. International Journal of Intelligent Systems, 2023, 2023(1): 5510329.
[6] WANG Z B, SONG M K, ZHANG Z F, et al. Beyond inferring class representatives: user-level privacy leakage from federated learning[C]//Proceedings of the 2019 IEEE Conference on Computer Communications. Piscataway: IEEE, 2019: 2512-2520.
[7] HU X Y, LI R Q, WANG L C, et al. A data sharing scheme based on federated learning in IoV[J]. IEEE Transactions on Vehicular Technology, 2023, 72(9): 11644-11656.
[8] LIU W T, XU X L, LI D J, et al. Privacy preservation for federated learning with robust aggregation in edge computing[J]. IEEE Internet of Things Journal, 2023, 10(8): 7343-7355.
[9] LI D F, LAI J S, WANG R J, et al. Ubiquitous intelligent federated learning privacy-preserving scheme under edge computing[J]. Future Generation Computer Systems, 2023, 144: 205-218.
[10] PENG Z, XU J L, CHU X W, et al. VFChain: enabling verifiable and auditable federated learning via blockchain systems[J]. IEEE Transactions on Network Science and Engineering, 2022, 9(1): 173-186.
[11] GONG X L, CHEN Y J, WANG Q, et al. Backdoor attacks and defenses in federated learning: state-of-the-art, taxonomy, and future directions[J]. IEEE Wireless Communications, 2023, 30(2): 114-121.
[12] XU G W, LI H W, LIU S, et al. VerifyNet: secure and verifiable federated learning[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 911-926.
[13] ZHANG X L, FU A M, WANG H Q, et al. A privacy-preserving and verifiable federated learning scheme[C]//Proceedings of the 2020 IEEE International Conference on Communications. Piscataway: IEEE, 2020: 1-6.
[14] YANG Z, ZHOU M, YU H Y, et al. Efficient and secure federated learning with verifiable weighted average aggregation[J]. IEEE Transactions on Network Science and Engineering, 2023, 10(1): 205-222.
[15] ZHANG J L, WANG J Y, ZHAO Y C, et al. An efficient federated learning scheme with differential privacy in mobile edge computing[C]//Proceedings of the 4th International Conference on Machine Learning and Intelligent Communications. Cham: Springer, 2019: 538-550.
[16] YANG W Z, ZHOU Y P, HU M, et al. Gain without pain: offsetting DP-injected noises stealthily in cross-device federated learning[J]. IEEE Internet of Things Journal, 2022, 9(22): 22147-22157.
[17] MA X, ZHANG F G, CHEN X F, et al. Privacy preserving multi-party computation delegation for deep learning in cloud computing[J]. Information Sciences, 2018, 459: 103-116.
[18] FANG C, GUO Y B, WANG N, et al. Highly efficient federated learning with strong privacy preservation in cloud computing[J]. Computers & Security, 2020, 96: 101889.
[19] ZHU H Y, WANG R, JIN Y C, et al. Distributed additive encryption and quantization for privacy preserving federated deep learning[J]. Neurocomputing, 2021, 463: 309-327.
[20] FENG J, YANG L T, ZHU Q, et al. Privacy-preserving tensor decomposition over encrypted data in a federated cloud environment[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 17(4): 857-868.
[21] LIN L, ZHANG X Y. PPVerifier: a privacy-preserving and verifiable federated learning method in cloud-edge collaborative computing environment[J]. IEEE Internet of Things Journal, 2023, 10(10): 8878-8892.
[22] ZHANG Y F, MIAO Y B, LI X H, et al. Efficient privacy-preserving federated learning with improved compressed sensing[J]. IEEE Transactions on Industrial Informatics, 2024, 20(3): 3316-3326.
[23] GUO X J, LIU Z L, LI J, et al. VeriFL: communication-efficient and fast verifiable aggregation for federated learning[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 1736-1751.
[24] FAN M C, JI K L, ZHANG Z F, et al. Lightweight privacy and security computing for blockchained federated learning in IoT[J]. IEEE Internet of Things Journal, 2023, 10(18): 16048-16060.
[25] REN Y L, LI Y R, FENG G R, et al. Privacy-enhanced and verification-traceable aggregation for federated learning[J]. IEEE Internet of Things Journal, 2022, 9(24): 24933-24948.
[26] ELTARAS T, SABRY F, LABDA W, et al. Efficient verifiable protocol for privacy-preserving aggregation in federated learning[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 2977-2990.
[27] LIN J, MIAO Y B, WEI L F, et al. Efficient secure inference scheme in multiparty settings for industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2024, 20(10): 11877-11886.
[28] XIA Y J, LIU Y N, DONG S, et al. SVCA: secure and verifiable chained aggregation for privacy-preserving federated learning[J]. IEEE Internet of Things Journal, 2024, 11(10): 18351-18365.
[29] MILLION E. The hadamard product[EB/OL]. (2007)[2024-07-15]. https://docslib.org/doc/7264262/the-hadamard-product.
[30] EL OUADRHIRI A, ABDELHADI A. Differential privacy for deep and federated learning: a survey[J]. IEEE Access, 2022, 10: 22359-22380.
[31] BATOOL H, ANJUM A, KHAN A, et al. A secure and privacy preserved infrastructure for VANETs based on federated learning with local differential privacy[J]. Information Sciences, 2024, 652: 119717.
[32] MUTHUKRISHNAN G, KALYANI S. Grafting Laplace and Gaussian distributions: a new noise mechanism for differential privacy[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 5359-5374.
[33] BONEH D, FRANKLIN M. Identity-based encryption from the Weil pairing[J]. SIAM Journal on Computing, 2003, 32(3): 586-615.
[34] HE C R, LIU G Y, GUO S T, et al. Privacy-preserving and low-latency federated learning in edge computing[J]. IEEE Internet of Things Journal, 2022, 9(20): 20149-20159.
[35] WANG G, ZHOU L, LI Q M, et al. FVFL: a flexible and verifiable privacy-preserving federated learning scheme[J]. IEEE Internet of Things Journal, 2024, 11(13): 23268-23281.
[36] XIAO H, RASUL K, VOLLGRAF R. Fashion-MNIST: a novel image dataset for benchmarking machine learning algorithms[J]. arXiv:1708.07747, 2017.
[37] GONG M G, FENG J L, XIE Y. Privacy-enhanced multi-party deep learning[J]. Neural Networks, 2020, 121: 484-496.