VeriTrac: Verifiable and traceable cross-silo federated learning

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS Future Generation Computer Systems-The International Journal of Escience Pub Date : 2025-07-01 Epub Date: 2025-02-27 DOI:10.1016/j.future.2025.107780

Yanxin Xu , Hua Zhang , Zhenyan Liu , Fei Gao , Lei Qiao

{"title":"VeriTrac: Verifiable and traceable cross-silo federated learning","authors":"Yanxin Xu , Hua Zhang , Zhenyan Liu , Fei Gao , Lei Qiao","doi":"10.1016/j.future.2025.107780","DOIUrl":null,"url":null,"abstract":"<div><div>Cross-silo federated learning enables many clients to train a machine learning model collaboratively, while keeping the raw training data locally. It faces the risks of privacy leakage and malicious participants. In this paper, we introduce a new security risk that malicious clients may disrupt the training process of cross-silo federated learning by falsifying the verification evidences. The verification failure caused by this malicious behavior is not easily distinguishable from that caused by the malicious server falsifying the aggregated model. To address this issue, we design VeriTrac, the first privacy-preserving cross-silo federated learning scheme that supports verifiability and traceability. Before performing the aggregation, the server can utilize the non-private information of clients to verify messages submitted by them to avoid being framed. When the proportion of malicious clients is less than 50%, malicious participants causing the verification error can be traced. In addition, to verify the correctness of the aggregated models, a model vector with a verification factor is constructed and encrypted. The vector is confidential for the server, and the factor is part of the verification evidence and recoverable for clients. Security analysis shows that VeriTrac can guarantee the tracing of malicious participants and the data security of clients. Experimental evaluation shows that computation efficiency and communication efficiency of VeriTrac are acceptable.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"168 ","pages":"Article 107780"},"PeriodicalIF":6.2000,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X25000755","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/2/27 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Cross-silo federated learning enables many clients to train a machine learning model collaboratively, while keeping the raw training data locally. It faces the risks of privacy leakage and malicious participants. In this paper, we introduce a new security risk that malicious clients may disrupt the training process of cross-silo federated learning by falsifying the verification evidences. The verification failure caused by this malicious behavior is not easily distinguishable from that caused by the malicious server falsifying the aggregated model. To address this issue, we design VeriTrac, the first privacy-preserving cross-silo federated learning scheme that supports verifiability and traceability. Before performing the aggregation, the server can utilize the non-private information of clients to verify messages submitted by them to avoid being framed. When the proportion of malicious clients is less than 50%, malicious participants causing the verification error can be traced. In addition, to verify the correctness of the aggregated models, a model vector with a verification factor is constructed and encrypted. The vector is confidential for the server, and the factor is part of the verification evidence and recoverable for clients. Security analysis shows that VeriTrac can guarantee the tracing of malicious participants and the data security of clients. Experimental evaluation shows that computation efficiency and communication efficiency of VeriTrac are acceptable.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

VeriTrac：可验证和可跟踪的跨竖井联合学习

跨竖井联邦学习使许多客户能够协作训练机器学习模型，同时将原始训练数据保留在本地。它面临着隐私泄露和恶意参与者的风险。在本文中，我们引入了一种新的安全风险，即恶意客户端可能通过伪造验证证据来破坏跨竖井联邦学习的训练过程。这种恶意行为导致的验证失败与恶意服务器伪造聚合模型导致的验证失败很难区分。为了解决这个问题，我们设计了VeriTrac，这是第一个支持可验证性和可追溯性的保护隐私的跨竖井联合学习方案。在执行聚合之前，服务器可以利用客户机的非私有信息来验证它们提交的消息，以避免被帧。当恶意客户端占比小于50%时，可以跟踪导致验证错误的恶意参与者。此外，为了验证聚合模型的正确性，构造了一个带有验证因子的模型向量并对其进行了加密。向量对于服务器是机密的，因子是验证证据的一部分，对于客户端是可恢复的。安全性分析表明，VeriTrac可以保证恶意参与者的跟踪和客户端的数据安全。实验评价表明，VeriTrac的计算效率和通信效率是可以接受的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.