VSEPDA: Verifiable secure and efficient privacy-preserving data aggregation protocol for image classification in federated learning

Abstract

With the rapid advancement of big data and artificial intelligence, the vast amounts of data have facilitated the use of deep learning to create value, particularly in the domain of image classification. Unlike traditional deep learning methods that process data centrally, federated learning enables multiple users to collaboratively build models without data leaving local devices, effectively safeguarding user privacy. However, attackers can exploit gradient analysis to extract partial information from participants, and servers may return erroneous global models. As a result, developing a secure and verifiable federated learning scheme has become a focal point of current research. Recently, Tamer et al. introduced a communication-efficient and verifiable secure data aggregation protocol ESL+23, relying on lightweight cryptographic primitives with high computational efficiency. Nonetheless, we have identified significant shortcomings in the protocol’s verification capabilities: it is vulnerable to collusion attacks and intolerant of user dropouts. Therefore, this paper first designs an attack experiment, demonstrating a 100% success rate. Subsequently, we propose the VSEPDA protocol. Our security analysis indicates that VSEPDA offers enhanced fault tolerance and security. Finally, experiments show that VSEPDA achieves a 46.15% increase in computational efficiency for key updates. Using the real dataset, we demonstrate that the discrepancies in weights and biases between secure and traditional models are on the order of $10^{-6}$ and $10^{-8}$, respectively, while maintaining equivalent image classification accuracy.