Robust privacy-preserving aggregation against poisoning attacks for secure distributed data fusion

IF 14.7 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2025-04-24 DOI:10.1016/j.inffus.2025.103223

Chao Huang , Yanqing Yao , Xiaojun Zhang

{"title":"Robust privacy-preserving aggregation against poisoning attacks for secure distributed data fusion","authors":"Chao Huang , Yanqing Yao , Xiaojun Zhang","doi":"10.1016/j.inffus.2025.103223","DOIUrl":null,"url":null,"abstract":"<div><div>Privacy-preserving data aggregation could be well applied in federated learning, enabling an aggregator to learn a specified fusion statistics over private data held by clients. Besides, robustness is a critical requirement in federated learning, since a malicious client is able to readily launch poisoning attacks by submitting artificial and malformed model updates to central server. To this end, we present a robust privacy-preserving data aggregation protocol based on distributed trust model, which achieves privacy protection by three-party computation based on replicated secret sharing with honest-majority. The protocol also achieves robustness by securely computing an input validation strategy called norm bounding, including <span><math><msub><mrow><mi>ℓ</mi></mrow><mrow><mi>∞</mi></mrow></msub></math></span>-norm and <span><math><msub><mrow><mi>ℓ</mi></mrow><mrow><mn>2</mn></mrow></msub></math></span>-norm bounding, which has been proven effective to defend against poisoning attacks. Following the best practice of hybrid protocol design, we exploit both Boolean sharing and arithmetic sharing to efficiently enforce <span><math><msub><mrow><mi>ℓ</mi></mrow><mrow><mi>∞</mi></mrow></msub></math></span> and <span><math><msub><mrow><mi>ℓ</mi></mrow><mrow><mn>2</mn></mrow></msub></math></span>-norm bounding respectively. Additionally, we propose a novel share conversion protocol converting Boolean shares into arithmetic ones, which is of independent interest and could be used in other protocols. We provide security analysis of the protocol based on standard simulation paradigm and modular composition theorem, reaching the conclusion that presented protocol achieves secure aggregation functionality with norm bounding with computational security in the presence of one static semi-honest server. Comprehensive efficiency analysis and empirical experiments demonstrate its superiority compared with related protocols.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"122 ","pages":"Article 103223"},"PeriodicalIF":14.7000,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253525002969","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Privacy-preserving data aggregation could be well applied in federated learning, enabling an aggregator to learn a specified fusion statistics over private data held by clients. Besides, robustness is a critical requirement in federated learning, since a malicious client is able to readily launch poisoning attacks by submitting artificial and malformed model updates to central server. To this end, we present a robust privacy-preserving data aggregation protocol based on distributed trust model, which achieves privacy protection by three-party computation based on replicated secret sharing with honest-majority. The protocol also achieves robustness by securely computing an input validation strategy called norm bounding, including

ℓ_{\infty}

-norm and

ℓ_{2}

-norm bounding, which has been proven effective to defend against poisoning attacks. Following the best practice of hybrid protocol design, we exploit both Boolean sharing and arithmetic sharing to efficiently enforce

ℓ_{\infty}

and

ℓ_{2}

-norm bounding respectively. Additionally, we propose a novel share conversion protocol converting Boolean shares into arithmetic ones, which is of independent interest and could be used in other protocols. We provide security analysis of the protocol based on standard simulation paradigm and modular composition theorem, reaching the conclusion that presented protocol achieves secure aggregation functionality with norm bounding with computational security in the presence of one static semi-honest server. Comprehensive efficiency analysis and empirical experiments demonstrate its superiority compared with related protocols.

查看原文本刊更多论文

面向安全分布式数据融合的抗中毒攻击鲁棒隐私保护聚合

保护隐私的数据聚合可以很好地应用于联邦学习，使聚合器能够通过客户机持有的私有数据学习指定的融合统计信息。此外，健壮性是联邦学习中的一个关键要求，因为恶意客户端可以通过向中央服务器提交人工的和畸形的模型更新来轻易地发起中毒攻击。为此，我们提出了一种基于分布式信任模型的鲁棒隐私保护数据聚合协议，该协议通过基于诚实多数复制秘密共享的三方计算实现隐私保护。该协议还通过安全计算一种称为范数边界的输入验证策略来实现鲁棒性，该策略包括r∞范数和r 2范数边界，该策略已被证明可以有效防御中毒攻击。根据混合协议设计的最佳实践，我们利用布尔共享和算法共享分别有效地实施了r∞和r 2-范数边界。此外，我们还提出了一种新的份额转换协议，将布尔份额转换为算术份额，该协议具有独立的意义，可用于其他协议。基于标准仿真范式和模块化组合定理对该协议进行了安全性分析，得出在静态半诚实服务器存在的情况下，该协议实现了具有规范边界和计算安全性的安全聚合功能。综合效率分析和实证实验表明，与相关协议相比，该方案具有优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.