用于联邦学习的高效可验证安全聚合协议

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-07-15 DOI:10.1016/j.jisa.2025.104161

Binghao Xu, Shuai Wang, Youliang Tian

{"title":"用于联邦学习的高效可验证安全聚合协议","authors":"Binghao Xu, Shuai Wang, Youliang Tian","doi":"10.1016/j.jisa.2025.104161","DOIUrl":null,"url":null,"abstract":"<div><div>Federated learning enables collaborative model training without direct access to clients’ local data, making it highly attractive for privacy-preserving analytics in resource-constrained environments. However, existing secure aggregation protocols remain vulnerable to privacy disclosure and malicious server tampering, and often incur substantial computational and communication overhead. In this paper, we propose a verifiable secure aggregation protocol that enables efficient aggregation in resource-constrained settings while guaranteeing the integrity of the aggregated results. Integrity of the aggregated result is guaranteed via the additive homomorphism of Shamir secret shares and a lightweight symmetric message-authentication code. Compared to VerifyNet, our protocol reduces aggregation overhead to only 1.25% of VerifyNet’s overhead, and under client dropouts it cuts RFLPV’s overhead by approximately 50%, while maintaining full privacy against semi-honest clients. Extensive simulations confirm that our method delivers strong security guarantees and operates efficiently under resource-constrained conditions, demonstrating its suitability for large-scale, dropout-prone federated learning deployments.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104161"},"PeriodicalIF":3.8000,"publicationDate":"2025-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Efficient verifiable secure aggregation protocols for federated learning\",\"authors\":\"Binghao Xu, Shuai Wang, Youliang Tian\",\"doi\":\"10.1016/j.jisa.2025.104161\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Federated learning enables collaborative model training without direct access to clients’ local data, making it highly attractive for privacy-preserving analytics in resource-constrained environments. However, existing secure aggregation protocols remain vulnerable to privacy disclosure and malicious server tampering, and often incur substantial computational and communication overhead. In this paper, we propose a verifiable secure aggregation protocol that enables efficient aggregation in resource-constrained settings while guaranteeing the integrity of the aggregated results. Integrity of the aggregated result is guaranteed via the additive homomorphism of Shamir secret shares and a lightweight symmetric message-authentication code. Compared to VerifyNet, our protocol reduces aggregation overhead to only 1.25% of VerifyNet’s overhead, and under client dropouts it cuts RFLPV’s overhead by approximately 50%, while maintaining full privacy against semi-honest clients. Extensive simulations confirm that our method delivers strong security guarantees and operates efficiently under resource-constrained conditions, demonstrating its suitability for large-scale, dropout-prone federated learning deployments.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"93 \",\"pages\":\"Article 104161\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-07-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S221421262500198X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262500198X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

联邦学习可以在不直接访问客户本地数据的情况下进行协作模型训练，这对于资源受限环境中保护隐私的分析非常有吸引力。然而，现有的安全聚合协议仍然容易受到隐私泄露和恶意服务器篡改的影响，并且经常导致大量的计算和通信开销。在本文中，我们提出了一种可验证的安全聚合协议，该协议能够在资源受限的情况下实现高效的聚合，同时保证聚合结果的完整性。通过Shamir秘密共享的加性同态和轻量级对称消息认证码保证聚合结果的完整性。与VerifyNet相比，我们的协议将聚合开销减少到VerifyNet开销的1.25%，并且在客户端退出的情况下，它将RFLPV的开销减少了大约50%，同时对半诚实的客户端保持完全的隐私。大量的模拟证实，我们的方法提供了强大的安全保证，并在资源受限的条件下有效地运行，证明了它适用于大规模、容易辍学的联邦学习部署。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Efficient verifiable secure aggregation protocols for federated learning

Federated learning enables collaborative model training without direct access to clients’ local data, making it highly attractive for privacy-preserving analytics in resource-constrained environments. However, existing secure aggregation protocols remain vulnerable to privacy disclosure and malicious server tampering, and often incur substantial computational and communication overhead. In this paper, we propose a verifiable secure aggregation protocol that enables efficient aggregation in resource-constrained settings while guaranteeing the integrity of the aggregated results. Integrity of the aggregated result is guaranteed via the additive homomorphism of Shamir secret shares and a lightweight symmetric message-authentication code. Compared to VerifyNet, our protocol reduces aggregation overhead to only 1.25% of VerifyNet’s overhead, and under client dropouts it cuts RFLPV’s overhead by approximately 50%, while maintaining full privacy against semi-honest clients. Extensive simulations confirm that our method delivers strong security guarantees and operates efficiently under resource-constrained conditions, demonstrating its suitability for large-scale, dropout-prone federated learning deployments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.