基于模分量同态加密的隐私数据联邦学习研究  

作　　者：李晓东 李慧 赵炽野 周苏雅 金鑫 Li Xiaodong;Li Hui;Zhao Chiye;Zhou Suya;Jin Xin(Department of Cyberspace Security,Beijing Electronic Science and Technology Institute,Beijing 100070)

机构地区：[1]北京电子科技学院网络空间安全系,北京100070

出　　处：《信息安全研究》2025年第3期198-204,共7页Journal of Information Security Research

基　　金：上海市2023年度“科技创新行动计划”区块链关键技术攻关专项项目(23511101400);北京电子科技学院-北京隐算科技有限公司合作横向项目(20230008H0113);中央高校基本科研业务费专项资金项目(20230035Z0114)。

摘　　要：在当前大数据时代深度学习蓬勃发展,成为解决实际问题的强大工具.然而,传统的集中式深度学习系统存在隐私泄露风险.为解决此问题出现了联邦学习,即一种分布式机器学习方法.联邦学习允许多个机构或个人在不共享原始数据的情况下共同训练模型,通过上传本地模型参数至服务器,聚合各用户参数构建全局模型,再返回给用户.这种方法既实现了全局优化,又避免了私有数据泄露.然而,即使采用联邦学习,攻击者仍有可能通过获取用户上传的模型参数还原用户数据,从而侵犯隐私.为解决这一问题,隐私保护成为联邦学习研究的核心,提出了一种基于模分量同态加密的联邦学习(federated learning based on confused modulo projection homomorphic encryption,FLFC)方案.该方案采用自研的模分量全同态加密算法对用户模型参数进行加密,模分量全同态加密算法具有运算效率高、支持浮点数运算、国产化的优点,从而实现了对隐私的更加强大的保护.实验结果表明,FLFC方案在实验中表现出比FedAvg方案更高的平均准确率,且稳定性良好.In the current era of big data,deep learning is booming and has become a powerful tool for solving real-world problems.However,traditional centralized deep learning systems are at risk of privacy leakage.To address this problem,federated learning,a distributed machine learning approach,has emerged.Federated learning allows multiple organizations or individuals to train models together without sharing raw data,by uploading local model parameters to the server,aggregating each user’s parameters to construct a global model,and returning it to the user.This approach achieves global optimization and avoids private data leakage.However,even with federated learning,attackers may still be able to reconstruct user data by obtaining the model parameters uploaded by users,thus violating privacy.To address this issue,privacy protection has become the focus of federated learning research.In this paper,we propose a federated learning scheme FLFC(federated learning with confused modulo projection homomorphic encryption)based on confused modulo projection homomorphic encryption to address the above issues.This scheme adopts a self-developed modular fully homomorphic encryption algorithm to encrypt user model parameters.The modular fully homomorphic encryption algorithm has the advantages of high computational efficiency,support for floating-point operations,and localization,thus achieving stronger protection of privacy.Experimental results show that the FLFC scheme exhibits a higher average accuracy and good stability compared to the FedAvg scheme in experiments.

关 键 词：联邦学习 同态加密 深度学习 隐私保护 分布式学习 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]