In privacy-preserving cross-device federated learning, users train a global model on their local data and submit encrypted local models, while an untrusted central server aggregates the encrypted models to obtain an updated global model. Prior work has demonstrated how to verify the correctness of aggregation in such a setting. However, such verification relies on strong assumptions, such as a trusted setup among all users under unreliable network conditions, or it suffers from expensive cryptographic operations, such as bilinear pairing. In this paper, we scrutinize the verification mechanism of prior work and propose a model recovery attack, demonstrating that most local models can be leaked within a reasonable time (e.g., 98\%98% of encrypted local models are recovered within 21 h). Then, we propose VerSA, a verifiable secure aggregation protocol for cross-device federated learning. VerSA does not require any trusted setup for verification between users while minimizing the verification cost by enabling both the central server and users to utilize only a lightweight pseudorandom generator to prove and verify the correctness of model aggregation. We experimentally confirm the efficiency of VerSA under diverse datasets, demonstrating that VerSA is orders of magnitude faster than verification in prior work.
|Number of pages
|IEEE Transactions on Dependable and Secure Computing
|Published - 2023 Jan 1
Bibliographical noteFunding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) through the Korea Government(MSIT) under Grant 2021R1F1A1061420
© 2004-2012 IEEE.
- Federated learning
- distributed machine learning
ASJC Scopus subject areas
- General Computer Science
- Electrical and Electronic Engineering