Non-interactive verifiable privacy-preserving federated learning

Federated Learning (FL) has received widespread attention for its ability to conduct collaborative learning without collecting raw data. Recently, it has became a reality that more accurate model training is achieved through the large-scale deployment of FL on resource-constrained device, where the communication is expensive and clients dropping out is common, such as mobile phone or IoT devices etc. However, shared local gradients make the privacy of local data in FL vulnerable, and the client is easily deceived by the server for the returned forged results. To solve these problems, the existing schemes either only consider the privacy protection requirements under the communication-limited but not involving verifiability, or consider the privacy-protection and verification separately, which incurs expensive computation and communication costs. It is a challenge to design a lightweight verifiable privacy preserving gradient aggregation scheme for large-scale resource-constrained clients under the communication-limited condition. In this paper, we proposed a non-interactive verifiable privacy-preserving FL based on dual-servers (NIVP-DS) architecture, which improves the efficiency and security of the system and is robust to clients dropping out, based on the constraints that the communication overhead between client and server not more than 2× that of plaintext computation. Based on NIVP-DS, an efficient privacy gradient aggregation scheme is presented by exploiting random matrix coding and secure 2-party computation. The scheme only costs O(M) fully linear operation in the client side under the communication constraints. In order to realize the verifiability, a cross-verification method is introduce, which is based on credible matrix exchange to extend the privacy aggregation scheme to a verifiable scheme. The method only costs little additional overhead, meanwhile, guarantees that one dishonest server cannot forge the aggregate results to deceive the honest client, even if it colludes with multiple clients. The effectiveness of NIVP-DS in practice is corroborated by experiments. The results show that the performance of both secure aggregation and verification are efficiency, and the additional overhead of verification is minimal.