Philipp Holzmann (2022).

Securing Federated Learning.

PDF.

Federated learning has become a popular approach for machine learning task like image classification image classification as it promises better performance, offline application and privacy. Each participant can improve and evaluate the model locally while a central server is responsible for updating the model based on the improvements the participants have calculated.

However, Hitaj, Ateniese and Perez-Cruz (Hitaj et al., 2017) show that an adversary can attack federated learning by acting as a normal honest participant. By manipulating the training, he can use a generative adversarial network (GAN) to reveal training images used by other participants.

We aim to define a secure federated learning protocol that prevents the GAN attack using fully homomorphic encryption. Fully homomorphic encryption (FHE) allows us to perform operations on ciphertexts. We need to hide the model form the participants while still allowing them to participate in the learning process and obtain classifications of their data by evaluating the model.

The natural question when encrypting the model is the ownership of the secret key. We dived the power of the secret key over multiple servers in order to be less dependent on a single entity. We will suggest an extension of the FHE scheme TFHE implementing the splitting of the secret key.

We propose a secure federated learning protocol that prevents the GAN attack and prove its security in the sense of multi party computation theory.