VFEFL：基于可验证函数加密的隐私保护联邦学习以抵御恶意客户端攻击 (VFEFL: Privacy-Preserving Federated Learning against Malicious Clients via Verifiable Functional Encryption)

Federated learning is a promising distributed learning paradigm that enables collaborative model training without exposing local client data, thereby protecting data privacy. However, it also brings new threats and challenges. The advancement of model inversion attacks has rendered the plaintext transmission of local models insecure, while the distributed nature of federated learning makes it particularly vulnerable to attacks raised by malicious clients. To protect data privacy and prevent malicious client attacks, this paper proposes a privacy-preserving Federated Learning framework based on Verifiable Functional Encryption (VFEFL), without a non-colluding dual-server assumption or additional trusted third-party. Specifically, we propose a novel Cross-Ciphertext Decentralized Verifiable Functional Encryption (CC-DVFE) scheme that enables the verification of specific relationships over multi-dimensional ciphertexts. This scheme is formally treated, in terms of definition, security model and security proof. Furthermore, based on the proposed CC-DVFE scheme, we design a privacy-preserving federated learning framework that incorporates a novel robust aggregation rule to detect malicious clients, enabling the effective training of high-accuracy models under adversarial settings. Finally, we provide the formal analysis and empirical evaluation of VFEFL. The results demonstrate that our approach achieves the desired privacy protection, robustness, verifiability and fidelity, while eliminating the reliance on non-colluding dual-server assumption or trusted third parties required by most existing methods.

翻译：联邦学习是一种有前景的分布式学习范式，它能够在无需暴露本地客户端数据的情况下实现协同模型训练，从而保护数据隐私。然而，它也带来了新的威胁与挑战。模型反转攻击的进展使得本地模型的明文传输不再安全，而联邦学习的分布式特性使其特别容易受到恶意客户端发起的攻击。为了保护数据隐私并防范恶意客户端攻击，本文提出了一种基于可验证函数加密的隐私保护联邦学习框架，该框架无需非共谋双服务器假设或额外的可信第三方。具体而言，我们提出了一种新颖的跨密文去中心化可验证函数加密方案，该方案能够验证多维密文间的特定关系。我们从定义、安全模型和安全证明三个方面对该方案进行了形式化处理。进一步地，基于所提出的CC-DVFE方案，我们设计了一个隐私保护联邦学习框架，该框架引入了一种新颖的鲁棒聚合规则以检测恶意客户端，从而能够在对抗性环境下有效训练出高精度模型。最后，我们对VFEFL进行了形式化分析和实证评估。结果表明，我们的方法实现了预期的隐私保护、鲁棒性、可验证性和保真度，同时消除了对现有大多数方法所需的非共谋双服务器假设或可信第三方的依赖。