Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. The high cost of training and the significant value of the global model necessitates the need for ownership verification of federated learning. However, the existing ownership verification schemes in federated learning suffer from several limitations, such as inadequate support for a large number of clients and vulnerability to ambiguity attacks. To address these limitations, we propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV. FedSOV allows numerous clients to embed their ownership credentials and verify ownership using unforgeable digital signatures. The scheme provides theoretical resistance to ambiguity attacks with the unforgeability of the signature. Experimental results on computer vision and natural language processing tasks demonstrate that FedSOV is an effective federated model ownership verification scheme enhanced with provable cryptographic security.

翻译：联邦学习允许多方在不泄露隐私数据的情况下协作训练全局模型。由于模型训练成本高昂且全局模型价值显著，联邦学习的所有权验证需求日益凸显。然而，现有联邦学习所有权验证方案存在诸多局限，例如无法有效支持大量客户端以及易受模糊攻击。为解决上述问题，我们提出一种基于密码学签名的联邦学习模型所有权验证方案FedSOV。该方案使大量客户端能够嵌入所有权凭证，并通过不可伪造的数字签名进行所有权验证。凭借签名的不可伪造性，该方案在理论上具备抗模糊攻击能力。在计算机视觉和自然语言处理任务上的实验结果表明，FedSOV是一种兼具可证明密码安全性的高效联邦模型所有权验证方案。