Federated learning (FL) has attracted widespread attention because it supports the joint training of models by multiple participants without moving private dataset. However, there are still many security issues in FL that deserve discussion. In this paper, we consider three major issues: 1) how to ensure that the training process can be publicly audited by any third party; 2) how to avoid the influence of malicious participants on training; 3) how to ensure that private gradients and models are not leaked to third parties. Many solutions have been proposed to address these issues, while solving the above three problems simultaneously is seldom considered. In this paper, we propose a publicly auditable and privacy-preserving federated learning scheme that is resistant to malicious participants uploading gradients with wrong directions and enables anyone to audit and verify the correctness of the training process. In particular, we design a robust aggregation algorithm capable of detecting gradients with wrong directions from malicious participants. Then, we design a random vector generation algorithm and combine it with zero sharing and blockchain technologies to make the joint training process publicly auditable, meaning anyone can verify the correctness of the training. Finally, we conduct a series of experiments, and the experimental results show that the model generated by the protocol is comparable in accuracy to the original FL approach while keeping security advantages.

翻译：联邦学习（FL）因支持多个参与方在不移动私有数据集的情况下联合训练模型而受到广泛关注。然而，联邦学习中仍存在许多值得探讨的安全问题。本文重点考虑三个主要问题：1）如何确保训练过程能被任何第三方公开审计；2）如何避免恶意参与方对训练过程的影响；3）如何防止私有梯度与模型泄露给第三方。已有许多解决方案针对上述问题提出，但鲜有方案能同时解决这三个问题。本文提出一种公开可审计且隐私保护的联邦学习方案，该方案能抵抗恶意参与方上传错误方向梯度，并允许任何人审计和验证训练过程的正确性。具体而言，我们设计了一种鲁棒的聚合算法，能够检测来自恶意参与方的错误方向梯度。随后，我们设计了随机向量生成算法，并将其与零共享及区块链技术相结合，使联合训练过程具备公开可审计性——即任何人能够验证训练的正确性。最后，我们进行了一系列实验。实验结果表明，该协议所生成的模型在保持安全优势的同时，其准确率与原始联邦学习方法相当。