Privacy-preserving federated learning (PPFL) aims to train a global model for multiple clients while maintaining their data privacy. However, current PPFL protocols exhibit one or more of the following insufficiencies: considerable degradation in accuracy, the requirement for sharing keys, and cooperation during the key generation or decryption processes. As a mitigation, we develop the first protocol that utilizes neural networks to implement PPFL, as well as incorporating an Aggregatable Hybrid Encryption scheme tailored to the needs of PPFL. We name these networks as Homomorphic Adversarial Networks (HANs) which demonstrate that neural networks are capable of performing tasks similar to multi-key homomorphic encryption (MK-HE) while solving the problems of key distribution and collaborative decryption. Our experiments show that HANs are robust against privacy attacks. Compared with non-private federated learning, experiments conducted on multiple datasets demonstrate that HANs exhibit a negligible accuracy loss (at most 1.35%). Compared to traditional MK-HE schemes, HANs increase encryption aggregation speed by 6,075 times while incurring a 29.2 times increase in communication overhead.

翻译：隐私保护联邦学习（PPFL）旨在为多个客户端训练全局模型的同时保护其数据隐私。然而，现有的PPFL协议存在以下一项或多项不足：准确性显著下降、需要共享密钥、以及在密钥生成或解密过程中需要协同操作。为缓解这些问题，我们开发了首个利用神经网络实现PPFL的协议，并结合了专为PPFL需求设计的可聚合混合加密方案。我们将这些网络命名为同态对抗网络（HANs），其证明了神经网络能够执行类似于多密钥同态加密（MK-HE）的任务，同时解决了密钥分发与协同解密的问题。实验表明，HANs能有效抵御隐私攻击。在多个数据集上的测试显示，与非隐私保护的联邦学习相比，HANs仅产生可忽略的精度损失（最高1.35%）。与传统MK-HE方案相比，HANs将加密聚合速度提升了6,075倍，同时通信开销增加了29.2倍。