Federated learning (FL) allows multiple parties to cooperatively learn a federated model without sharing private data with each other. The need of protecting such federated models from being plagiarized or misused, therefore, motivates us to propose a provable secure model ownership verification scheme using zero-knowledge proof, named FedZKP. It is shown that the FedZKP scheme without disclosing credentials is guaranteed to defeat a variety of existing and potential attacks. Both theoretical analysis and empirical studies demonstrate the security of FedZKP in the sense that the probability for attackers to breach the proposed FedZKP is negligible. Moreover, extensive experimental results confirm the fidelity and robustness of our scheme.

翻译：联邦学习（FL）允许多方在不共享私有数据的情况下协作学习联邦模型。为防止此类联邦模型被剽窃或滥用，我们提出了一种名为FedZKP的可证明安全的模型所有权验证方案，该方案利用零知识证明实现。研究表明，在不泄露凭证的前提下，FedZKP方案能够有效抵御各种现有及潜在攻击。理论分析与实证研究均表明，FedZKP具有安全性，攻击者攻破该方案的概率可忽略不计。此外，大量实验结果证实了该方案的保真性与鲁棒性。