Secure group aggregation for privacy-protection federated learning

Abstract Federated Learning is a machine learning paradigm designed to address the issues of privacy protection, data security, and big data process. FedAvg, a widely used algorithm in federated learning, is vulnerable to gradient leakage, parameter exposure, and user data compromise. Existing works use differential privacy, homomorphic encryption, and secure multi-party computation to protect the gradients of FedAvg. However, these existing efforts lead to gradient polymerization errors of approximately 10–30% (applying differential privacy results in noisy gradients) in the server or have a high computational dimension. In this paper, we design a secure group aggregation approach for the gradient protection in federated learning. It realizes zero error in gradient aggregation, and the computational time under different number of users drops is almost the same, the time difference is a constant, and the time overhead is reduced by about 10–75% compared to traditional differential privacy, and 80% compared to homomorphic encryption methods. First, we use digital signature and authentication encryption to guarantee the integrity of the gradient. Second, we use the double-masking to deal with the situation when users exit, dropout or reconnect halfway, this ensures that the server is able to restore the correct gradient after aggregation, addressing the gradient aggregation error problem. Third, during the encryption period, our experiments have found a suitable group size for the federated learning’s gradient aggregation approach. Specifically, we evaluate the efficiency that a group size of 7 is better when the number of users is smaller than $$2^{10}$$ 2 10 , while a group size of 128 or 64 can be adopted when the number of users is larger than $$2^{10}$$ 2 10 .