Authenticity & Verifiability in Federated Learning: Overview & Methods

posted in #IT Security, News, Privacy-Preserving Computation on the 22.01.2025

With the help of machine learning (ML) – or often referred to as AI – and a large amount of data from a wide variety of users, almost all applications/services can be improved; e.g. analysis of vital activities via smartwatches, recording of driving behavior, or improved cancer analyses via MRI images. On the one hand, such scenarios are becoming increasingly attractive because the corresponding ML technologies are now practically relevant, and on the other hand, one of the biggest challenges is the protection of privacy. Furthermore, users of an ML model may ask whether and to what extent an ML model can be trusted?

In order to train a global ML model based on data from many end-user devices and also to preserve privacy of users’ training data, Google launched Federated Learning (FL) in 2016/17. For an FL framework that has practical relevance, in addition to preserving privacy, one must pay attention to trust throughout the entire cycle of an FL epoch. Therefore, to achieve a more reliable and trustworthy updated ML model, authenticity and correctness guarantees for training data and ML parameters/weights must be added in the FL process. Within the FL process flow, there are six important trust points (TPs). To achieve both – privacy and trustworthiness – FL must be upgraded again.

Therefore, this report shows methods for Trusted Federated Learning for the individual trust points and then discusses the entire FL process flow. Finally, a Conclusion & Further Work briefly summarizes gained insights and points out potentially-interesting further directions.

There exist already promising solutions for the individual TPs and, in some cases, concrete instantiations. The currently most common methods and concrete instantiations are based on the privacy-preserving cryptographic building block zero-knowledge proof (ZKP). The individual solution concepts offer different trade-offs; e.g., not all concepts address the privacy aspect when aggregating the returned ML parameters.

An overall concept of Trusted Federated Learning while preserving privacy, within the entire process flow, is the next scientific and engineering challenge. E.g., the efficient combination of digital signatures and ZKPs. And especially because most relevant work of “zkFL” – Trusted FL via ZKPs – has only been published between 2022 and 2024, it remains exciting to see how this new field will develop, and important for, e.g., any practical adopters to have their finger on the pulse of the time and the state of the art.

Downloads

File Description File size
pdf ASIT-Tech_Trusted-MPC-SAFE_server (German) 7 MB