Traceable Federated Learning with Homomorphic Encryption and Proxy Re-encryption

doi:10.3778/j.issn.1673-9418.2505015

Abstract

Abstract: In the intelligent medical system, data from different medical institutions need to be shared across institutions. To ensure the privacy and security of data, federated learning is applied. However, in practical applications, federated learning still faces challenges such as data security, dynamic user management, and defense against malicious nodes. Based on this, this paper proposes a federated learning scheme based on privacy protection and anonymous tracing. This scheme uses homomorphic encryption and noise masking technology to encrypt the local model parameter information, ensuring the privacy of model parameters during the model update process. Then, proxy re-encryption is used, and the noise server generates and securely distributes the encrypted noise ciphertext, preventing the aggregation server from accessing the plaintext of noise and defending against gradient inversion attacks. At the same time, it can tolerate the situation where medical institutions fail to upload local model parameters, achieving efficient dropout-safe aggregation. Next, a traceable pseudo-anonymous identity authentication mechanism is adopted to protect the identities of medical institutions, and the changes in model accuracy are used to identify malicious nodes. When a medical institution is repeatedly marked as malicious, secret value sharing is used to trace the real identities of medical data. Finally, experimental simulations show that compared with existing schemes, the proposed scheme can effectively resist gradient inversion attacks, maintain model accuracy, and achieve efficient dropout-safe aggregation.

Key words: privacy protection, federated learning, homomorphic encryption, anonymous tracing, smart healthcare

摘要： 在智慧医疗系统中，需要不同医疗机构的数据进行跨机构共享，为了实现数据的隐私性与安全性，联邦学习被应用其中。然而，联邦学习在实际应用中仍然面临数据安全、动态用户管理和恶意节点防御等挑战。基于此，提出了一种基于隐私保护与匿名追踪的联邦学习方案。该方案利用同态加密与噪声掩码技术对本地模型参数信息进行加密，确保模型更新过程中模型参数的隐私性。利用代理重加密，由噪声服务器生成并安全地分发噪声密文，使得聚合服务器无法访问噪声明文，防止梯度逆推攻击，同时可以容忍医疗机构上传本地模型参数失败的情形，实现高效的掉线安全聚合。采用可追踪的伪匿名身份认证机制，实现对医疗机构的身份保护，并通过模型准确率变化来识别恶意节点，当某医疗机构多次被标记为恶意时，使用秘密值共享可追溯医疗数据的真实身份。实验模拟表明，与现有方案相比，所提方案可以有效抵抗梯度的反演攻击并保持模型精度，并且能够实现高效的掉线安全聚合。

关键词: 隐私保护, 联邦学习, 同态加密, 匿名追踪, 智慧医疗

LI Yahong, WANG Chunzhi, YANG Xiaodong, NIU Shufen. Traceable Federated Learning with Homomorphic Encryption and Proxy Re-encryption[J]. Journal of Frontiers of Computer Science and Technology, 2025, 19(11): 3108-3118.

李亚红, 王淳之, 杨小东, 牛淑芬. 基于同态加密与代理重加密的可追踪联邦学习方案[J]. 计算机科学与探索, 2025, 19(11): 3108-3118.

References

[1] DONG C Q, WENG J, LI M, et al. Privacy-preserving and Byzantine-robust federated learning[J]. IEEE Transactions on Dependable and Secure Computing, 2024, 21(2): 889-904.
[2] WANG R Y, YUAN X M, YANG Z G, et al. RFLPV: a robust federated learning scheme with privacy preservation and verifiable aggregation in IoMT[J]. Information Fusion, 2024, 102: 102029.
[3] WEN J, ZHANG Z X, LAN Y, et al. A survey on federated learning: challenges and applications[J]. International Journal of Machine Learning and Cybernetics, 2023, 14(2): 513-535.
[4] CHAUDHARY R K, KUMAR R, SAXENA N. A systematic review on federated learning system: a new paradigm to machine learning[J]. Knowledge and Information Systems, 2025, 67(2): 1811-1914.
[5] WEI K, LI J, MA C, et al. Personalized federated learning with differential privacy and convergence guarantee[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 4488-4503.
[6] ZHANG L, XU J B, VIJAYAKUMAR P, et al. Homomorphic encryption-based privacy-preserving federated learning in IoT-enabled healthcare system[J]. IEEE Transactions on Network Science and Engineering, 2023, 10(5): 2864-2880.
[7] REDDI S, RAO P M, SARASWATHI P, et al. Privacy-preserving electronic medical record sharing for IoT-enabled healthcare system using fully homomorphic encryption, IOTA, and masked authenticated messaging[J]. IEEE Transactions on Industrial Informatics, 2024, 20(9): 10802-10813.
[8] 戴怡然, 张江, 向斌武, 等. 全同态加密技术的研究现状及发展路线综述[J]. 电子与信息学报, 2024, 46(5): 1774-1789.
DAI Y R, ZHANG J, XIANG B W, et al. Overview on the research status and development route of fully homomorphic encryption technology[J]. Journal of Electronics & Information Technology, 2024, 46(5): 1774-1789.
[9] 冯晗, 伊华伟, 李晓会, 等. 推荐系统的隐私保护研究综述[J]. 计算机科学与探索, 2023, 17(8): 1814-1832.
FENG H, YI H W, LI X H, et al. Review of privacy-preserving research in recommendation systems[J]. Journal of Frontiers of Computer Science and Technology, 2023, 17(8): 1814-1832.
[10] XIONG H, WANG L L, ZHOU Z D, et al. Burn after reading: adaptively secure puncturable identity-based proxy re-encryption scheme for securing group message[J]. IEEE Internet of Things Journal, 2022, 9(13): 11248-11260.
[11] PEI H M, YANG P, LI W H, et al. Proxy re-encryption for secure data sharing with blockchain in Internet of medical things[J]. Computer Networks, 2024, 245: 110373.
[12] SHEN X Y, LUO X, YUAN F, et al. Privacy-preserving multi-party deep learning based on homomorphic proxy re-encryption[J]. Journal of Systems Architecture, 2023, 144: 102983.
[13] FU A M, ZHANG X L, XIONG N X, et al. VFL: a verifiable federated learning with privacy-preserving for big data in industrial IoT[J]. IEEE Transactions on Industrial Informatics, 2022, 18(5): 3316-3326.
[14] GUO X J, LIU Z L, LI J, et al. VeriFL: communication-efficient and fast verifiable aggregation for federated learning[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 1736-1751.
[15] LIU J W, ZHANG J, AHMAD JAN M, et al. A comprehensive privacy-preserving federated learning scheme with secure authentication and aggregation for Internet of medical things[J]. IEEE Journal of Biomedical and Health Informatics, 2024, 28(6): 3282-3292.
[16] XU G W, LI H W, LIU S, et al. VerifyNet: secure and verifiable federated learning[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 911-926.
[17] CHIU T C, LIN W C, PANG A C, et al. Dual-masking framework against two-sided model attacks in federated learning[C]//Proceedings of the 2021 IEEE Global Communications Conference. Piscataway: IEEE, 2021: 1-6.
[18] LIU J W, JIANG W Y, SUN R, et al. Conditional anonymous remote healthcare data sharing over blockchain[J]. IEEE Journal of Biomedical and Health Informatics, 2023, 27(5): 2231-2242.
[19] LI J L, CHOO K R, ZHANG W G, et al. EPA-CPPA: an efficient, provably-secure and anonymous conditional privacy-preserving authentication scheme for vehicular ad hoc networks[J]. Vehicular Communications, 2018, 13: 104-113.
[20] BONAWITZ K, IVANOV V, KREUTER B, et al. Practical secure aggregation for privacy-preserving machine learning[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017: 1175-1191.
[21] FANG C, GUO Y B, WANG N, et al. Highly efficient federated learning with strong privacy preservation in cloud computing[J]. Computers & Security, 2020, 96: 101889.
[22] TSCHANDL P, ROSENDAHL C, KITTLER H. The HAM10000 dataset, a large collection of multi-source dermatoscopic images of common pigmented skin lesions[J]. Scientific Data, 2018, 5: 180161.
[23] ZHU L G, LIU Z J, HAN S. Deep leakage from gradients[C]//Advances in Neural Information Processing Systems 32, 2019: 14747-14756.