ISSN 1000-1239 CN 11-1777/TP

Table of Content

01 October 2020, Volume 57 Issue 10
Principle and Research Progress of Quantum Computation and Quantum Cryptography
Wang Yongli, Xu Qiuliang
2020, 57(10):  2015-2026.  doi:10.7544/issn1000-1239.2020.20200615
Asbtract ( 416 )   PDF (967KB) ( 527 )  
Related Articles | Metrics
Quantum computation and quantum cryptography are based on principles of quantum mechanics. In 1984, Bennett and Brassard proposed the first quantum key distribution protocol called BB84, which started the study of quantum cryptography. Since then, a great deal of work has been carried out in various fields such as quantum encryption and quantum signature. In 1994, Shor designed the first practical quantum algorithm which can factor large integers in polynomial time. Shor’s algorithm used Quantum Fourier Transform, which is the kernel of most quantum algorithms. In 1996, Grover designed a new algorithm which can search the unstructured data to get the required result in the time of approximately the square root of the total account of the data. Shor’s algorithm and Grover’s algorithm not only embody the advantages of quantum computing, but also pose a threat to the traditional cryptography based on mathematical difficulties such as RSA. After half a century’s development, quantum computing and quantum cryptography have achieved fruitful results in theory and practice. In this paper, we summarize the contents from the perspectives of the mathematical framework of quantum mechanics, basic concepts and principles, basic ideas of quantum computing, research progress and main ideas of quantum cryptography, etc.
Research Advances on Privacy Preserving in Edge Computing
Zhou Jun, Shen Huajie, Lin Zhongyun, Cao Zhenfu, Dong Xiaolei
2020, 57(10):  2027-2051.  doi:10.7544/issn1000-1239.2020.20200614
Asbtract ( 112 )   PDF (3203KB) ( 142 )  
Related Articles | Metrics
The wide exploitation of the theory of mobile communication and big data has enabled the flourishment of the outsourced system, where resource-constrained local users delegate batch of files and time-consuming evaluation tasks to the cloud server for outsourced storage and outsourced computation. Unfortunately, one single cloud server tends to become the target of comprise attack and bring about huge delay in response to the multi-user and multi-task setting where large quantity of inputs and outputs are respectively fed to and derived from the function evaluation, owing to its long distance from local users. To address this bottleneck of outsourced system, edge computing emerges that several edge nodes located between the cloud server and users collaborate to fulfill the tasks of outsourced storage and outsourced computation, meeting the real-time requirement but incurring new challenging issues of security and privacy-preserving. This paper firstly introduces the unique network architecture and security model of edge computing. Then, the state-of-the-art works in the field of privacy preserving of edge computing are elaborated, classified, and summarized based on the cryptographic techniques of data perturbation, fully homomorphic encryption, secure multiparty computation, fully homomorphic data encapsulation mechanism and verifiability and accountability in the following three phases: privacy-preserving data aggregation, privacy-preserving outsourced computation and their applications including private set intersection, privacy-preserving machine learning, privacy-preserving image processing, biometric authentication and secure encrypted search. Finally, several open research problems in privacy-preserving edge computing are discussed with convincing solutions, which casts light on its development and applications in the future.
Overview of Threat Intelligence Sharing and Exchange in Cybersecurity
Lin Yue, Liu Peng, Wang He, Wang Wenjie, Zhang Yuqing
2020, 57(10):  2052-2065.  doi:10.7544/issn1000-1239.2020.20200616
Asbtract ( 44 )   PDF (1049KB) ( 28 )  
Related Articles | Metrics
The emerging threats in cyberspace are endangering the interests of individuals, organizations and governments with complex and changeable attack methods. When traditional network security defense methods are not strong enough, the threat intelligence sharing and exchange mechanism has brought hope to the protection of cyberspace security. Cybersecurity threat intelligence is a collection of information that can cause potential harm and direct harm to organizations and institutions. This information can help organizations and institutions study and judge the cybersecurity threats they face, and make decisions and defenses accordingly. The exchange and sharing of threat intelligence can maximize the value of threat intelligence, reduce the cost of intelligence search and allieviate the problem of information islands, thereby improving the threat detection and emergency response capabilities of all parties involved in the sharing. This article first introduces the concept of cyber security threat intelligence and mainstream threat intelligence sharing norms; secondly, it investigates the literature on threat intelligence sharing and exchange at home and abroad in the past 10 years, and analyzes and summarizes the current situation and development trend of threat intelligence sharing and exchange. The article focuses on in-depth analysis from three perspectives of sharing models and mechanisms, the distribution of benefits of the exchange mechanism, and the privacy protection of shared data. The problems in the three parts and related solutions are pointed out, and the advantages and disadvantages of each solution are analyzed and discussed. Finally, the future research trend and direction of threat intelligence sharing and exchange are prospected.
Security Issues and Privacy Preserving in Machine Learning
Wei Lifei, Chen Congcong, Zhang Lei, Li Mengsi, Chen Yujiao, Wang Qin
2020, 57(10):  2066-2085.  doi:10.7544/issn1000-1239.2020.20200426
Asbtract ( 96 )   PDF (2361KB) ( 81 )  
Related Articles | Metrics
In recent years, machine learning has developed rapidly, and it is widely used in the aspects of work and life, which brings not only convenience but also great security risks. The security and privacy issues have become a stumbling block in the development of machine learning. The training and inference of the machine learning model are based on a large amount of data, which always contains some sensitive information. With the frequent occurrence of data privacy leakage events and the aggravation of the leakage scale annually, how to make sure the security and privacy of data has attracted the attention of the researchers from academy and industry. In this paper we introduce some fundamental concepts such as the adversary model in the privacy preserving of machine learning and summarize the common security threats and privacy threats in the training and inference phase of machine learning, such as privacy leakage of training data, poisoning attack, adversarial attack, privacy attack, etc. Subsequently, we introduce the common security protecting and privacy preserving methods, especially focusing on homomorphic encryption, secure multi-party computation, differential privacy, etc. and compare the typical schemes and applicable scenarios of the three technologies. At the end, the future development trend and research direction of machine learning privacy preserving are prospected.
Comparisons and Optimizations of Key Encapsulation Mechanisms Based on Module Lattices
Wang Yang, Shen Shiyu, Zhao Yunlei, Wang Mingqiang
2020, 57(10):  2086-2103.  doi:10.7544/issn1000-1239.2020.20200452
Asbtract ( 19 )   PDF (1591KB) ( 15 )  
Related Articles | Metrics
Till now, there are two kinds of constructions of highly efficient key encapsulation mechanisms based on module LWE/LWR problems without using complicate error correcting codes: one is direct constructions based on (symmetric or asymmetric) module LWE/LWR problems such as Kyber, Aigis and Saber; the other is constructions based on key consensus mechanisms and module LWE/LWR problems such as AKCN-MLWE and AKCN-MLWR. In order to save bandwidth, the constructed key encapsulation mechanisms may usually compress the communications under tolerable security and efficiency. To the best of our knowledge, the existing literatures all focus on the security analysis of corresponding schemes under concrete parameters, and there are no literatures which focus on the analysis of similarities and differences about the above two kinds of constructions with the same (or different) compress functions, let alone the relationships between parameters and error rates. In this paper, we compare the above two kinds of constructions systematically. It is proved that constructions of AKCN-MLWE are better than constructions of Kyber when using the same compress functions and parameter settings from both theoretical analysis and practical tests. Meanwhile, similar analysis shows that the constructions of Saber are essentially the same as the constructions of AKCN-MLWR. Corresponding to the security strength of parameters recommended as Kyber-1024, we also analyze three kinds of methods about how to encapsulate 512 bits. Based on our theoretical analysis and a large number of experimental tests, we present new optimization suggestions and parameter recommendations for AKCN-MLWE and AKCN-MLWR. New optimized schemes corresponding to Aigis and Kyber (named AKCN-Aigis and AKCN-Kyber), and new recommended parameters are also proposed.
A Multi-User Forward Secure Dynamic Symmetric Searchable Encryption with Enhanced Security
Lu Bingjie, Zhou Jun, Cao Zhenfu
2020, 57(10):  2104-2116.  doi:10.7544/issn1000-1239.2020.20200439
Asbtract ( 25 )   PDF (1573KB) ( 19 )  
Related Articles | Metrics
Dynamic symmetric searchable encryption has been widely used in cloud storage due to its functionality of dynamic encrypted data search. However, recent studies have shown that dynamic searchable encryption is vulnerable to file injection attacks. In order to resist such attacks, several forward secure symmetric searchable encryption schemes have been proposed. Unfortunately, most of the existing forward secure symmetric searchable solutions only work in the single user setting. In NSS 2018, Wang et al. proposed a multi-user forward secure dynamic searchable encryption scheme (MFS), by introducing a semi-honest proxy server that does not collude with the cloud server. However, we found that the forward security of the scheme can be compromised by the adversary who observes the association between the new update and the previous search tokens through eavesdropping attacks or replay attacks. To address this issue, a multi-user forward secure dynamic searchable symmetric encryption scheme EMFS is proposed with enhanced security, by exploiting user authentication mechanism without the need of state information transfer. We also adopt a new index structure to improve the efficiency. Finally, we give formal security proof to show that our scheme can resist the two attacks mentioned above, while maintaining forward security. Compared with Wang et al’s scheme, our construction provides a higher level of practical efficiency by reducing the complexity of deletion from O(n\-w) to O(1), where n\-w denotes the number of matching documents for keyword w.
Circular Secure Homomorphic Encryption Scheme
Zhao Xiufeng, Fu Yu, Song Weitao
2020, 57(10):  2117-2124.  doi:10.7544/issn1000-1239.2020.20200422
Asbtract ( 22 )   PDF (661KB) ( 32 )  
Related Articles | Metrics
Homomorphic encryption allows evaluation on encrypted data, and it is an important encryption technique to realize data privacy security in cloud computing, big data and machine learning. Constructions of fully homomorphic encryption employ a “bootstrapping” technique, which enforces the public key of the scheme to grow linearly with the maximal depth of evaluated circuits. This is a major bottleneck with regards to the usability and the eciency of the scheme. However, the size of the public key can be made independent of the circuit depth if the somewhat homomorphic scheme can securely encrypt its own secret key. Achieving circular secure somewhat homomorphic encryption has been an interesting problem which is worth studying. This paper presents a circular secure public key homomorphic encryption scheme using noise flooding technique, and gives the security proof and parameter setting; furthermore, by introducing the refuse sampling technique, an optimized circular secure public key homomorphic encryption scheme is given, and the system parameters are reduced from the super polynomial level to the polynomial level, which greatly reduces the public key and ciphertext size. And then the computational complexity of ciphertext evaluation can be effectively improved and the performance of homomorphic encryption scheme be improved.
Public-Key Authenticated Encryption with Keyword Search Without Pairings
Yang Ningbin, Zhou Quan, Xu Shumei
2020, 57(10):  2125-2135.  doi:10.7544/issn1000-1239.2020.20200318
Asbtract ( 17 )   PDF (1627KB) ( 14 )  
Related Articles | Metrics
With the rapid development and wide application of cloud computing and 5G communication, the number of cloud mobile users has increased rapidly. The privacy protection of cloud data is getting more and more attention. Public key encryption scheme with keyword search (PEKS) and secure channel free public key encryption with keyword search (SCF-PEKS) allow any user in the system to send encrypted files to the server for retrieval by the receiver, which plays a certain role of privacy protection. However, Rhee et al. found that the scheme may result in loss of privacy security of keywords in their work. Meanwhile, many of public-key searchable encryption schemes are calculated based on bilinear pairings, and their computational efficiency is limited on battery-limited devices. To address these issue, we propose a non bilinear pairs secure channel free public key authentication encryption with keyword search scheme (NBP-SCF-PAEKS). The scheme has higher computational efficiency than the bilinear pair scheme, and has access control function in keyword retrieval process. Without random oracle model, we prove that the scheme can resist the online keyword guessing attack and the offline keyword guessing attack, by ensuring the multi-keyword ciphertext indistinguishability under adaptive chosen keyword attack and the keyword trapdoor indistinguishability under adaptive chosen keyword attack through game-hopping method. Compared with other schemes, the simulation results show that the scheme is efficient and secure.
Efficient Two-Party SM2 Signing Protocol for Mobile Internet
Feng Qi, He Debiao, Luo Min, Li Li
2020, 57(10):  2136-2146.  doi:10.7544/issn1000-1239.2020.20200401
Asbtract ( 22 )   PDF (819KB) ( 13 )  
Related Articles | Metrics
Rapid development of wireless communication technology has greatly promoted the ubiquitousness of mobile devices. Mobile devices enable users to access Internet services anytime and anywhere. Because of the conjecture of the cyberspace, the digital signature is used as a kind of technique with the functionality of the integrity authentication, identification, and non-repudiation. However, mobile devices tend to be more easily lost or hijacked cause relatively weak protection on the private keys (the root of the digital signatures trust). To ensure the confidentiality of private keys, two-party signature is a viable method to avoid fraudulent key usage or key theft. Therefore, in this paper, we focus on the SM2 signature algorithm, which is standardized in GM/T 0003—2012“SM2 Elliptic Curve Public Key Cryptography”, and design a lightweight two-party SM2 signing protocol. Unlike standard secret sharing, a valid signature now is generated interactively between a client and a server, while the original key never being exposed. We mathematically prove the security of the proposed protocol. Findings from the performance evaluation of the protocol show that it achieves good performance, with a single signing operation taking 4.381ms for the client and being roughly equal to the original SM2 signature in the same testing environment.
A Dynamic S-Box Construction and Application Scheme of ZUC Based on Chaotic System
Han Yanyan, He Yanru, Liu Peihe, Zhang Duo, Wang Zhiqiang, He Wencai
2020, 57(10):  2147-2157.  doi:10.7544/issn1000-1239.2020.20200466
Asbtract ( 13 )   PDF (1446KB) ( 10 )  
Related Articles | Metrics
S-box is the only nonlinear component in ZUC algorithm, and it plays an important role in the security of the whole algorithm. Chaotic system is widely used in the design of S-box because of its good randomness and high initial value sensitivity. At present, most of the schemes based on chaos to construct S-box use a single chaotic map and cannot generate S-box dynamically. To solve this problem, this paper proposes a scheme of ZUC dynamic S-box construction based on chaotic system. First of all, by iterating the composite mapping in two classical chaotic systems, and introducing the idea of scrambling into the design of S-box, Arnold mapping is carried out on the resulting sequence, which not only increases the nonlinear property of S-box, but also can realize the dynamic generation of S-box. Secondly, the constructed S-box is used to replace the fixed S-box in ZUC algorithm and is applied to resource-constrained IoT devices to encrypt the data of perception layer. Finally, we carry out a large number of experiments, which verify the S-box generated by the chaotic system in this paper is more secure and has a good application prospect in ZUC and other lightweight cryptographic algorithms.
A Composable Authentication Key Exchange Scheme with Post-Quantum Forward Secrecy
Chen Ming
2020, 57(10):  2158-2176.  doi:10.7544/issn1000-1239.2020.20200472
Asbtract ( 17 )   PDF (887KB) ( 17 )  
Related Articles | Metrics
As the post-quantum era approaches, a new security requirement in network communica-tions is forward security against quantum computing attacks. However, the post-quantum public key infrastructure has not been established, and it is imperative to construct a hybrid cryptosystem that consists of traditional public key cryptosystems and post-quantum key exchange protocols. Aimed at this need, a generic and combinable authentication key exchange scheme, named GC-AKE, is proposed. The GC-AKE protocol is a combination of two ciphersuites, which are signcryption scheme and Diffie-Hellman key exchange-like (DHKE-like) protocol, respectively. In GC-AKE, mutual authentication can be realized by using the signcryption scheme to signcrypt the temporary public key in DHKE-like, and session key establishment relies on the DHKE-like protocol. The signcryptions with strong unforgeability ensure that the GC-AKE scheme achieves perfect forward security. An instance of the GC-AKE is proposed. It combines a post-quantum DHKE-like protocol with an identity-based signcryption scheme that is put forward in this paper based on elliptic curve cryptography. The identity-based signcryption scheme is proved to achieve indistinguishability against chosen ciphertext attacks (IND-CCA) and strong existentially unforgeable under adaptive chosen messages attacks (SEUF-CMA). Furthermore, a security model, wAKE-PFS, which can simulate perfect forward security, is defined. Under the wAKE-PFS model, the security of the GC-AKE scheme is reduced to solving DDH-like (decision Diffie-Hellman-like) problems, as well as cracking the security of identity-based signcryption scheme. The analysis shows that the GC-AKE scheme instance achieves perfect forward security, and its computation and communication overheads are relatively low. Meanwhile, the DHKE-like protocol from the ring learning with errors problem (Ring-LWE) provides forward secrecy against future quantum attackers.
Server-Aided and Verifiable Attribute-Based Signature for Industrial Internet of Things
Zhang Yinghui, He Jiangyong, Guo Rui, Zheng Dong
2020, 57(10):  2177-2187.  doi:10.7544/issn1000-1239.2020.20200421
Asbtract ( 16 )   PDF (1521KB) ( 13 )  
Related Articles | Metrics
Industrial Internet of things (IIoT) devices encounter problems such as data authentication and privacy protection when collecting and storing data through the cloud. Attribute-based signature (ABS) can not only realize the data authentication, but also protect the identity privacy of the signer. In the existing server-aided ABS (SA-ABS) schemes, the computational overhead of the signer and the verifier is reduced with the help of the server, and the security of the server-aided verification phase is guaranteed by the defense of collusion attack of the signer and the server. However, none of the existing SV-ABS schemes can verify the validity of partial signature generated by the server, which will lead to a potential risk of partial signature forgery by the server. To overcome this challenge, a novel server-aided and verifiable ABS (SA-VABS) scheme is proposed in this paper, which not only reduces the computational overhead of the signer and the verifier, but also ensures the security of the server-aided verification phase by resisting the collusion attack of the signer and the server. The most important is that the scheme could verify the validity of partial signature generated by the server, so as to ensure the security of generation phase of the server-aided signature. Finally, our formal security analysis verifies the security of the SA-VABS scheme, and simulation experiments as well as comparative analysis indicate that the SA-VABS scheme improves security while ensuring efficiency.
Secure Constant-Round Multi-User k-Means Clustering Protocol
Qin Hong, Wang Hao, Wei Xiaochao, Zheng Zhihua
2020, 57(10):  2188-2200.  doi:10.7544/issn1000-1239.2020.20200407
Asbtract ( 35 )   PDF (1201KB) ( 25 )  
Related Articles | Metrics
In most of the practical applications of cluster calculation, the data usually comes from different users, and the cluster algorithm often needs to be calculated on the joint data of them. For privacy protection purposes, users do not want to share their private data with others. Therefore, how to implement multi-user cluster calculation in a privacy-preserving way has attracted widespread attention. In this paper, we research the secure computation of k-means cluster algorithm in the scenario where multiple users hold data, and design a constant round secure multi-user k-means cluster protocol. In this protocol, users encrypt data using additive homomorphic encryption and upload data to an independent assisted server. Then, this server implements the secure computation of multiplication and Euclidean distance by interacting with cluster calculator holding the private key. In addition, we also design a minimal element marking protocol and a division protocol for homomorphic ciphertext based on the ABY framework. The protocol realizes the conversion among homomorphic ciphertexts, arithmetic shares and Yao shares through constant round interaction without expensive bit-decomposition technology. We give the formal security proof of main protocol and all sub-protocols in the semi-honest model. Finally, we give the efficiency analysis and performance test of our scheme.
Template Protection of Speaker Recognition Based on Random Mapping Technology
Ding Yong, Li Jiahui, Tang Shijie, Wang Huiyong
2020, 57(10):  2201-2208.  doi:10.7544/issn1000-1239.2020.20200474
Asbtract ( 14 )   PDF (1382KB) ( 8 )  
Related Articles | Metrics
Speaker recognition realizes a simple and fast biometric authentication method which is non-contact, not easy to forge and can be authenticated remotely, However, it is not completely secure, as in the process of authentication, storing user data in a third party brings many security and privacy concerns. In order to mitigate the challenge, the template protection of speaker recognition problem is studied based on identity vector (i-Vector) and linear discriminant analysis (LDA), and an improved random mapping technique is proposed, which is used to randomize the voiceprint features. Then we construct a template protection scheme for speaker recognition, which allows users to register in random domain and to complete speaker recognition. Finally, we use the open Chinese speech data set (AISHELL) to simulate the proposed scheme. The results show that the scheme does not significantly affect the accuracy of voiceprint authentication, and realize confidential comparisons of voiceprint templates, which effectively ensures the security and privacy of voice data in speaker recognition.
A Spectrum Sharing Incentive Scheme Against Location Privacy Leakage in IoT Networks
Feng Jingyu, Yang Jinwen, Zhang Ruitong, Zhang Wenbo
2020, 57(10):  2209-2220.  doi:10.7544/issn1000-1239.2020.20200453
Asbtract ( 15 )   PDF (3057KB) ( 14 )  
Related Articles | Metrics
The influx of massive IoT devices can aggravate the shortage of spectrum resources, while the contradiction that a large number of licensed spectrum resources are underused. The key to resolve this issue is to adopt spectrum sharing. However, some licensed users (LUs) are reluctant to share their idle spectrum due to selfishness and concerning about location privacy leakage, which will seriously restrict the effective implementation of spectrum sharing in IoT Networks. In view of this, a Casper model (GB-Casper) for coding optimization is designed by combining the Geohash encoding prefix and binary encoding suffix with k anonymous region location encoding method. This model employs the minimum area of anonymous region (A\-\{min\}) required by LUs to control the length of Geohash code, and utilizes the binary code to divide k anonymous region in a fine-grained way. Through the string comparison operation, it can determine whether the generated k anonymous region contains k-1 users, so as to reduce the binary number of encoding bits to gradually expand the scan region, and thus achieving the k anonymous region satisfying the protection of location privacy to replace the authorized users’ real location. The spectrum contribution degree is introduced, which is quantified into the game model together with the level of location privacy protection to form an incentive scheme for IoT spectrum sharing against location privacy leakage. Simulation results show that the proposed scheme can quickly construct k anonymous region and effectively motivate LUs to actively participate in spectrum sharing while preventing location privacy leakage.
Privacy-Preserving Statistics Protocol for Set-Based Computation
Song Xiangfu, Gai Min, Zhao Shengnan, Jiang Han
2020, 57(10):  2221-2231.  doi:10.7544/issn1000-1239.2020.20200444
Asbtract ( 18 )   PDF (838KB) ( 20 )  
Related Articles | Metrics
Mining valuable information from high volume of data, which can be used to guide real-world business and management, has been an important demand in the era of big data. In reality, data is usually distributed among different entities. A common way for data analysis is to let a trusted party to perform algorithms on the collected data. However, this trivial approach not only puts data owners privacy at risk, but also may bring with potential data breach issued by some outside attackers. With more and more law and regulation on data security and privacy coming out, there are more requirements for the whole life of data, which includes privacy-preserving data storing, processing and so on. It has been a common sense to leverage privacy-preserving techniques to protect sensitive data while still enabling participants to mine value from the whole dataset contributed from each party. Among those techniques, private set intersection (PSI) attracts more and more attention as it can be applied in many real-world scenarios. However, most PSI protocols only focus on computing the intersection itself, and in many cases the participants may also want to compute a function of the intersection, e.g., the cardinality of intersection or intersection sum, and even more general functions. To this end, a several of protocols are designed in this paper. By these protocols, one can privately compute intersection cardinality or intersection sum without leaking the elements of the intersection. Notably, these protocols, without resorting to homomorphic encryption or general circuit-based technique, can complete needed computation by only leveraging oblivious transfer. Since oblivious transfer can be efficiently extended by current highly efficient oblivious transfer extension protocols, this means these protocols are highly efficient in computation complexity. In addition, communication complexity of the protocols is also optimized by leveraging existing hashing technique. The protocols can be formally proven secure under semi-honest adversary, and complexity analysis is also provided in the paper.
ACT: Auditable Confidential Transaction Scheme
Jiang Yihan, Li Yong, Zhu Yan
2020, 57(10):  2232-2240.  doi:10.7544/issn1000-1239.2020.20200400
Asbtract ( 14 )   PDF (1264KB) ( 12 )  
Related Articles | Metrics
Cryptographic techniques are important means for blockchain privacy protection. However, strong privacy protection and transaction data audit are two conflicting requirements of stakeholders and organizations in the blockchain. Therefore, considering the lack of auditing of private cryptocurrency, an auditable confidential transaction (ACT) scheme is proposed. In ACT scheme, digital signature is used to authenticate the source of audit request, and bulletproofs is used to aggregate range proof to improve the efficiency of transaction generation. Homomorphic encryption ensures that the auditor only knows the total amount of transaction of all users in the network for a period of time, while protecting the privacy of individual user’s transaction amount. Through zero knowledge proof, the privacy and correctness of transaction data are guaranteed. The security proof shows that ACT scheme satisfies auditability, audit reliability and transaction amount privacy. The experiment results show that the generation and verification efficiency of transaction via bulletproofs are improved, and the execution efficiency of the auditor’s algorithm as well.
Efficient and Secure Federated Learning Based on Secret Sharing and Gradients Selection
Dong Ye, Hou Wei, Chen Xiaojun, Zeng Shuai
2020, 57(10):  2241-2250.  doi:10.7544/issn1000-1239.2020.20200463
Asbtract ( 62 )   PDF (1088KB) ( 55 )  
Related Articles | Metrics
In recent years, federated learning (FL) has been an emerging collaborative machine learning method where distributed users can train various models by only sharing gradients. To prevent privacy leakages from gradients, secure multi-party computation (MPC) has been considered as a promising guarantee recently. Meanwhile, some researchers proposed the Top-K gradients selection algorithm to reduce the traffic for synchronizing gradients among distributed users. However, there are few works that can balance the advantages of the two areas at present. We combine secret sharing with Top-K gradients selection to design efficient and secure federated learning protocols, so that we can cut down the communication overheads and improve the efficiency during the training phase while guaranteeing the users privacy and data security. Also, we propose an efficient method to construct message authentication code (MAC) to verify the validity of the aggregated results from the servers. And the communication overheads introduced by the MAC is small and independent of the number of shared gradients. Besides, we implement a prototype system. Compared with the plaintext training, on the one hand, our secure techniques introduce small additional overheads in communication and computation; On the other hand, we achieve the same level of accuracy as the plaintext training.