On the Security of Verifiable and Oblivious Secure Aggregation for Privacy-Preserving Federated Learning

被引:2
作者
Wu, Jiahui [1 ]
Zhang, Weizhe [1 ,2 ]
机构
[1] Peng Cheng Lab, New Network Dept, Shenzhen 518000, Peoples R China
[2] Harbin Inst Technol, Fac Comp, Sch Cyberspace Sci, Shenzhen 518055, Peoples R China
来源
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING | 2024年 / 21卷 / 05期
基金
中国国家自然科学基金;
关键词
Gold; Forgery; Aggregates; Resists; Protocols; Federated learning; Encryption; verifiability; privacy protection; secure aggregation;
D O I
10.1109/TDSC.2024.3352170
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Recently, to resist privacy leakage and aggregation result forgery in federated learning (FL), Wang et al. proposed a verifiable and oblivious secure aggregation protocol for FL, called VOSA. They claimed that VOSA was aggregate unforgeable and verifiable under a malicious aggregation server and gave detailed security proof. In this article, we show that VOSA is insecure, in which local gradients/aggregation results and their corresponding authentication tags/proofs can be tampered with without being detected by the verifiers. After presenting specific attacks, we analyze the reason for this security issue and give a suggestion to prevent it.
引用
收藏
页码:4324 / 4326
页数:3
相关论文
共 1 条
[1]   VOSA: Verifiable and Oblivious Secure Aggregation for Privacy-Preserving Federated Learning [J].
Wang, Yong ;
Zhang, Aiqing ;
Wu, Shu ;
Yu, Shui .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2023, 20 (05) :3601-3616
1