A Group Anonymity Based Federated Learning Framework

As federated learning gradually enters the application field, its data privacy guarantee has received more and more research attention. Although federated learning can avoid direct exchange of personal data through gradient aggregation, many studies have shown that attackers can obtain user privacy information only through gradients. In addition, the security of the model itself is also threatened. Another type of attack on federated learning is to pretend to be a user and control the final model by carefully constructing the submitted data. However, current defenses against these two attacks are contradictory. The former needs to shield participants from directly obtaining gradients submitted by users, while the latter needs to use these data to analyze potential malicious users. In order to balance the privacy and security of federated learning, we construct an anonymity method, group anonymity, a privacy guarantee that everyone cannot distinguish submitters from each other, to protect user privacy while allowing the server to detect malicious submissions. Our implementation is based on ring signature and blockchain. Ring signature realizes anonymous authentication of users. The blockchain provides a trusted collaboration environment, which prevents deception of individual users and avoids fishing on users. Experiments demonstrate the effectiveness of our framework against label flipping attacks and reconstruction attacks.