NIPVS-FL: a non-interactive publicly verifiable secure federated-learning scheme against malicious servers

Federated learning (FL) enables decentralized data sources like mobile phones to joint training a neural network model without sharing the original data. However, shared local gradients make the privacy of local data in FL vulnerable. The aggregation server also may return incorrect results to clients due to unexpected error or the deliberately attack. In this work, we explore how to design a non-interactive and publicly verifiable aggregation scheme. The existing verifiable schemes are under semi-honest adversary model, in which the server is honest-but-curious but with additional power to counterfeit the aggregation result. We propose a scheme under stronger security model against malicious servers. The proposed scheme guarantees that as long as the two servers are non-colluding, even a malicious server cannot obtain input privacy of client. The malicious server will be detected by honest clients when it tries to tamper the result.