FedZKP: Federated Model Ownership Verification with Zero-knowledge Proof
This addresses the need for secure model ownership verification in federated learning to prevent unauthorized use, though it appears incremental as it builds on existing zero-knowledge proof techniques.
The paper tackles the problem of protecting federated learning models from plagiarism or misuse by proposing FedZKP, a provably secure model ownership verification scheme using zero-knowledge proof, which is shown to defeat various attacks with negligible breach probability.
Federated learning (FL) allows multiple parties to cooperatively learn a federated model without sharing private data with each other. The need of protecting such federated models from being plagiarized or misused, therefore, motivates us to propose a provable secure model ownership verification scheme using zero-knowledge proof, named FedZKP. It is shown that the FedZKP scheme without disclosing credentials is guaranteed to defeat a variety of existing and potential attacks. Both theoretical analysis and empirical studies demonstrate the security of FedZKP in the sense that the probability for attackers to breach the proposed FedZKP is negligible. Moreover, extensive experimental results confirm the fidelity and robustness of our scheme.