FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature
This addresses ownership protection for federated learning models, which is crucial for parties investing in training, but it is an incremental improvement over existing verification schemes.
The paper tackles the problem of verifying ownership of federated learning models, which is vulnerable to attacks and lacks scalability, by proposing FedSOV, a scheme using unforgeable digital signatures that theoretically resists ambiguity attacks and is validated on vision and NLP tasks.
Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. The high cost of training and the significant value of the global model necessitates the need for ownership verification of federated learning. However, the existing ownership verification schemes in federated learning suffer from several limitations, such as inadequate support for a large number of clients and vulnerability to ambiguity attacks. To address these limitations, we propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV. FedSOV allows numerous clients to embed their ownership credentials and verify ownership using unforgeable digital signatures. The scheme provides theoretical resistance to ambiguity attacks with the unforgeability of the signature. Experimental results on computer vision and natural language processing tasks demonstrate that FedSOV is an effective federated model ownership verification scheme enhanced with provable cryptographic security.