FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature

TL;DR

FedSOV introduces a cryptographic signature-based method for federated learning model ownership verification, enabling secure, scalable, and unforgeable ownership claims across many clients, with proven resistance to attacks.

Contribution

The paper presents FedSOV, a novel cryptographic scheme that enhances federated learning ownership verification by supporting numerous clients and resisting ambiguity attacks.

Findings

Effective ownership verification on vision and NLP tasks.

Supports large-scale federated learning with cryptographic security.

Resistant to ambiguity and forgery attacks.

Abstract

Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. The high cost of training and the significant value of the global model necessitates the need for ownership verification of federated learning. However, the existing ownership verification schemes in federated learning suffer from several limitations, such as inadequate support for a large number of clients and vulnerability to ambiguity attacks. To address these limitations, we propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV. FedSOV allows numerous clients to embed their ownership credentials and verify ownership using unforgeable digital signatures. The scheme provides theoretical resistance to ambiguity attacks with the unforgeability of the signature. Experimental results on computer vision and natural language processing tasks demonstrate that FedSOV is an effective federated model ownership verification scheme enhanced with provable cryptographic security.