FLClear: Visually Verifiable Multi-Client Watermarking for Federated Learning

TL;DR

FLClear is a new federated learning watermarking framework that ensures collision-free, secure, and visually verifiable ownership of client models, addressing limitations of previous methods.

Contribution

FLClear introduces a transposed model with contrastive learning for collision-free watermarking and visual ownership verification in federated learning.

Findings

Outperforms existing FL watermarking methods in experiments.

Provides visually interpretable ownership verification.

Enhances watermark security and collision resistance.

Abstract

Federated learning (FL) enables multiple clients to collaboratively train a shared global model while preserving the privacy of their local data. Within this paradigm, the intellectual property rights (IPR) of client models are critical assets that must be protected. In practice, the central server responsible for maintaining the global model may maliciously manipulate the global model to erase client contributions or falsely claim sole ownership, thereby infringing on clients' IPR. Watermarking has emerged as a promising technique for asserting model ownership and protecting intellectual property. However, existing FL watermarking approaches remain limited, suffering from potential watermark collisions among clients, insufficient watermark security, and non-intuitive verification mechanisms. In this paper, we propose FLClear, a novel framework that simultaneously achieves collision-free watermark aggregation, enhanced watermark security, and visually interpretable ownership verification. Specifically, FLClear introduces a transposed model jointly optimized with contrastive learning to integrate the watermarking and main task objectives. During verification, the watermark is reconstructed from the transposed model and evaluated through both visual inspection and structural similarity metrics, enabling intuitive and quantitative ownership verification. Comprehensive experiments conducted over various datasets, aggregation schemes, and attack scenarios demonstrate the effectiveness of FLClear and confirm that it consistently outperforms state-of-the-art FL watermarking methods.