CN-121997358-A - Federal recommendation privacy protection method and system based on ring signature and selective aggregation

Abstract

The invention discloses a federal recommended privacy protection method based on ring signature and selective aggregation, which realizes anonymization privacy protection and selective aggregation in the federal learning process through an innovative double-server architecture and a layered security mechanism. The method comprises the following steps of 1) deploying an aggregation server and a security server in a system initialization stage to finish parameter initialization and key distribution, 2) executing local model training by a client, adopting a ring signature technology to realize anonymization privacy protection uploading, 3) carrying out selective aggregation of trusted verification by the security server, finishing grouping and parameter fusion based on user similarity, and 4) ensuring model updating integrity and source credibility through a layered security parameter distribution mechanism. The invention effectively prevents the user identity from revealing and privacy tracking while ensuring the recommendation precision, provides an omnibearing safety guarantee for the federal recommendation system, and has the advantages of low calculation cost and high communication efficiency.

Inventors

• YANG PENG
• Du Angze
• WANG ZHENQI
• YANG DONGMEI
• LI YOUPING

Assignees

• 东南大学

Dates

Publication Date

20260508

Application Date

20260120

Claims (8)

1. 1. A federal recommended privacy protection method based on ring signature and selective aggregation is characterized by comprising the following steps of 1, deploying an aggregation server and a security server in a system initialization stage to finish parameter initialization and key distribution, 2, executing local model training by a client, realizing anonymized privacy protection uploading by adopting a ring signature technology, 3, performing selective aggregation of trusted verification by the security server to finish grouping and parameter fusion based on user similarity, and 4, ensuring model updating integrity and source credibility through a layered security parameter distribution mechanism.
2. 2. The federal recommended privacy protection method based on ring signature and selective aggregation according to claim 1, wherein the step 1 is a system initialization, specifically comprising the sub-steps 1-1 of deploying an aggregation server and a security server, wherein the aggregation server is responsible for user clustering, similarity evaluation and model fusion, and the security server is responsible for parameter exchange and authentication, and the sub-step 1-2 of initializing global model parameters by the aggregation server first And embedding vectors into the article using K-Means Clustering to generate clustered label vectors Wherein Representing an article The sub-steps 1-3, the security server generates and distributes the secret key for the system, including that the security server is Generation of RSA key pairs Generating RSA key pairs for oneself For encryption and decryption of session keys, for each Generating ECDSA signing key pairs Generating ECDSA signing key pairs for oneself These key pairs are used for authentication; Receiving client Transmitted ring signature request and public key thereof Generating a public key ring And send to the client Client side Using the public key ring And its private key Generating a ring signature structure And calculates a ring signature link label Wherein As a result of the initial challenge value, Is a random number vector.
3. 3. The federal recommended privacy protection method based on ring signature and selective aggregation of claim 1, wherein step 2 comprises anonymizing privacy protection uploading, specifically comprising substep 2-1, wherein the client trains a local model based on a local user interaction log, and minimizes an objective function by optimizing a scoring function and a local object embedding matrix Substep 2-2 the client encrypts the local parameter update, in particular randomly generating a symmetric key And random number Model update ciphertext using ChaCha20 algorithm ; RSA public key using secure server The symmetric key and the random number are encrypted to obtain an encryption key Constructing an upload message Substep 2-3 client uses ring signature structure For messages Signing and uploading the signed message to a security server.
4. 4. The federal recommended privacy protection method based on ring signature and selective aggregation according to claim 1, wherein the step 3 of selective aggregation based on trusted verification comprises the steps of the security server receiving the message as substep 3-1 The ring signature verification is performed by initializing For each of Calculation of And (3) with Calculating Verification of Whether or not it is true, if so, the signature is valid, and Forwarding to the aggregation server, otherwise discarding the message, substep 3-2, security server decrypting model update, use its RSA private key Decryption to obtain Further by Restoring local parameter updates And send to the aggregation server, substep 3-3: aggregation server based on all clients Grouping users, and calculating the similarity of each client u aiming at the core client c and the target object class k Dividing clients into similar groups and non-similar groups based on cosine similarity ordering and elbow rule, and sub-step 3-4, aggregating client parameters in the similar groups, and calculating average parameters 。
5. 5. The federal recommended privacy protection method based on ring signature and selective aggregation according to claim 1, wherein the step 4 of hierarchical security parameter distribution specifically comprises substep 4-1 of the security server encrypting and signing the aggregation parameter v_s, specifically generating a new session key Calculating ciphertext Encrypting the session key and the random number by using the RSA public key of the client to obtain Signing the ciphertext using the ECDSA private key of the secure server to generate Sub-step 4-2 client-side within the affinity group receives the triplet Thereafter, the signature is verified using the ECDSA public key of the secure server After passing the verification, the private key of the RSA is used Decryption to obtain Thereby restoring the aggregation parameters Substep 4-3 client within the affinity group sets its local parameters Updated to The clients in the non-similar group only receive the article clustering labels M for supervision and contrast enhancement of subsequent training, and model parameters are not updated directly.
6. 6. The federal recommended privacy protection system based on ring signature and selective aggregation is characterized by being used for realizing the federal recommended privacy protection method based on ring signature and selective aggregation according to any one of claims 1-5, and comprises a module 1, a system initialization module, a module 2, an anonymization privacy protection uploading module, a module 3, a selective aggregation module based on trusted verification, a module 4, a hierarchical security parameter distribution module and a public key management module; the system comprises a module 1, a system initialization module, a global model parameter generation module, a data processing module and a data processing module, wherein the system initialization module is used for deploying an aggregation server and a security server and definitely dividing functions of the aggregation server and the security server; The module 2 is used for guiding the client to locally perform model training and generate parameter updating, performing multi-layer encryption processing on the parameter updating and generating safe transmission information; The module 3 is a selective aggregation module based on trusted verification, and is used for carrying out ring signature verification and decryption on the information uploaded by the client at the security server, carrying out dynamic grouping according to the similarity of the client at the aggregation server, and carrying out security aggregation on the client parameter update in the similarity group; the module 4 is used for encrypting and signing the aggregated model parameters and safely distributing the model parameters to the target client, guiding the client to verify and decrypt the received information, and executing a differentiated parameter updating strategy according to the group (similar group or dissimilar group) to which the client belongs.
7. 7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements a federal recommended privacy protection method based on ring signatures and selective aggregation as claimed in any one of claims 1 to 5 when the program is executed by the processor.
8. 8. A computer readable storage medium having stored thereon computer instructions which when executed by a processor implement a federal recommended privacy protection method based on ring signatures and selective aggregation as claimed in any one of claims 1 to 5.

Description

Federal recommendation privacy protection method and system based on ring signature and selective aggregation Technical Field The invention relates to a federal recommended privacy protection model and device based on a ring signature, and belongs to the technical field of artificial intelligence and information security. Background With the popularity of the internet and mobile devices, recommendation systems have become a core component of electronic commerce, social networking and content platforms. Traditional centralized recommendation systems need to collect personal data and interaction behavior of users, and serious privacy disclosure risks exist. The federal recommendation system allows a user to train a model locally in a mode of 'data motionless model', only uploads model parameters, and user privacy is protected to a certain extent. However, existing federal recommendation systems still face a number of challenges. On one hand, model parameters uploaded by a client may be reversely analyzed to infer sensitive information or participation identities of users, so that dual leakage of behavior privacy and identity privacy is caused, on the other hand, the traditional federal recommendation aggregation strategy ignores the difference of interest of users, and is difficult to maintain the recommendation personalized effect while protecting the privacy, and more importantly, the recommendation precision is often seriously damaged or extremely high calculation cost is caused by adopting technologies such as differential privacy, homomorphic encryption and the like for enhancing the privacy. The ring signature technology can provide strong anonymity guarantee for the federal recommendation system, so that an attacker cannot determine the source of the update of the specific model. However, the direct application of the ring signature to the federal recommendation system can face the problems that signature verification overhead is high, personalized aggregation cannot be supported, and the like. Therefore, the invention provides a federal recommended privacy protection model and device based on ring signature, which can provide omnibearing privacy protection while guaranteeing recommended quality through an innovative double-server architecture and a layered security mechanism. Disclosure of Invention Aiming at the problems of privacy leakage risk, rough aggregation policy, high calculation cost and the like of the existing federal recommendation system, the invention provides a federal recommendation privacy protection method and system based on ring signature and selective aggregation. The ring signature provides strong anonymity, the system security is ensured by combining trusted verification, the recommendation effect is improved by adopting selective aggregation, and the balance between privacy protection and recommendation performance is realized. The technical scheme is that the federal recommended privacy protection model and device based on the ring signature comprise the following steps: 1) The system initializing stage comprises the steps of deploying an aggregation server and a security server which are respectively responsible for model fusion and security authentication, initializing global model parameters and completing article clustering, generating and distributing an RSA key pair for encrypted communication, an ECDSA key pair for identity authentication and a public key ring required for constructing a ring signature. 2) The anonymization privacy protection uploading stage comprises the steps that a client trains a personalized recommendation model based on local user interaction data, the encryption protection is carried out on model parameters by using a Chacha20 algorithm and a hybrid encryption mechanism, and anonymization processing is carried out on uploading information by using a ring signature technology, so that the data source is guaranteed to be untraceable. 3) The selective aggregation stage based on the trusted verification comprises the steps that a security server verifies ring signatures uploaded by a client to ensure the integrity and legality of messages, decrypts model parameters and forwards the model parameters to an aggregation server, the aggregation server divides the client into similar groups and non-similar groups based on cosine similarity and elbow rules, and the security aggregation is carried out on the model parameters in the similar groups. 4) The hierarchical security parameter distribution stage comprises the steps that a security server re-encrypts and digitally signs aggregated model parameters, a similarity group client receives and verifies parameter updating to finish local model updating, and a non-similarity group client only receives article clustering information for subsequent optimization. Compared with the prior art, the invention has the following advantages: (1) The ring signature technology provides strong anonymity, and combines a m