A White-Box Watermarking Modulation for Encrypted DNN in Homomorphic Federated Learning

Mohammed Lansari; Mohammed Lansari; Reda Bellafqira; Katarzyna Kapusta; Vincent Thouvenot; Olivier Bettan; Gouenou Coatrieux

doi:10.5220/0012764300003767

A White-Box Watermarking Modulation for Encrypted DNN in Homomorphic Federated Learning

Mohammed Lansari, Mohammed Lansari, Reda Bellafqira, Katarzyna Kapusta, Vincent Thouvenot, Olivier Bettan, Gouenou Coatrieux

2024

Abstract

Federated Learning (FL) is a distributed paradigm that enables multiple clients to collaboratively train a model without sharing their sensitive local data. In such a privacy-sensitive setting, Homomorphic Encryption (HE) plays an important role by enabling computations on encrypted data. This prevents the server from reverse-engineering the model updates, during the aggregation, to infer private client data, a significant concern in scenarios like the healthcare industry where patient confidentiality is paramount. Despite these advancements, FL remains susceptible to intellectual property theft and model leakage due to malicious participants during the training phase. To counteract this, watermarking emerges as a solution for protecting the intellectual property rights of Deep Neural Networks (DNNs). However, traditional watermarking methods are not compatible with HE, primarily because they require the use of non-polynomial functions, which are not natively supported by HE. In this paper, we address these challenges by proposing the first white-box DNN watermarking modulation on a single homomorphically encrypted model. We then extend this modulation to a server-side FL context that complies with HE’s processing constraints. Our experimental results demonstrate that the performance of the proposed watermarking modulation is equivalent to the one on unencrypted domain.

Download

Paper Citation

in Harvard Style

Lansari M., Bellafqira R., Kapusta K., Thouvenot V., Bettan O. and Coatrieux G. (2024). A White-Box Watermarking Modulation for Encrypted DNN in Homomorphic Federated Learning. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 186-197. DOI: 10.5220/0012764300003767

in Bibtex Style

@conference{secrypt24,
author={Mohammed Lansari and Reda Bellafqira and Katarzyna Kapusta and Vincent Thouvenot and Olivier Bettan and Gouenou Coatrieux},
title={A White-Box Watermarking Modulation for Encrypted DNN in Homomorphic Federated Learning},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={186-197},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012764300003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - A White-Box Watermarking Modulation for Encrypted DNN in Homomorphic Federated Learning
SN - 978-989-758-709-2
AU - Lansari M.
AU - Bellafqira R.
AU - Kapusta K.
AU - Thouvenot V.
AU - Bettan O.
AU - Coatrieux G.
PY - 2024
SP - 186
EP - 197
DO - 10.5220/0012764300003767
PB - SciTePress