深度学习已经在语音识别、图像处理等领域取得了巨大成功。虽然深度学习为这些领域提供了新的解决方案，但是深度学习的训练模型需要大量的数据。为此，服务提供者需要收集大量的参与方数据，这些数据中可能包含企业或用户的敏感信息，如医疗记录、账户信息、企业运营状况等。这些敏感信息在深度学习中的应用，容易导致企业或用户敏感数据泄露。同时，随着用户个人隐私保护意识增强及国家信息安全法律法规的不断出台，各行各业对多参与方隐私保护深度学习的研究越来越重视。

目前，人工智能中很多数据都是以数据孤岛的形式存在。此外，数据安全应用的限制及法律法规的约束，更加剧了数据孤岛的形成。联邦深度学习作为分布式协同计算的主流技术，在多源用户不交换数据的情况下基于深度学习算法进行协作训练推理，实现多源孤岛数据价值安全挖掘利用。尽管联邦深度学习能解决“原始数据不出域，数据可用不可见”的协同计算范式，解决数据孤岛问题，但是它仍然能泄露用户数据隐私。本文针对现有隐私保护深度学习中存在的问题，设计了适用于特定场景下的基于同态加密的隐私保护深度学习方案，完成的主要工作如下。

（1）针对图像深度学习隐私泄露、现有部分复杂的非线性函数密文无法计算、训练过程中存在训练误差等问题，提出了一个新的隐私保护图像分类深度学习方案 （PIDL）。在PIDL中，提出了两种隐私保护深度学习训练方式PIDLSC和PIDLSL，即采用两组密文激活函数和代价函数――密文的sigmoid激活函数+交叉熵代价函数或密文的softmax激活函数+最大似然代价函数来构建两种隐私保护深度学习方式，这两种方式实现了密文数据下深度学习的模型训练。通过改进sigmoid激活函数的训练方式减少训练过程中的误差，改进原有多个隐私保护深度学习方案中密文sigmoid激活函数+密文平方误差代价函数的方式为现有的密文激活函数和密文代价函数，基于Paillier加密算法实现了隐私保护深度学习训练与分类，保护了训练数据和模型的隐私。安全分析和性能评估表明，方案在保证安全性和正确性的前提下，尽管协议在服务器间交互轮数较多，相较于现有方案具有更低的通信代价和更高的准确率。

（2）针对深度学习模型中部分非线性函数密文无法直接计算或计算方式有待提高、原有多密钥深度学习训练效率低等问题，提出了一个基于同态重加密和安全计算工具包的隐私保护深度学习方案（PDLHR）。首先，提出了一个基于BCP密码体制的同态重加密方案，该方案能在保证同态性的前提下将不同公钥下的密文转换为相同公钥下的密文，比现有的基于BCP密码体制的重加密方案更简化。为了实现密文的高效计算，设计了安全计算工具包，构造了多层感知机神经网络中密文激活函数和密文代价函数等密文训练过程。与之前的工作相比，PDLHR实现了多密钥深度学习下密文的高效训练，保证了输入数据、训练模型和推理结果的安全性。安全分析和性能评估表明，该方案尽管也存在交互轮数多的问题，但通过封包调用的方式一 定程度上减轻了交互，同时方案的加解密效率优于原有方案的加解密效率。

（3）针对联邦深度学习中多参与方密文协同计算难、隐私保护联邦学习训练收敛速度慢等问题，提出了一个实用高效的隐私保护联邦深度学习方案（PEPFL）。首先，提出了适应于联邦学习的分布式ElGamal密码方案，该方案能解决联邦学习中的多密钥用户协同计算问题。然后，利用动量梯度下降（MGD）、卷积神经网络 （CNN）及所设计的密码体制，设计了一个新的隐私保护联邦深度学习方案。在该方案中，用户首先生成自己的公私钥对，并将各自的公钥发送给聚合服务器，聚合服务器生成联合公钥并下发给用户。用户通过提出的分布式ElGamal密码方案进行联合公钥下的数据加密并上传给训练器，训练器将密文数据在本地模型中进行训练，然后聚合服务器与训练器协作更新密文动量和密文权重。最后，对提出的方案进行了安全性分析和性能评估。结果表明，与现有方案相比，我们的方案在保证安全性的同时，具有更低的通信代价和计算代价，同时确保了更高的加解密效率。

（4）针对物联网环境下联邦深度学习通信代价高、故障频繁及训练数据质量低等问题，提出了一个基于椭圆曲线密码体制的动态化公平性的隐私保护联邦深度学习方案。首先，提出了适用于联邦学习的多密钥EC-ElGamal密码体制（MEEC），尽管该加密方案需要在同一个代数结构下进行加密，但可以解决物联网环境下联邦学习的多密钥用户协同计算问题，减少了通信代价和计算代价，提高了加密效率。其 次，设计了多参与方动态变化的用户动态退出和加入算法，以防止通信故障或用户动态加入退出对模型训练或推理的影响。最后，对提出的方案进行了安全性分析和性能评估。结果表明，该方案在保证安全性的同时，其加解密效率虽然低于带错学习问题（LWE）的加密算法的加解密效率，但优于其他比较方案的加解密效率，同时，总运行效率优于比较的几个加密方案，方案也验证了训练参数阈值的选择对训练准确率有直接影响。

Deep learning has achieved great success in speech recognition, image processing, and other fields. Although deep learning provides new solutions for these applications, the training model of deep learning requires a large amount of data. Therefore, the service providers need to collect a large amount of participant data, and these data may contain sensitive information about companies or users, such as medical records, account information, business operation status, etc. The applications of these sensitive information in deep learning can easily lead to the leakage of sensitive data of enterprises or users. At the same time, with the increasing awareness of personal privacy protection of users and the continuous introduction of national information security laws and regulations, various fields pay more and more attention to the research of multi-participant privacy-preserving deep learning.

At present, a lot of data in artificial intelligence exists in the form of data islands. In addition, the restrictions on data security applications and the constraints of laws and regulations aggravate the formation of data islands. Federated deep learning, as the mainstream technology of distributed collaborative computing, is a collaborative training and prediction model based on deep learning algorithms without data exchange by multi-source users to realize secure mining and utilization of multi-source island data value. Although federated deep learning can solve the collaborative computing paradigm of ``raw data is not out of the domain, and data is available and invisible" and solve the problem of data islanding, it can still leak the privacy of user data. Aiming at the problems in existing privacy-preserving deep learning models or frameworks, this dissertation designs novel privacy-preserving deep learning schemes based on homomorphic encryption that applies to specific scenarios. The main works are as follows.

 (1) Aiming at the problems of image deep learning, such as privacy disclosure, uncomputable problem of some complex nonlinear functions in the ciphertext，training error in the training process, a novel privacy-preserving image classification deep learning scheme (PIDL) is proposed. In PIDL, two training classification methods (PIDLSC and PIDLSL) of deep learning are designed, that is, two groups of ciphertext activation functions and cost functions -- sigmoid activation function + cross-entropy cost function of ciphertext or softmax activation function + log-likelihood cost function of ciphertext are used to construct two privacy-preserving deep learning methods, which realize deep learning training under ciphertext data. In this scheme, the error in the training process is reduced by improving the training mode of the sigmoid activation function. The scheme improves the ciphertext sigmoid activation function + ciphertext square error cost function in some original privacy-preserving deep learning schemes for existing ciphertext activation function and ciphertext cost function,  and deep learning training and classification for privacy protection are implemented based on Paillier encryption algorithm, protecting the privacy of training data and training model. Security analysis and performance evaluation demonstrate that, on the premise of ensuring the security and correctness of the scheme, although protocols have more rounds of interaction during servers, compared with existing schemes, the proposed scheme has lower communication costs and higher accuracy.
    
(2) Aiming at the problems that some nonlinear functions in the deep learning model cannot be directly calculated under ciphertext or need to improve the calculation methods and the original multi-key deep learning model has low efficiency, a privacy-preserving deep learning scheme (PDLHR) with homomorphic re-encryption and secure computing toolkit is proposed. Firstly, a homomorphic re-encryption scheme based on BCP cryptosystem is presented. The scheme can convert ciphertexts under different public keys into ciphertexts under the same public key under the premise of guaranteeing homomorphism, which is more simplified than the existing re-encryption schemes based on BCP cryptosystem. To realize efficient ciphertext calculation, a secure computing toolkit is designed, and the ciphertext training processes such as ciphertext activation functions and ciphertext cost function are constructed. Compared with the prior works, PDLHR realizes efficient ciphertext training under multi-key deep learning, and protects the privacy of input data, training model and inference results.  Security analysis and performance evaluation show that although the scheme has the problem of interaction rounds, it alleviates the interactions to a certain extent through packet invocation, and the encryption and decryption efficiency of the scheme is better than that of the original schemes.
    
(3) Aiming at the problems that multi-participant ciphertext collaborative computing is difficult, and privacy preserving federated learning training has a slow convergence rate, a practical and efficient privacy-preserving federated deep learning scheme (PEPFL) is proposed. Firstly, a distributed ElGamal cryptographic scheme for federated learning is presented, which can solve the problem of multiple keys in federated learning. 
Then, a novel privacy-preserving federated learning framework is designed using momentum gradient descent (MGD) and convolutional neural network (CNN) as well as the designed cryptographic system. In this scheme, users first generate their public and private key pairs and send their public keys to the aggregation server. Then the aggregation server produces the joint public key and sends it to all users. These users encrypt their data under the joint public key through the proposed distributed ElGamal cryptography and upload them to trainers. Trainers train these ciphertext data in the local models, and then the aggregation server and the trainers cooperate to update the ciphertext momentums and ciphertext weights. Finally, the security analysis and performance evaluation of the proposed scheme are carried out. Results show that compared with existing schemes, our scheme has lower communication and computational costs while guaranteeing security, and ensuring higher efficiency of encryption and decryption.
    
 (4) Aiming at the problems of high communication costs, frequent failures, and low-quality of training data in federated learning in the Internet of Things (IoT) environment, a privacy-preserving federated deep learning scheme based on Elliptic Curve Cryptosystem with dynamic and fairness data is proposed. Firstly, a multi-key EC-ElGamal cryptographic system (MEEC) adapted to federated learning is proposed, although the encryption scheme needs to be encrypted under the same algebraic structure, it solves the problem of cooperative calculation of users with multiple keys in federated learning, reduces communication and computational costs, and improves the encryption efficiency. Secondly, multi-participant user dynamic quitting and joining algorithms are designed to prevent the influence of communication failure or user dynamic joining and exiting on model training or prediction. Finally, the security analysis and performance evaluation of the proposed scheme are carried out. Results show that, while ensuring security, the encryption and decryption efficiency of our scheme is lower than that of learning with the error (LWE) encryption algorithm, but better than that of other comparison schemes. At the same time, the total efficiency is superior to the comparison of several encryption schemes, and it also verifies that the selection of the training parameter threshold has a direct influence on the training accuracy.
 

[1] CHEN M, LI Y, LUO X, et al. A novel human activity recognition scheme for smart health using multilayer extreme learning machine[J]. IEEE Internet Things J., 2019, 6(2): 1410-1418.
[2] CHOUDRIE J, PATIL S, KOTECHA K, et al. Applying and Understanding an Advanced, Novel Deep Learning Approach: A Covid 19, Text Based, Emotions Analysis Study[J]. Inf. Syst. Frontiers, 2021, 23(6): 1431-1465.
[3] GORUR K, BOZKURT M R, BASCIL M, et al. GKP signal processing using deep CNN and SVM for tongue-machine interface[J]. Traitement du Signal, 2019, 36(4): 319-329.
[4] MENG W, MAO C, ZHANG J, et al. A fast recognition algorithm of online social network images based on deep learning[J]. Traitement du Signal, 2019, 36(6): 575-580.
[5] HITAJ B, ATENIESE G, P´EREZ-CRUZ F. Deep models under the GAN: information leakage from collaborative deep learning[C] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017). New York, NY : ACM, 2017: 603-618.
[6] MCMAHAN B, MOORE E, RAMAGE D, et al. Communication-efficient learning of deep networks from decentralized data[C] // Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS 2017). Cambridge, NY : PMLR, 2017: 1273-1282.
[7] NIU Y, DENG W. Federated Learning for Face Recognition with Gradient Correction[C] // Thirty Sixth AAAI Conference on Artificial Intelligence (AAAI 2022), Thirty-Fourth Conference on Innovative Applications of Artificial Intelligence (IAAI 2022), The Twelveth Symposium on Educational Advances in Artificial Intelligence, (EAAI 2022). Palo Alto, CA : AAAI Press, 2022: 1999-2007.
[8] SHARMA S, CHEN K. Image disguising for privacy-preserving deep learning[C] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018). New York, NY:ACM, 2018: 2291-2293.
[9] CHEN Y, PING Y, ZHANG Z, et al. Privacy-preserving image multi-classification deep learning model in robot system of industrial IoT[J]. Neural Comput. Appl., 2021, 33(10): 4677-4694.
[10] KAISSIS G, MAKOWSKI M R, RUECKERT D, et al. Secure, privacy-preserving and federated machine learning in medical imaging[J]. Nat. Mach. Intell., 2020, 2(6): 305-311.
[11] 国务院办公厅. 国务院办公厅关于印发要素市场化配置综合改革试点总体方案的通知, 国办发〔2021〕51号[P/OL]. 2021-12-21. http://www.gov.cn/zhengce/content/2022-01/06/content 5666681.htm.
[12] DWORK C. Differential privacy[G] // Encyclopedia of Cryptography and Security, 2nd Ed. Berlin,German: Springer, 2011: 338-340.
[13] TRUEX S, BARACALDO N, ANWAR A, et al. A hybrid approach to privacy-preserving federated learning[C] // Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security (AISec@CCS 2019). New York, NY: ACM, 2019: 1-11.
[14] CUI L, QU Y, XIE G, et al. Security and privacy-enhanced federated learning for anomaly detection in IoT infrastructures[J]. IEEE Trans. Ind. Informatics., 2022, 18(5): 3492-3500.
[15] SWEENEY L. K-anonymity: a model for protecting privacy[J]. Int. J. Uncertain. Fuzziness Knowl. Based Syst., 2002, 10(5): 557-570.
[16] XU R, BARACALDO N, ZHOU Y, et al. Hybrid Alpha: An efficient approach for privacy preserving federated learning[C] // Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security (AISec@CCS 2019). New York, NY: ACM, 2019: 13-23.
[17] AGRAWAL N, SHAMSABADI A S, KUSNER M J, et al. QUOTIENT: Two-party secure neural network training and prediction[C] // Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019). New York, NY: ACM, 2019: 1231-1247.
[18] PHONG L T, AONO Y, HAYASHI T, et al. Privacy-preserving deep learning via additively homomorphic encryption[J]. IEEE Trans. Inf. Forensics Secur., 2018, 13(5):1333-1345.
[19] CHEN Y, WANG B, ZHANG Z. PDLHR: Privacy-preserving deep learning model with homomorphic re-encryption in robot system[J]. IEEE Syst. J., 2021, 16(2): 2032-2043.
[20] DWORK C, MCSHERRY F, NISSIM K, et al. Calibrating Noise to Sensitivity in Private Data Analysis[C] // Theory of Cryptography, Third Theory of Cryptography Conference (TCC 2006). Berlin, German: Springer, 2006: 265-284.
[21] SHOKRI R, SHMATIKOV V. Privacy-Preserving Deep Learning[C] // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York, NY: ACM, 2015: 1310-1321.
[22] JAYARAMAN B, EVANS D. Evaluating Differentially Private Machine Learning in Practice[C]// 28th USENIX Security Symposium (USENIX Security 2019). Berkeley, CA : USENIX Association, 2019 : 1895-1912.
[23] SHOKRI R, SHMATIKOV V. Privacy-preserving deep learning[C] // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015). New York, NY : ACM, 2015 : 1310-1321.
[24] ABADI M, CHU A, GOODFELLOW I J, et al. Deep learning with differential privacy[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York, NY : ACM, 2016: 308-318.
[25] XIANG L, YANG J, LI B. Differentially-private deep learning from an optimization perspective[C] // 2019 IEEE Conference on Computer Communications (INFOCOM 2019). Piscataway, NJ: IEEE, 2019: 559-567.
[26] CHAMIKARA M A P, BERT ´OK P, KHALIL I, et al. Local Differential Privacy for Deep Learning[J]. IEEE Internet Things J., 2020, 7(7): 5827-5842.
[27] TRUEX S, LIU L, CHOW K H, et al. LDP-Fed: federated learning with local differential privacy[C] // Proceedings of the 3rd International Workshop on Edge Systems, Analytics and Networking (EdgeSys@EuroSys 2020). New York, NY: ACM, 2020: 61-66.
[28] YAO A C. Protocols for Secure Computations[C] // 23rd Annual Symposium on Foundations of Computer Science. Los Alamitos, CA: IEEE Computer Society, 1982: 160-164.
[29] MOHASSEL P, ZHANG Y. SecureML: A system for scalable privacy-preserving machine learning[C] // 2017 IEEE Symposium on Security and Privacy (SP 2017). Los Alamitos, CA: IEEE Computer Society, 2017: 19-38.
[30] XU G, LI H, ZHANG Y, et al. Privacy-preserving federated deep learning with irregular users[J].IEEE Trans. Dependable Secur. Comput., 2022, 19(2): 1364-1381.
[31] LIU J, JUUTI M, LU Y, et al. Oblivious neural network predictions via MiniONN transformations[C] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017). New York, NY: ACM, 2017: 619-631.
[32] BANSAL A, CHEN T, ZHONG S. Privacy preserving back-propagation neural network learning over arbitrarily partitioned data[J]. Neural Comput. Appl., 2011, 20(1): 143-150.
[33] BONAWITZ K, IVANOV V, KREUTER B, et al. Practical secure aggregation for privacy preserving machine learning[C] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017). New York, NY: ACM, 2017: 1175-1191.
[34] RIVEST R L, ADLEMAN L M, DERTOUZOS M L. On Data Banks and Privacy Homomorphisms[J]. Foundations of Secure Computation, 1978, 29(8): 1619-1638.
[35] GILAD-BACHRACH R, DOWLIN N, LAINE K, et al. CryptoNets: applying neural networks to encrypted data with high throughput and accuracy[C]// Proceedings of the 33nd International Conference on Machine Learning (ICML 2016). Brookline, Massachusetts : JMLR.org, 2016: 201-210.
[36] BELLAFQIRA R, COATRIEUX G, G´ENIN E, et al. Secure multilayer perceptron based on homomorphic encryption[C] // Digital Forensics and Watermarking-17th International Workshop(IWDW 2018). Berlin, German: Springer, 2018: 322-336.
[37] CHABANNE H, de WARGNY A, MILGRAM J, et al. Privacy-preserving classification on deep neural network[J]. IACR Cryptol. ePrint Arch., 2017 :35.
[38] XIE P, BILENKO M, FINLEY T, et al. Crypto-nets: neural networks over encrypted data[J].CoRR, 2014, abs/1412.6181.
[39] WANG B, ZHAN Y, ZHANG Z. Cryptanalysis of a symmetric fully homomorphic encryption scheme[J]. IEEE Trans. Inf. Forensics Secur., 2018, 13(6): 1460-1467.
[40] ZHANG X, CHEN X, LIU J K, et al. DeepPAR and DeepDPA: privacy preserving and asynchronous deep learning for industrial IoT[J]. IEEE Trans. Ind. Informatics, 2020, 16(3): 2081–2090.
[41] MA X, ZHANG F, CHEN X, et al. Privacy preserving multi-party computation delegation for deep learning in cloud computing[J]. Inf. Sci., 2018, 459: 103-116.
[42] HAO M, LI H, LUO X, et al. Efficient and privacy-enhanced federated learning for industrial artificial intelligence[J]. IEEE Trans. Ind. Informatics, 2020, 16(10): 6532-6542.
[43] BRAKERSKI Z, GENTRY C, VAIKUNTANATHAN V. (Leveled) fully homomorphic encryption without bootstrapping[J]. ACM Trans. Comput. Theory, 2014, 6(3) : 13:1-13:36.
[44] LI T, LI J, CHEN X, et al. NPMML: A framework for non-interactive privacy-preserving multiparty machine learning[J]. IEEE Trans. Dependable Secur. Comput., 2021, 18(6): 2969-2982.
[45] RIVEST R L, SHAMIR A, ADLEMAN L. A method for obtaining digital signatures and public key cryptosystems[J]. Communications of the ACM, 1978, 21(2): 120-126.
[46] LIU X, DENG R H, CHOO K R, et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys[J]. IEEE Trans. Inf. Forensics Secur., 2016, 11(11): 2401-2414.
[47] LI C, MA W. Comments on “An efficient privacy-preserving outsourced calculation toolkit with multiple keys”[J]. IEEE Trans. Inf. Forensics Secur., 2018, 13(10): 2668-2669.
[48] CHEN H, DAI W, KIM M, et al. Efficient multi-key homomorphic encryption with packed ciphertexts with application to oblivious neural network inference[C] // Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019). New York, NY: ACM, 2019: 395-412.
[49] LI P, LI J, HUANG Z, et al. Multi-key privacy-preserving deep learning in cloud computing[J]. Future Gener. Comput. Syst., 2017, 74: 76-85.
[50] MA X, MA J, LI H, et al. PDLM: Privacy-preserving deep learning model on cloud with multiple keys[J]. IEEE Trans. Serv. Comput., 2021, 14(4): 1251-1263.
[51] JUVEKAR C, VAIKUNTANATHAN V, CHANDRAKASAN A. GAZELLE: A low latency
framework for secure neural network inference[C] // Proceedings of 27th USENIX Security Symposium (USENIX Security 2018). Berkeley, CA: USENIX Association, 2018: 1651-1669.
[52] XIE P, WU B, SUN G. BAYHENN: Combining bayesian deep learning and homomorphic encryption for secure DNN inference[C] // Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence (IJCAI 2019). California, USA : ijcai.org, 2019: 4831-4837.
[53] SMART N P, VERCAUTEREN F. Fully homomorphic SIMD operations[J]. Des. Codes Cryptogr., 2014, 71(1): 57-81.
[54] ZHANG S, CHOROMANSKA A, LECUN Y. Deep learning with elastic averaging SGD[C]// Proceedings of Advances in Neural Information Processing Systems 28: Annual Conference on Neural Information Processing Systems 2015. Berlin, German: Springer, 2015: 685-693.
[55] WANG J, TANTIA V, BALLAS N, et al. SlowMo: Improving communication-efficient distributed SGD with slow momentum[C] // Proceedings of the 8th International Conference on Learning Representations (ICLR 2020). Massachusetts, USA : OpenReview.net, 2020: 1-25.
[56] LIU W, CHEN L, CHEN Y, et al. Accelerating federated learning via momentum gradient descent[J]. IEEE Trans. Parallel Distributed Syst., 2020, 31(8): 1754-1766.
[57] ZHAO L, WANG Q, ZOU Q, et al. Privacy-preserving collaborative deep learning with unreliable participants[J]. IEEE Trans. Inf. Forensics Secur., 2020, 15: 1486-1500.
[58] MOHRI M, SIVEK G, SURESH A T. Agnostic federated learning[C] // Proceedings of the 36th International Conference on Machine Learning (ICML 2019). Cambridge, NY: PMLR, 2019: 4615-4625.
[59] PANG J, HUANG Y, XIE Z, et al. Realizing the heterogeneity: A self-organized federated learning framework for IoT[J]. IEEE Internet Things J., 2021, 8(5): 3088-3098.
[60] OWUSU-AGYEMANG K, QIN Z, ZHUANG T, et al. MSCryptoNet: Multi-Scheme Privacy Preserving Deep Learning in Cloud Computing[J]. IEEE Access, 2019, 7: 29344-29354.
[61] CHABANNE H, de WARGNY A, MILGRAM J, et al. Privacy-Preserving Classification on Deep Neural Network[J/OL]. IACR Cryptol. ePrint Arch., 2017: 35. http://eprint.iacr.org/2017/035.
[62] LI F, CHEN Y, DUAN P, et al. Privacy-preserving convolutional neural network prediction with low latency and lightweight users[J]. Int. J. Intell. Syst., 2021, 37: 568-595.
[63] NIELSEN M. Neural networks and deep learning[M]. Online: Determination Press, 2015.
[64] BARYALAI M, JANG-JACCARD J, LIU D. Towards privacy-preserving classification in neural networks[C] // 14th Annual Conference on Privacy, Security and Trust (PST 2016). Piscataway, NJ: IEEE, 2016: 392-399.
[65] 杨强，刘洋，程勇，康焱，陈天健，于涵. 联邦学习[M]. 北京: 电子工业出版社, 2020.
[66] YANG X, FENG Y, FANG W, et al. An accuracy-lossless perturbation method for defending privacy attacks in federated learning[J]. arXiv, 2021: 1-13.
[67] QIAN N. On the momentum term in gradient descent learning algorithms[J]. Neural Networks,1999, 12(1): 145-151.
[68] 杨波. 密码学中的可证明安全[M]. 北京: 清华大学出版社, 2017.
[69] 冯登国. 大数据安全与隐私保护[M]. 北京: 清华大学出版社, 2018.
[70] PAILLIER P. Public-Key cryptosystems based on composite degree residuosity classes[C]// Proceedings of International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT ’99). Berlin, German: Springer, 1999: 223-238.
[71] BRESSON E, CATALANO D, POINTCHEVAL D. A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications[C] // Proceedings of the 9th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT
2003). Berlin, German: Springer, 2003: 37-54.
[72] GAMAL T E. A public key cryptosystem and a signature scheme based on discrete logarithms[J].IEEE Trans. Inf. Theory, 1985, 31(4): 469-472.
[73] POLLARD J. Monte carlo method for index computation (mod p)[J]. Mathematics of Computation, 1978, 32(143): 918-924.
[74] KOBLITZ N. A course in number theory and cryptography, second edition[M]. Berlin, German: Springer, 1994.
[75] LI L, EL-LATIF A A A, NIU X. Elliptic curve ElGamal based homomorphic image encryption scheme for sharing secret images[J]. Signal Process., 2012, 92(4): 1069-1078.
[76] KOBLITZ N, MENEZES A, VANSTONE S A. The state of elliptic curve cryptography[J]. Des. Codes Cryptogr., 2000, 19(2/3): 173-193.
[77] BOGDANOV D, LAUR S, WILLEMSON J. Sharemind: A framework for fast privacy-preserving computations[C] // 13th European Symposium on Research in Computer Security (ESORICS 2008). Berlin, German: Springer, 2008: 192-206.
[78] ZHANG Y, BAI G, LI X, et al. PrivColl: Practical privacy-preserving collaborative machine learning[C] // 25th European Symposium on Research in Computer Security (ESORICS 2020). Berlin,German: Springer, 2020: 399-418.
[79] GILAD-BACHRACH R, DOWLIN N, LAINE K, et al. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy[C] // Proceedings of the 33nd International Conference on Machine Learning (ICML 2016): Vol 48. Brookline, Massachusetts: JMLR.org, 2016: 201-210.
[80] QIU M, KUNG S, GAI K. Intelligent security and optimization in edge/fog computing[J]. Future Gener. Comput. Syst., 2020, 107: 1140-1142.
[81] ZHANG Q, YANG L T, CHEN Z. Privacy Preserving Deep Computation Model on Cloud for Big Data Feature Learning[J]. IEEE Transactions on Computers, 2016, 65(5): 1351-1362.
[82] SHAO J, CAO Z F. CCA-secure proxy re-encryption without pairings[C] // Proceedings of Public Key Cryptography (PKC 2009). Berlin, German: Springer, 2009: 357-376.
[83] BREILING B, DIEBER B, SCHARTNER P. Secure communication for the robot operating system[C] // 2017 Annual IEEE International Systems Conference (SysCon 2017). Piscataway, NJ: IEEE, 2017: 1-6.
[84] TONYALI S, AKKAYA K, SAPUTRO N, et al. Privacy-preserving protocols for secure and reliable data aggregation in IoT-enabled smart metering systems[J]. Future Gener. Comput. Syst., 2018, 78: 547-557.
[85] GENOCCHI A, PEANO G. Calcolo differenziale e principii di calcolo integrale[M]. Turin, Italy: Bocca 1, 1884.
[86] XU G, LI H, LIU S, et al. VerifyNet: Secure and verifiable federated learning[J]. IEEE Trans. Inf. Forensics Secur., 2020, 15: 911-926.
[87] JIANG Z L, GUO H, PAN Y, et al. Secure Neural Network in Federated Learning with Model Aggregation under Multiple Keys[C] // 8th IEEE International Conference on Cyber Security and Cloud Computing ( CSCloud 2021) /7th IEEE International Conference on Edge Computing and
Scalable Cloud(EdgeCom 2021). Piscataway, NJ: IEEE, 2021: 47-52.
[88] ZHANG Q, JING S, ZHAO C, et al. Efficient Federated Learning Framework Based on Multi-Key Homomorphic Encryption[C] // Advances on P2P, Parallel, Grid, Cloud and Internet Computing- Proceedings of the 16th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC 2021): Vol 343. Berlin, German: Springer, 2021: 88-105.
[89] MA J, NAAS S, SIGG S, et al. Privacy-preserving federated learning based on multi-key homomorphic encryption[J/OL]. Int. J. Intell. Syst., 2022, 37(9): 5880-5901. http://dx.doi.org/10.1002/int.22818.
[90] GENNARO R, JARECKI S, KRAWCZYK H, et al. Secure distributed key generation for discretelog based cryptosystems[J]. J. Cryptol., 2007, 20(1): 51-83.
[91] YI X, RAO F, BERTINO E, et al. Privacy-preserving association rule mining in cloud computing[C] // Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIA CCS ’15). New York, NY: ACM, 2015: 439-450.
[92] OGILVIE T, PLAYER R, ROWELL J. Improved privacy-preserving training using fixed-Hessian minimisation[J]. IACR Cryptol. Eprint Arch., 2020, 2020 : 1514.
[93] CHAI D, WANG L, CHEN K, et al. Secure federated matrix factorization[J]. IEEE Intell. Syst., 2021, 36(5): 11-20.
[94] HESAMIFARD E, TAKABI H, GHASEMI M. Cryptodl: Deep neural networks over encrypted data[J]. CoRR, 2017, abs/1711.05189.
[95] RATHEE D, RATHEE M, KUMAR N, et al. Cryptflow2: Practical 2-party secure inference[C] // Proceedings of 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20). New York, NY: ACM, 2020: 325-342.
[96] CANETTI R. Universally composable security: A new paradigm for cryptographic protocols[C]// Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS 2001). Los Alamitos, CA: IEEE Computer Society, 2001: 136-145.
[97] TANG F, WU W, LIU J, et al. Privacy-preserving distributed deep learning via homomorphic re-encryption[J]. Electronics, 2019, 8(4): 1-21.
[98] SMITH V, CHIANG C, SANJABI M, et al. Federated multi-task learning[C] // Advances in Neural Information Processing Systems 30: Annual Conference on Neural Information Processing Systems 2017 (NeurIPS 2017). Berlin, German: Springer, 2017: 4424-4434.
[99] HOUSNI Y E. Introduction to the mathematic foundations of elliptic curve cryptography[C/OL] // Chapter III: Elliptic Curve Cryptography. 2018 : 18. https://hal.archives-ouvertes.fr/hal-01914807.
[100] KOBLITZ N. Elliptic curve cryptosystems[J]. Mathematics of computation, 1987, 48(177): 203-209.
[101] CHEN Y, HE S, WANG B, et al. Cryptanalysis and Improvement of DeepPAR: Privacy-Preserving and Asynchronous Deep Learning for Industrial IoT[J]. IEEE Internet Things J., 2022, 9(21): 21958-21970.
[102] ZHANG X, CHEN X, LIU J K, et al. DeepPAR and DeepDPA: Privacy Preserving and Asynchronous Deep Learning for Industrial IoT[J]. IEEE Trans. Ind. Informatics, 2019, 16(3): 2081-2090.
[103] YU L, LIU L, PU C, et al. Differentially Private Model Publishing for Deep Learning[C] // 2019 IEEE Symposium on Security and Privacy (SP 2019). Piscataway, NJ: IEEE, 2019: 332-349.
[104] ZHU T, LI G, ZHOU W, et al. Differentially Private Data Publishing and Analysis: A Survey[J]. IEEE Trans. Knowl. Data Eng., 2017, 29(8): 1619-1638.
[105] QIU M, DAI H, SANGAIAH A K, et al. Guest editorial: special section on emerging privacy and security issues brought by artificial intelligence in industrial informatics[J]. IEEE Trans. Ind. Informatics, 2020, 16(3): 2029-2030.
[106] BAI L, DU C. Design and simulation of a collision-free path planning algorithm for mobile robots based on improved ant colony optimization[J]. Ing´enierie des Syst`emes d Inf., 2019, 24(3): 331-336.
[107] DIEBER B, BREILING B, TAURER S, et al. Security for the robot operating system[J]. Robotics Auton. Syst., 2017, 98: 192-203.
[108] MATELL ´AN V, BONACI T, SABALIAUSKAITE G. Cyber-security in robotics and autonomous systems[J]. Robotics Auton. Syst., 2018, 100: 41-42.
[109] SABALIAUSKAITE G, NG G S, RUTHS J, et al. Empirical assessment of methods to detectcyber attacks on a robot[C] // 17th IEEE International Symposium on High Assurance Systems Engineering (HASE 2016). Los Alamitos, CA: IEEE Computer Society, 2016: 248-251.
[110] DIEBER B, KACIANKA S, RASS S, et al. Application-level security for ROS-based applications[C] // 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS 2016). Piscataway, NJ: IEEE, 2016: 4477-4482.
[111] MART´IN F, SORIANO E, CA ˜NAS J M. Quantitative analysis of security in distributed robotic frameworks[J]. Robotics Auton. Syst., 2018, 100: 95-107.
[112] TONYALI S, MUNOZ R, AKKAYA K, et al. A realistic performance evaluation of privacy preserving protocols for smart grid AMI networks[J]. J. Netw. Comput. Appl., 2018, 119: 24-41.
[113] PHONG L T, PHUONG T T. Privacy-preserving deep learning via weight transmission[J]. IEEE Trans. Inf. Forensics Secur., 2019, 14(11): 3003-3015.
[114] HESAMIFARD E, TAKABI H, GHASEMI M, et al. Privacy-preserving machine learning as a service[J]. Proceedings of Priv. Enhancing Technol., 2018, 2018(3): 123-142.
[115] CRAMER R, SHOUP V. A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack[C] // Advances in Cryptology-CRYPTO ’98, 18th Annual International Cryptology Conference. Berlin, German : Springer, 1998 : 13-25.
[116] CHAUM D, CR´EPEAU C, DAMG ˚ARD I. Multiparty unconditionally secure protocols (extended abstract)[C] // Proceedings of the 20th Annual ACM Symposium on Theory of Computing. New York, NY : ACM, 1988: 11-19.
[117] CANETTI R, VARIA M. Decisional diffie-hellman problem[G] // Encyclopedia of Cryptography and Security, 2nd Ed. Berlin, German: Springer, 2011: 316-319.
[118] DESMEDT Y, FRANKEL Y. Threshold cryptosystems[C] // Proceedings of the 9th Annual International Cryptology Conference (CRYPTO ’89). Berlin, German: Springer, 1989: 307-315.
[119] CHAUM D, CR´EPEAU C, DAMG ˚ARD I. Multiparty unconditionally secure protocols (abstract)[C] // Proceedings of the Conference on the Theory and Applications of Cryptographic Techniques (CRYPTO ’87). Berlin, German: Springer, 1987: 462.
[120] PHAN N, WU X, HU H, et al. Adaptive laplace mechanism: Differential privacy preservation in deep learning[C] // 2017 IEEE International Conference on Data Mining (ICDM 2017). Los Alamitos, CA : IEEE Computer Society, 2017: 385-394.
[121] GONG M, FENG J, XIE Y. Privacy-enhanced multi-party deep learning[J]. Neural Networks, 2020, 121: 484-496.
[122] COTTER A, JIANG H, GUPTA M R, et al. Optimization with non-differentiable constraints with applications to fairness, recall, churn, and other goals[J]. J. Mach. Learn. Res., 2019, 20 : 172:1-172:59.
[123] KHAMMASH M, TAMMAM R, MASRI A, et al. Elliptic curve parameters optimization for lightweight cryptography in mobile-ad-hoc networks[C] // 18th International Multi-Conference on Systems, Signals & Devices (SSD 2021). 2021: 63-69.
[124] JOHNSON D B, MALTZ D A. Dynamic source routing in ad hoc wireless networks[C] // Mobile Computing. 1994: 153-181.
[125] WEI K, LI J, DING M, et al. Federated Learning With Differential Privacy: Algorithms and Performance Analysis[J]. IEEE Trans. Inf. Forensics Secur., 2020, 15: 3454-3469.