{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T16:25:27Z","timestamp":1774542327974,"version":"3.50.1"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2023,12,23]],"date-time":"2023-12-23T00:00:00Z","timestamp":1703289600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,12,23]],"date-time":"2023-12-23T00:00:00Z","timestamp":1703289600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Front. Comput. Sci."],"published-print":{"date-parts":[[2024,10]]},"DOI":"10.1007\/s11704-023-3142-5","type":"journal-article","created":{"date-parts":[[2023,12,22]],"date-time":"2023-12-22T23:34:16Z","timestamp":1703288056000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning"],"prefix":"10.1007","volume":"18","author":[{"given":"Xinwen","family":"Gao","sequence":"first","affiliation":[]},{"given":"Shaojing","family":"Fu","sequence":"additional","affiliation":[]},{"given":"Lin","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Yuchuan","family":"Luo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,12,23]]},"reference":[{"key":"3142_CR1","unstructured":"McMahan B, Moore E, Ramage D, Hampson S, Arcas B A Y. Communication-efficient learning of deep networks from decentralized data. In: Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. 2017, 1273\u20131282"},{"key":"3142_CR2","unstructured":"Zhu L, Liu Z, Han S. Deep leakage from gradients. In: Proceedings of the 33rd International Conference on Neural Information Processing Systems. 2019, 1323"},{"key":"3142_CR3","unstructured":"Zhao B, Mopuri K R, Bilen H. iDLG: improved deep leakage from gradients. 2020, arXiv preprint arXiv: 2001.02610"},{"key":"3142_CR4","unstructured":"Geiping J, Bauermeister H, Dr\u00f6ge H, Moeller M. Inverting gradients -how easy is it to break privacy in federated learning? In: Proceedings of the 34th International Conference on Neural Information Processing Systems. 2020, 1421"},{"key":"3142_CR5","unstructured":"Geyer R C, Klein T, Nabi M. Differentially private federated learning: a client level perspective. 2017, arXiv preprint, arXiv: 1712.07557"},{"key":"3142_CR6","doi-asserted-by":"crossref","unstructured":"Hitaj B, Ateniese G, Perez-Cruz F. Deep models under the GAN: Information leakage from collaborative deep learning. In: Proceedings of 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017, 603\u2013618","DOI":"10.1145\/3133956.3134012"},{"key":"3142_CR7","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1109\/TIFS.2021.3139777","volume":"17","author":"W Wei","year":"2022","unstructured":"Wei W, Liu L. Gradient leakage attack resilient deep learning. IEEE Transactions on Information Forensics and Security, 2022, 17: 303\u2013316","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"3142_CR8","doi-asserted-by":"crossref","unstructured":"Shejwalkar V, Houmansadr A. Manipulating the byzantine: optimizing model poisoning attacks and defenses for federated learning. In: Proceedings of the 28th Annual Network and Distributed System Security Symposium. 2021","DOI":"10.14722\/ndss.2021.24498"},{"key":"3142_CR9","doi-asserted-by":"publisher","first-page":"911","DOI":"10.1109\/TIFS.2019.2929409","volume":"15","author":"G Xu","year":"2020","unstructured":"Xu G, Li H, Liu S, Yang K, Lin X. VerifyNet: secure and verifiable federated learning. IEEE Transactions on Information Forensics and Security, 2020, 15: 911\u2013926","journal-title":"IEEE Transactions on Information Forensics and Security"},{"issue":"8","key":"3142_CR10","doi-asserted-by":"publisher","first-page":"1725","DOI":"10.1109\/LCOMM.2022.3180113","volume":"26","author":"M Li","year":"2022","unstructured":"Li M, Xiao D, Liang J, Huang H. Communication-efficient and byzantine-robust differentially private federated learning. IEEE Communications Letters, 2022, 26(8): 1725\u20131729","journal-title":"IEEE Communications Letters"},{"issue":"3","key":"3142_CR11","first-page":"1941","volume":"20","author":"J Zhou","year":"2023","unstructured":"Zhou J, Wu N, Wang Y, Gu S, Cao Z, Dong X, Choo K K R. A differentially private federated learning model against poisoning attacks in edge computing. IEEE Transactions on Dependable and Secure Computing, 2023, 20(3): 1941\u20131958","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"12","key":"3142_CR12","doi-asserted-by":"publisher","first-page":"3690","DOI":"10.1109\/TPDS.2022.3167434","volume":"33","author":"X Ma","year":"2022","unstructured":"Ma X, Sun X, Wu Y, Liu Z, Chen X, Dong C. Differentially private byzantine-robust federated learning. IEEE Transactions on Parallel and Distributed Systems, 2022, 33(12): 3690\u20133701","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"key":"3142_CR13","unstructured":"Xiang M, Su L. \u03b2-stochastic sign SGD: a byzantine resilient and differentially private gradient compressor for federated learning. 2022, arXiv preprint arXiv: 2210.00665"},{"key":"3142_CR14","doi-asserted-by":"publisher","first-page":"1736","DOI":"10.1109\/TIFS.2020.3043139","volume":"16","author":"X Guo","year":"2021","unstructured":"Guo X, Liu Z, Li J, Gao J, Hou B, Dong C, Baker T. VeriFL: communication-efficient and fast verifiable aggregation for federated learning. IEEE Transactions on Information Forensics and Security, 2021, 16: 1736\u20131751","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"3142_CR15","doi-asserted-by":"crossref","unstructured":"Abadi M, Chu A, Goodfellow I, McMahan H B, Mironov I, Talwar K, Zhang L. Deep learning with differential privacy. In: Proceedings of 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016, 308\u2013318","DOI":"10.1145\/2976749.2978318"},{"issue":"2","key":"3142_CR16","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1145\/3298981","volume":"10","author":"Q Yang","year":"2019","unstructured":"Yang Q, Liu Y, Chen T, Tong Y. Federated machine learning: concept and applications. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2): 12","journal-title":"ACM Transactions on Intelligent Systems and Technology"},{"issue":"1\u20132","key":"3142_CR17","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1561\/2200000083","volume":"14","author":"P Kairouz","year":"2021","unstructured":"Kairouz P, McMahan H B, Avent B, Bellet A, Bennis M, et al. Advances and open problems in federated learning. Foundations and Trends in Machine Learning, 2021, 14(1\u20132): 210","journal-title":"Foundations and Trends in Machine Learning"},{"key":"3142_CR18","doi-asserted-by":"crossref","unstructured":"Tolpegin V, Truex S, Gursoy M E, Liu L. Data poisoning attacks against federated learning systems. In: Proceedings of the 25th European Symposium on Research in Computer Security. 2020, 480\u2013501","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"3142_CR19","doi-asserted-by":"publisher","first-page":"10708","DOI":"10.1109\/ACCESS.2023.3238823","volume":"11","author":"G Xia","year":"2023","unstructured":"Xia G, Chen J, Yu C, Ma J. Poisoning attacks in federated learning: a survey. IEEE Access, 2023, 11: 10708\u201310722","journal-title":"IEEE Access"},{"key":"3142_CR20","doi-asserted-by":"crossref","unstructured":"Dwork C. Differential privacy. In: Proceedings of the 33rd International Conference on Automata, Languages and Programming. 2006, 1\u201312","DOI":"10.1007\/11787006_1"},{"issue":"3\u20134","key":"3142_CR21","first-page":"211","volume":"9","author":"C Dwork","year":"2014","unstructured":"Dwork C, Roth A. The algorithmic foundations of differential privacy. Foundations and Trends\u00ae in Theoretical Computer Science, 2014, 9(3\u20134): 211\u2013407","journal-title":"Foundations and Trends\u00ae in Theoretical Computer Science"},{"key":"3142_CR22","doi-asserted-by":"crossref","unstructured":"Dwork C, McSherry F, Nissim K, Smith A. Calibrating noise to sensitivity in private data analysis. In: Proceedings of the 3rd Theory of Cryptography Conference. 2006, 265\u2013284","DOI":"10.1007\/11681878_14"},{"issue":"1","key":"3142_CR23","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1145\/1866739.1866758","volume":"54","author":"C Dwork","year":"2011","unstructured":"Dwork C. A firm foundation for private data analysis. Communications of the ACM, 2011, 54(1): 86\u201395","journal-title":"Communications of the ACM"},{"key":"3142_CR24","doi-asserted-by":"crossref","unstructured":"Krohn M N, Freedman M J, Mazieres D. On-the-fly verification of rateless erasure codes for efficient content distribution. In: Proceedings of IEEE Symposium on Security and Privacy, 2004, 226\u2013240","DOI":"10.1109\/SECPRI.2004.1301326"},{"key":"3142_CR25","doi-asserted-by":"crossref","unstructured":"Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. In: Proceedings of Annual International Cryptology Conference. 1992, 129\u2013140","DOI":"10.1007\/3-540-46766-1_9"},{"issue":"11","key":"3142_CR26","doi-asserted-by":"publisher","first-page":"612","DOI":"10.1145\/359168.359176","volume":"22","author":"A Shamir","year":"1979","unstructured":"Shamir A. How to share a secret. Communications of the ACM, 1979, 22(11): 612\u2013613","journal-title":"Communications of the ACM"},{"key":"3142_CR27","doi-asserted-by":"publisher","unstructured":"Lyu L, Yu H, Ma X, Chen C, Sun L, Zhao J, Yang Q, Yu P S. Privacy and robustness in federated learning: attacks and defenses. IEEE Transactions on Neural Networks and Learning Systems, 2022, doi: https:\/\/doi.org\/10.1109\/TNNLS.2022.3216981.","DOI":"10.1109\/TNNLS.2022.3216981"},{"key":"3142_CR28","unstructured":"McMahan H B, Ramage D, Talwar K, Zhang L. Learning differentially private recurrent language models. In: Proceedings of the 6th International Conference on Learning Representations. 2018"},{"issue":"8","key":"3142_CR29","doi-asserted-by":"publisher","first-page":"3733","DOI":"10.1109\/TII.2018.2803782","volume":"14","author":"L Lyu","year":"2018","unstructured":"Lyu L, Nandakumar K, Rubinstein B, Jin J, Bedo J, Palaniswami M. PPFA: privacy preserving fog-enabled aggregation in smart grid. IEEE Transactions on Industrial Informatics, 2018, 14(8): 3733\u20133744","journal-title":"IEEE Transactions on Industrial Informatics"},{"key":"3142_CR30","doi-asserted-by":"crossref","unstructured":"Rastogi V, Nath S. Differentially private aggregation of distributed time-series with transformation and encryption. In: Proceedings of 2010 ACM SIGMOD International Conference on Management of Data. 2010, 735\u2013746","DOI":"10.1145\/1807167.1807247"},{"key":"3142_CR31","unstructured":"Agarwal N, Suresh A T, Yu F, Kumar S, McMahan H B. cpSGD: communication-efficient and differentially-private distributed sgd. In: Proceedings of the 32nd International Conference on Neural Information Processing Systems. 2018, 7575\u20137586"},{"key":"3142_CR32","doi-asserted-by":"crossref","unstructured":"Duchi J C, Jordan M I, Wainwright M J. Local privacy and statistical minimax rates. In: Proceedings of the 54th IEEE Annual Symposium on Foundations of Computer Science. 2013, 429\u2013438","DOI":"10.1109\/FOCS.2013.53"},{"key":"3142_CR33","doi-asserted-by":"crossref","unstructured":"Wu N, Farokhi F, Smith D, Kaafar M A. The value of collaboration in convex machine learning with differential privacy. In: Proceedings of 2020 IEEE Symposium on Security and Privacy. 2020, 304\u2013317","DOI":"10.1109\/SP40000.2020.00025"},{"key":"3142_CR34","unstructured":"Zhou Y, Liu X, Fu Y, Wu D, Li C, Yu S. Optimizing the numbers of queries and replies in federated learning with differential privacy. 2021, arXiv preprint, arXiv: 2107.01895"},{"key":"3142_CR35","unstructured":"Xie C, Koyejo S, Gupta I. Zeno: distributed stochastic gradient descent with suspicion-based fault-tolerance. In: Proceedings of the 36th International Conference on Machine Learning. 2019, 6893\u20136901"},{"key":"3142_CR36","unstructured":"Wilcox-O\u2019Hearn Z. Bitcoin privacy technologies - zerocash and confidential transactions. weusecoins.com\/bitcoin-privacy-technologies-zerocash-confidential-transactions\/. 2015"},{"key":"3142_CR37","doi-asserted-by":"crossref","unstructured":"Truex S, Liu L, Chow K H, Gursoy M E, Wei W. LDP-fed: federated learning with local differential privacy. In: Proceedings of the 3rd ACM International Workshop on Edge Systems, Analytics and Networking. 2020, 61\u201366","DOI":"10.1145\/3378679.3394533"},{"key":"3142_CR38","doi-asserted-by":"crossref","unstructured":"Cao X, Fang M, Liu J, Gong N Z. FLTrust: Byzantine-robust federated learning via trust bootstrapping. In: Proceedings of the 28th Annual Network and Distributed System Security Symposium. 2021","DOI":"10.14722\/ndss.2021.24434"},{"key":"3142_CR39","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1016\/j.future.2021.10.017","volume":"128","author":"Y Xu","year":"2022","unstructured":"Xu Y, Peng C, Tan W, Tian Y, Ma M, Niu K. Non-interactive verifiable privacy-preserving federated learning. Future Generation Computer Systems, 2022, 128: 365\u2013380","journal-title":"Future Generation Computer Systems"},{"key":"3142_CR40","unstructured":"Blanchard P, Mhamdi E M E, Guerraoui R, Stainer J. Machine learning with adversaries: Byzantine tolerant gradient descent. In: Proceedings of the 31st International Conference on Neural Information Processing Systems. 2017, 118\u2013128"},{"key":"3142_CR41","unstructured":"Mhamdi E M E, Guerraoui R, Rouault S. The hidden vulnerability of distributed learning in byzantium. In: Proceedings of the 35th International Conference on Machine Learning. 2018, 3518\u20133527"},{"key":"3142_CR42","unstructured":"Yin D, Chen Y, Ramchandran K, Bartlett P L. Byzantine-robust distributed learning: Towards optimal statistical rates. In: Proceedings of the 35th International Conference on Machine Learning. 2018, 5636\u20135645"},{"key":"3142_CR43","unstructured":"Xie C, Koyejo O, Gupta I. Generalized byzantine-tolerant SGD. 2018, arXiv preprint arXiv: 1802.10116"},{"key":"3142_CR44","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/TIFS.2022.3169918","volume":"17","author":"Z Ma","year":"2022","unstructured":"Ma Z, Ma J, Miao Y, Li Y, Deng R H. Shieldfl: mitigating model poisoning attacks in privacy-preserving federated learning. IEEE Transactions on Information Forensics and Security, 2022, 17: 1639\u20131654","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"3142_CR45","doi-asserted-by":"crossref","unstructured":"Gu Z, Yang Y. Detecting malicious model updates from federated learning on conditional variational autoencoder. In: Proceedings of 2021 IEEE International Parallel and Distributed Processing Symposium. 2021, 671\u2013680","DOI":"10.1109\/IPDPS49936.2021.00075"}],"container-title":["Frontiers of Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11704-023-3142-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11704-023-3142-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11704-023-3142-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T20:23:55Z","timestamp":1763583835000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11704-023-3142-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,23]]},"references-count":45,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2024,10]]}},"alternative-id":["3142"],"URL":"https:\/\/doi.org\/10.1007\/s11704-023-3142-5","relation":{},"ISSN":["2095-2228","2095-2236"],"issn-type":[{"value":"2095-2228","type":"print"},{"value":"2095-2236","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,12,23]]},"assertion":[{"value":"21 February 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 May 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 December 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Competing interests\n                      The authors declare that they have no competing interests or financial conflicts to disclose.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics"}}],"article-number":"185810"}}