Federated learning for digital twin applications: a privacy-preserving and low-latency approach

DT in FL

As illustrated in Fig. 1, this paper presents the application scenario of FL in DT contexts. This scenario comprises various types of LDs, a management server, and DTs of the LDs. LDs with limited resources communicate with the server via wireless communication links. The physical states of the LDs are mapped into virtual digital space to generate DT, which are updated in real-time (Aloqaily, Ridhawi & Kanhere, 2023). The DTs of LDs are established by their associated servers, which present the historical and current behaviors of the equipment in digital form by collecting and processing the existing critical physical states of the device. At time t, the DT of training node i can be expressed as: (1)${\displaystyle D{T}_i\left(t\right)=\left\{F\left(w_i^t\right),f_i\left(t\right),Resourc{e}_i\left(t\right)\right\},}$

where $w_i^t$ represents the training parameter of node i at time t, $F\left(w_i^t\right)$ denotes the training state of node i at time t, while $f_i\left(t\right)$ signifies the CPU frequency of node i at time t. Additionally, $Resourc{e}_i\left(t\right)$ illustrates the resource state of node i at time t, encompassing computing power, communication bandwidth, memory capacity, and power capacity.

In light of the possibility of a discrepancy between the mapped values of the DT and the physical device capability characteristics at a specific point in time following mapping, we examine the deviation between the actual values and the mapped DT values. Accordingly, the calibrated DT model can be expressed as follows: (2)${\displaystyle \widetilde{D{T}_i}\left(t\right)=\left\{F\left(w_i^t\right),f_i\left(t\right)+\widetilde{f_i}\left(t\right),Resourc{e}_i\left(t\right)+\widetilde{Resourc{e}_i}\left(t\right)\right\},}$

where $\widetilde{f_i}\left(t\right)$ is the CPU frequency deviation, which represents the deviation between the actual value of the device and its DT mapping value, and $\widetilde{Resourc{e}_i}\left(t\right)$ is the resource deviation. It is noteworthy that DT is capable of receiving physical state data from devices and performing self-calibration based on empirical deviation values. This enables the maintenance of consistency with the devices, the provision of authentic feedback information, and the achievement of dynamic optimization of the physical world (Alzubi et al., 2023).

The operation of FL

In practical applications, LDs (such as smartphones, sensors, etc.) situated in disparate geographical locations or even under the control of different application service providers must collaborate based on FL to fulfil the requisite application services. As illustrated in Fig. 1, a smartphone equipped with sensors acquires a substantial volume of user data in a real-time monitoring setting. By engaging in collaborative learning and intelligent analysis with clients, the system is able to make more informed decisions regarding quality control and predictive maintenance, obviating the necessity to transmit substantial quantities of real-time user data collected by sensors.

The initial stage of the FL process is the initialization of the task, whereby the manager disseminates the task and the initialised global model, designated w₀. Subsequently, upon receipt of w₀, the LD i utilizes its data D_i to update the local model parameters $w_{e,i}^t$, thereby identifying the optimal model parameters that minimize the loss function. Accordingly, the local loss function of each LD i can be defined as follows: (3)${\displaystyle F\left(w_{e,i}^t\right)=\frac{1}{D_i}\sum _{d_i\in D_i}f\left(w_{e-1,i}^t,d_i\right),}$

where t denotes the current local iteration index and e represents the current global iteration index. The function $f\left(w_{e-1,i}^t,d_i\right)$ quantifies the discrepancy between the estimated value and the true value of the running data instance D_i. The variable d_i represents the samples from the training data D_i. Upon completion of the T-round local training phase, the updated local model parameters are transmitted to the server at a predefined frequency. The server then executes global model aggregation to obtain the parameters for the e-th aggregation based on the specified aggregation strategy (for further details, please refer to next section). The loss value after the e-th global aggregation is denoted by $F\left(w_e\right)$. Subsequently, the server disseminates the revised global model parameters to each node. It is crucial to reiterate the processes of local model training and global model aggregation until the global loss function converges or the model achieves the predetermined level of accuracy.

Trust-based aggregation in FL

In practical applications, to enhance the learning efficacy of FL and its resilience to malevolent attacks, the parameters uploaded by LDs with high reputation should be accorded greater weight in global aggregation. In contrast with traditional reputation models, which solely take security threats into account, this model considers the influence of DT bias, learning efficacy, and dataset quality on learning in a comprehensive manner. It is important to note that during the mapping process, deviations in CPU frequency are an inherent consequence of DT. Furthermore, the magnitude of these deviations varies depending on the specific LD in question. It is recommended that LDs with minimal mapping deviations be assigned a greater weight proportion. Moreover, in the context of integrity attacks, malicious nodes may disseminate suboptimal local model updates to the server, thereby compromising the accuracy of the global model. Consequently, incorporating learning quality and interaction records into the calculation of malicious updates can mitigate the impact of malicious clients on the accuracy of the global model. In accordance with the subjective logic model, the belief of server j regarding node i in time slot t can be expressed as follows: (4)${\displaystyle B_{i\to j}^t=\left(1-{\mu }_{i\to j}^t\right)\widetilde{f_i}\left(t\right)Q_{i\to j}^t\frac{a_{i\to j}^t}{a_{i\to j}^t+b_{i\to j}^t},}$

where ${\mu }_{i\to j}^t$ represents the probability of packet transmission failure, $Q_{i\to j}^t$ represents the learning quality based on the honesty of the majority of LDs, $a_{i\to j}^t$ is the number of positive interactions, and $b_{i\to j}^t$ is the number of malicious behaviors (such as uploading false data). In particular, the server employs the FoolsGold scheme (Yang et al., 2024), which identifies unreliable clients based on the diversity of local model updates in non-IID FL (Zhu et al., 2021), where each node’s training data exhibits a distinctive distribution.

Specifically, the FoolsGold scheme is employed to modify the learning rate of each LD in each iteration. This is achieved by distinguishing between honest and dishonest LDs through the use of gradient updates. It is recommended that a client learning rate be maintained which provides unique gradient updates, and that the repetition of client learning rates providing similar gradient updates be reduced. The reputation value of server j corresponding to LD i is represented as follows: (5)${\displaystyle R_{i\to j}=\sum _{t=1}^T{B}_{i\to j}^t+\tau {\mu }_{i\to j}^t,}$

where $i\in \left[0,1\right]$ indicates the degree of uncertainty affecting reputation. In the context of global aggregation, the server is responsible for retrieving updated reputation values and aggregating the local model $w_{e-1,i}^t$ with the participation of LDs into a weighted global model. This can be expressed as (6)${\displaystyle w_e=\frac{\sum _{i=1}^N\sum _{t=1}^T{R}_{i\to j}^t{w}_{e-1,i}^t}{\sum _{i=1}^N{R}_{i\to j}},}$

where w_e represents the global parameters resulting from the e-th global aggregation, N denotes the number of LDs. By incorporating a trust-based aggregation approach, the inherent bias of DT is accounted for, effectively mitigating the security risks posed by malicious participants while enhancing the framework’s resilience and accelerating the learning convergence process (Wang et al., 2023a).

Local model secure upload scheme

In our system model, we utilize the Paillier homomorphic encryption algorithm to ensure the secure uploading of local models by LDs, thereby preventing the leakage of local models. Homomorphic encryption represents a distinctive encryption methodology that enables the processing of ciphertext, with the resulting decryption identical to that of the corresponding plaintext. This guarantees that other users and any third parties who may attempt to gain unauthorized access to the data will be unable to obtain the private information of the data owner (Yi, Paulet & Bertino, 2014). Paillier homomorphic encryption is a public-key additive homomorphic encryption scheme comprising the following computational steps (Fazio et al., 2017).

(1) Key generation $KeyGen\left(p,q\right)\to \left(pk,sk\right)$: Let p and q be two large prime numbers such that their greatest common divisor $gcd\left(pq,\left(p-1\right)\left(q-1\right)\right)=1$. Then, we can conclude that n = pq and $\lambda =lcm\left(p-1,q-1\right)$. Next, a random integer $g\in Z_{n^2}^{\ast }$ is selected, and γ = (L(g^λmod n²))mod n, where $L\left(x\right)=\left(x-\frac{1}{n}\right)$. Therefore, the public key is represented as $pk=\left(n,g\right)$, while the private key is represented as $sk=\left(\lambda ,\gamma \right)$.

(2) Encryption $Enc\left(\phi ,pk\right)\to c$: φ ∈ Z is the plaintext and r < n is a random integer, the ciphertext c can be calculated as c = g^φ⋅rⁿmod n².

(3) Decryptio $Dec\left(c,sk\right)\to \phi$: The plaintext can be decrypted by computing $\phi =\gamma \cdot L\left(c^{\lambda }mod{n}^2\right)modn$.

Enhanced paillier homomorphic encryption algorithm

The original Paillier algorithm necessitates the execution of a substantial exponential modular multiplication operation on numerous occasions, which inevitably results in the substantial consumption of computational resources at the LD level. Accordingly, we propose an enhanced Paillier encryption algorithm to reduce the computational burden and enhance efficiency while maintaining the integrity of the underlying cryptosystem. The following steps are involved in the computation process:

(1) Key generation $KeyGen\left(p,q\right)\to \left(pk,sk\right)$: Let p and q be two large prime numbers such that their greatest common divisor $gcd\left(pq,\left(p-1\right)\left(q-1\right)\right)=1$. Therefore, we have n = q and $\lambda =lcm\left(p-1,q-1\right)$. Next, several values $r\in Z_n^{\ast }$ are randomly selected, and compute f = rⁿmod n² previously. Additionally, a secret parameter ξ = λ⁻¹mod n is introduced. Consequently, the public key is defined as pk = n, while the secret key is defined as $sk=\left(\lambda ,\xi \right)$.

(2) Encryption $Enc\left(\phi ,pk\right)\to c$: φ ∈ Z_n is the plaintext and a randomly selected value of f is used to compute the ciphertext, which is given by $c=\left(1+\phi n\right)\cdot f$.

(3) Decryption $Dec\left(c,sk\right)\to \phi$: The plaintext can be decrypted by computing $\phi =\xi \cdot L\left(c^{\lambda }mod{n}^2\right)modn$.

In the enhanced Paillier encryption algorithm, the parameter g for public key pk is disregarded, and a confidential parameter ξ is incorporated to substitute for γ in the initial phase of key generation. This procedure is advantageous for the encryption phase. As a consequence of the fact that multiple have already been computed, the encryption process requires only basic mathematical operations, rather than the more complex exponential and modular multiplication operations. This results in a significant reduction in the time required for the calculation.

As demonstrated in the subsequent analysis, the enhanced Paillier encryption algorithm continues to exhibit the homomorphic supplementary attribute characteristic of homomorphic encryption. For plaintext α and β, we have (7)${\displaystyle Enc\left(\alpha \right)=\left(1+n\alpha \right)\cdot r_1^n\setminus mod{n}^2,}$ (8)${\displaystyle Enc\left(\beta \right)=\left(1+n\beta \right)\cdot r_2^n\setminus mod{n}^2.}$

Subsequently, we can obtain (9)${\displaystyle \begin{array}{c}\hfill Enc\left(\alpha \right)⨂Enc\left(\beta \right)mod{n}^2\hfill \\ \hfill =\left[\left(1+n\alpha \right)\cdot r_1^n\right]⨂\left[\left(1+n\beta \right)\cdot r_2^n\right]mod{n}^2\hfill \\ \hfill =\left[1+n\left(\alpha +\beta \right)\right]\cdot {\left(r_1{r}_2\right)}^{n}mod{n}^2\hfill \\ \hfill =Enc\left(\alpha +\beta \right)mod{n}^2.\hfill \end{array}}$

Therefore, $E\left(\alpha \right)⨂E\left(\beta \right)=E\left(\alpha +\beta \right)$ holds. Similarly, the decryption process can be obtained using the same method, expressed as $Dec\left(Enc\left(\alpha \right)⨂Enc\left(\beta \right)\right)=\alpha +\beta$.

Privacy protection algorithm for FL

The operational workflow of the proposed FL framework and the details of homomorphic encryption applied during local training are presented in Figs. 2 and 3. In particular, upon completion of the local training phase, the LDs will then proceed to homomorphically encrypt the uploaded local model. Subsequently, the server will collate all encrypted weights and perform global aggregation in accordance with Eq. (6). The aggregated encrypted weights can be represented as follows: (10)${\displaystyle \begin{array}{c}\hfill \left[\left[w_e\right]\right]=\left[\left[\frac{\sum _{i=1}^N\sum _{t=1}^T{R}_{i\to j}^t{w}_{e-1,i}^t}{\sum _{i=1}^N{R}_{i\to j}}\right]\right]\hfill \end{array}}$

where $\left[\left[\cdot \right]\right]$ represents the data element designated homomorphic encryption and N denotes the number of LDs. Considering the additional characteristics of homomorphic encryption, the global weight of the encryption can be computed as follows: (11)${\displaystyle \begin{array}{c}\hfill \left[\left[w_e\right]\right]=\left[\left[\frac{\sum _{i=1}^N\sum _{t=1}^T{R}_{i\to j}^t{w}_{e-1,i}^t}{\sum _{i=1}^N{R}_{i\to j}}\right]\right]=\frac{\sum _{i=1}^N\sum _{t=1}^T{R}_{i\to j}^t\left[\left[w_{e-1,i}^t\right]\right]}{\sum _{i=1}^N{R}_{i\to j}}.\hfill \end{array}}$

It is important to note that in order to ensure the integrity and security of data communication, the use of the Transport Layer Security/Secure Sockets Layer protocol is essential in the communication channel between the server and LDs.

In our enhanced Paillier homomorphic encryption algorithm, we have completed the fundamental operations of selecting a random integer r for large exponentiation and modular multiplication in each iteration of the original Paillier algorithm in advance, during the key generation stage. Consequently, the complete encryption process remains unaltered, and both algorithms possess an equivalent level of security and semantic security, as well as the capacity to withstand plaintext attacks. This renders our solution resilient to attacks perpetrated by malevolent actors. Furthermore, the enhanced Paillier algorithm prioritizes reducing computational latency. However, if key pairs are generated with each iteration, the latency will be significantly increased. Accordingly, a suitable key length is selected for the purposes of ensuring security and low latency in the context of experimentation.

A privacy protection and low latency FL scheme for DT

Figure 2 illustrates the collaborative interaction process of our privacy protection algorithm between the server and LDs. Algorithms 1 and 2 offer a synopsis of the adaptive FL scheme that we have devised and which is based on the enhanced Paillier encryption.

The server’s primary function is to aggregate the updated encryption weight $\left[\left[w_e\right]\right]$ on a global scale and to execute the e-th FL iteration process. There are N LDs that participate in this process. Subsequently, the LD will decrypt the aggregated weight $\left[\left[w_e\right]\right]$, perform local training, and encrypt the updated weight for the subsequent round of e + 1 FL iteration.

Security and privacy performance analysis

In our proposed privacy protection scheme, we utilize the Paillier homomorphic encryption algorithm to safeguard privacy information, circumvent plaintext selection attacks, and guarantee semantic security. Specifically, the parameter communication and aggregation are trained in ciphertext form, ensuring that no information from the plaintext is leaked. The security of Paillier encryption is contingent upon the computational complexity of integer factorization problems, particularly the Decisive Composite Residual Assumption on the composite residual group. Even if an adversary gains access to the public key and random parameters, it is challenging to derive any information about the plaintext from the ciphertext, thereby ensuring the confidentiality of the data. To date, no polynomial-time algorithm has been able to successfully break the encryption. Furthermore, Paillier encryption incorporates random numbers into each encryption operation, ensuring that identical plaintext will yield disparate ciphertext outputs. The introduction of random numbers into the Paillier encryption process ensures semantic security, which means that it is difficult to distinguish between different plaintexts when the ciphertext is known. The incorporation of this random number also serves to effectively prevent replay attacks, thereby ensuring that attackers are unable to analyze the data content by repeatedly observing the ciphertext. The proposed enhanced Paillier encryption algorithm represents an improvement on the original algorithm, offering the same level of security and sufficient protection against attacks from malicious actors.

For servers that are both honest and curious, the updated parameters that are received from LDs are in ciphertext form. Furthermore, the global aggregation algorithm is an addition operation, which means that all operations are homomorphic and there is no decryption process in the server at this stage. Consequently, all data stored on the server is encrypted. Consequently, even in the event of interaction between the server and third-party entities, the absence of a private key renders the acquisition of any available information impossible. Furthermore, the LD possesses its own private key, which it utilizes in conjunction with the public key to execute the enhanced Paillier encryption algorithm. This results in the transmission of encrypted local updates to the server. Following each round of global aggregation on the server, the updated global weights are obtained. However, the result remains in an encrypted format. Subsequently, the data must be decrypted using the private key of the LD. To enhance the security of the system, it is possible to set a larger key length or generate key pairs for each round. Throughout the entirety of the learning process, LDs are unable to access data from other devices.

Furthermore, our global aggregation is founded upon the principle of trust. Parameters uploaded by LDs with a high reputation are accorded greater weight in the global aggregation, thereby preventing malicious LDs from providing erroneous or inferior updates to the server in the event of a Byzantine attack. This ultimately serves to diminish the precision of the global model.

Training accuracy performance analysis

In our proposed solution, we utilize an enhanced Paillier algorithm to achieve global aggregation based on homomorphic encryption, with the objective of enhancing privacy and security. In the FL process based on homomorphic encryption, the data is only encrypted without any distortion operation, thereby ensuring that the training accuracy remains almost unchanged. As indicated in Section ‘Experimental Evaluation’, the results of the performance evaluation demonstrate that the accuracy remains at a high level.

Latency performance analysis

In our FL system employing trust-based global aggregation, the latency in the e-th round consists of three primary components: $T_e^{\text{Server}}$, the computation time for aggregating global weights on the server; $T_e^{\mathrm{LD}}$, the time required for local training on each device using its dataset; and $T_e^{\mathrm{Com}}=T_e^{\mathrm{up}}+T_e^{\text{down}}$, the communication time between the server and LDs, where $T_e^{\mathrm{up}}$ and $T_e^{\text{down}}$ represent the upload and download times, respectively.

For the purposes of more rigorous analysis, it is assumed that the $T_e^{\mathrm{LD}}$ and $T_e^{\mathrm{Com}}$ times of each LD are identical. In practice, data that is unevenly distributed across LDs will result in differing computation times $T_e^{\mathrm{LD}}$ and communication times $T_e^{\mathrm{Com}}$ depending on the distance between the server and the LD. In consequence, the overall waiting time for FL in each round e is given by (12)${\displaystyle \begin{array}{c}\hfill T_e^{\mathrm{FL}}=T_e^{\text{Server}}+T_e^{\mathrm{LD}}+T_e^{\mathrm{Com}}.\hfill \end{array}}$

Nevertheless, the use of enhanced Paillier homomorphic encryption in FL serves to enhance privacy and security in heterogeneous environments. It is evident that the additional encryption and decryption operations will result in an increase in computation time. In particular, LDs encrypt local training parameters and transmit them to the server. They also decrypt global weights for the subsequent training round after receiving aggregated weight from the server. In consequence, the time required for local training on LDs can be expressed as follows: (13)${\displaystyle \begin{array}{c}\hfill T_e^{LD,Pai}=T_e^{LD}+T_e^{Enc}+T_e^{Dec},\hfill \end{array}}$

where $T_e^{\mathrm{Enc}}$ denotes the encryption computation time using a public key, and $T_e^{\mathrm{Dec}}$ denotes the decryption computation time with a private key. Since key generation occurs only once at e = 0, the computation time for key pair generation is excluded from the scheme’s overall time analysis.

Furthermore, $T_e^{\text{Server}}$ and $T_e^{\mathrm{LD}}$ can be regarded as analogous to the baseline scheme based on trusted global aggregation FL, given that the data utilized for computation and transmission is ciphertext rather than plaintext. In consequence, the overall latency of our FL system with homomorphic encryption at each round e can be expressed as follows: (14)${\displaystyle \begin{array}{c}\hfill T_e^{FL,pai}=T_e^{Server,pai}+T_e^{LD,pai}+T_e^{Com,pai}=T_e^{Server}+T_e^{LD}+T_e^{Com}+T_e^{Enc}+T_e^{Dec}.\hfill \end{array}}$

It is evident that the encryption and decryption processes, which require a longer latency, result in a greater latency when using encryption schemes compared to non-encryption schemes, i.e., $T_e^{\mathrm{FL}}<T_e^{\mathrm{FL},\mathrm{Pai}}$.

In order to guarantee the security of the system, the enhanced Paillier encryption algorithm has been applied to FL-FedDT. This ensures that the updated weights are not tampered with during communication and reduces the time consumed by encryption, thereby improving the efficiency of the FL system. The original Paillier encryption and the enhanced Paillier encryption are, in essence, homomorphic encryption. Accordingly, the latency performance difference is designated as between the two algorithms is $T_e^{\mathrm{LD},\mathrm{Pai}}$ in Eq. (14), and we can represent their latency performance as $T_e^{\mathrm{LD},\mathrm{Pai},\text{Orig}}$ and $T_e^{\mathrm{LD},\mathrm{Pai},\mathrm{Enh}}$, respectively. The original Paillier encryption process is characterized by extensive exponential and modular multiplication operations, which contribute to a notable latency. In contrast, the enhanced Paillier encryption process necessitates only fundamental operations, thereby reducing the associated latency. In regard to the decryption process, the two algorithms engage in comparable operations, and thus, a comparison of their decryption computation latency can be ignored. The results of the latency performance evaluation in the fifth section corroborate our hypothesis, i,e., $T_e^{\mathrm{LD},\mathrm{Pai},\text{Orig}}>T_e^{\mathrm{LD},\mathrm{Pai},\mathrm{Enh}}$.

Time for encryption and decryption

In this subsection, encryption tests are conducted using a sample with varying key lengths. As shown in Fig. 4, the encryption time of the original Paillier algorithm is longer than that of the enhanced Paillier algorithm. Moreover, the time difference between the two algorithms increases as the key length increases from 128 to 2,048 bits. This can be attributed to the fact that the original Paillier algorithm requires two extensive exponential modular multiplication operations and one modular multiplication operation for encryption, while the enhanced Paillier algorithm only involves two basic operations. The time difference between the two algorithms is approximately 1.432 ms for a 768-bit key and 4.416 ms for a 1,024-bit key. In terms of decryption, both algorithms exhibit similar performance. Notably, the enhanced Paillier algorithm requires more time for key generation compared to the original, due to the use of multiple random numbers r in the key generation process. However, the time required for key pair generation is measured in milliseconds. The results indicate that the enhanced Paillier algorithm offers better performance in handling large datasets compared to the original Paillier algorithm.

Time for conducting A round of local training

In order to assess the efficacy of the algorithm in processing multiple samples, we extracted the time required for a single iteration of LD training, with the objective of displaying the results of the convolutional neural network (CNN) model and the MNIST dataset (Alzubi et al., 2023). As illustrated in Fig. 5, for key lengths within the range of 128 to 1024 bits, the enhanced Paillier algorithm exhibits a reduced execution time in comparison to the original Paillier algorithm. In particular, the time difference for a 512-bit key length is 20.387 s, while for a 1,024-bit key length, it is 119.387 s. Figure 4 illustrates that the time difference increases with the increase of key length in a single round. It is important to note that in practice, there are N LDs performing E rounds of global aggregation, with T rounds of local training conducted on each device. The time cost for each LD in each round is approximately consistent, which will result in a significant delay in achieving optimal security performance. At the same time, compared with the FPPFL-Paillier method in Tang & Wang (2023), we achieved shorter key generation time by simplifying the modulo operation. It can thus be concluded that the enhanced Paillier encryption algorithm has the potential to reduce latency and improve system efficiency.

Key randomness analysis

The field of randomness testing pertains to the examination of the randomness of sequences generated by a random number generator or encryption algorithm, employing probability and statistical methodologies. The “Special Publication 800-22” test package, provided by the National Institute of Standards and Technology (NIST) in the United States, is referred to as NIST randomness testing (Pareschi, Rovatti & Setti, 2007). These tests can verify the randomness of any long binary sequence generated by hardware and software, and can be employed as a secret random number generator or a pseudo-random number generator. The principal objective of the testing process is to ascertain the presence of any non-random elements within the sequence. The test suite comprises a number of tests, each of which returns a p-value. When p is within the range of 0.01 to 1, the binary sequence is deemed to have passed the corresponding test. A higher p-value indicates a greater degree of randomness in the sequence. Given that both encryption algorithms generate private keys in a similar manner, it is only necessary to conduct randomness tests on the generated public keys. To ascertain the average value, 100 tests were conducted to simulate the generation of public keys of varying lengths. The results are presented in Table 2. The results demonstrate that the randomness of the binary sequences generated by the two algorithms is essentially identical, thereby indicating that these two algorithms possess an equivalent level of security.

Accuracy and loss

In our FL-FedDT scheme, a homomorphic encryption algorithm is employed to process model parameters, ensuring the security of the data communication process. Leveraging the additive property of homomorphic encryption, the plaintext remains intact after decryption, thereby preserving the accuracy of the model. As shown in Fig. 5, the accuracy of FL-FedDT-Paillier and FL-FedDT-Paillier-Enhanced is nearly identical to that of the trust-based global aggregation FL scheme. In Fig. 6, FL-FedDT-Paillier represents the trust-based global aggregation FL scheme combined with the original Paillier algorithm, while FL-FedDT-Paillier-Enhanced represents the trust-based global aggregation FL scheme combined with the improved Paillier algorithm proposed in this work. For ease of calculation, the key length is set to 256 bits, and the global aggregation frequency is set to E = 100 iterations. Using the default settings in Table 1 and training with non-IID data (Zhu et al., 2021), the model achieves an accuracy of approximately 95.38%, with a loss rate reduced to 0.156. Additionally, to highlight the advantages of our approach, we compare it with FL schemes based on differential privacy (Hu et al., 2020) and artificial collaborative interference (Wang et al., 2022). The differential privacy method protects privacy by adding noise to locally updated weights, with the privacy level determined by the privacy budget. However, it requires more time to converge to the desired accuracy. On the other hand, artificial collaborative interference enhances the security throughput of local devices by enabling cooperation among devices to send jamming signals that disrupt eavesdroppers’ wireless links. Nevertheless, this method consumes energy resources intended for local training and communication, thereby reducing training accuracy and increasing communication time. In Fig. 7, we present the communication overhead of parameter transmission between local devices and servers, which shows that our proposed enhanced Paillier encryption scheme has advantages over traditional Paillier encryption schemes.

In addition, Fig. 8 shows the comparative results of training with IID data. The test results show that the training accuracy of the four systems converges, with an accuracy rate close to 98.723%, which is slightly higher than the training with non-IID data, and the curve trends are similar. This is because the IID data are independently extracted from the same distribution for each local device data, so the data from different local devices have the same statistical characteristics. Table 3 presents the convergence time for achieving accuracy in the three FL approaches.

The comparison of joint learning accuracy under the presence of DT bias and after DT bias calibration is shown in Fig. 9. The DT bias calibration FL based on the trust-weighted aggregation strategy achieves better learning performance than the FL with DT bias calibration. Even before convergence, federated learning with bias calibration demonstrates superior performance. Moreover, it is observed that the Deep Q Network (DQN) with DT bias does not converge.

Figure 10 compares the accuracy of joint learning based on DQN with that of fixed-frequency joint learning. As DQN gradually converges, the accuracy of DQN-based federated learning exceeds that of the fixed-frequency federated learning. This is because the global aggregation gain for federated learning accuracy is nonlinear, and the fixed-frequency scheme can avoid aggregation in certain rounds, resulting in lower energy consumption and better learning performance.