Federated Learning (FL) enables clients to securely share gradients computed on their local data with the server, thereby eliminating the necessity to directly expose their sensitive local datasets. In traditional FL,...Federated Learning (FL) enables clients to securely share gradients computed on their local data with the server, thereby eliminating the necessity to directly expose their sensitive local datasets. In traditional FL, the server might take advantage of its dominant position during the model aggregation process to infer sensitive information from the shared gradients of the clients. At the same time, malicious clients may submit forged and malicious gradients during model training. Such behavior not only compromises the integrity of the global model, but also diminishes the usability and reliability of trained models. To effectively address such privacy and security attack issues, this work proposes a Blockchain-based Privacy-preserving and Secure Federated Learning (BPS-FL) scheme, which employs the threshold homomorphic encryption to protect the local gradients of clients. To resist malicious gradient attacks, we design a Byzantine-robust aggregation protocol for BPS-FL to realize the cipher-text level secure model aggregation. Moreover, we use a blockchain as the underlying distributed architecture to record all learning processes, which ensures the immutability and traceability of the data. Our extensive security analysis and numerical evaluation demonstrate that BPS-FL satisfies the privacy requirements and can effectively defend against poisoning attacks.展开更多
基金supported by the National Natural Science Foundation of China(No.62472170)the Hunan Provincial Natural Science Foundation of China(Nos.2021JJ30455,2022JJ30398,and 2022JJ40277)+1 种基金the Hunan Provincial Degree and Postgraduate Teaching Reform Research Project of China(No.2023JGSZ060)the Scientific Research Fund of Hunan Provincial Education Department of China(No.22A0056).
文摘Federated Learning (FL) enables clients to securely share gradients computed on their local data with the server, thereby eliminating the necessity to directly expose their sensitive local datasets. In traditional FL, the server might take advantage of its dominant position during the model aggregation process to infer sensitive information from the shared gradients of the clients. At the same time, malicious clients may submit forged and malicious gradients during model training. Such behavior not only compromises the integrity of the global model, but also diminishes the usability and reliability of trained models. To effectively address such privacy and security attack issues, this work proposes a Blockchain-based Privacy-preserving and Secure Federated Learning (BPS-FL) scheme, which employs the threshold homomorphic encryption to protect the local gradients of clients. To resist malicious gradient attacks, we design a Byzantine-robust aggregation protocol for BPS-FL to realize the cipher-text level secure model aggregation. Moreover, we use a blockchain as the underlying distributed architecture to record all learning processes, which ensures the immutability and traceability of the data. Our extensive security analysis and numerical evaluation demonstrate that BPS-FL satisfies the privacy requirements and can effectively defend against poisoning attacks.
