Home Big Data Mining and Analytics Article
PDF (7.4 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript
Open Access

BPS-FL: Blockchain-Based Privacy-Preserving and Secure Federated Learning

College of Information Science and Engineering, Hunan Normal University, Changsha 410081, China
Department of Computer Science, Georgia State University, Atlanta 30303, USA
Show Author Information

Abstract

Federated Learning (FL) enables clients to securely share gradients computed on their local data with the server, thereby eliminating the necessity to directly expose their sensitive local datasets. In traditional FL, the server might take advantage of its dominant position during the model aggregation process to infer sensitive information from the shared gradients of the clients. At the same time, malicious clients may submit forged and malicious gradients during model training. Such behavior not only compromises the integrity of the global model, but also diminishes the usability and reliability of trained models. To effectively address such privacy and security attack issues, this work proposes a Blockchain-based Privacy-preserving and Secure Federated Learning (BPS-FL) scheme, which employs the threshold homomorphic encryption to protect the local gradients of clients. To resist malicious gradient attacks, we design a Byzantine-robust aggregation protocol for BPS-FL to realize the cipher-text level secure model aggregation. Moreover, we use a blockchain as the underlying distributed architecture to record all learning processes, which ensures the immutability and traceability of the data. Our extensive security analysis and numerical evaluation demonstrate that BPS-FL satisfies the privacy requirements and can effectively defend against poisoning attacks.

Keywords

Federated Learning (FL)blockchainprivacy-preservingmodel poisoning attackByzantine-robustness

References

[1]

L. Deng and D. Yu, Deep learning: Methods and applications, Found. Trends® Signal Process., vol. 7, nos. 3&4, pp. 197–387, 2014.

Crossref Google Scholar
[2]

L. Peng, N. Wang, N. Dvornek, X. Zhu, and X. Li, FedNI: Federated graph learning with network inpainting for population-based disease prediction, IEEE Trans. Med. Imag., vol. 42, no. 7, pp. 2032–2043, 2023.

Crossref Google Scholar
[3]

Z. Li, X. Wang, W. Yang, J. Wu, Z. Zhang, Z. Liu, M. Sun, H. Zhang, and S. Liu, A unified understanding of deep NLP models for text classification, IEEE Trans. Vis. Comput. Graph., vol. 28, no. 12, pp. 4980–4994, 2022.

Crossref Google Scholar
[4]

R. Zhao, Y. Wang, Z. Xue, T. Ohtsuki, B. Adebisi, and G. Gui, Semisupervised federated-learning-based intrusion detection method for Internet of Things, IEEE Internet Things J., vol. 10, no. 10, pp. 8645–8657, 2023.

Crossref Google Scholar
[5]
B. McMahan, E. Moore, D. Ramage, S. Hampson, and B.A. y Arcas, Communication-efficient learning of deep networks from decentralized data, in Proc. of 20th Int. Conf. on Artificial Intelligence and Statistics, Ft. Lauderdale, FL, USA, 2017, pp. 1273–1282.
[6]

X. Guo, Z. Liu, J. Li, J. Gao, B. Hou, C. Dong, and T. Baker, VeriFL: communication-efficient and fast verifiable aggregation for federated learning, IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 1736–1751, 2021.

Crossref Google Scholar
[7]
H. Zhou, G. Yang, H. Dai, and G. Liu, PFLF: Privacy-preserving federated learning framework for edge computing, IEEE Trans. Inf. Forensics Secur., vol. 17, pp. 1905–1918, 2022.
Crossref
[8]
R. Shokri, M. Stronati, C. Song, and V. Shmatikov, Membership inference attacks against machine learning models, in Proc. IEEE Symp. on Security and Privacy, San Jose, CA, USA, 2017, pp. 3–18.
Crossref
[9]

M. Al-Rubaie and J. M. Chang, Privacy-preserving machine learning: Threats and solutions, IEEE Secur. Priv., vol. 17, no. 2, pp. 49–58, 2019.

Crossref Google Scholar
[10]

X. Cao, J. Jia, and N. Z. Gong, Provably secure federated learning against malicious clients, Proc. AAAI Conf. Artif. Intell., vol. 35, no. 8, pp. 6885–6893, 2021.

Crossref Google Scholar
[11]

Y. Li, H. Li, G. Xu, T. Xiang, X. Huang, and R. Lu, Toward secure and privacy-preserving distributed deep learning in fog-cloud computing, IEEE Internet Things J., vol. 7, no. 12, pp. 11460–11472, 2020.

Crossref Google Scholar
[12]
J. H. Bell, K. A. Bonawitz, A. Gascón, T. Lepoint, and M. Raykova, Secure single-server aggregation with (poly) logarithmic overhead, in Proc. 2020 ACM SIGSAC Conf. Computer and Communications Security, Virtual Event, 2020, pp.1253–1269.
Crossref
[13]
K. Nandakumar, N. Ratha, S. Pankanti, and S. Halevi, Towards deep neural network training on encrypted data, in Proc. IEEE/CVF Conf. Computer Vision and Pattern Recognition Workshops, Long Beach, CA, USA, 2019, pp. 40–48.
Crossref
[14]

L. T. Phong, Y. Aono, T. Hayashi, L. Wang, and S. Moriai, Privacy-preserving deep learning via additively homomorphic encryption, IEEE Trans. Inf. Forensics Secur., vol. 13, no. 5, pp. 1333–1345, 2018.

Crossref Google Scholar
[15]
L. Yu, L. Liu, C. Pu, M. E. Gursoy, and S. Truex, Differentially private model publishing for deep learning, in Proc. IEEE Symp. on Security and Privacy, San Francisco, CA, USA, 2019, pp. 332–349.
Crossref
[16]

K. Wei, J. Li, M. Ding, C. Ma, H. H. Yang, F. Farokhi, S. Jin, T. Q. S. Quek, and H. Vincent Poor, Federated learning with differential privacy: Algorithms and performance analysis, IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 3454–3469, 2020.

Crossref Google Scholar
[17]
P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, Machine learning with adversaries: Byzantine tolerant gradient descent, in Proc. 31st Int. Conf. Neural Information Processing Systems, Long Beach, CA, USA, 2017, pp. 118 – 128.
[18]
S. Rajput, H. Wang, Z. Charles, and D. Papailiopoulos, DETOX: A redundancy-based framework for faster and more robust gradient aggregation, arXiv preprint arXiv: 1907.12205, 2019.
[19]
D. Yin, Y. Chen, R. Kannan, and P. Bartlett, Byzantine-robust distributed learning: Towards optimal statistical rates, in Proc. 35th Int. Conf. on Machine Learning, Stockholm, Sweden, 2018, pp. 5650– 5659.
[20]
M. Fang, X. Cao, J. Jia, and N. Z. Gong, Local model poisoning attacks to Byzantine-robust federated learning, arXiv preprint arXiv: 1911.11815, 2019.
[21]
X. Cao, M. Fang, J. Liu, and N. Z. Gong, FLTrust: Byzantine-robust federated learning via trust bootstrapping, arXiv preprint arXiv: 2012.13995, 2020.
Crossref
[22]
Y. Dong, X. Chen, K. Li, D. Wang, and S. Zeng, FLOD: Oblivious defender for private Byzantine-robust federated learning with dishonest-majority, in Proc. 26th European Symposium on Research in Computer Security, Darmstadt, Germany, 2021. pp. 497–518,
Crossref
[23]

X. Ma, X. Sun, Y. Wu, Z. Liu, X. Chen, and C. Dong, Differentially private Byzantine-robust federated learning, IEEE Trans. Parallel Distrib. Syst., vol. 33, no. 12, pp. 3690–3701, 2022.

Crossref Google Scholar
[24]
A. Hard, K. Rao, R. Mathews, S. Ramaswamy, F. Beaufays, S. Augenstein, H. Eichner, C. Kiddon, and D. Ramage, Federated learning for mobile keyboard prediction, arXiv preprint arXiv: 1811.03604, 2018.
[25]

Z. Wu, Q. Ling, T. Chen, and G. B. Giannakis, Federated variance-reduced stochastic gradient descent with robustness to Byzantine attacks, IEEE Trans. Signal Process., vol. 68, pp. 4583–4596, 2952.

Crossref Google Scholar
[26]

X. Gong, Y. Chen, Q. Wang, and W. Kong, Backdoor attacks and defenses in federated learning: State-of-the-art, taxonomy, and future directions, IEEE Wirel. Commun., vol. 30, no. 2, pp. 114–121, 2023.

Crossref Google Scholar
[27]

B. Hou, J. Gao, X. Guo, T. Baker, Y. Zhang, Y. Wen, and Z. Liu, Mitigating the backdoor attack by federated filters for industrial IoT applications, IEEE Trans. Ind. Inform., vol. 18, no. 5, pp. 3562–3571, 2022.

Crossref Google Scholar
[28]
E. Bagdasaryan, A. Veit, Y. Hua, D. Estrin, and V. Shmatikov, How to backdoor federated learning, in Proc. of Twenty Third Int. Conf. on Artificial Intelligence and Statistics, Virtual Event, 2020, pp. 2938−2948.
[29]
E. M. E. Mhamdi, R. Guerraoui, and S. Rouault, The hidden vulnerability of distributed learning in Byzantium, in Proc. of the 35th Int. Conf. on Machine Learning, Stockholm, Sweden, 2018, pp. 3521−3530.
[30]
K. Bonawitz, V. Ivanov, B. Kreuter, A. Marcedone, H. B. McMahan, S. Patel, D. Ramage, A. Segal, and K. Seth, Practical secure aggregation for privacy-preserving machine learning, in Proc. 2017 ACM SIGSAC Conf. Computer and Communications Security, Dallas, TX, USA, 2017 pp. 1175–1191.
Crossref
[31]
S. Truex, N. Baracaldo, A. Anwar, T. Steinke, H. Ludwig, R. Zhang, and Y. Zhou, A hybrid approach to privacy-preserving federated learning, in Proc. 12th ACM Workshop on Artificial Intelligence and Security, London, UK, 2019, pp. 1–11.
Crossref
[32]
Y. Li, Y. Zhou, A. Jolfaei, D. Yu, G. Xu, and X. Zheng, Privacy-preserving federated learning framework based on chained secure multiparty computing, IEEE Internet Things J., vol. 8, no. 8, pp. 6178–6186, 2021.
Crossref
[33]
Y. Miao, R. Xie, X. Li, X. Liu, Z. Ma, and R. H. Deng, Compressed federated learning based on adaptive local differential privacy, in Proc. 38th Annual Computer Security Applications Conference, Austin, TX, USA, 2022, pp. 159–170.
Crossref
[34]

G. Xu, H. Li, S. Liu, K. Yang, and X. Lin, VerifyNet: Secure and verifiable federated learning, IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 911–926, 2020.

Crossref Google Scholar
[35]

J. So, B. Güler, and A. S. Avestimehr, Byzantine-resilient secure federated learning, IEEE J. Sel. Areas Commun., vol. 39, no. 7, pp. 2168–2181, 2021.

Crossref Google Scholar
[36]

X. Liu, H. Li, G. Xu, Z. Chen, X. Huang, and R. Lu, Privacy-enhanced federated learning against poisoning adversaries, IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 4574–4588, 2021.

Crossref Google Scholar
[37]
L. Zhao, J. Jiang, B. Feng, Q. Wang, C. Shen, and Q. Li, SEAR: Secure and efficient aggregation for Byzantine-robust federated learning, IEEE Trans. Dependable Secure Comput., vol. 19, no. 5, pp. 3329–3342, 2022.
Crossref
[38]
Z. Zhang, J. Li, S. Yu, and C. Makaya, SAFELearning: Enable backdoor detectability in federated learning with secure aggregation, arXiv preprint arXiv: 2102.02402, 2021.
[39]

Y. Miao, Z. Liu, H. Li, K.-K R. Choo, and R. H. Deng, Privacy-preserving Byzantine-robust federated learning via blockchain systems, IEEE Trans. Inf. Forensics Secur., vol. 17, pp. 2848–2861, 2022.

Crossref Google Scholar
[40]

M. Shayan, C. Fung, C. J. M. Yoon, and I. Beschastnikh, Biscotti: A blockchain system for private and secure federated learning, IEEE Trans. Parallel Distrib. Syst., vol. 32, no. 7, pp. 1513–1525, 2021.

Crossref Google Scholar
[41]
P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in Proc. Int. Conf. on the Theory and Applications of Cryptographic Techniques, Prague, Czech Republic, 1999, pp. 223–238.
Crossref
[42]
J. H. Cheon, A. Kim, M. Kim, and Y. Song, Homomorphic encryption for arithmetic of approximate numbers, in Proc. ASIACRYPT 2017 : 23 rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, 2017, pp. 409–437.
Crossref
[43]
G. Bonnoron, C. Fontaine, G. Gogniat, V. Herbert, V. Lapôtre, V. Migliore, and A. Roux-Langlois, Somewhat/fully homomorphic encryption: Implementation progresses and challenges, in Proc. Int. Conf. on Codes, Cryptology, and Information Security, doi: 10.1007/978-3-319-55589-8_5.
Crossref
[44]

G. Xu, H. Li, Y. Zhang, S. Xu, J. Ning, and R. H. Deng, Privacy-preserving federated deep learning with irregular users, IEEE Trans. Dependable Secure Comput., vol. 19, no. 2, pp. 1364–1381, 2022.

Google Scholar
Big Data Mining and Analytics
Volume 8 Issue 1,
February 2025
Pages 189-213
DOI: 10.26599/BDMA.2024.9020053
Cite this article:
Yu J, Yao H, Ouyang K, et al. BPS-FL: Blockchain-Based Privacy-Preserving and Secure Federated Learning. Big Data Mining and Analytics, 2025, 8(1): 189-213. https://doi.org/10.26599/BDMA.2024.9020053
Metrics & Citations  
Article History
Copyright
Rights and Permissions
Return