Paper 2024/1797

FLock: Robust and Privacy-Preserving Federated Learning based on Practical Blockchain State Channels

Ruonan Chen, Beihang University
Ye Dong, Singapore University of Technology and Design
Yizhong Liu, Beihang University
Tingyu Fan, Chinese Academy of Sciences
Dawei Li, Beihang University
Zhenyu Guan, Beihang University
Jianwei Liu, Beihang University
Jianying Zhou, Singapore University of Technology and Design
Abstract

\textit{Federated Learning} (FL) is a distributed machine learning paradigm that allows multiple clients to train models collaboratively without sharing local data. Numerous works have explored security and privacy protection in FL, as well as its integration with blockchain technology. However, existing FL works still face critical issues. \romannumeral1) It is difficult to achieving \textit{poisoning robustness} and \textit{data privacy} while ensuring high \textit{model accuracy}. Malicious clients can launch \textit{poisoning attacks} that degrade the global model. Besides, aggregators can infer private data from the gradients, causing \textit{privacy leakages}. Existing privacy-preserving poisoning defense FL solutions suffer from decreased model accuracy and high computational overhead. \romannumeral2) Blockchain-assisted FL records iterative gradient updates on-chain to prevent model tampering, yet existing schemes are not compatible with practical blockchains and incur high costs for maintaining the gradients on-chain. Besides, incentives are overlooked, where unfair reward distribution hinders the sustainable development of the FL community. In this work, we propose FLock, a robust and privacy-preserving FL scheme based on practical blockchain state channels. First, we propose a lightweight secure \textit{Multi-party Computation} (MPC)-friendly robust aggregation method through quantization, median, and Hamming distance, which could resist poisoning attacks against up to $<50\%$ malicious clients. Besides, we propose communication-efficient Shamir's secret sharing-based MPC protocols to protect data privacy with high model accuracy. Second, we utilize blockchain off-chain state channels to achieve immutable model records and incentive distribution. FLock achieves cost-effective compatibility with practical cryptocurrency platforms, e.g. Ethereum, along with fair incentives, by merging the secure aggregation into a multi-party state channel. In addition, a pipelined \textit{Byzantine Fault-Tolerant} (BFT) consensus is integrated where each aggregator can reconstruct the final aggregated results. Lastly, we implement FLock and the evaluation results demonstrate that FLock enhances robustness and privacy, while maintaining efficiency and high model accuracy. Even with 25 aggregators and 100 clients, FLock can complete one secure aggregation for ResNet in $2$ minutes over a WAN. FLock successfully implements secure aggregation with such a large number of aggregators, thereby enhancing the fault tolerance of the aggregation.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Contact author(s)
chenruonan @ buaa edu cn
ye_dong @ sutd edu sg
liuyizhong @ buaa edu cn
fantingyu @ iie ac cn
lidawei @ buaa edu cn
guanzhenyu @ buaa edu cn
liujianwei @ buaa edu cn
jianying_zhou @ sutd edu sg
History
2024-11-04: approved
2024-11-03: received
See all versions
Short URL
https://ia.cr/2024/1797
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1797,
      author = {Ruonan Chen and Ye Dong and Yizhong Liu and Tingyu Fan and Dawei Li and Zhenyu Guan and Jianwei Liu and Jianying Zhou},
      title = {{FLock}: Robust and Privacy-Preserving Federated Learning based on Practical Blockchain State Channels},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1797},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1797}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.