Paper 2024/1797
FLock: Robust and Privacy-Preserving Federated Learning based on Practical Blockchain State Channels
Abstract
\textit{Federated Learning} (FL) is a distributed machine learning paradigm that allows multiple clients to train models collaboratively without sharing local data. Numerous works have explored security and privacy protection in FL, as well as its integration with blockchain technology. However, existing FL works still face critical issues. \romannumeral1) It is difficult to achieving \textit{poisoning robustness} and \textit{data privacy} while ensuring high \textit{model accuracy}. Malicious clients can launch \textit{poisoning attacks} that degrade the global model. Besides, aggregators can infer private data from the gradients, causing \textit{privacy leakages}. Existing privacy-preserving poisoning defense FL solutions suffer from decreased model accuracy and high computational overhead. \romannumeral2) Blockchain-assisted FL records iterative gradient updates on-chain to prevent model tampering, yet existing schemes are not compatible with practical blockchains and incur high costs for maintaining the gradients on-chain. Besides, incentives are overlooked, where unfair reward distribution hinders the sustainable development of the FL community. In this work, we propose FLock, a robust and privacy-preserving FL scheme based on practical blockchain state channels. First, we propose a lightweight secure \textit{Multi-party Computation} (MPC)-friendly robust aggregation method through quantization, median, and Hamming distance, which could resist poisoning attacks against up to $<50\%$ malicious clients. Besides, we propose communication-efficient Shamir's secret sharing-based MPC protocols to protect data privacy with high model accuracy. Second, we utilize blockchain off-chain state channels to achieve immutable model records and incentive distribution. FLock achieves cost-effective compatibility with practical cryptocurrency platforms, e.g. Ethereum, along with fair incentives, by merging the secure aggregation into a multi-party state channel. In addition, a pipelined \textit{Byzantine Fault-Tolerant} (BFT) consensus is integrated where each aggregator can reconstruct the final aggregated results. Lastly, we implement FLock and the evaluation results demonstrate that FLock enhances robustness and privacy, while maintaining efficiency and high model accuracy. Even with 25 aggregators and 100 clients, FLock can complete one secure aggregation for ResNet in $2$ minutes over a WAN. FLock successfully implements secure aggregation with such a large number of aggregators, thereby enhancing the fault tolerance of the aggregation.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint.
- Contact author(s)
-
chenruonan @ buaa edu cn
ye_dong @ sutd edu sg
liuyizhong @ buaa edu cn
fantingyu @ iie ac cn
lidawei @ buaa edu cn
guanzhenyu @ buaa edu cn
liujianwei @ buaa edu cn
jianying_zhou @ sutd edu sg - History
- 2024-11-04: approved
- 2024-11-03: received
- See all versions
- Short URL
- https://ia.cr/2024/1797
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1797, author = {Ruonan Chen and Ye Dong and Yizhong Liu and Tingyu Fan and Dawei Li and Zhenyu Guan and Jianwei Liu and Jianying Zhou}, title = {{FLock}: Robust and Privacy-Preserving Federated Learning based on Practical Blockchain State Channels}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1797}, year = {2024}, url = {https://eprint.iacr.org/2024/1797} }