IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO.

6, NOVEMBER/DECEMBER 2024 761

ESB-FL: Efficient and Secure Blockchain-Based

Federated Learning With Fair Payment
Biwen Chen , Honghong Zeng , Tao Xiang , Senior Member, IEEE, Shangwei Guo ,
Tianwei Zhang , Member, IEEE, and Yang Liu , Senior Member, IEEE

Abstract—Federated learning (FL) is a technique that enables multiple parties to collaboratively train a model without sharing raw
private data, and it is ideal for smart healthcare. However, it raises new privacy concerns due to the risk of privacy-sensitive medical
data leakage. It is not until recently that the privacy-preserving FL (PPFL) has been introduced as a solution to ensure the privacy of
training processes. Unfortunately, most existing PPFL schemes are highly dependent on complex cryptographic mechanisms or fail to
guarantee the accuracy of training models. Besides, there has been little research on the fairness of the payment procedure in the
PPFL with incentive mechanisms. To address the above concerns, we first construct an efficient non-interactive designated decryptor
function encryption (NDD-FE) scheme to protect the privacy of training data while maintaining high communication performance. We
then propose a blockchain-based PPFL framework with fair payment for medical image detection, namely ESB-FL, by combining the
NDD-FE and an elaborately designed blockchain. ESB-FL not only inherits the characteristics of the NDD-FE scheme, but it also
ensures the interests of each participant. We finally conduct extensive security analysis and experiments to show that our new
framework has enhanced security, good accuracy, and high efficiency.

Index Terms—Blockchain, fair payment, federated learning, function encryption, privacy protection

1 INTRODUCTION
EDERATED learning is an emerging and advancing tech-
F nology that allows users to train a centralized model on
separate datasets stored by different entities. It is increas-
ingly prevalent in business and society, and its applications
in healthcare drive reforms in the fields such as medical
diagnosis and treatment [1], disease risk factor prediction.
For example, FL allows medical institutions to train global
machine learning models on huge amounts of COVID-19
case data [2] from different areas to predict infectious cases
without data sharing. Obviously, the rapid growth of FL

Biwen Chen is with the College of Computer Science, Chongqing Univer-
sity, Chongqing 400044, China, with the State Key Laboratory of Cryptol-
ogy, Beijing 100878, China, and also with the Guangxi Key Laboratory of
Trusted Software, Guilin University of Electronic Technology, Guilin
541004, China. E-mail: [email protected].

Honghong Zeng, Tao Xiang, and Shangwei Guo are with the College of
Computer Science, Chongqing University, Chongqing 400044, China.
E-mail: {hhzeng, txiang, swguo}@cqu.edu.cn.

Tianwei Zhang and Yang Liu are with the School of Computer Science and
Engineering, Nanyang Technological University, Singapore 639798.
E-mail: {tianwei.zhang, yangliu}@ntu.edu.sg.
Manuscript received 3 March 2022; revised 18 April 2022; accepted 19 May
2022. Date of publication 23 May 2022; date of current version 13 November
2024.
This work was supported in part by the National Natural Science Foundation
of China under Grants U20A20176, U21A20463, 62102050, and 62102052,
in part by China Postdoctoral Science Foundation under Grant BX2021399,
in part by the Guangxi Key Laboratory of Trusted Software under Grant
KX202043, in part by the State Key Laboratory of Cryptology under Grant
MMKFKT202118, and in part by the Natural Science Foundation of Chongq-
ing, China, under Grant cstc2021jcyj-msxmX0744.
(Corresponding author: Tao Xiang.)
Recommended for acceptance by Special Issue On Trustable, Verifiable, and
Auditable Federated Learning.
Digital Object Identifier no. 10.1109/TBDATA.2022.3177170
2332-7790 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See ht_tps://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
benefits from two main drivers: (1) applying machine learn-
ing technologies to distributed data scenarios, (2) providing
data privacy protection during the data application process.
Although the FL brings great benefits to daily life, it also
raises new privacy concerns in practical applications.
Recent researches have shown that FL may not always offer
enough privacy protection for local training datasets [3].
This is mainly because some malicious adversaries may
extract sensitive information about training datasets from
the model parameters such as weights or gradients [4]. For
example, the membership inference attack [5], [6] could con-
struct a series of shadow models through local gradients to
reconstruct original data samples. Obviously, such potential
privacy leakage risks in FL may be becoming a serious
obstacle for practical applications, particularly the privacy-
sensitive scenarios [7] (e.g., healthcare).
To address the privacy concerns, privacy-preserving FL
(PPFL) is introduced by applying privacy-preserving mech-
anisms to FL. Currently, the PPFL schemes can be catego-
rized into two types according to the privacy-preserving
methods: (1) non-crypto-based methods such as differential
privacy [8], (2) crypto-based methods such as homomorphic
encryption (HE) [9] or secure multiparty computation
(MPC) [10]. Although non-crypto-based PPFL schemes can
provide more efficient performance, their training models
may not be as accurate as crypto-based PPFL. This is mainly
because the effect of adding noise on the model parameters
may be unknown. In contrast to non-crypto-based PPFL,
crypto-based PPFL can be used to accurately train general
machine learning models while providing an appropriate
level of data privacy protection.
Although there have been some researches [9], [11], [12],
[13] on crypto-based PPFL, significant computational and
 762
communication costs might still be one of the common
problems. One reason is that constructing schemes for gen-
eral machine learning tasks relys on sophisticated technolo-
gies, such as homomorphic encryption [9], oblivious
transfer [14]. For example, Hao et al. [9] adopted the fully
homomorphic encryption technology to resist multiple-enti-
ties collusion attack, however, it also incurs vast computa-
tional and communication overhead. Bonawitz et al. [11]
had used multiple cryptography tools such as secret shar-
ing, digital signature, authenticated encryption, to maintain
high model accuracy and strong privacy guarantee. How-
ever, their scheme requires enormous computing power to
train a good model. Obviously, low efficiency may hinder
the wide application of crypto-based PPFL schemes.
In addition, achieving fair exchange between task pub-
lishers and task participants in the FL framework is also an
extremely meaningful challenge. To maintain the function
of an FL organization, a financial incentive mechanism is
typically needed to motivate task participants to train mod-
els actively. Thus, it is critical to ensure each FL participant
is treated fairly. Currently, most FL schemes with fair treat-
ment mainly focus on addressing the problem of how to
achieve the fair assessment of FL task participants’ contribu-
tion [15], [16], [17]. That is, they can guarantee the fairness of
profit allocation. However, how to ensure fairness of both
parties in the trading process is still an open problem. For
example, if the task participants are paid in advance by the
task publisher, they may be motivated to lower costs by
training models lazily or with low accuracy. On the con-
trary, if the task publisher gets the training model first, he
may not pay rewards for the task participants. Therefore, an
effective FL framework should ensure that the FL task can
be completed correctly and each participant who partici-
pates in the task can obtain the task rewards timely.
To achieve fair payment, a native solution is to introduce
a trusted arbiter, who serves as a middleman to enforce
that both the task publisher and task participants follow
policies at predefined. However, the role of the trusted arbi-
ter might largely eliminate the benefits of this distributed
framework. Over the last few years, blockchain has been
proven to be highly effective at financial services. Some
blockchain-based FL schemes [18], [19], [20], [21] have been
proposed to build a decentralized, healthy FL system with
incentive mechanisms. However, they fail to balance the
privacy protection of data with fair payment of rewards.
For example, to implement transactions between task pub-
lishers and task participants, the FLchain proposed by Bao
et al. [18] requires that all computation results must be con-
sensual on-chain, which may raise the risk of leakage of
personal sensitive data.
To address the above concerns, we introduce an efficient
and secure blockchain-based FL system framework. In this
framework, we first adopt a new proposed lightweight cryp-
tography tool (i.e., non-interaction designated decryptor
function encryption) to encrypt each local gradient. As a
remarkable advantage, it can achieve desirable privacy pro-
tection and retain the accuracy of the global model while
maintaining low communication costs. Meanwhile, the DGC
algorithm [22] is introduced to further reduce the communi-
cation costs. This is because each local gradient to be sent
must be reached a threshold, and thus it greatly reduces the
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
amount of data communicated between nodes. Then, by
elaborately designing a blockchain structure and using smart
contract technology, fair payment between task publisher
and task participants is achieved to ensure that all task par-
ticipants will get the rewards as long as the task publisher
obtains the qualified and correct model.
In summary, our main contributions are as follows.

We propose a new function encryption scheme,
namely non-interactive designated decryptor func-
tion encryption (NDD-FE). NDD-FE avoids multiple
interactions between the encryptor and the key gen-
erator and achieves that only the designated decryp-
tor can decrypt the aggregated global model.

We design a new block structure of blockchain,
which binds the task and model information to the
block generation. This guarantees each task partici-
pant gets rewards if and only if the trained model
satisfies the task requirements, thereby guaranteeing
the fairness of the payment process.

By integrating the proposed NDD-FE and the
designed blockchain into federated learning, we pro-
pose ESB-FL, an efficient and secure blockchain-
based federated learning framework. ESB-FL can not
only train a highly accurate model while protecting
the privacy of local training data, but also supports
the fair payment between the task publisher and all
participants.

We perform a security analysis and effectiveness
assessment of the proposed ESB-FL to demonstrate
its desired security and efficiency.
The rest of this paper is organized as follows. Section 2
describes related work. Section 3 provides a brief introduction
to the preliminaries. Section 4 describes the building blocks
that will be used in our framework. Section 5 introduces the
proposed framework in detail. Sections 6 and 7 present the
security and performance analyses about the proposed frame-
work, respectively. Finally, Section 8 presents a conclusion.
2 RELATED WORK
In this section, we mainly review the following two research
topics in FL related to this paper.
Privacy-Preserving FL. PPFL aims to collaboratively train a
global model while preserving data privacy. Typically, the
privacy-preserving mechanisms used by PPFL can be
divided into two types: non-cryptographic technology and
cryptographic technology. In the non-cryptographic tech-
nologies [23], [24], [25], [26], the differential privacy (DP)
method has a major share, which provides a privacy guar-
antee by adding noise to local data or model parameters.
However, applying the DP method to FL results in a contra-
diction between privacy-preserving level and model accu-
racy [27]. That is, it is hard to achieve high model accuracy
and strong privacy simultaneously.
In cryptographic technologies, both homomorphic
encryption (HE) [12] and secure multiparty computation
(MPC) [28] are two mainstream methods at present, because
they can provide stronger privacy protection while retain-
ing the original accuracy. Zhang et al. [9] constructed a HE-
based PPFL framework, in which each local gradient will be
 CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT
encrypted to avoid information leakage. Zhang et al. [30]
proposed an efficient HE scheme for FL. In their scheme, a
new quantization and encoding scheme is developed to
reduce computation and communication costs. Compared
with the HE method, the MPC method is considered a prom-
ising tool for the privacy protection of FL since it allows dis-
tributed participants to securely calculate an objective
function. Chaudhari et al. [31] proposed a four-party MPC-
based PPFL framework, namely Trident. Compared with
Gordon et al. [32], Trident requires fewer participants to be
active and has better online communication efficiency. So
et al. [10] introduced a scalable PPFL framework based on
secure MPC protocol, where MPC protocol is exploited to
transform the dataset. However, significant communication
costs of these solutions is still a challenge to facilitate the
wide application [33].
In addition to the HE and MPC, some special cryptogra-
phy primitives [34], [35] are also used to provide privacy
protection of FL for specific applications. Szatmari et al. [35]
proposed a secret-sharing-based PPFL for modelling audio-
logical preferences. Xu et al. [34] proposed a verifiable PPFL
framework, where the key agreement protocol is used to
protect the privacy of the local gradients. Guo et al. [36] con-
ducted a comprehensive review of research on collaborative
learning and introduced in detail the existing attacks
against FL and corresponding defense mechanisms. Obvi-
ously, exploring different cryptography methods for differ-
ent applications may be an efficient way to balance the
accuracy, privacy, and efficiency of FL.
Blockchain-Based FL. As an emerging technology, block-
chain is widely introduced into FL framework to enhance
security or service availability due to its decentralization,
verifiability, and immutability. Qu et al. [21] proposed a
blockchain-enabled FL scheme to remedy the privacy and
efficiency problems of fog computing, in which a blockchain
system replaces the central authority to resist the poisoning
attacks. To enhance the reliability and efficiency, Lu et al.
[37] designed a new architecture for data sharing, based on
an asynchronous FL and a hybrid blockchain framework.
The hybrid blockchain framework consists of permissioned
blockchain and local directed acyclic graphs. To solve the
data falsification, Wan et al. [38] integrated blockchain with
FL to protect the privacy of edge devices in 5 G networks.
Different from the above methods to improve the secu-
rity of FL, some works [16], [39], [40], [41] focus on enhanc-
ing the scalability of FL by leveraging blockchain
technology. Ramanan et al. [40] used the blockchain technol-
ogy to remove the need for the central FL server but also led
to the high computation and communication overhead. To
motivate participants, Zhang et al. [41] proposed an incen-
tive mechanism for FL, where the blockchain is used to
guarantee that the information of reputation cannot be tam-
pered with and can be publicly accessible. Likewise, Gao
et al. [42] also proposed a blockchain-based fair incentive
mechanism for FL to address the profit-sharing problem.
Their scheme uses the blockchain to store all intermediate
results to prevent fraud and denial. Liu et al. [16] built a pay-
ment system for FL by adopting the blockchain as a distri-
bution ledger.
Obviously, blockchain has proved to be a powerful tool to
enhance the practicality of FL. However, most blockchain-
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
763
Fig. 1. A simplified blockchain structure.
based FL schemes regard the blockchain merely as a decen-
tralized and immutable ledger and use it to build trust. Our
work will adopt the blockchain to achieve the fairness of the
payment process, namely fair payment, which can ensure
the interests of task publishers and task participants.
3 PRELIMINARIES
3.1 Blockchain
Blockchain can be regarded as a decentralized, distributed
database. A simplified diagram of the blockchain is shown
in Fig. 1, which shows that the blockchain is a collection of a
series of blocks connected in chronological order. Blocks are
joined by hash pointers, and each block contains the hash
value of the previous block. With this structure, if the data
in one block is tampered with, all blocks following that
block are changed and can be detected immediately. All
blocks in a blockchain are verified by the nodes on the
chain, and adding a new block to the blockchain requires
the consensus of the nodes. If the majority of nodes verify
that the new block meets the requirement, the new block is
accepted as the next block of the longest legal chain.
3.2 Hard Problem Assumption
The privacy of our scheme relies on the CDH assumption.
That is, if the CDH assumption holds, then our scheme is
secure. The CDH assumption is defined as follows.
Let G denote a cyclic group with prime order p and g be
its generator. Let GGenð1 Þ be an efficient algorithm that
takes a security parameter  as input and probabilistically
outputs ðG; p; gÞ.
CDH Assumption. Given parameters ðG; p; gÞ generated
by GGenð1 Þ and ðga ; gb Þ 2 G, where ða; bÞ are randomly
chosen in Zp , the CDH problem is to compute gab . We say
that the CDH assumption holds if the advantage of solving
the CDH problem is negligible.
According to the discrete logarithm, it is impossible to
recover the exponent r 2 Zp of gr 2 G if r is large and ran-
dom enough. Note that it is still possible to recover the
exponent k of gk by leveraging the baby-step giant-step algo-
rithm [43] if k  r.
3.3 Function Encryption
Function encryption (FE) is a promising cryptographic
primitive that allows authorized users to delegate to third
parties the computation of functions of the encrypted data
by generating specific secret keys for these functions. FE
allows us to utilize encrypted data while protecting data
privacy. Compared with the MPC and HE, FE is a more
lightweight and efficient cryptography solution towards
constructing a privacy-preserving FL. We now briefly intro-
duce a FE scheme in [34], [44] that supports basic arithmetic
 764
operations. Let  represent multiplication operations in
function encryption, the details are defined as follows.

FE.Setup(1 ): It takes the security parameter  as
input, and generates group sample ðG; p; gÞ
GGenð1 Þ and selects a random key s Zp . Then it
outputs the master secret key msk ¼ s and the public
key mpk ¼ ðH; gÞ, where H ¼ gs .

FE.Encrypt(mpk; x): It takes mpk and the data x 2 Zp
that needs to be encrypted as input, and outputs a
commitment ct and the ciphertext c. It first randomly
selects a random r Zp and generates the commit-
ment ct ¼ gr and the ciphertext c ¼ H r  gx .

FE.KeyDerive(mpk; msk; ct; ; y): It takes msk, the
commitment ct and the input of function y as inputs
and outputs the special function key sk for  opera-
tion. Specifically, the generated function key is sk ¼
ðcts Þy ¼ grsy .

FE.Decrypt(mpk; sk ; c; y): It takes mpk, the function
key sk for  operation, the ciphertext c and another
input y as input, computes gxy ¼ cy =sk ¼
ðH r gx Þy =ððgr Þsy Þ ¼ gxy , and finally extracts the expo-
nent xy.
3.4 Federated Learning
FL is gradually applied to the field of medical image detec-
tion by training a global machine learning model on multi-
ple datasets stored by different centers without data
sharing. In general, a classic FL framework for medical
image detection can be summarized as the following
phases. Suppose that there are h medical data centers as the
participants, which train their local models based on their
local data. Meanwhile, there is an aggregation node A that
is responsible for aggregating local models and computing
the global model.
Initialization. The aggregation node A publishes the train-
ing task T and the parameters of the training process, and
then initializes the global model as W0 . Finally, it distributes
the tth global model Wt to all participants, where
t ¼ f0; 1; . . .g.
Local Training. After receiving the global model Wt , each
participant i 2 f1; . . .; hg sets Wt as his local model, denoted
as Wti . Then, guided by the task requirement, the participant
i optimizes his local model Wti by minimizing the loss func-
tion floss ðWti Þ and then obtains an ideal model ðWti Þ , i.e.,
ðWti Þ ¼ arg min floss ðWti Þ
Wti
Finally, all participants ð1; . . .; hÞ send their local models
fðWti Þ gi¼1;...;h to the aggregation node A.
Aggregation and Update. The aggregation node A aggre-
gates all local models as follows:
1X h
Wtþ1 ¼ floss ðWti Þ
h i¼1
Then, the aggregation node A sets Wtþ1 as the latest global
model and determines whether it accords with the need of
training accuracy. If not, A distributes the global model to
all participants, like the Initialization phase.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
Note that these steps may be repeated several times until
a desirable training model is obtained.
4 BUILDING BLOCKS
In this section, we first present a new function encryption
scheme, and then describe our designed blockchain.
4.1 Non-Interactive Designated Decryptor Function
Encryption
Although the FE scheme in [34] supports several basic arith-
metic computations, as described in Section 3, it is still faced
with two challenges if applied directly to the FL framework.
The first challenge is that the multi-round communica-
tions between the key generator and the data encryptor
may result in high communication costs in the FL frame-
work. In their scheme, the generation of the function key
sk requires a commitment ct sent by the encryptor, that is,
the key generator needs to communicate with each data
encryptor for generating a decrypt secret key in each model
update process. The second challenge is that relying on a
trusted entity further limits the usability and scalability of
their scheme. In their scheme, except for the user with the
special key sk , the key generator can also decrypt all
ciphertext c ¼ H r gx by using the master secret key s since
all data are encrypted under the master public key H.
Therefore, the key generator must be a trusted entity to
ensure the privacy of data. However, the trusted central
entity is difficult to be established in the distributed FL
framework.
To overcome the above drawbacks, we propose the con-
cept of non-interactive designated decryptor function encryption
(NDD-FE) supporting inner-product computation, in which
the encryptor does not need to interact with the key genera-
tor and only designated decryptor with function key can
decrypt the inner-product results on the encrypted data. Sup-
pose the inner-product
P functionality is to compute fðx; yÞ ¼
< x; y > ¼ ni¼1 ðxi yi Þ, where n denotes the length of the
vectors x; y and ðxi ; yi Þ denote the ith elements of x; y,
respectively.
For the convenience of description, we describe the
NDD-FE scheme using three roles, namely generator, encryp-
tor and decryptor. The system model is shown in Fig. 2, and
the construction is defined as follows.

NDD-FE. Setup(1 ) ! pp: It takes the security param-
eter  as input and generates system public parame-
ter pp ¼ ðG; p; gÞ GGenð1 Þ and a secure hash
function H1 : G ! Zp .

NDD-FE. KeyGen(pp) ! ðpk; skÞ: It is executed by all
participants, including generator, encryptor and
decryptor. It takes the system public parameter pp as
input, and selects a random number s Zp as the
secret key and the public key pk ¼ H ¼ gs . Let ðpk1 ¼
gs1 ; sk1 ¼ s1 Þ, ðpk2i ¼ gs2i ; sk2i ¼ s2i Þi¼1;...;n and ðpk3 ¼
gs3 ; sk3 ¼ s3 Þ denote the public/secret key pairs of
the generator, the ith encryptor and the decryptor,
respectively.

NDD-FE. KeyDerive(pk1 ; sk1 ; fpk2i gi¼1;2;...;n ; ctr; y, aux)
! sk : It is executed by the generator. It takes the
public/secret key pair ðpk1 ¼ gs1 ; sk1 ¼ s1 Þ of the
 CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT
Fig. 2. System model of NDD-FE.
generator, the public keys fpk2i ¼ gs2i gi¼1;2;...;n of n
encryptors, an incremental counter ctr, a vector y
that needs to be computed with ciphertext and an
auxiliary information auxPas input, and outputs
the function key sk ¼ ni¼1 rcrt i yi , where ri ¼
crt
H1 ðpk2i 1 ; crt; auxÞ ¼ H1 ðgs2i s1 ; crt; auxÞ 2 Zp for each
sk
encryptor pk2i .

NDD-FE. Encrypt(pk1 ; sk2i ; pk3 ; ctr; xi ; aux) ! ci : It is
executed by n encryptors. It takes the public key pk1
of the generator, the public/secret key pair ðpk2i ; sk2i Þ
of the ith encryptor, the public key pk3 of the decryp-
tor, and the data xi as input, and outputs the cipher-
rcrt x sk
text ci ¼ pk1i  pk3 i , where rcrti ¼ H1 ðpk1 ; crt; auxÞ
2i

¼ H1 ðg s1 s2i
; crt; auxÞ 2 Zp .

NDD-FE. Decrypt(pk1 ; sk ; sk3 ; fci gi¼1;...;n ; y) ! <
x; y > : It is executed by the decryptor. It takes the
public key pk1 of the generator, the function key sk ,
the secret key sk3 of the decryptor, the ciphertexts
fci gi¼1;...;n and the vector y as input, and computes:
Qn Qn
yi rcrt x
i¼1 ci i¼1 ððpk 1Þ i pk3 i Þyi
E¼ ¼ P n
ðpk1 Þsk ðpk1 Þ rcrt yi
i¼1 i
Pn crt
ri yi hx;yi
ðpk1 Þ i¼1 pk
¼ Pn crt 3 ¼ pk3< x;y >
ðpk1 Þ i¼1 ri yi
1 tal signature of model hash, model link and model accuracy.
and computes E  ¼ E sk3 ¼ g < x;y > . Finally, it can
recover the inner-product of vectors ðx; yÞ by using
the baby-step giant-step (BSGS) algorithm.
Scheme Analysis. Here, we analyze the proposed FE
scheme in terms of security and performance.
For security, it is straightforward to see that the security
of the NDD-FE scheme is the same as that of the scheme
rcrt
in [34]. This is because the ciphertext ci ¼ pk1i pkx3 i in our
scheme and the ciphertext ci ¼ H ri gxi in [34] can be viewed
as the standard ElGamal ciphertext generated by the ElGa-
mal encryption scheme, and thus any outside adversaries
cannot obtain the information of data. However, the main
difference between our scheme and [34] is that our scheme
ensures that only the designated decryptor can decrypt the
ciphertext due to the usage of the secret key sk3 of the desig-
nated decryptor in the decryption phase. Moreover, NDD-
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
765
Fig. 3. The designed block structure.
FE supports secure multiple rounds of encryption, where
the participants can automatically update the encrypted
random number rcrt i by introducing the incremental param-
eter crt, thereby updating the ciphertexts ci .
For performance, our scheme removes the interactions
between the generator and the encryptors since the generation
of the function key does not require the information sent by
the encryptor. In the FL framework, training a good model
usually takes multiple rounds of updates, that is, the FE
scheme will be executed multiple times. Therefore, the per-
formance advantage will become more meaningful as the
number of times the FE scheme increases.
4.2 Designed Blockchain
To achieve fair payment and exploit the computation power
of miners, we design an elaborate blockchain by modifying
the traditional blockchain from two following aspects.
Block Header. Different from the traditional blockchain,
we define a new block header structure, as shown in Fig. 3.
In addition to the general attributes such as the block ver-
sion, the hash value of the previous block, the difficulty
value, and so on, we introduce two new attributes to the
block header in our blockchain: (1) digital signature of task
information and participating miners information, (2) digi-
The two new attributes bind the task information to the
block and establish a relationship between the task and the
training model.
New Block Generation. In the typical blockchains (i.g., Bit-
coin), new blocks are generated by solving hard computa-
tion problems, thereby resulting in the energy-wasting
issue. Thus, to address this drawback, our mechanism asks
miners to perform meaningful FL tasks and presents a
global model.
To generate a new block, our mechanism needs to com-
plete two following phases. In the first phase, the task pub-
lisher publishes information about the task and
participating miners, the task publisher will sign this infor-
mation as a payment token. Then, all participants execute
their works based on their roles, respectively. After com-
pleting the model training task, a special miner builds a
 766
Fig. 4. Framework of ESB-FL.
new block based on the above-defined structure and sends
it to other miners for verification. If the trained model satis-
fies the requirements of the task, then the new block can
pass validation and is added to the blockchain networks.
Note that all new blocks contain the timestamp attribute,
which can effectively avoid the case of blockchain forks in
multi-task parallel processing.
5 DESIGN OF ESB-FL
5.1 System Overview
We outline the architecture of our efficient and secure block-
chain-based FL framework (ESB-FL), as shown in Fig. 4. The
proposed framework consists of three roles, i.e., task pub-
lisher, miners, and aggregation node.

Task Publishers (TP ). They may be enterprises,
research institutes, or healthcare research units that
try to obtain a disease detection model for a medical
disease. However, since the lack of real medical
data, they have to outsource their tasks and pay for
model training and data services.

Miners (M). They are the service providers (e.g., hos-
pitals), who hold various types of medical datasets
and have the different computing power to train
models, respectively. To earn monetary rewards, the
miners collaborate on training a global model
according to the published tasks, verify the final
model and the newly generated block.

Aggregation node (A). It is a special type of miner,
which is responsible for aggregating the local gra-
dients submitted by all other participating miners
and returning the aggregated gradient to them for
the next iteration. And beyond that, it is also
responsible for sending the final qualified model
to the task publisher to gain permission to publish
a new block.
The high-level workflow in our ESB-FL framework is as
follows. First, by leveraging blockchain, TP publishes a
medical training task which includes the relevant parame-
ters such as task requirements, rewards, etc. Second, once
receiving new tasks, miners M who meet the requirement
of the same task respond by sending their personal
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
information such as the public key, computing power and
so on. After identifying the participants, TP needs to gener-
ate the keys and encryption parameters of FE for the partici-
pating miners, while generating the decryption keys with
the special function for the aggregation node A. Then, the
participating miners will individually train the model based
on their local data. Third, when the training is temporarily
over, the miners need to encrypt the compressed training
model using the encryption algorithm of FE and send the
encrypted model to A, respectively. Once receiving the
models from different miners, A will aggregate them and
decrypt the aggregation model using the decryption key of
FE. If the accuracy of the decrypted model does not meet
the task requirement, A returns it to the participating miners
for the next iteration, while the participating miners will
start all over again. Note that the process may require
potentially numerous iterations until the accuracy is
enough. Fourth, After the above phase, A will return the
final model to TP for the permission to publish a new block.
Finally, TP will reward the participating miners, while A
will get the block rewards.
Design Goals and Assumptions.Our design goals are to
enforce the following security and performance guarantees.

Confidentiality. The confidentiality of medical data
stored by each miner is the first and most important
security requirement. Our framework should ensure
that any unauthorized adversary cannot learn the
privacy information of training data. That is, the
adversary cannot reconstruct private medical data
samples from local models acquired during task
processing.

Efficiency. Efficiency is the key property in practical
application. Our ESB-FL framework should ensure
that the task can be processed effectively and be
completed in time. Besides, we aim to provide
another practical notion: parallelism, indicating that
multiple FL tasks can be executed simultaneously.

Fair Payment. Fair payment is a key financial property
of the incentive mechanism. It guarantees the interests
of each TP and M and promotes the long-term devel-
opment of ESB-FL. More specifically, TP can obtain
the correct model that meets his requirements as long
 CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 767

as he pays for his request, while the miners can earn

the corresponding rewards as long as they do correct
computations.
Availability Assumptions. To guarantee the functionality
and security of our framework, the following reasonable
assumptions should be ensured.

Assumption 1. The networks of each participant in the

framework should be stable enough to work. For
example, the miners should be able to receive several
task updates and perform task selection and process-
ing immediately.
Fig. 5. Task publishing process.

Assumption 2. Both TP and A will not collude
with each other. That is, the TP has stayed out of
the model training process. Fortunately, it can be 5.2.2 Model Training
easily guaranteed by delegating an agent to pub-
lish tasks. This module roughly consists of three steps: (1) local train-
ing, (2) gradient compression, (3) gradient encryption, as
shown in the right half of Fig. 4.
5.2 ESB-FL Framework After obtaining the published global model Wt at
By combining the above NDD-FE scheme and our designed t-round, each miner Mj ; j ¼ 1; . . .; h begins to train the local
blockchain, we proposed an efficient and secure blockchain- model based on the local data Dj and the loss function
based FL framework, i.e., ESB-FL. It consists of five main floss ðWt Þ, and then obtain the updated model Wtj . The
modules: task publishing, model training, model aggrega- details of the training model are not the focus of this work.
tion, block publishing, and task reward releasing.
Algorithm 1. DGC Algorithm
5.2.1 Task Publishing Input: dataset D, minibatch size b per node, the number of
In this module, TP with public/secret key pair ðpkTP ; skTP Þ nodes N, init parameters w ¼ fwi ½0; wi ½1; . . .; wi ½ng
j
Output: Wtþ1
first issues a service request by publishing a medical train-
1: G0 0
ing task Ti to the blockchain, where Ti contains the task
2: for t ¼ 1; . . . do
publisher identity pkTP , the task status S, dataset require-
3: Gt Gt1
ments D, initialization model link L, the expected model 4: for i ¼ 1 to b do
accuracy acc, the expected processing time Texp and task 5: Sample data d from Dj
rewards R, where S is set to publishing. Note that multiple 6: Gt Gt þ Nb 1
rfðd; wÞ
task publishers can publish their tasks Ti¼1;2;... at the same 7: end for
time. 8: for j ¼ 0 to n do
According to the published tasks, the miners fMj gj¼0;...;h 9: Select threshold: t s% of jGt ½jj
who meet D of T will respond to the request by sending the 10: Tmp jGt ½jj > t
relevant proofs that can prove their ability and their public 11: Get ½j Gt ½j Tmp
keys ðpk0 ; . . .; pkh Þ, respectively. Once receiving enough 12: Gt ½j Gt ½j :Tmp
replies from miners, the task publisher modifies S to 13: end for
processing and broadcasts the list of participating miners. 14: Wtþ1 j
encodeðG et Þ
The task publisher TP performs Proof of State (PoS) algo- 15: end for
rithm [45] to select a special miner as the aggregation node
A 2 fMj gj¼0;...;h , which ensures that the aggregation node is When completing the local model training, Mj parses the
chosen at random. Suppose that M0 is selected as the aggre- model Wtj as Wtj ¼ fwj ½0; wj ½1; . . .; wj ½ng to compresses it.
j
gation node. In our framework, the DGC algorithm Wtþ1 ¼ DGCðWtj ;
Then, the task publisher TP executes the NDD-FE.Key- b; N; n; sÞ (see Algorithm 1) is chosen to improve communi-
Derive(pkTP ; skTP ; fpki gi¼1;2;...;h ; ctr; y, T ) ! sk algorithm to cation efficiency, where n denotes the number of total
generate the function key sk for the aggregation node A, parameters and s denotes the compression rate set by the
where ctr ¼ f1; 2; . . .; g is an incremental counter, y ¼ task publisher. In the process of gradient compression, there
1 exists a threshold t to determine whether the gradient meets
fy1 ; . . .; yh g is a hdimentional weight Ph vector and yi ¼ h .
Suppose that the function key sk ¼ i¼1 ri yi , which means the requirements. That is, only the gradient greater than the
sk
ri ¼ H1 ðpki TP ; crt; T Þ. threshold t can be selected for transmission. Meanwhile, to
j
Finally, the task publisher TP publishes the signature prevent data loss, miners whose gradient Wtþ1 does not
s 1 that contains task information and participating miner reach the threshold need to accumulate the remaining gra-
list as the payment token. Also, he deploys a smart con- dients locally until the gradient becomes large enough. In
tract to specify payment policies that are used to pay addition to improving performance, the DGC algorithm
rewards to miners. Please refer to Algorithm 2 for more transforms high-dimensional data to low-dimensional,
details. We also show the process for the task publishing thereby solving the input format problem of the encryption
phase in Fig. 5. algorithm to be used.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
 768 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

5.2.4 Block Publishing

When completing a training task, the aggregation node A
gets the rewards by publishing a new block in blockchain
networks. First, the aggregation node A computes the hash
mh ¼ hðuÞ of the trained global model u and sends u to an
accessible platform (e.g., cloud server) while keeping the
access link ml, which aims to allow each participant to ver-
ify the validity of u.

Algorithm 2. The Pseudocode of Smart Contract That

Guarantees Task Reward Payment
Input: T ðpkTP ; S; D; L; acc; Texp ; RÞ; model; B;
taskPool; publishBlock
Fig. 6. Block publishing process. 1: if taskPool½T  then
2: requireðmodelÞ
3: if model:accuracy > T:acc then
4: publishBlock½msg:sender true
Finally, to prevent the gradient leakage, each miner Mj
j 5: MultiTransferðT:pkTP ; T:R; B:participantsÞ
encrypts the compressed gradient Wtþ1 using NDD-FE.
j 6: T:S finished
Encrypt(pkTP ; skj ; pk0 ; ctr; Wtþ1 ; T). 7: taskPool½T  false
8: end if
j j
Utþ1 ¼ NDD  FE:EncryptðpkTP ; skj ; pk0 ; ctr; Wtþ1 ; crt; TÞ 9: else
r
j
Wtþ1 10: init T 0
¼ pkTP
j
 pk0 11: T 0 :pkTP TP:ID
12: T 0 :S publishing
sk
where rj ¼ H1 ðpkTPj ; crt; TÞ. Then, each miner Mj sends the 13: T 0 :D COVID19 CT image datasets
encrypted update Utþ1 j
to the aggregation node A as the 14: T 0 :L aa:bb:com
t þ 1th round response. 15: T 0 :acc 97%
16: T 0 :Texp 48 h
5.2.3 Model Aggregation 17: T 0 :R 1 BTC
1 2 18: requireð!taskPool½T 0 Þ
Once receiving all encrypted updates Utþ1 ¼ ðUtþ1 ; Utþ1 ; 19: if getBalanceðT 0 :pkTP Þ R then
. . .; Utþ1 Þ at the t þ 1 round, the aggregation node A with
h
20: taskPool½T 0  true
the function key sk performs the decryption algorithm of 21: else
NDD-FE scheme to obtain the aggregation model utþ1 . The 22: init faild
aggregation node A first performs 23: end if
24: end if
Etþ1 ¼ NDD  FE:DecryptðpkTP ; sk ; sk0 ; Utþ1 ; yÞ
Qh j yj Qh rj
j
Wtþ1 y
j¼1 ðUtþ1 Þ j¼1 ððpkTP Þ pk0 Þj Then, using the secret key sk0 , A generates a signature
¼ ¼ P
ðpkTP Þsk
h
r y s 2 about the model information, including the model hash
ðpkTP Þ j¼1 j j
Ph Ph j
mh, the access link ml, and the model accuracy ma. By
r y W y
ðpkTP Þ j¼1 j j ðpk0 Þ j¼1 tþ1 j leveraging two signatures ðs 1 ; s 2 Þ, A builds a new block
¼ Ph and broadcasts it to the participating miners. Receiving
r y
ðpkTP Þ j¼1 j j the new block B, each miner Mi verifies the correctness of
< W;y >
¼ pk0 the new block. If A publishes an error block, which means
that the block may contain an error participant list or the
1 accuracy does not meet the requirement, the new block
where W ¼ fWtþ1 ; . . .; Wtþ1
h
g. Then, A executes the baby-step
giant-step algorithm to obtain < W; y > as the updated will not be passed. After all participants have validated
global model utþ1 . that the new block is correct, the block will be added to
Finally, the aggregation node A needs to verify whether the blockchain networks in series. Obviously, if the
the accuracy of the model utþ1 meets the requirement of the trained model is valid, the block can be generated cor-
task. If the accuracy of utþ1 reaches the value defined by the rectly, and the aggregation node A then obtains the
task publisher, A modifies the status of the current task and rewards. Otherwise, A cannot get any rewards. Note that
returns the model to the task publisher to move into the multiple tasks may be completed simultaneously, the
next phase. Otherwise, the aggregation node A distributes aggregation node A needs to collect all running tasks
the model update utþ1 to each miner Mi for the next itera- locally and records the task status. Then A builds the
tion. Therefore, the model training and model aggregation block in order of task end time (timestamp) to prevent
phases may be repeated several times until the accuracy of forks. We also show the process for the block publishing
the model reaches the requirements. phase in Fig. 6.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
 CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT
5.2.5 Task Reward Releasing
When a new block is added to the blockchain network suc-
cessfully, the participants contained by the new block will
get rewards automatically by executing the smart contract
deployed by the task publisher TP at the task publishing
phase.
Each participant Mj can trigger the smart contract by
sending the task information T , the new block B published
by A, and the trained model u, the pseudocode is shown in
Algorithm 2. Based on the status of the training task
taskPool½T , the smart contract determines whether to set
the rewards or issue the rewards. If taskPool½T  is true, then
the contract will create the transactions for each miner Mj
(Line 5) when the model:accuracy meets T:acc. If taskPool½T 
is false, it indicates that the task T has been resolved. After
that, the smart contract will invite TP to initialize a new
request T 0 . It is straightforward to see that each participant
can get rewards as long as the accuracy of the trained model
is valid and qualified.
6 SECURITY ANALYSIS
In this section, we theoretically analyze that the ESB-FL
achieves the following design goals: confidentiality, effi-
ciency, and fair payment.
6.1 Confidentiality
The confidentiality guarantees the privacy of miners’ local
data and prevents attackers from reconstructing the private
medical data from data acquired task processing. The confi-
dentiality of the ESB-FL relies on the security of the NDD-
FE scheme used to encrypt local gradients.
Theorem 1. If the underlying NDD-FE scheme is secure, then
the confidentiality of local training models sent to the aggrega-
tion node is guaranteed.
Proof: In the model training phase, each miner Mj
j valid model as long as he pays for his request, (2) each
encrypts the gradient Wtþ1 by using the encryption algo-
rithm of the NDD-FE scheme before sending to the aggrega-
tion node A. Based on the description of NDD-FE, the
j
j j r Wtþ1
ciphertext of each gradient Wtþ1 is Utþ1 ¼ pkTP
j
 pk0
sk
where rj ¼ H1 ðpkTPj ; crt; TÞ. For any adversary, rj is random
sk
and unknown since pkTPj is difficult to be calculated and
skj j
ðpkTP ; pkj ; pkTP Þ forms a CDH hard problem. Thus, Utþ1 can
be regarded as a standard ElGamal ciphertext so that any
j
adversary cannot recover the information about Wtþ1 . Note
j
Wtþ1
that for the task publisher, although he can obtain pk0 by
using his secret key skTP , no information about isj
Wtþ1
leaked since sk0 is unknown for him.
In the model aggregation phase, the aggregation node A
can obtain all encrypted gradients Utþ1 ¼ ðUtþ1 1 2
; Utþ1 ; . . .;
Utþ1 Þ from h miners and holds the function key sk ¼
h the aggregation node and the miner node. The aggregation
Ph
j¼1 rj yj . Based on the correctness and functionality of the
P j
FE scheme, the aggregation node A only obtain hj¼1 yj Wtþ1
by decrypting the ciphertext Uj using the corresponding
secret key sk . However, since yi ¼ h1 , the probability of the
j
aggregation node A guessing the specific gradient Wtþ1 cor-
rectly is negligible.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
769
To sum up, the security of the NDD-FE scheme guaran-
tees that any adversary cannot obtain any information about
the local gradients of each miner, and thus the confidential-
ity of our framework is achieved.
6.2 Efficiency
The efficiency of the FL framework is the key factor for its
wide application, and thus we have several ways to opti-
mize the efficiency of our ESB-FL. On the one hand, ESB-FL
avoids using computation-intensive tools such as secure
MPC and HE, and uses a relatively lightweight function
encryption scheme to protect data privacy. Compared with
existing MPC-based or HE-based FL frameworks, ESB-FL is
considerably more efficient in terms of computation and
communication costs. For example, the size of the ciphertext
in our framework is only Utþ1 j
2 G, about 512 bits (ECDSA
parameters). Apart from interaction for model training,
each participant does not need to interact with others for
achieving privacy protection, thereby reducing the commu-
nication costs. In addition, our framework adopts the DGC
algorithm to further reduce communication costs. The gra-
dients will be transmitted if and only if they become large
enough, which can significantly reduce the number of
rounds of interaction.
On the other hand, ESB-FL supports parallel publishing
and processing of multiple FL tasks. Multiple tasks are
effectively arranged for each miner Mi to work on, and the
statuses of them will be broadcast in time. Finally, the
aggregation node A will be rewarded by publishing new
blocks, where multiple tasks are organized by the deadline
of tasks.
6.3 Fair Payment
Fair payment is achieved by combining our designed
blockchain and smart contracts. It mainly shows in the
following two aspects: (1) the task publisher can obtain a
participant can get rewards as long as he participates in
model training.
For the task publisher, at the task publishing phase, he
,
first needs to publish the payment token and deploy a pay
smart contract to complete the task release. Note that when
deploying the smart contract, he must make sure that the
corresponding account has a sufficient balance. When the
trained model is published, the smart contract will judge
whether the accuracy of the model meets the task require-
ments. If yes, the smart contract will create a reward trans-
action from the task publisher to the task participants.
Otherwise, the new block cannot be generated and the
smart contract is not triggered, and thus all participants can-
not get any rewards.
For the participating miners, there are two types of roles:
node is rewarded by publishing a new block, while all min-
ers are rewarded by smart contracts. If the trained model is
correct and has been determined to meet the requirements,
a new block is generated and the smart contract has trig-
gered automatically, thereby completing reward payment.
Note that the payment process cannot be stopped even for
the creator of smart contracts.
 770 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

Fig. 7. Blockchain network topology.

Fig. 8. The chest X-ray image dataset used in our proposed framework.
Due to the characteristics of blockchain and smart con- (a) and (d), (b) and (e), (c) and (f) are normal images, virus images and
tracts, such as immutability and automatic execution, the bacteria images, respectively.
interests of both the task publisher and miners are guaranteed
without a trusted party. Therefore, our framework achieves
fair payment and sustains the activity levels of users. TABLE 1
Time Costs of Blockchain Operations

7 EXPERIMENTS Blockchain operation Ours PEFL

We conduct experiments in this section to check the perfor- Task publishing < 1h < 1h
mance of our proposed ESB-FL. We first introduce our Model Training (80,000 images) 4.3 h 7.4h
Model Aggregation (10 nodes) 6.44 min 8.03min
experimental settings, and then give the experimental
Block Publishing < 1h < 1h
results. Meanwhile, we compare our FL scheme with exist- Task Reward < 1 min < 1 min
ing representative work.

7.1 Experimental Settings

7.1.1 Configuration
We implement our ESB-FL by Python on a Linux server
with Intel Xeon CPU E5-1650 v4 @ 3.60 GHz, 64 Gb RAM,
GTX 1080 Ti. We adopt an open-source project1 to provide
the blockchain service. Our blockchain network topology is
shown in Fig. 7, in our experiments, the number of regis-
tered miners is set to 100 and our medical image dataset is
divided equally among these 100 miners. The DGC algo-
rithm is implemented based on [22], the compression
threshold of the DGC algorithm is set to 90%. The NDD-FE
scheme is implemented based on FE.2
7.1.2 Model
We refer to some convolutional neural network models to
classify medical images. First, we use denseblock [46] net-
work structure to extract features from medical images, the
network contains 4 convolutional layers, the numbers of
channels in each convolutional layer are 1; 16 16; 32
16; 48 16, and the size of the convolution kernel is 3 3.
Then, we use SSD 3 network to locate and classify extracted
features, which contains five localization and classification
layers. The learning rate and batch size of the training
model are set to 104 and 2, respectively. Meanwhile, we set
the number of iterations to be large enough (such as 1000) to
keep the miners training so that the aggregation model
meets the required accuracy.
1. https://github.com/guanchao/mini_blockchain
2. https://github.com/OpenMined/PyFE
3. https://github.com/AIZOOTech/FaceMaskDetection
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
7.1.3 Dataset
In our framework, we use the chest X-ray image (pneumo-
nia) dataset ,4 partial samples are shown in Fig. 8. We use
training samples as the basis of the generator and randomly
generate 80,000 images for model training. We greyscale
each image and set its size to 200 200. We test our trained
model with 1,000 test images from this dataset, where nor-
mal, virus, and bacteria images are considered.
7.1.4 Comparatives
We compare the performance of our FL scheme with several
representative approaches, including PEFL [9], Lu’s [47]
and Kumar’s [20]. We use the same dataset to train their FL
frameworks and analyze their experimental results.
7.2 Results
7.2.1 Blockchain Operations
Blockchain technology is applied to ensure security and
solve the payment problem, its performance has a signifi-
cant impact on the practicality of our ESB-FL framework.
We first test the time costs of main blockchain operations
in each phase, the results are the average values of running
100 times over 80,000 images. As shown in Table 1, in the
phases such as task publishing, blockchain publishing,
and task reward, our framework and the FL scheme based
on homomorphic encryption (PEFL) take approximately
4. https://www.kaggle.com/paultimothymooney/chest-xray-
pneumonia
 CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT
Fig. 9. Training time with different epoches.
the same length of time. However, in terms of model train-
ing and aggregation, our framework saves more time cost
compared with PEFL. For example, the model training in
our framework only takes 4.3 hours, while it takes about
7.4 hours in PEFL. In addition, since the task selection and
new block publishing do not involve any encryption oper-
ations, the time costs of these stages are not affected in
either case.
7.2.2 FL Training
We compare the efficiency of our framework based on
NDD-FE with the PEFL scheme. The baseline scheme is an
FL framework that does not use encryption algorithms.
Fig. 9 shows the training time accumulated as the epoch
increased in FL. We can find that the time cost of our frame-
work is higher than the baseline, which can be regarded as
a tradeoff to improve security. However, the performance
of our framework is higher than that of the PEFL frame-
work. This is because the aggregation node in the PEFL
framework needs to interact with the task publisher to
decrypt the aggregation model frequently. While the aggre-
gation node in our framework can directly decrypt the
aggregation model while maintaining the privacy of the
model.
Besides, we also test the security costs of our framework
and the PEFL framework, the results are shown in Table 2.
Clearly, the NDD-FE scheme proposed in this paper is more
efficient than the FE scheme adopted by PEFL in terms of
performance. For example, the encryption algorithm of the
NDD-FE scheme only takes 23.33 seconds, while that of the
HE scheme takes about 45.28 seconds.
7.2.3 FL Testing
The normal, virus and bacteria images are considered to be
tested in the experiment. Using deep learning models to
TABLE 2
Time Costs of Encryption Scheme
Operations (for a gradient) Ours (NDD-FE)
Encryption 23.33 s
Decryption 37.44 s
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
771
Fig. 10. Test results of our FL model. (a) and (d), (b) and (e), (c) and (f)
are the test results of normal images, virus images and batceria images
respectively.
detect lung medical images is helpful for rapid localization
and accurate identification of lung lesions in patients with
pneumonia, which greatly reduces the burden of doctors
and is of great significance for clinical treatment.
Fig. 10 shows the test results of our model after training
on the complete data set. Columns 1, 2, and 3 are normal
images, virus images, and bacteria images, respectively. We
can observe that the test results for each set of images are
very accurate.
Fig. 11 further shows the results of our FL model on 1,000
test datasets. We can discover that the test accuracy of nor-
mal images, virus images and bacteria images are 93.3%,
90%, and 96.1% respectively, which further verified the
effectiveness of our FL scheme.
7.3 Comparative Fusion Performance
7.3.1 Privacy-Preserving Cost
We test the cumulative model accuracy of our framework
and other advanced FL frameworks [45], [46], [47], as shown
in Fig. 12. Compared with the unencrypted FL scheme, our
framework will lose 1-2% accuracy due to the introduction
of the DGC algorithm and NDD-FE, while the PEFL
PEFL (HE)
45.28 s
47.51 s
Fig. 11. Confusion matrix of test dataset.
 772
Fig. 12. Model accuracy with different epoches.
framework will lose 5-6% accuracy due to the polynomial
activation function and the encryption algorithm error.
Other FL frameworks use non-cryptographic DP technology
to protect data privacy, their model accuracies are affected
by the introduced DP noise. Therefore, while under the
same security condition, the accuracy of our framework will
be higher than that of the HE-based framework. Further-
more, our framework still performs better than some
advanced FL frameworks based on DP technology.
7.3.2 Communication and Computation Consumption
We compare the communication and computation costs of
our scheme with PEFL, Lu’s and Kumar’s. The baseline
scheme is our FL framework without the DGC algorithm.
Fig. 13 shows the communication and computation con-
sumption of our framework and some other advanced FL
frameworks. As can be seen from the figure, the perfor-
mance of baseline is worse than PEFL and Lu’s scheme,
requiring longer communication and computation time.
After adopting the DGC compression algorithm, our
framework becomes the most efficient method, which fur-
ther confirms that our framework can control communica-
tion and computing costs well, and can be applied in
practical applications to improve model accuracy and
computing efficiency.
Fig. 13. Running time of different FL schemes.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
Through the above evaluation, we can observe that our
scheme not only improves communication efficiency, but
also ensures the secure aggregation of gradient data, which
well solves the privacy leakage and communication prob-
lems that may be encountered in FL. Parallel local training
in FL can greatly improve the efficiency of centralized train-
ing and ensure stable model accuracy. With the increase of
epoch, the time of encryption and update transmission in
the model training process also accumulates, but it increases
the quality of the detection model.
8 CONCLUSION
Leveraging FL into smart healthcare offers new ways to
improve the quality of medical services. FL can train a high-
precision detection model while keeping all the training
data on local devices. This paper presents an efficient and
secure blockchain-based FL framework called ESB-FL. ESB-
FL effectively solves the privacy, communication, and pay-
ment problems of the existing FL frameworks. The compu-
tation and communication costs are reduced by adopting
the NDD-FE scheme and DGC algorithm. The blockchain
technology in our framework is used to address the fair
payment problem between FL task publishers and miners.
The security analysis and extensive experiments of ESB-FL
are conducted in this paper. The results show that ESB-FL
achieves enhanced security and efficient communication in
implementing FL for multiple hospital nodes without the
involvement of a third party.
REFERENCES
[1] D. Sui, Y. Chen, J. Zhao, Y. Jia, Y. Xie, and W. Sun, “Feded: Feder-
ated learning via ensemble distillation for medical relation extrac-
tion,” in Proc. Conf. Empirical Methods Natural Lang. Process., 2020,
pp. 2118–2128.
[2] Y.-H. Wu et al., “JCS: An explainable COVID-19 diagnosis system
by joint classification and segmentation,” IEEE Trans. Image Pro-
cess., vol. 30, pp. 3113–3126, 2021.
[3] J. Geiping, H. Bauermeister, H. Dr€ oge, and M. Moeller, “Inverting
gradients-how easy is it to break privacy in federated learning?,”
in Proc. Adv. Neural Inf. Process. Syst., pp. 16 937–16 947, 2020.
[4] L. Zhu, Z. Liu, and S. Han, “Deep leakage from gradients,” in
Proc. Adv. Neural Inf. Process. Syst., vol. 32, 2019, pp. 17–31.
[5] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership
inference attacks against machine learning models,” in Proc. IEEE
Symp. Secur. Privacy, 2017, pp. 3–18.
[6] H. Chen et al., “Practical membership inference attack against col-
laborative inference in industrial IoT,” IEEE Trans. Ind. Informat.,
vol. 18, no. 1, pp. 477–487, Jan. 2022.
[7] M. Zhang, Y. Zhang, and G. Shen, “PPDDS: A privacy-preserving
disease diagnosis scheme based on the secure mahalanobis
distance evaluation model,” IEEE Syst. J., pp. 1–11, 2021,
doi: 10.1109/JSYST.2021.3093415.
[8] M. Gong, Y. Xie, K. Pan, K. Feng, and A. K. Qin, “A survey on dif-
ferentially private machine learning,” IEEE Comput. Intell. Mag.,
vol. 15, no. 2, pp. 49–64, May 2020.
[9] M. Hao, H. Li, X. Luo, G. Xu, H. Yang, and S. Liu, “Efficient and
privacy-enhanced federated learning for industrial artificial
intelligence,” IEEE Trans. Ind. Informat., vol. 16, no. 10, pp. 6532–6542,
Oct. 2020.
[10] J. So, B. Guler, and S. Avestimehr, “A scalable approach for pri-
vacy-preserving collaborative machine learning,” in Proc. Adv.
Neural Inf. Process. Syst., 2020, pp. 8054–8066.
[11] K. Bonawitz et al., “Practical secure aggregation for privacy-pre-
serving machine learning,” in Proc. ACM SIGSAC Conf. Comput.
Commun. Secur., 2017, pp. 1175–1191.
[12] Y. Chen, X. Qin, J. Wang, C. Yu, and W. Gao, “FedHealth: A feder-
ated transfer learning framework for wearable healthcare,” IEEE
Intell. Syst., vol. 35, no. 4, pp. 83–93, Jul./Aug. 2020.
 CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT
[13] V. Mugunthan, A. Polychroniadou, D. Byrd, and T. H. Balch,
“Smpai: Secure multi-party computation for federated learning,”
in Proc. NeurIPS Workshop Robust AI Financial Serv., 2019, pp. 1–9.
[14] V. Goyal, A. Jain, Z. Jin, and G. Malavolta, “Statistical zaps and
new oblivious transfer protocols,” in Proc. Int. Conf. Theory Appl.
Cryptographic Techn., 2020, pp. 668–699.
[15] T. Song, Y. Tong, and S. Wei, “Profit allocation for federated
learning,” in Proc. IEEE Int. Conf. Big Data, 2019, pp. 2577–2586.
[16] Y. Liu, Z. Ai, S. Sun, S. Zhang, Z. Liu, and H. Yu, “Fedcoin:
A peer-to-peer payment system for federated learning,” in Proc.
Federated Learn., 2020, pp. 125–138.
[17] Y. Zhan, J. Zhang, Z. Hong, L. Wu, P. Li, and S. Guo, “A survey of
incentive mechanism design for federated learning,” IEEE Trans.
Emerg. Topics Comput., to be published, doi: 10.1109/TETC.2021.
3063517.
[18] X. Bao, C. Su, Y. Xiong, W. Huang, and Y. Hu, “FLChain: A block-
chain for auditable federated learning with trust and incentive,”
in Proc. Int. Conf. Big Data Comput. Commun., 2019, pp. 151–159.
[19] H. Kim, J. Park, M. Bennis, and S.-L. Kim, “Blockchained on-
device federated learning,” IEEE Commun. Lett., vol. 24, no. 6,
pp. 1279–1283, Jun. 2019.
[20] R. Kumar et al., “Blockchain-federated-learning and deep learning
models for COVID-19 detection using ct imaging,” IEEE Sensors J.,
vol. 21, no. 14, pp. 16 301–16 314, Jul. 2021.
[21] Y. Qu et al., “Decentralized privacy using blockchain-enabled fed-
erated learning in fog computing,” IEEE Internet Things J., vol. 7,
no. 6, pp. 5171–5183, Jun. 2020.
[22] Y. Lin, S. Han, H. Mao, Y. Wang, and W. J. Dally, “Deep gradient
compression: Reducing the communication bandwidth for distrib-
uted training,” 2017, arXiv:1712.01887.
[23] L. Zelei et al., “Contribution-aware federated learning for smart
healthcare,” in Proc. 34th Annu. Conf. Innov. Appl. Artif. Intell.,
2022.
[24] K. Wei et al., “Federated learning with differential privacy: Algo-
rithms and performance analysis,” IEEE Trans. Inf. Forensics Secur.,
vol. 15, pp. 3454–3469, 2020.
[25] H. Zheng, H. Hu, and Z. Han, “Preserving user privacy for
machine learning: Local differential privacy or federated machine
learning?,” IEEE Intell. Syst., vol. 35, no. 4, pp. 5–14, Jul./Aug.
2020.
[26] M. Kim, O. G€ unl€u, and R. F. Schaefer, “Federated learning with
local differential privacy: Trade-offs between privacy, utility, and
communication,” in Proc. IEEE Int. Conf. Acoust. Speech Signal Pro-
cess., 2021, pp. 2650–2654.
[27] Y. Li, H. Li, G. Xu, T. Xiang, and R. Lu, “Practical privacy-preserv-
ing federated learning in vehicular fog computing,” IEEE Trans.
Veh. Technol., vol. 71, no. 5, pp. 4692–4705, 2022.
[28] I. Damgaard, D. Escudero, T. Frederiksen, M. Keller, P. Scholl, and
N. Volgushev, “New primitives for actively-secure MPC over
rings with applications to private machine learning,” in Proc.
IEEE Symp. Secur. Privacy, 2019, pp. 1102–1120.
[29] J. Zhang, B. Chen, S. Yu, and H. Deng, “PEFL: A privacy-
enhanced federated learning scheme for Big Data analytics,” in
Proc. IEEE Glob. Commun. Conf., 2019, pp. 1–6.
[30] C. Zhang, S. Li, J. Xia, W. Wang, F. Yan, and Y. Liu, “fBatchCrypt
g: Efficient homomorphic encryption for {Cross-Silo} federated
learning,” in Proc. USENIX Annu. Tech. Conf., 2020, pp. 493–506.
[31] H. Chaudhari, R. Rachuri, and A. Suresh, “Trident: Efficient 4pc
framework for privacy preserving machine learning,” 2019, arXiv:
1912.02631.
[32] S. D. Gordon, S. Ranellucci, and X. Wang, “Secure computation
with low communication from cross-checking,” in Proc. Int. Conf.
Theory Appl. Cryptol. Inf. Secur., 2018, pp. 59–85.
[33] M. S. Riazi, K. Laine, B. Pelton, and W. Dai, “HEAX: An architec-
ture for computing on encrypted data,” in Proc. Int. Conf. Architec-
tural Support Program. Lang. Operating Syst., 2020, pp. 1295–1309.
[34] R. Xu, J. B. Joshi, and C. Li, “CryptoNN: Training neural networks
over encrypted data,” in Proc. Int. Conf. Distrib. Comput. Syst.,
2019, pp. 1199–1209.
[35] T.-I. Szatmari, M. K. Petersen, M. J. Korzepa, and T. Giannetsos,
“Modelling audiological preferences using federated learning,”
in Proc. ACM Conf. User Model. Adapt. Personalization, 2020,
pp. 187–190.
[36] S. Guo et al., “Robust and privacy-preserving collaborative learn-
ing: A comprehensive survey,” 2021. [Online]. Available: https://
arxiv.org/abs/2112.10183
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
773
[37] Y. Lu, X. Huang, K. Zhang, S. Maharjan, and Y. Zhang,
“Blockchain empowered asynchronous federated learning for
secure data sharing in internet of vehicles,” IEEE Trans. Veh. Tech-
nol., vol. 69, no. 4, pp. 4298–4311, Apr. 2020.
[38] Y. Wan, Y. Qu, L. Gao, and Y. Xiang, “Privacy-preserving block-
chain-enabled federated learning for B5G-driven edge computing,”
Comput. Netw., , 204, p. 108671, 2022.
[39] J. Kang, Z. Xiong, D. Niyato, S. Xie, and J. Zhang, “Incentive
mechanism for reliable federated learning: A joint optimization
approach to combining reputation and contract theory,” IEEE
Internet Things J., vol. 6, no. 6, pp. 10700–10714, Dec. 2019.
[40] P. Ramanan and K. Nakayama, “Baffle: Blockchain based aggre-
gator free federated learning,” in Proc. IEEE Int. Conf. Blockchain,
2020, pp. 72–81.
[41] J. Zhang, Y. Wu, and R. Pan, “Incentive mechanism for horizontal
federated learning based on reputation and reverse auction,” in
Proc. Web Conf., 2021, pp. 947–956.
[42] L. Gao, L. Li, Y. Chen, W. Zheng, C. Xu, and M. Xu, “FIFL: A fair
incentive mechanism for federated learning,” in Proc. Int. Conf.
Parallel Process., 2021, pp. 1–10.
[43] A. Abdaoui, A. Erbad, A. Al-Ali, A. Mohamed, and M. Guizani,
“Fuzzy elliptic curve cryptography for authentication in Internet
of Things,” IEEE Internet Things J., to be published, doi: 10.1109/
JIOT.2021.3121350.
[44] E. Dufour-Sans, R. Gay, and D. Pointcheval, “Reading in the
dark: Classifying encrypted digits with functional encryption,”
IACR Cryptol. ePrint Arch., vol. 2018, p. 206, 2018.
[45] A. Kiayias, A. Russell, B. David, and R. Oliynykov, “Ouroboros:
A provably secure proof-of-stake blockchain protocol,” in Proc.
Annu. Int. Cryptol. Conf., 2017, pp. 357–388.
[46] H. Li and X.-J. Wu, “DenseFuse: A fusion approach to infrared
and visible images,” IEEE Trans. Image Process., vol. 28, no. 5,
pp. 2614–2623, May 2019.
[47] Y. Lu, X. Huang, Y. Dai, S. Maharjan, and Y. Zhang, “Blockchain and
federated learning for privacy-preserved data sharing in industrial
IoT,” IEEE Trans. Ind. Informat., vol. 16, no. 6, pp. 4177–4186,
Jun. 2020.
Biwen Chen received the PhD degree from the
School of Computer, Wuhan University, in 2020.
He is currently an assistant professor with the
School of Computer, Chongqing University. His
main research interests include cryptography,
information security, and blockchain.
Honghong Zeng received the BE degree from
the School of Information Engineering, Nanchang
University, China, where she is currently working
toward the master’s degree with the College of
Computer Science, Chongqing University. Her
research interests include blockchain and secure
medical image processing.
Tao Xiang (Senior Member, IEEE) received the
BEng, MS, and PhD degrees in computer science
from Chongqing University, China, in 2003, 2005,
and 2008, respectively. He is currently a profes-
sor with the College of Computer Science,
Chongqing University, China. His research inter-
ests include multimedia security, cloud security,
data privacy and cryptography. He has pub-
lished more than 100 papers on international
journals and conferences. He also served as a
referee for numerous international journals and
conferences.
 774
Shangwei Guo received the PhD degree in com-
puter science from Chongqing University, Chon-
gqing, China, 2017. He is currently an associate
professor with the College of Computer Science,
Chongqing University. He worked as a postdoctoral
research fellow with the Hong Kong Baptist Univer-
sity and Nanyang Technological University from
2018 to 2020. His research interests include
secure deep learning, secure cloud/edge comput-
ing, and database security.
Tianwei Zhang (Member, IEEE) received the
bachelor’s degree from Peking University, in 2011,
and the PhD degree from Princeton University, in
2017. He is currently an assistant professor with
the School of Computer Science and Engineering,
Nanyang Technological University. His research
focuses on computer system security. He is partic-
ularly interested in security threats and defenses in
machine learning systems, autonomous systems,
computer architecture, and distributed systems.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
Yang Liu (Senior Member, IEEE) received the
BComp (Hons.) degree from the National Univer-
sity of Singapore (NUS), in 2005, and the PhD
degree from National University of Singapore
(NUS) and MIT, in 2010. He started his postdoc-
toral work in NUS and MIT, in 2012, he joined
Nanyang Technological University (NTU). He is
currently a full professor and the director of the
Cybersecurity Laboratory, NTU. He specializes in
software verification, security, and software engi-
neering. His research has bridged the gap between
the theory and practical usage of formal methods and program analysis to
evaluate the design and implementation of software for high assurance
and security. By now, he has more than 270 publications in top tier confer-
ences and journals. He received a number of prestigious awards, including
the MSRA Fellowship, the TRF Fellowship, the Nanyang Assistant Profes-
sor, the Tan Chin Tuan Fellowship, the Nanyang Research Award, and eight
best paper awards in top conferences, such as ASE, FSE, and ICSE.
" For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/csdl.