22 TBD
22 TBD
Abstract—Federated learning (FL) is a technique that enables multiple parties to collaboratively train a model without sharing raw
private data, and it is ideal for smart healthcare. However, it raises new privacy concerns due to the risk of privacy-sensitive medical
data leakage. It is not until recently that the privacy-preserving FL (PPFL) has been introduced as a solution to ensure the privacy of
training processes. Unfortunately, most existing PPFL schemes are highly dependent on complex cryptographic mechanisms or fail to
guarantee the accuracy of training models. Besides, there has been little research on the fairness of the payment procedure in the
PPFL with incentive mechanisms. To address the above concerns, we first construct an efficient non-interactive designated decryptor
function encryption (NDD-FE) scheme to protect the privacy of training data while maintaining high communication performance. We
then propose a blockchain-based PPFL framework with fair payment for medical image detection, namely ESB-FL, by combining the
NDD-FE and an elaborately designed blockchain. ESB-FL not only inherits the characteristics of the NDD-FE scheme, but it also
ensures the interests of each participant. We finally conduct extensive security analysis and experiments to show that our new
framework has enhanced security, good accuracy, and high efficiency.
Index Terms—Blockchain, fair payment, federated learning, function encryption, privacy protection
1 INTRODUCTION benefits from two main drivers: (1) applying machine learn-
ing technologies to distributed data scenarios, (2) providing
EDERATED learning is an emerging and advancing tech-
F nology that allows users to train a centralized model on
separate datasets stored by different entities. It is increas-
data privacy protection during the data application process.
Although the FL brings great benefits to daily life, it also
raises new privacy concerns in practical applications.
ingly prevalent in business and society, and its applications
Recent researches have shown that FL may not always offer
in healthcare drive reforms in the fields such as medical
enough privacy protection for local training datasets [3].
diagnosis and treatment [1], disease risk factor prediction.
This is mainly because some malicious adversaries may
For example, FL allows medical institutions to train global
extract sensitive information about training datasets from
machine learning models on huge amounts of COVID-19
the model parameters such as weights or gradients [4]. For
case data [2] from different areas to predict infectious cases
example, the membership inference attack [5], [6] could con-
without data sharing. Obviously, the rapid growth of FL
struct a series of shadow models through local gradients to
reconstruct original data samples. Obviously, such potential
Biwen Chen is with the College of Computer Science, Chongqing Univer- privacy leakage risks in FL may be becoming a serious
sity, Chongqing 400044, China, with the State Key Laboratory of Cryptol- obstacle for practical applications, particularly the privacy-
ogy, Beijing 100878, China, and also with the Guangxi Key Laboratory of
Trusted Software, Guilin University of Electronic Technology, Guilin
sensitive scenarios [7] (e.g., healthcare).
541004, China. E-mail: [email protected]. To address the privacy concerns, privacy-preserving FL
Honghong Zeng, Tao Xiang, and Shangwei Guo are with the College of (PPFL) is introduced by applying privacy-preserving mech-
Computer Science, Chongqing University, Chongqing 400044, China. anisms to FL. Currently, the PPFL schemes can be catego-
E-mail: {hhzeng, txiang, swguo}@cqu.edu.cn.
Tianwei Zhang and Yang Liu are with the School of Computer Science and rized into two types according to the privacy-preserving
Engineering, Nanyang Technological University, Singapore 639798. methods: (1) non-crypto-based methods such as differential
E-mail: {tianwei.zhang, yangliu}@ntu.edu.sg. privacy [8], (2) crypto-based methods such as homomorphic
Manuscript received 3 March 2022; revised 18 April 2022; accepted 19 May encryption (HE) [9] or secure multiparty computation
2022. Date of publication 23 May 2022; date of current version 13 November (MPC) [10]. Although non-crypto-based PPFL schemes can
2024.
This work was supported in part by the National Natural Science Foundation provide more efficient performance, their training models
of China under Grants U20A20176, U21A20463, 62102050, and 62102052, may not be as accurate as crypto-based PPFL. This is mainly
in part by China Postdoctoral Science Foundation under Grant BX2021399, because the effect of adding noise on the model parameters
in part by the Guangxi Key Laboratory of Trusted Software under Grant may be unknown. In contrast to non-crypto-based PPFL,
KX202043, in part by the State Key Laboratory of Cryptology under Grant
MMKFKT202118, and in part by the Natural Science Foundation of Chongq- crypto-based PPFL can be used to accurately train general
ing, China, under Grant cstc2021jcyj-msxmX0744. machine learning models while providing an appropriate
(Corresponding author: Tao Xiang.) level of data privacy protection.
Recommended for acceptance by Special Issue On Trustable, Verifiable, and
Auditable Federated Learning.
Although there have been some researches [9], [11], [12],
Digital Object Identifier no. 10.1109/TBDATA.2022.3177170 [13] on crypto-based PPFL, significant computational and
2332-7790 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See ht_tps://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
762 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
communication costs might still be one of the common amount of data communicated between nodes. Then, by
problems. One reason is that constructing schemes for gen- elaborately designing a blockchain structure and using smart
eral machine learning tasks relys on sophisticated technolo- contract technology, fair payment between task publisher
gies, such as homomorphic encryption [9], oblivious and task participants is achieved to ensure that all task par-
transfer [14]. For example, Hao et al. [9] adopted the fully ticipants will get the rewards as long as the task publisher
homomorphic encryption technology to resist multiple-enti- obtains the qualified and correct model.
ties collusion attack, however, it also incurs vast computa- In summary, our main contributions are as follows.
tional and communication overhead. Bonawitz et al. [11]
had used multiple cryptography tools such as secret shar- We propose a new function encryption scheme,
ing, digital signature, authenticated encryption, to maintain namely non-interactive designated decryptor func-
high model accuracy and strong privacy guarantee. How- tion encryption (NDD-FE). NDD-FE avoids multiple
ever, their scheme requires enormous computing power to interactions between the encryptor and the key gen-
train a good model. Obviously, low efficiency may hinder erator and achieves that only the designated decryp-
the wide application of crypto-based PPFL schemes. tor can decrypt the aggregated global model.
In addition, achieving fair exchange between task pub- We design a new block structure of blockchain,
lishers and task participants in the FL framework is also an which binds the task and model information to the
extremely meaningful challenge. To maintain the function block generation. This guarantees each task partici-
of an FL organization, a financial incentive mechanism is pant gets rewards if and only if the trained model
typically needed to motivate task participants to train mod- satisfies the task requirements, thereby guaranteeing
els actively. Thus, it is critical to ensure each FL participant the fairness of the payment process.
is treated fairly. Currently, most FL schemes with fair treat- By integrating the proposed NDD-FE and the
ment mainly focus on addressing the problem of how to designed blockchain into federated learning, we pro-
achieve the fair assessment of FL task participants’ contribu- pose ESB-FL, an efficient and secure blockchain-
tion [15], [16], [17]. That is, they can guarantee the fairness of based federated learning framework. ESB-FL can not
profit allocation. However, how to ensure fairness of both only train a highly accurate model while protecting
parties in the trading process is still an open problem. For the privacy of local training data, but also supports
example, if the task participants are paid in advance by the the fair payment between the task publisher and all
task publisher, they may be motivated to lower costs by participants.
training models lazily or with low accuracy. On the con- We perform a security analysis and effectiveness
trary, if the task publisher gets the training model first, he assessment of the proposed ESB-FL to demonstrate
may not pay rewards for the task participants. Therefore, an its desired security and efficiency.
effective FL framework should ensure that the FL task can The rest of this paper is organized as follows. Section 2
be completed correctly and each participant who partici- describes related work. Section 3 provides a brief introduction
pates in the task can obtain the task rewards timely. to the preliminaries. Section 4 describes the building blocks
To achieve fair payment, a native solution is to introduce that will be used in our framework. Section 5 introduces the
a trusted arbiter, who serves as a middleman to enforce proposed framework in detail. Sections 6 and 7 present the
that both the task publisher and task participants follow security and performance analyses about the proposed frame-
policies at predefined. However, the role of the trusted arbi- work, respectively. Finally, Section 8 presents a conclusion.
ter might largely eliminate the benefits of this distributed
framework. Over the last few years, blockchain has been
proven to be highly effective at financial services. Some 2 RELATED WORK
blockchain-based FL schemes [18], [19], [20], [21] have been In this section, we mainly review the following two research
proposed to build a decentralized, healthy FL system with topics in FL related to this paper.
incentive mechanisms. However, they fail to balance the Privacy-Preserving FL. PPFL aims to collaboratively train a
privacy protection of data with fair payment of rewards. global model while preserving data privacy. Typically, the
For example, to implement transactions between task pub- privacy-preserving mechanisms used by PPFL can be
lishers and task participants, the FLchain proposed by Bao divided into two types: non-cryptographic technology and
et al. [18] requires that all computation results must be con- cryptographic technology. In the non-cryptographic tech-
sensual on-chain, which may raise the risk of leakage of nologies [23], [24], [25], [26], the differential privacy (DP)
personal sensitive data. method has a major share, which provides a privacy guar-
To address the above concerns, we introduce an efficient antee by adding noise to local data or model parameters.
and secure blockchain-based FL system framework. In this However, applying the DP method to FL results in a contra-
framework, we first adopt a new proposed lightweight cryp- diction between privacy-preserving level and model accu-
tography tool (i.e., non-interaction designated decryptor racy [27]. That is, it is hard to achieve high model accuracy
function encryption) to encrypt each local gradient. As a and strong privacy simultaneously.
remarkable advantage, it can achieve desirable privacy pro- In cryptographic technologies, both homomorphic
tection and retain the accuracy of the global model while encryption (HE) [12] and secure multiparty computation
maintaining low communication costs. Meanwhile, the DGC (MPC) [28] are two mainstream methods at present, because
algorithm [22] is introduced to further reduce the communi- they can provide stronger privacy protection while retain-
cation costs. This is because each local gradient to be sent ing the original accuracy. Zhang et al. [9] constructed a HE-
must be reached a threshold, and thus it greatly reduces the based PPFL framework, in which each local gradient will be
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 763
operations. Let represent multiplication operations in Note that these steps may be repeated several times until
function encryption, the details are defined as follows. a desirable training model is obtained.
new block based on the above-defined structure and sends information such as the public key, computing power and
it to other miners for verification. If the trained model satis- so on. After identifying the participants, TP needs to gener-
fies the requirements of the task, then the new block can ate the keys and encryption parameters of FE for the partici-
pass validation and is added to the blockchain networks. pating miners, while generating the decryption keys with
Note that all new blocks contain the timestamp attribute, the special function for the aggregation node A. Then, the
which can effectively avoid the case of blockchain forks in participating miners will individually train the model based
multi-task parallel processing. on their local data. Third, when the training is temporarily
over, the miners need to encrypt the compressed training
model using the encryption algorithm of FE and send the
5 DESIGN OF ESB-FL encrypted model to A, respectively. Once receiving the
5.1 System Overview models from different miners, A will aggregate them and
We outline the architecture of our efficient and secure block- decrypt the aggregation model using the decryption key of
chain-based FL framework (ESB-FL), as shown in Fig. 4. The FE. If the accuracy of the decrypted model does not meet
proposed framework consists of three roles, i.e., task pub- the task requirement, A returns it to the participating miners
lisher, miners, and aggregation node. for the next iteration, while the participating miners will
start all over again. Note that the process may require
Task Publishers (TP ). They may be enterprises, potentially numerous iterations until the accuracy is
research institutes, or healthcare research units that enough. Fourth, After the above phase, A will return the
try to obtain a disease detection model for a medical final model to TP for the permission to publish a new block.
disease. However, since the lack of real medical Finally, TP will reward the participating miners, while A
data, they have to outsource their tasks and pay for will get the block rewards.
model training and data services. Design Goals and Assumptions.Our design goals are to
Miners (M). They are the service providers (e.g., hos- enforce the following security and performance guarantees.
pitals), who hold various types of medical datasets
and have the different computing power to train Confidentiality. The confidentiality of medical data
models, respectively. To earn monetary rewards, the stored by each miner is the first and most important
miners collaborate on training a global model security requirement. Our framework should ensure
according to the published tasks, verify the final that any unauthorized adversary cannot learn the
model and the newly generated block. privacy information of training data. That is, the
Aggregation node (A). It is a special type of miner, adversary cannot reconstruct private medical data
which is responsible for aggregating the local gra- samples from local models acquired during task
dients submitted by all other participating miners processing.
and returning the aggregated gradient to them for Efficiency. Efficiency is the key property in practical
the next iteration. And beyond that, it is also application. Our ESB-FL framework should ensure
responsible for sending the final qualified model that the task can be processed effectively and be
to the task publisher to gain permission to publish completed in time. Besides, we aim to provide
a new block. another practical notion: parallelism, indicating that
The high-level workflow in our ESB-FL framework is as multiple FL tasks can be executed simultaneously.
follows. First, by leveraging blockchain, TP publishes a Fair Payment. Fair payment is a key financial property
medical training task which includes the relevant parame- of the incentive mechanism. It guarantees the interests
ters such as task requirements, rewards, etc. Second, once of each TP and M and promotes the long-term devel-
receiving new tasks, miners M who meet the requirement opment of ESB-FL. More specifically, TP can obtain
of the same task respond by sending their personal the correct model that meets his requirements as long
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 767
5.2.5 Task Reward Releasing To sum up, the security of the NDD-FE scheme guaran-
When a new block is added to the blockchain network suc- tees that any adversary cannot obtain any information about
cessfully, the participants contained by the new block will the local gradients of each miner, and thus the confidential-
get rewards automatically by executing the smart contract ity of our framework is achieved.
deployed by the task publisher TP at the task publishing
phase. 6.2 Efficiency
Each participant Mj can trigger the smart contract by The efficiency of the FL framework is the key factor for its
sending the task information T , the new block B published wide application, and thus we have several ways to opti-
by A, and the trained model u, the pseudocode is shown in mize the efficiency of our ESB-FL. On the one hand, ESB-FL
Algorithm 2. Based on the status of the training task avoids using computation-intensive tools such as secure
taskPool½T , the smart contract determines whether to set MPC and HE, and uses a relatively lightweight function
the rewards or issue the rewards. If taskPool½T is true, then encryption scheme to protect data privacy. Compared with
the contract will create the transactions for each miner Mj existing MPC-based or HE-based FL frameworks, ESB-FL is
(Line 5) when the model:accuracy meets T:acc. If taskPool½T considerably more efficient in terms of computation and
is false, it indicates that the task T has been resolved. After communication costs. For example, the size of the ciphertext
that, the smart contract will invite TP to initialize a new in our framework is only Utþ1 j
2 G, about 512 bits (ECDSA
request T 0 . It is straightforward to see that each participant parameters). Apart from interaction for model training,
can get rewards as long as the accuracy of the trained model each participant does not need to interact with others for
is valid and qualified. achieving privacy protection, thereby reducing the commu-
nication costs. In addition, our framework adopts the DGC
6 SECURITY ANALYSIS algorithm to further reduce communication costs. The gra-
In this section, we theoretically analyze that the ESB-FL dients will be transmitted if and only if they become large
achieves the following design goals: confidentiality, effi- enough, which can significantly reduce the number of
ciency, and fair payment. rounds of interaction.
On the other hand, ESB-FL supports parallel publishing
and processing of multiple FL tasks. Multiple tasks are
6.1 Confidentiality
effectively arranged for each miner Mi to work on, and the
The confidentiality guarantees the privacy of miners’ local statuses of them will be broadcast in time. Finally, the
data and prevents attackers from reconstructing the private aggregation node A will be rewarded by publishing new
medical data from data acquired task processing. The confi- blocks, where multiple tasks are organized by the deadline
dentiality of the ESB-FL relies on the security of the NDD- of tasks.
FE scheme used to encrypt local gradients.
Theorem 1. If the underlying NDD-FE scheme is secure, then 6.3 Fair Payment
the confidentiality of local training models sent to the aggrega- Fair payment is achieved by combining our designed
tion node is guaranteed. blockchain and smart contracts. It mainly shows in the
Proof: In the model training phase, each miner Mj following two aspects: (1) the task publisher can obtain a
j valid model as long as he pays for his request, (2) each
encrypts the gradient Wtþ1 by using the encryption algo-
rithm of the NDD-FE scheme before sending to the aggrega- participant can get rewards as long as he participates in
tion node A. Based on the description of NDD-FE, the model training.
j
j j r Wtþ1 For the task publisher, at the task publishing phase, he
ciphertext of each gradient Wtþ1 is Utþ1 ¼ pkTP
j
pk0 ,
sk first needs to publish the payment token and deploy a pay
where rj ¼ H1 ðpkTPj ; crt; TÞ. For any adversary, rj is random smart contract to complete the task release. Note that when
sk
and unknown since pkTPj is difficult to be calculated and deploying the smart contract, he must make sure that the
skj j
ðpkTP ; pkj ; pkTP Þ forms a CDH hard problem. Thus, Utþ1 can corresponding account has a sufficient balance. When the
be regarded as a standard ElGamal ciphertext so that any trained model is published, the smart contract will judge
j
adversary cannot recover the information about Wtþ1 . Note whether the accuracy of the model meets the task require-
j
Wtþ1 ments. If yes, the smart contract will create a reward trans-
that for the task publisher, although he can obtain pk0 by action from the task publisher to the task participants.
using his secret key skTP , no information about isj
Wtþ1 Otherwise, the new block cannot be generated and the
leaked since sk0 is unknown for him. smart contract is not triggered, and thus all participants can-
In the model aggregation phase, the aggregation node A not get any rewards.
can obtain all encrypted gradients Utþ1 ¼ ðUtþ1 1 2
; Utþ1 ; . . .; For the participating miners, there are two types of roles:
Utþ1 Þ from h miners and holds the function key sk ¼
h the aggregation node and the miner node. The aggregation
Ph node is rewarded by publishing a new block, while all min-
j¼1 rj yj . Based on the correctness and functionality of the ers are rewarded by smart contracts. If the trained model is
P j
FE scheme, the aggregation node A only obtain hj¼1 yj Wtþ1 correct and has been determined to meet the requirements,
by decrypting the ciphertext Uj using the corresponding a new block is generated and the smart contract has trig-
secret key sk . However, since yi ¼ h1 , the probability of the gered automatically, thereby completing reward payment.
j
aggregation node A guessing the specific gradient Wtþ1 cor- Note that the payment process cannot be stopped even for
rectly is negligible. the creator of smart contracts.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
770 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
Fig. 8. The chest X-ray image dataset used in our proposed framework.
Due to the characteristics of blockchain and smart con- (a) and (d), (b) and (e), (c) and (f) are normal images, virus images and
tracts, such as immutability and automatic execution, the bacteria images, respectively.
interests of both the task publisher and miners are guaranteed
without a trusted party. Therefore, our framework achieves
fair payment and sustains the activity levels of users. TABLE 1
Time Costs of Blockchain Operations
the same length of time. However, in terms of model train- Fig. 10. Test results of our FL model. (a) and (d), (b) and (e), (c) and (f)
are the test results of normal images, virus images and batceria images
ing and aggregation, our framework saves more time cost respectively.
compared with PEFL. For example, the model training in
our framework only takes 4.3 hours, while it takes about
7.4 hours in PEFL. In addition, since the task selection and detect lung medical images is helpful for rapid localization
new block publishing do not involve any encryption oper- and accurate identification of lung lesions in patients with
ations, the time costs of these stages are not affected in pneumonia, which greatly reduces the burden of doctors
either case. and is of great significance for clinical treatment.
Fig. 10 shows the test results of our model after training
7.2.2 FL Training on the complete data set. Columns 1, 2, and 3 are normal
images, virus images, and bacteria images, respectively. We
We compare the efficiency of our framework based on can observe that the test results for each set of images are
NDD-FE with the PEFL scheme. The baseline scheme is an very accurate.
FL framework that does not use encryption algorithms. Fig. 11 further shows the results of our FL model on 1,000
Fig. 9 shows the training time accumulated as the epoch test datasets. We can discover that the test accuracy of nor-
increased in FL. We can find that the time cost of our frame- mal images, virus images and bacteria images are 93.3%,
work is higher than the baseline, which can be regarded as 90%, and 96.1% respectively, which further verified the
a tradeoff to improve security. However, the performance effectiveness of our FL scheme.
of our framework is higher than that of the PEFL frame-
work. This is because the aggregation node in the PEFL
7.3 Comparative Fusion Performance
framework needs to interact with the task publisher to
decrypt the aggregation model frequently. While the aggre- 7.3.1 Privacy-Preserving Cost
gation node in our framework can directly decrypt the We test the cumulative model accuracy of our framework
aggregation model while maintaining the privacy of the and other advanced FL frameworks [45], [46], [47], as shown
model. in Fig. 12. Compared with the unencrypted FL scheme, our
Besides, we also test the security costs of our framework framework will lose 1-2% accuracy due to the introduction
and the PEFL framework, the results are shown in Table 2. of the DGC algorithm and NDD-FE, while the PEFL
Clearly, the NDD-FE scheme proposed in this paper is more
efficient than the FE scheme adopted by PEFL in terms of
performance. For example, the encryption algorithm of the
NDD-FE scheme only takes 23.33 seconds, while that of the
HE scheme takes about 45.28 seconds.
7.2.3 FL Testing
The normal, virus and bacteria images are considered to be
tested in the experiment. Using deep learning models to
TABLE 2
Time Costs of Encryption Scheme
8 CONCLUSION
Leveraging FL into smart healthcare offers new ways to
improve the quality of medical services. FL can train a high-
Fig. 12. Model accuracy with different epoches. precision detection model while keeping all the training
data on local devices. This paper presents an efficient and
secure blockchain-based FL framework called ESB-FL. ESB-
framework will lose 5-6% accuracy due to the polynomial FL effectively solves the privacy, communication, and pay-
activation function and the encryption algorithm error. ment problems of the existing FL frameworks. The compu-
Other FL frameworks use non-cryptographic DP technology tation and communication costs are reduced by adopting
to protect data privacy, their model accuracies are affected the NDD-FE scheme and DGC algorithm. The blockchain
by the introduced DP noise. Therefore, while under the technology in our framework is used to address the fair
same security condition, the accuracy of our framework will payment problem between FL task publishers and miners.
be higher than that of the HE-based framework. Further- The security analysis and extensive experiments of ESB-FL
more, our framework still performs better than some are conducted in this paper. The results show that ESB-FL
advanced FL frameworks based on DP technology. achieves enhanced security and efficient communication in
implementing FL for multiple hospital nodes without the
involvement of a third party.
7.3.2 Communication and Computation Consumption
We compare the communication and computation costs of REFERENCES
our scheme with PEFL, Lu’s and Kumar’s. The baseline [1] D. Sui, Y. Chen, J. Zhao, Y. Jia, Y. Xie, and W. Sun, “Feded: Feder-
scheme is our FL framework without the DGC algorithm. ated learning via ensemble distillation for medical relation extrac-
tion,” in Proc. Conf. Empirical Methods Natural Lang. Process., 2020,
Fig. 13 shows the communication and computation con- pp. 2118–2128.
sumption of our framework and some other advanced FL [2] Y.-H. Wu et al., “JCS: An explainable COVID-19 diagnosis system
frameworks. As can be seen from the figure, the perfor- by joint classification and segmentation,” IEEE Trans. Image Pro-
mance of baseline is worse than PEFL and Lu’s scheme, cess., vol. 30, pp. 3113–3126, 2021.
[3] J. Geiping, H. Bauermeister, H. Dr€ oge, and M. Moeller, “Inverting
requiring longer communication and computation time. gradients-how easy is it to break privacy in federated learning?,”
After adopting the DGC compression algorithm, our in Proc. Adv. Neural Inf. Process. Syst., pp. 16 937–16 947, 2020.
framework becomes the most efficient method, which fur- [4] L. Zhu, Z. Liu, and S. Han, “Deep leakage from gradients,” in
Proc. Adv. Neural Inf. Process. Syst., vol. 32, 2019, pp. 17–31.
ther confirms that our framework can control communica- [5] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership
tion and computing costs well, and can be applied in inference attacks against machine learning models,” in Proc. IEEE
practical applications to improve model accuracy and Symp. Secur. Privacy, 2017, pp. 3–18.
computing efficiency. [6] H. Chen et al., “Practical membership inference attack against col-
laborative inference in industrial IoT,” IEEE Trans. Ind. Informat.,
vol. 18, no. 1, pp. 477–487, Jan. 2022.
[7] M. Zhang, Y. Zhang, and G. Shen, “PPDDS: A privacy-preserving
disease diagnosis scheme based on the secure mahalanobis
distance evaluation model,” IEEE Syst. J., pp. 1–11, 2021,
doi: 10.1109/JSYST.2021.3093415.
[8] M. Gong, Y. Xie, K. Pan, K. Feng, and A. K. Qin, “A survey on dif-
ferentially private machine learning,” IEEE Comput. Intell. Mag.,
vol. 15, no. 2, pp. 49–64, May 2020.
[9] M. Hao, H. Li, X. Luo, G. Xu, H. Yang, and S. Liu, “Efficient and
privacy-enhanced federated learning for industrial artificial
intelligence,” IEEE Trans. Ind. Informat., vol. 16, no. 10, pp. 6532–6542,
Oct. 2020.
[10] J. So, B. Guler, and S. Avestimehr, “A scalable approach for pri-
vacy-preserving collaborative machine learning,” in Proc. Adv.
Neural Inf. Process. Syst., 2020, pp. 8054–8066.
[11] K. Bonawitz et al., “Practical secure aggregation for privacy-pre-
serving machine learning,” in Proc. ACM SIGSAC Conf. Comput.
Commun. Secur., 2017, pp. 1175–1191.
[12] Y. Chen, X. Qin, J. Wang, C. Yu, and W. Gao, “FedHealth: A feder-
ated transfer learning framework for wearable healthcare,” IEEE
Fig. 13. Running time of different FL schemes. Intell. Syst., vol. 35, no. 4, pp. 83–93, Jul./Aug. 2020.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 773
[13] V. Mugunthan, A. Polychroniadou, D. Byrd, and T. H. Balch, [37] Y. Lu, X. Huang, K. Zhang, S. Maharjan, and Y. Zhang,
“Smpai: Secure multi-party computation for federated learning,” “Blockchain empowered asynchronous federated learning for
in Proc. NeurIPS Workshop Robust AI Financial Serv., 2019, pp. 1–9. secure data sharing in internet of vehicles,” IEEE Trans. Veh. Tech-
[14] V. Goyal, A. Jain, Z. Jin, and G. Malavolta, “Statistical zaps and nol., vol. 69, no. 4, pp. 4298–4311, Apr. 2020.
new oblivious transfer protocols,” in Proc. Int. Conf. Theory Appl. [38] Y. Wan, Y. Qu, L. Gao, and Y. Xiang, “Privacy-preserving block-
Cryptographic Techn., 2020, pp. 668–699. chain-enabled federated learning for B5G-driven edge computing,”
[15] T. Song, Y. Tong, and S. Wei, “Profit allocation for federated Comput. Netw., , 204, p. 108671, 2022.
learning,” in Proc. IEEE Int. Conf. Big Data, 2019, pp. 2577–2586. [39] J. Kang, Z. Xiong, D. Niyato, S. Xie, and J. Zhang, “Incentive
[16] Y. Liu, Z. Ai, S. Sun, S. Zhang, Z. Liu, and H. Yu, “Fedcoin: mechanism for reliable federated learning: A joint optimization
A peer-to-peer payment system for federated learning,” in Proc. approach to combining reputation and contract theory,” IEEE
Federated Learn., 2020, pp. 125–138. Internet Things J., vol. 6, no. 6, pp. 10700–10714, Dec. 2019.
[17] Y. Zhan, J. Zhang, Z. Hong, L. Wu, P. Li, and S. Guo, “A survey of [40] P. Ramanan and K. Nakayama, “Baffle: Blockchain based aggre-
incentive mechanism design for federated learning,” IEEE Trans. gator free federated learning,” in Proc. IEEE Int. Conf. Blockchain,
Emerg. Topics Comput., to be published, doi: 10.1109/TETC.2021. 2020, pp. 72–81.
3063517. [41] J. Zhang, Y. Wu, and R. Pan, “Incentive mechanism for horizontal
[18] X. Bao, C. Su, Y. Xiong, W. Huang, and Y. Hu, “FLChain: A block- federated learning based on reputation and reverse auction,” in
chain for auditable federated learning with trust and incentive,” Proc. Web Conf., 2021, pp. 947–956.
in Proc. Int. Conf. Big Data Comput. Commun., 2019, pp. 151–159. [42] L. Gao, L. Li, Y. Chen, W. Zheng, C. Xu, and M. Xu, “FIFL: A fair
[19] H. Kim, J. Park, M. Bennis, and S.-L. Kim, “Blockchained on- incentive mechanism for federated learning,” in Proc. Int. Conf.
device federated learning,” IEEE Commun. Lett., vol. 24, no. 6, Parallel Process., 2021, pp. 1–10.
pp. 1279–1283, Jun. 2019. [43] A. Abdaoui, A. Erbad, A. Al-Ali, A. Mohamed, and M. Guizani,
[20] R. Kumar et al., “Blockchain-federated-learning and deep learning “Fuzzy elliptic curve cryptography for authentication in Internet
models for COVID-19 detection using ct imaging,” IEEE Sensors J., of Things,” IEEE Internet Things J., to be published, doi: 10.1109/
vol. 21, no. 14, pp. 16 301–16 314, Jul. 2021. JIOT.2021.3121350.
[21] Y. Qu et al., “Decentralized privacy using blockchain-enabled fed- [44] E. Dufour-Sans, R. Gay, and D. Pointcheval, “Reading in the
erated learning in fog computing,” IEEE Internet Things J., vol. 7, dark: Classifying encrypted digits with functional encryption,”
no. 6, pp. 5171–5183, Jun. 2020. IACR Cryptol. ePrint Arch., vol. 2018, p. 206, 2018.
[22] Y. Lin, S. Han, H. Mao, Y. Wang, and W. J. Dally, “Deep gradient [45] A. Kiayias, A. Russell, B. David, and R. Oliynykov, “Ouroboros:
compression: Reducing the communication bandwidth for distrib- A provably secure proof-of-stake blockchain protocol,” in Proc.
uted training,” 2017, arXiv:1712.01887. Annu. Int. Cryptol. Conf., 2017, pp. 357–388.
[23] L. Zelei et al., “Contribution-aware federated learning for smart [46] H. Li and X.-J. Wu, “DenseFuse: A fusion approach to infrared
healthcare,” in Proc. 34th Annu. Conf. Innov. Appl. Artif. Intell., and visible images,” IEEE Trans. Image Process., vol. 28, no. 5,
2022. pp. 2614–2623, May 2019.
[24] K. Wei et al., “Federated learning with differential privacy: Algo- [47] Y. Lu, X. Huang, Y. Dai, S. Maharjan, and Y. Zhang, “Blockchain and
rithms and performance analysis,” IEEE Trans. Inf. Forensics Secur., federated learning for privacy-preserved data sharing in industrial
vol. 15, pp. 3454–3469, 2020. IoT,” IEEE Trans. Ind. Informat., vol. 16, no. 6, pp. 4177–4186,
[25] H. Zheng, H. Hu, and Z. Han, “Preserving user privacy for Jun. 2020.
machine learning: Local differential privacy or federated machine
learning?,” IEEE Intell. Syst., vol. 35, no. 4, pp. 5–14, Jul./Aug.
2020.
[26] M. Kim, O. G€ unl€u, and R. F. Schaefer, “Federated learning with Biwen Chen received the PhD degree from the
local differential privacy: Trade-offs between privacy, utility, and School of Computer, Wuhan University, in 2020.
communication,” in Proc. IEEE Int. Conf. Acoust. Speech Signal Pro- He is currently an assistant professor with the
cess., 2021, pp. 2650–2654. School of Computer, Chongqing University. His
[27] Y. Li, H. Li, G. Xu, T. Xiang, and R. Lu, “Practical privacy-preserv- main research interests include cryptography,
ing federated learning in vehicular fog computing,” IEEE Trans. information security, and blockchain.
Veh. Technol., vol. 71, no. 5, pp. 4692–4705, 2022.
[28] I. Damgaard, D. Escudero, T. Frederiksen, M. Keller, P. Scholl, and
N. Volgushev, “New primitives for actively-secure MPC over
rings with applications to private machine learning,” in Proc.
IEEE Symp. Secur. Privacy, 2019, pp. 1102–1120.
[29] J. Zhang, B. Chen, S. Yu, and H. Deng, “PEFL: A privacy-
enhanced federated learning scheme for Big Data analytics,” in Honghong Zeng received the BE degree from
Proc. IEEE Glob. Commun. Conf., 2019, pp. 1–6. the School of Information Engineering, Nanchang
[30] C. Zhang, S. Li, J. Xia, W. Wang, F. Yan, and Y. Liu, “fBatchCrypt University, China, where she is currently working
g: Efficient homomorphic encryption for {Cross-Silo} federated toward the master’s degree with the College of
learning,” in Proc. USENIX Annu. Tech. Conf., 2020, pp. 493–506. Computer Science, Chongqing University. Her
[31] H. Chaudhari, R. Rachuri, and A. Suresh, “Trident: Efficient 4pc research interests include blockchain and secure
framework for privacy preserving machine learning,” 2019, arXiv: medical image processing.
1912.02631.
[32] S. D. Gordon, S. Ranellucci, and X. Wang, “Secure computation
with low communication from cross-checking,” in Proc. Int. Conf.
Theory Appl. Cryptol. Inf. Secur., 2018, pp. 59–85.
[33] M. S. Riazi, K. Laine, B. Pelton, and W. Dai, “HEAX: An architec-
ture for computing on encrypted data,” in Proc. Int. Conf. Architec-
tural Support Program. Lang. Operating Syst., 2020, pp. 1295–1309. Tao Xiang (Senior Member, IEEE) received the
[34] R. Xu, J. B. Joshi, and C. Li, “CryptoNN: Training neural networks BEng, MS, and PhD degrees in computer science
over encrypted data,” in Proc. Int. Conf. Distrib. Comput. Syst., from Chongqing University, China, in 2003, 2005,
2019, pp. 1199–1209. and 2008, respectively. He is currently a profes-
[35] T.-I. Szatmari, M. K. Petersen, M. J. Korzepa, and T. Giannetsos, sor with the College of Computer Science,
“Modelling audiological preferences using federated learning,” Chongqing University, China. His research inter-
in Proc. ACM Conf. User Model. Adapt. Personalization, 2020, ests include multimedia security, cloud security,
pp. 187–190. data privacy and cryptography. He has pub-
[36] S. Guo et al., “Robust and privacy-preserving collaborative learn- lished more than 100 papers on international
ing: A comprehensive survey,” 2021. [Online]. Available: https:// journals and conferences. He also served as a
arxiv.org/abs/2112.10183 referee for numerous international journals and
conferences.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
774 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024
Shangwei Guo received the PhD degree in com- Yang Liu (Senior Member, IEEE) received the
puter science from Chongqing University, Chon- BComp (Hons.) degree from the National Univer-
gqing, China, 2017. He is currently an associate sity of Singapore (NUS), in 2005, and the PhD
professor with the College of Computer Science, degree from National University of Singapore
Chongqing University. He worked as a postdoctoral (NUS) and MIT, in 2010. He started his postdoc-
research fellow with the Hong Kong Baptist Univer- toral work in NUS and MIT, in 2012, he joined
sity and Nanyang Technological University from Nanyang Technological University (NTU). He is
2018 to 2020. His research interests include currently a full professor and the director of the
secure deep learning, secure cloud/edge comput- Cybersecurity Laboratory, NTU. He specializes in
ing, and database security. software verification, security, and software engi-
neering. His research has bridged the gap between
the theory and practical usage of formal methods and program analysis to
Tianwei Zhang (Member, IEEE) received the evaluate the design and implementation of software for high assurance
bachelor’s degree from Peking University, in 2011, and security. By now, he has more than 270 publications in top tier confer-
and the PhD degree from Princeton University, in ences and journals. He received a number of prestigious awards, including
2017. He is currently an assistant professor with the MSRA Fellowship, the TRF Fellowship, the Nanyang Assistant Profes-
the School of Computer Science and Engineering, sor, the Tan Chin Tuan Fellowship, the Nanyang Research Award, and eight
Nanyang Technological University. His research best paper awards in top conferences, such as ASE, FSE, and ICSE.
focuses on computer system security. He is partic-
ularly interested in security threats and defenses in
machine learning systems, autonomous systems, " For more information on this or any other computing topic,
computer architecture, and distributed systems. please visit our Digital Library at www.computer.org/csdl.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.