0% found this document useful (0 votes)
7 views14 pages

22 TBD

The document presents ESB-FL, a blockchain-based federated learning framework designed to enhance privacy and ensure fair payment for participants in medical image detection. It introduces a non-interactive designated decryptor function encryption (NDD-FE) scheme to protect training data while maintaining communication efficiency. The framework addresses privacy concerns and fairness in payment processes, demonstrating improved security, accuracy, and efficiency through extensive analysis and experiments.

Uploaded by

xiaojuanjuan1216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
7 views14 pages

22 TBD

The document presents ESB-FL, a blockchain-based federated learning framework designed to enhance privacy and ensure fair payment for participants in medical image detection. It introduces a non-interactive designated decryptor function encryption (NDD-FE) scheme to protect training data while maintaining communication efficiency. The framework addresses privacy concerns and fairness in payment processes, demonstrating improved security, accuracy, and efficiency through extensive analysis and experiments.

Uploaded by

xiaojuanjuan1216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO.

6, NOVEMBER/DECEMBER 2024 761

ESB-FL: Efficient and Secure Blockchain-Based


Federated Learning With Fair Payment
Biwen Chen , Honghong Zeng , Tao Xiang , Senior Member, IEEE, Shangwei Guo ,
Tianwei Zhang , Member, IEEE, and Yang Liu , Senior Member, IEEE

Abstract—Federated learning (FL) is a technique that enables multiple parties to collaboratively train a model without sharing raw
private data, and it is ideal for smart healthcare. However, it raises new privacy concerns due to the risk of privacy-sensitive medical
data leakage. It is not until recently that the privacy-preserving FL (PPFL) has been introduced as a solution to ensure the privacy of
training processes. Unfortunately, most existing PPFL schemes are highly dependent on complex cryptographic mechanisms or fail to
guarantee the accuracy of training models. Besides, there has been little research on the fairness of the payment procedure in the
PPFL with incentive mechanisms. To address the above concerns, we first construct an efficient non-interactive designated decryptor
function encryption (NDD-FE) scheme to protect the privacy of training data while maintaining high communication performance. We
then propose a blockchain-based PPFL framework with fair payment for medical image detection, namely ESB-FL, by combining the
NDD-FE and an elaborately designed blockchain. ESB-FL not only inherits the characteristics of the NDD-FE scheme, but it also
ensures the interests of each participant. We finally conduct extensive security analysis and experiments to show that our new
framework has enhanced security, good accuracy, and high efficiency.

Index Terms—Blockchain, fair payment, federated learning, function encryption, privacy protection

1 INTRODUCTION benefits from two main drivers: (1) applying machine learn-
ing technologies to distributed data scenarios, (2) providing
EDERATED learning is an emerging and advancing tech-
F nology that allows users to train a centralized model on
separate datasets stored by different entities. It is increas-
data privacy protection during the data application process.
Although the FL brings great benefits to daily life, it also
raises new privacy concerns in practical applications.
ingly prevalent in business and society, and its applications
Recent researches have shown that FL may not always offer
in healthcare drive reforms in the fields such as medical
enough privacy protection for local training datasets [3].
diagnosis and treatment [1], disease risk factor prediction.
This is mainly because some malicious adversaries may
For example, FL allows medical institutions to train global
extract sensitive information about training datasets from
machine learning models on huge amounts of COVID-19
the model parameters such as weights or gradients [4]. For
case data [2] from different areas to predict infectious cases
example, the membership inference attack [5], [6] could con-
without data sharing. Obviously, the rapid growth of FL
struct a series of shadow models through local gradients to
reconstruct original data samples. Obviously, such potential
 Biwen Chen is with the College of Computer Science, Chongqing Univer- privacy leakage risks in FL may be becoming a serious
sity, Chongqing 400044, China, with the State Key Laboratory of Cryptol- obstacle for practical applications, particularly the privacy-
ogy, Beijing 100878, China, and also with the Guangxi Key Laboratory of
Trusted Software, Guilin University of Electronic Technology, Guilin
sensitive scenarios [7] (e.g., healthcare).
541004, China. E-mail: [email protected]. To address the privacy concerns, privacy-preserving FL
 Honghong Zeng, Tao Xiang, and Shangwei Guo are with the College of (PPFL) is introduced by applying privacy-preserving mech-
Computer Science, Chongqing University, Chongqing 400044, China. anisms to FL. Currently, the PPFL schemes can be catego-
E-mail: {hhzeng, txiang, swguo}@cqu.edu.cn.
 Tianwei Zhang and Yang Liu are with the School of Computer Science and rized into two types according to the privacy-preserving
Engineering, Nanyang Technological University, Singapore 639798. methods: (1) non-crypto-based methods such as differential
E-mail: {tianwei.zhang, yangliu}@ntu.edu.sg. privacy [8], (2) crypto-based methods such as homomorphic
Manuscript received 3 March 2022; revised 18 April 2022; accepted 19 May encryption (HE) [9] or secure multiparty computation
2022. Date of publication 23 May 2022; date of current version 13 November (MPC) [10]. Although non-crypto-based PPFL schemes can
2024.
This work was supported in part by the National Natural Science Foundation provide more efficient performance, their training models
of China under Grants U20A20176, U21A20463, 62102050, and 62102052, may not be as accurate as crypto-based PPFL. This is mainly
in part by China Postdoctoral Science Foundation under Grant BX2021399, because the effect of adding noise on the model parameters
in part by the Guangxi Key Laboratory of Trusted Software under Grant may be unknown. In contrast to non-crypto-based PPFL,
KX202043, in part by the State Key Laboratory of Cryptology under Grant
MMKFKT202118, and in part by the Natural Science Foundation of Chongq- crypto-based PPFL can be used to accurately train general
ing, China, under Grant cstc2021jcyj-msxmX0744. machine learning models while providing an appropriate
(Corresponding author: Tao Xiang.) level of data privacy protection.
Recommended for acceptance by Special Issue On Trustable, Verifiable, and
Auditable Federated Learning.
Although there have been some researches [9], [11], [12],
Digital Object Identifier no. 10.1109/TBDATA.2022.3177170 [13] on crypto-based PPFL, significant computational and
2332-7790 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See ht_tps://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
762 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

communication costs might still be one of the common amount of data communicated between nodes. Then, by
problems. One reason is that constructing schemes for gen- elaborately designing a blockchain structure and using smart
eral machine learning tasks relys on sophisticated technolo- contract technology, fair payment between task publisher
gies, such as homomorphic encryption [9], oblivious and task participants is achieved to ensure that all task par-
transfer [14]. For example, Hao et al. [9] adopted the fully ticipants will get the rewards as long as the task publisher
homomorphic encryption technology to resist multiple-enti- obtains the qualified and correct model.
ties collusion attack, however, it also incurs vast computa- In summary, our main contributions are as follows.
tional and communication overhead. Bonawitz et al. [11]
had used multiple cryptography tools such as secret shar-  We propose a new function encryption scheme,
ing, digital signature, authenticated encryption, to maintain namely non-interactive designated decryptor func-
high model accuracy and strong privacy guarantee. How- tion encryption (NDD-FE). NDD-FE avoids multiple
ever, their scheme requires enormous computing power to interactions between the encryptor and the key gen-
train a good model. Obviously, low efficiency may hinder erator and achieves that only the designated decryp-
the wide application of crypto-based PPFL schemes. tor can decrypt the aggregated global model.
In addition, achieving fair exchange between task pub-  We design a new block structure of blockchain,
lishers and task participants in the FL framework is also an which binds the task and model information to the
extremely meaningful challenge. To maintain the function block generation. This guarantees each task partici-
of an FL organization, a financial incentive mechanism is pant gets rewards if and only if the trained model
typically needed to motivate task participants to train mod- satisfies the task requirements, thereby guaranteeing
els actively. Thus, it is critical to ensure each FL participant the fairness of the payment process.
is treated fairly. Currently, most FL schemes with fair treat-  By integrating the proposed NDD-FE and the
ment mainly focus on addressing the problem of how to designed blockchain into federated learning, we pro-
achieve the fair assessment of FL task participants’ contribu- pose ESB-FL, an efficient and secure blockchain-
tion [15], [16], [17]. That is, they can guarantee the fairness of based federated learning framework. ESB-FL can not
profit allocation. However, how to ensure fairness of both only train a highly accurate model while protecting
parties in the trading process is still an open problem. For the privacy of local training data, but also supports
example, if the task participants are paid in advance by the the fair payment between the task publisher and all
task publisher, they may be motivated to lower costs by participants.
training models lazily or with low accuracy. On the con-  We perform a security analysis and effectiveness
trary, if the task publisher gets the training model first, he assessment of the proposed ESB-FL to demonstrate
may not pay rewards for the task participants. Therefore, an its desired security and efficiency.
effective FL framework should ensure that the FL task can The rest of this paper is organized as follows. Section 2
be completed correctly and each participant who partici- describes related work. Section 3 provides a brief introduction
pates in the task can obtain the task rewards timely. to the preliminaries. Section 4 describes the building blocks
To achieve fair payment, a native solution is to introduce that will be used in our framework. Section 5 introduces the
a trusted arbiter, who serves as a middleman to enforce proposed framework in detail. Sections 6 and 7 present the
that both the task publisher and task participants follow security and performance analyses about the proposed frame-
policies at predefined. However, the role of the trusted arbi- work, respectively. Finally, Section 8 presents a conclusion.
ter might largely eliminate the benefits of this distributed
framework. Over the last few years, blockchain has been
proven to be highly effective at financial services. Some 2 RELATED WORK
blockchain-based FL schemes [18], [19], [20], [21] have been In this section, we mainly review the following two research
proposed to build a decentralized, healthy FL system with topics in FL related to this paper.
incentive mechanisms. However, they fail to balance the Privacy-Preserving FL. PPFL aims to collaboratively train a
privacy protection of data with fair payment of rewards. global model while preserving data privacy. Typically, the
For example, to implement transactions between task pub- privacy-preserving mechanisms used by PPFL can be
lishers and task participants, the FLchain proposed by Bao divided into two types: non-cryptographic technology and
et al. [18] requires that all computation results must be con- cryptographic technology. In the non-cryptographic tech-
sensual on-chain, which may raise the risk of leakage of nologies [23], [24], [25], [26], the differential privacy (DP)
personal sensitive data. method has a major share, which provides a privacy guar-
To address the above concerns, we introduce an efficient antee by adding noise to local data or model parameters.
and secure blockchain-based FL system framework. In this However, applying the DP method to FL results in a contra-
framework, we first adopt a new proposed lightweight cryp- diction between privacy-preserving level and model accu-
tography tool (i.e., non-interaction designated decryptor racy [27]. That is, it is hard to achieve high model accuracy
function encryption) to encrypt each local gradient. As a and strong privacy simultaneously.
remarkable advantage, it can achieve desirable privacy pro- In cryptographic technologies, both homomorphic
tection and retain the accuracy of the global model while encryption (HE) [12] and secure multiparty computation
maintaining low communication costs. Meanwhile, the DGC (MPC) [28] are two mainstream methods at present, because
algorithm [22] is introduced to further reduce the communi- they can provide stronger privacy protection while retain-
cation costs. This is because each local gradient to be sent ing the original accuracy. Zhang et al. [9] constructed a HE-
must be reached a threshold, and thus it greatly reduces the based PPFL framework, in which each local gradient will be
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 763

encrypted to avoid information leakage. Zhang et al. [30]


proposed an efficient HE scheme for FL. In their scheme, a
new quantization and encoding scheme is developed to
reduce computation and communication costs. Compared
with the HE method, the MPC method is considered a prom-
ising tool for the privacy protection of FL since it allows dis-
tributed participants to securely calculate an objective
function. Chaudhari et al. [31] proposed a four-party MPC- Fig. 1. A simplified blockchain structure.
based PPFL framework, namely Trident. Compared with
Gordon et al. [32], Trident requires fewer participants to be based FL schemes regard the blockchain merely as a decen-
active and has better online communication efficiency. So tralized and immutable ledger and use it to build trust. Our
et al. [10] introduced a scalable PPFL framework based on work will adopt the blockchain to achieve the fairness of the
secure MPC protocol, where MPC protocol is exploited to payment process, namely fair payment, which can ensure
transform the dataset. However, significant communication the interests of task publishers and task participants.
costs of these solutions is still a challenge to facilitate the
wide application [33]. 3 PRELIMINARIES
In addition to the HE and MPC, some special cryptogra- 3.1 Blockchain
phy primitives [34], [35] are also used to provide privacy
Blockchain can be regarded as a decentralized, distributed
protection of FL for specific applications. Szatmari et al. [35]
database. A simplified diagram of the blockchain is shown
proposed a secret-sharing-based PPFL for modelling audio-
in Fig. 1, which shows that the blockchain is a collection of a
logical preferences. Xu et al. [34] proposed a verifiable PPFL
series of blocks connected in chronological order. Blocks are
framework, where the key agreement protocol is used to
joined by hash pointers, and each block contains the hash
protect the privacy of the local gradients. Guo et al. [36] con-
value of the previous block. With this structure, if the data
ducted a comprehensive review of research on collaborative
in one block is tampered with, all blocks following that
learning and introduced in detail the existing attacks
block are changed and can be detected immediately. All
against FL and corresponding defense mechanisms. Obvi-
blocks in a blockchain are verified by the nodes on the
ously, exploring different cryptography methods for differ-
chain, and adding a new block to the blockchain requires
ent applications may be an efficient way to balance the
the consensus of the nodes. If the majority of nodes verify
accuracy, privacy, and efficiency of FL.
that the new block meets the requirement, the new block is
Blockchain-Based FL. As an emerging technology, block-
accepted as the next block of the longest legal chain.
chain is widely introduced into FL framework to enhance
security or service availability due to its decentralization,
verifiability, and immutability. Qu et al. [21] proposed a 3.2 Hard Problem Assumption
blockchain-enabled FL scheme to remedy the privacy and The privacy of our scheme relies on the CDH assumption.
efficiency problems of fog computing, in which a blockchain That is, if the CDH assumption holds, then our scheme is
system replaces the central authority to resist the poisoning secure. The CDH assumption is defined as follows.
attacks. To enhance the reliability and efficiency, Lu et al. Let G denote a cyclic group with prime order p and g be
[37] designed a new architecture for data sharing, based on its generator. Let GGenð1 Þ be an efficient algorithm that
an asynchronous FL and a hybrid blockchain framework. takes a security parameter  as input and probabilistically
The hybrid blockchain framework consists of permissioned outputs ðG; p; gÞ.
blockchain and local directed acyclic graphs. To solve the CDH Assumption. Given parameters ðG; p; gÞ generated
data falsification, Wan et al. [38] integrated blockchain with by GGenð1 Þ and ðga ; gb Þ 2 G, where ða; bÞ are randomly
FL to protect the privacy of edge devices in 5 G networks. chosen in Zp , the CDH problem is to compute gab . We say
Different from the above methods to improve the secu- that the CDH assumption holds if the advantage of solving
rity of FL, some works [16], [39], [40], [41] focus on enhanc- the CDH problem is negligible.
ing the scalability of FL by leveraging blockchain According to the discrete logarithm, it is impossible to
technology. Ramanan et al. [40] used the blockchain technol- recover the exponent r 2 Zp of gr 2 G if r is large and ran-
ogy to remove the need for the central FL server but also led dom enough. Note that it is still possible to recover the
to the high computation and communication overhead. To exponent k of gk by leveraging the baby-step giant-step algo-
motivate participants, Zhang et al. [41] proposed an incen- rithm [43] if k  r.
tive mechanism for FL, where the blockchain is used to
guarantee that the information of reputation cannot be tam- 3.3 Function Encryption
pered with and can be publicly accessible. Likewise, Gao Function encryption (FE) is a promising cryptographic
et al. [42] also proposed a blockchain-based fair incentive primitive that allows authorized users to delegate to third
mechanism for FL to address the profit-sharing problem. parties the computation of functions of the encrypted data
Their scheme uses the blockchain to store all intermediate by generating specific secret keys for these functions. FE
results to prevent fraud and denial. Liu et al. [16] built a pay- allows us to utilize encrypted data while protecting data
ment system for FL by adopting the blockchain as a distri- privacy. Compared with the MPC and HE, FE is a more
bution ledger. lightweight and efficient cryptography solution towards
Obviously, blockchain has proved to be a powerful tool to constructing a privacy-preserving FL. We now briefly intro-
enhance the practicality of FL. However, most blockchain- duce a FE scheme in [34], [44] that supports basic arithmetic
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
764 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

operations. Let  represent multiplication operations in Note that these steps may be repeated several times until
function encryption, the details are defined as follows. a desirable training model is obtained.

 FE.Setup(1 ): It takes the security parameter  as


input, and generates group sample ðG; p; gÞ 4 BUILDING BLOCKS
GGenð1 Þ and selects a random key s Zp . Then it In this section, we first present a new function encryption
outputs the master secret key msk ¼ s and the public scheme, and then describe our designed blockchain.
key mpk ¼ ðH; gÞ, where H ¼ gs .
 FE.Encrypt(mpk; x): It takes mpk and the data x 2 Zp
that needs to be encrypted as input, and outputs a 4.1 Non-Interactive Designated Decryptor Function
commitment ct and the ciphertext c. It first randomly Encryption
selects a random r Zp and generates the commit- Although the FE scheme in [34] supports several basic arith-
ment ct ¼ gr and the ciphertext c ¼ H r  gx . metic computations, as described in Section 3, it is still faced
 FE.KeyDerive(mpk; msk; ct; ; y): It takes msk, the with two challenges if applied directly to the FL framework.
commitment ct and the input of function y as inputs The first challenge is that the multi-round communica-
and outputs the special function key sk for  opera- tions between the key generator and the data encryptor
tion. Specifically, the generated function key is sk ¼ may result in high communication costs in the FL frame-
ðcts Þy ¼ grsy . work. In their scheme, the generation of the function key
 FE.Decrypt(mpk; sk ; c; y): It takes mpk, the function sk requires a commitment ct sent by the encryptor, that is,
key sk for  operation, the ciphertext c and another the key generator needs to communicate with each data
input y as input, computes gxy ¼ cy =sk ¼ encryptor for generating a decrypt secret key in each model
ðH r gx Þy =ððgr Þsy Þ ¼ gxy , and finally extracts the expo- update process. The second challenge is that relying on a
nent xy. trusted entity further limits the usability and scalability of
their scheme. In their scheme, except for the user with the
3.4 Federated Learning special key sk , the key generator can also decrypt all
ciphertext c ¼ H r gx by using the master secret key s since
FL is gradually applied to the field of medical image detec-
all data are encrypted under the master public key H.
tion by training a global machine learning model on multi-
Therefore, the key generator must be a trusted entity to
ple datasets stored by different centers without data
sharing. In general, a classic FL framework for medical ensure the privacy of data. However, the trusted central
image detection can be summarized as the following entity is difficult to be established in the distributed FL
phases. Suppose that there are h medical data centers as the framework.
participants, which train their local models based on their To overcome the above drawbacks, we propose the con-
local data. Meanwhile, there is an aggregation node A that cept of non-interactive designated decryptor function encryption
is responsible for aggregating local models and computing (NDD-FE) supporting inner-product computation, in which
the global model. the encryptor does not need to interact with the key genera-
tor and only designated decryptor with function key can
Initialization. The aggregation node A publishes the train-
decrypt the inner-product results on the encrypted data. Sup-
ing task T and the parameters of the training process, and
pose the inner-product
P functionality is to compute fðx; yÞ ¼
then initializes the global model as W0 . Finally, it distributes
< x; y > ¼ ni¼1 ðxi yi Þ, where n denotes the length of the
the tth global model Wt to all participants, where
vectors x; y and ðxi ; yi Þ denote the ith elements of x; y,
t ¼ f0; 1; . . .g.
Local Training. After receiving the global model Wt , each respectively.
participant i 2 f1; . . .; hg sets Wt as his local model, denoted For the convenience of description, we describe the
as Wti . Then, guided by the task requirement, the participant NDD-FE scheme using three roles, namely generator, encryp-
i optimizes his local model Wti by minimizing the loss func- tor and decryptor. The system model is shown in Fig. 2, and
tion floss ðWti Þ and then obtains an ideal model ðWti Þ , i.e., the construction is defined as follows.

 NDD-FE. Setup(1 ) ! pp: It takes the security param-


ðWti Þ ¼ arg min floss ðWti Þ eter  as input and generates system public parame-
Wti
ter pp ¼ ðG; p; gÞ GGenð1 Þ and a secure hash
function H1 : G ! Zp .
Finally, all participants ð1; . . .; hÞ send their local models
 NDD-FE. KeyGen(pp) ! ðpk; skÞ: It is executed by all
fðWti Þ gi¼1;...;h to the aggregation node A.
participants, including generator, encryptor and
Aggregation and Update. The aggregation node A aggre-
decryptor. It takes the system public parameter pp as
gates all local models as follows:
input, and selects a random number s Zp as the
secret key and the public key pk ¼ H ¼ gs . Let ðpk1 ¼
1X h
gs1 ; sk1 ¼ s1 Þ, ðpk2i ¼ gs2i ; sk2i ¼ s2i Þi¼1;...;n and ðpk3 ¼
Wtþ1 ¼ floss ðWti Þ
h i¼1 gs3 ; sk3 ¼ s3 Þ denote the public/secret key pairs of
the generator, the ith encryptor and the decryptor,
Then, the aggregation node A sets Wtþ1 as the latest global respectively.
model and determines whether it accords with the need of  NDD-FE. KeyDerive(pk1 ; sk1 ; fpk2i gi¼1;2;...;n ; ctr; y, aux)
training accuracy. If not, A distributes the global model to ! sk : It is executed by the generator. It takes the
all participants, like the Initialization phase. public/secret key pair ðpk1 ¼ gs1 ; sk1 ¼ s1 Þ of the
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 765

Fig. 2. System model of NDD-FE.


Fig. 3. The designed block structure.
generator, the public keys fpk2i ¼ gs2i gi¼1;2;...;n of n
encryptors, an incremental counter ctr, a vector y FE supports secure multiple rounds of encryption, where
that needs to be computed with ciphertext and an the participants can automatically update the encrypted
auxiliary information auxPas input, and outputs random number rcrt i by introducing the incremental param-
the function key sk ¼ ni¼1 rcrt i yi , where ri ¼
crt
eter crt, thereby updating the ciphertexts ci .
H1 ðpk2i 1 ; crt; auxÞ ¼ H1 ðgs2i s1 ; crt; auxÞ 2 Zp for each
sk
For performance, our scheme removes the interactions
encryptor pk2i . between the generator and the encryptors since the generation
 NDD-FE. Encrypt(pk1 ; sk2i ; pk3 ; ctr; xi ; aux) ! ci : It is of the function key does not require the information sent by
executed by n encryptors. It takes the public key pk1 the encryptor. In the FL framework, training a good model
of the generator, the public/secret key pair ðpk2i ; sk2i Þ usually takes multiple rounds of updates, that is, the FE
of the ith encryptor, the public key pk3 of the decryp- scheme will be executed multiple times. Therefore, the per-
tor, and the data xi as input, and outputs the cipher- formance advantage will become more meaningful as the
rcrt x sk
text ci ¼ pk1i  pk3 i , where rcrti ¼ H1 ðpk1 ; crt; auxÞ
2i number of times the FE scheme increases.

¼ H1 ðg s1 s2i
; crt; auxÞ 2 Zp .
 NDD-FE. Decrypt(pk1 ; sk ; sk3 ; fci gi¼1;...;n ; y) ! < 4.2 Designed Blockchain
x; y > : It is executed by the decryptor. It takes the To achieve fair payment and exploit the computation power
public key pk1 of the generator, the function key sk , of miners, we design an elaborate blockchain by modifying
the secret key sk3 of the decryptor, the ciphertexts the traditional blockchain from two following aspects.
fci gi¼1;...;n and the vector y as input, and computes: Block Header. Different from the traditional blockchain,
Qn Qn we define a new block header structure, as shown in Fig. 3.
yi rcrt x
i¼1 ci i¼1 ððpk 1Þ i pk3 i Þyi In addition to the general attributes such as the block ver-
E¼ ¼ P n
ðpk1 Þsk ðpk1 Þ rcrt yi
i¼1 i
sion, the hash value of the previous block, the difficulty
Pn crt value, and so on, we introduce two new attributes to the
ri yi hx;yi
ðpk1 Þ i¼1 pk block header in our blockchain: (1) digital signature of task
¼ Pn crt 3 ¼ pk3< x;y >
ðpk1 Þ i¼1 ri yi information and participating miners information, (2) digi-
1 tal signature of model hash, model link and model accuracy.
and computes E  ¼ E sk3 ¼ g < x;y > . Finally, it can The two new attributes bind the task information to the
recover the inner-product of vectors ðx; yÞ by using block and establish a relationship between the task and the
the baby-step giant-step (BSGS) algorithm. training model.
Scheme Analysis. Here, we analyze the proposed FE New Block Generation. In the typical blockchains (i.g., Bit-
scheme in terms of security and performance. coin), new blocks are generated by solving hard computa-
For security, it is straightforward to see that the security tion problems, thereby resulting in the energy-wasting
of the NDD-FE scheme is the same as that of the scheme issue. Thus, to address this drawback, our mechanism asks
rcrt
in [34]. This is because the ciphertext ci ¼ pk1i pkx3 i in our miners to perform meaningful FL tasks and presents a
scheme and the ciphertext ci ¼ H ri gxi in [34] can be viewed global model.
as the standard ElGamal ciphertext generated by the ElGa- To generate a new block, our mechanism needs to com-
mal encryption scheme, and thus any outside adversaries plete two following phases. In the first phase, the task pub-
cannot obtain the information of data. However, the main lisher publishes information about the task and
difference between our scheme and [34] is that our scheme participating miners, the task publisher will sign this infor-
ensures that only the designated decryptor can decrypt the mation as a payment token. Then, all participants execute
ciphertext due to the usage of the secret key sk3 of the desig- their works based on their roles, respectively. After com-
nated decryptor in the decryption phase. Moreover, NDD- pleting the model training task, a special miner builds a
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
766 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

Fig. 4. Framework of ESB-FL.

new block based on the above-defined structure and sends information such as the public key, computing power and
it to other miners for verification. If the trained model satis- so on. After identifying the participants, TP needs to gener-
fies the requirements of the task, then the new block can ate the keys and encryption parameters of FE for the partici-
pass validation and is added to the blockchain networks. pating miners, while generating the decryption keys with
Note that all new blocks contain the timestamp attribute, the special function for the aggregation node A. Then, the
which can effectively avoid the case of blockchain forks in participating miners will individually train the model based
multi-task parallel processing. on their local data. Third, when the training is temporarily
over, the miners need to encrypt the compressed training
model using the encryption algorithm of FE and send the
5 DESIGN OF ESB-FL encrypted model to A, respectively. Once receiving the
5.1 System Overview models from different miners, A will aggregate them and
We outline the architecture of our efficient and secure block- decrypt the aggregation model using the decryption key of
chain-based FL framework (ESB-FL), as shown in Fig. 4. The FE. If the accuracy of the decrypted model does not meet
proposed framework consists of three roles, i.e., task pub- the task requirement, A returns it to the participating miners
lisher, miners, and aggregation node. for the next iteration, while the participating miners will
start all over again. Note that the process may require
Task Publishers (TP ). They may be enterprises, potentially numerous iterations until the accuracy is
research institutes, or healthcare research units that enough. Fourth, After the above phase, A will return the
try to obtain a disease detection model for a medical final model to TP for the permission to publish a new block.
disease. However, since the lack of real medical Finally, TP will reward the participating miners, while A
data, they have to outsource their tasks and pay for will get the block rewards.
model training and data services. Design Goals and Assumptions.Our design goals are to
 Miners (M). They are the service providers (e.g., hos- enforce the following security and performance guarantees.
pitals), who hold various types of medical datasets
and have the different computing power to train  Confidentiality. The confidentiality of medical data
models, respectively. To earn monetary rewards, the stored by each miner is the first and most important
miners collaborate on training a global model security requirement. Our framework should ensure
according to the published tasks, verify the final that any unauthorized adversary cannot learn the
model and the newly generated block. privacy information of training data. That is, the
 Aggregation node (A). It is a special type of miner, adversary cannot reconstruct private medical data
which is responsible for aggregating the local gra- samples from local models acquired during task
dients submitted by all other participating miners processing.
and returning the aggregated gradient to them for  Efficiency. Efficiency is the key property in practical
the next iteration. And beyond that, it is also application. Our ESB-FL framework should ensure
responsible for sending the final qualified model that the task can be processed effectively and be
to the task publisher to gain permission to publish completed in time. Besides, we aim to provide
a new block. another practical notion: parallelism, indicating that
The high-level workflow in our ESB-FL framework is as multiple FL tasks can be executed simultaneously.
follows. First, by leveraging blockchain, TP publishes a  Fair Payment. Fair payment is a key financial property
medical training task which includes the relevant parame- of the incentive mechanism. It guarantees the interests
ters such as task requirements, rewards, etc. Second, once of each TP and M and promotes the long-term devel-
receiving new tasks, miners M who meet the requirement opment of ESB-FL. More specifically, TP can obtain
of the same task respond by sending their personal the correct model that meets his requirements as long
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 767

as he pays for his request, while the miners can earn


the corresponding rewards as long as they do correct
computations.
Availability Assumptions. To guarantee the functionality
and security of our framework, the following reasonable
assumptions should be ensured.

 Assumption 1. The networks of each participant in the


framework should be stable enough to work. For
example, the miners should be able to receive several
task updates and perform task selection and process-
ing immediately.
Fig. 5. Task publishing process.
 Assumption 2. Both TP and A will not collude
with each other. That is, the TP has stayed out of
the model training process. Fortunately, it can be 5.2.2 Model Training
easily guaranteed by delegating an agent to pub-
lish tasks. This module roughly consists of three steps: (1) local train-
ing, (2) gradient compression, (3) gradient encryption, as
shown in the right half of Fig. 4.
5.2 ESB-FL Framework After obtaining the published global model Wt at
By combining the above NDD-FE scheme and our designed t-round, each miner Mj ; j ¼ 1; . . .; h begins to train the local
blockchain, we proposed an efficient and secure blockchain- model based on the local data Dj and the loss function
based FL framework, i.e., ESB-FL. It consists of five main floss ðWt Þ, and then obtain the updated model Wtj . The
modules: task publishing, model training, model aggrega- details of the training model are not the focus of this work.
tion, block publishing, and task reward releasing.
Algorithm 1. DGC Algorithm
5.2.1 Task Publishing Input: dataset D, minibatch size b per node, the number of
In this module, TP with public/secret key pair ðpkTP ; skTP Þ nodes N, init parameters w ¼ fwi ½0; wi ½1; . . .; wi ½ng
j
Output: Wtþ1
first issues a service request by publishing a medical train-
1: G0 0
ing task Ti to the blockchain, where Ti contains the task
2: for t ¼ 1; . . . do
publisher identity pkTP , the task status S, dataset require-
3: Gt Gt1
ments D, initialization model link L, the expected model 4: for i ¼ 1 to b do
accuracy acc, the expected processing time Texp and task 5: Sample data d from Dj
rewards R, where S is set to publishing. Note that multiple 6: Gt Gt þ Nb 1
rfðd; wÞ
task publishers can publish their tasks Ti¼1;2;... at the same 7: end for
time. 8: for j ¼ 0 to n do
According to the published tasks, the miners fMj gj¼0;...;h 9: Select threshold: t s% of jGt ½jj
who meet D of T will respond to the request by sending the 10: Tmp jGt ½jj > t
relevant proofs that can prove their ability and their public 11: Get ½j Gt ½j Tmp
keys ðpk0 ; . . .; pkh Þ, respectively. Once receiving enough 12: Gt ½j Gt ½j :Tmp
replies from miners, the task publisher modifies S to 13: end for
processing and broadcasts the list of participating miners. 14: Wtþ1 j
encodeðG et Þ
The task publisher TP performs Proof of State (PoS) algo- 15: end for
rithm [45] to select a special miner as the aggregation node
A 2 fMj gj¼0;...;h , which ensures that the aggregation node is When completing the local model training, Mj parses the
chosen at random. Suppose that M0 is selected as the aggre- model Wtj as Wtj ¼ fwj ½0; wj ½1; . . .; wj ½ng to compresses it.
j
gation node. In our framework, the DGC algorithm Wtþ1 ¼ DGCðWtj ;
Then, the task publisher TP executes the NDD-FE.Key- b; N; n; sÞ (see Algorithm 1) is chosen to improve communi-
Derive(pkTP ; skTP ; fpki gi¼1;2;...;h ; ctr; y, T ) ! sk algorithm to cation efficiency, where n denotes the number of total
generate the function key sk for the aggregation node A, parameters and s denotes the compression rate set by the
where ctr ¼ f1; 2; . . .; g is an incremental counter, y ¼ task publisher. In the process of gradient compression, there
1 exists a threshold t to determine whether the gradient meets
fy1 ; . . .; yh g is a hdimentional weight Ph vector and yi ¼ h .
Suppose that the function key sk ¼ i¼1 ri yi , which means the requirements. That is, only the gradient greater than the
sk
ri ¼ H1 ðpki TP ; crt; T Þ. threshold t can be selected for transmission. Meanwhile, to
j
Finally, the task publisher TP publishes the signature prevent data loss, miners whose gradient Wtþ1 does not
s 1 that contains task information and participating miner reach the threshold need to accumulate the remaining gra-
list as the payment token. Also, he deploys a smart con- dients locally until the gradient becomes large enough. In
tract to specify payment policies that are used to pay addition to improving performance, the DGC algorithm
rewards to miners. Please refer to Algorithm 2 for more transforms high-dimensional data to low-dimensional,
details. We also show the process for the task publishing thereby solving the input format problem of the encryption
phase in Fig. 5. algorithm to be used.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
768 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

5.2.4 Block Publishing


When completing a training task, the aggregation node A
gets the rewards by publishing a new block in blockchain
networks. First, the aggregation node A computes the hash
mh ¼ hðuÞ of the trained global model u and sends u to an
accessible platform (e.g., cloud server) while keeping the
access link ml, which aims to allow each participant to ver-
ify the validity of u.

Algorithm 2. The Pseudocode of Smart Contract That


Guarantees Task Reward Payment
Input: T ðpkTP ; S; D; L; acc; Texp ; RÞ; model; B;
taskPool; publishBlock
Fig. 6. Block publishing process. 1: if taskPool½T  then
2: requireðmodelÞ
3: if model:accuracy > T:acc then
4: publishBlock½msg:sender true
Finally, to prevent the gradient leakage, each miner Mj
j 5: MultiTransferðT:pkTP ; T:R; B:participantsÞ
encrypts the compressed gradient Wtþ1 using NDD-FE.
j 6: T:S finished
Encrypt(pkTP ; skj ; pk0 ; ctr; Wtþ1 ; T). 7: taskPool½T  false
8: end if
j j
Utþ1 ¼ NDD  FE:EncryptðpkTP ; skj ; pk0 ; ctr; Wtþ1 ; crt; TÞ 9: else
r
j
Wtþ1 10: init T 0
¼ pkTP
j
 pk0 11: T 0 :pkTP TP:ID
12: T 0 :S publishing
sk
where rj ¼ H1 ðpkTPj ; crt; TÞ. Then, each miner Mj sends the 13: T 0 :D COVID19 CT image datasets
encrypted update Utþ1 j
to the aggregation node A as the 14: T 0 :L aa:bb:com
t þ 1th round response. 15: T 0 :acc 97%
16: T 0 :Texp 48 h
5.2.3 Model Aggregation 17: T 0 :R 1 BTC
1 2 18: requireð!taskPool½T 0 Þ
Once receiving all encrypted updates Utþ1 ¼ ðUtþ1 ; Utþ1 ; 19: if getBalanceðT 0 :pkTP Þ R then
. . .; Utþ1 Þ at the t þ 1 round, the aggregation node A with
h
20: taskPool½T 0  true
the function key sk performs the decryption algorithm of 21: else
NDD-FE scheme to obtain the aggregation model utþ1 . The 22: init faild
aggregation node A first performs 23: end if
24: end if
Etþ1 ¼ NDD  FE:DecryptðpkTP ; sk ; sk0 ; Utþ1 ; yÞ
Qh j yj Qh rj
j
Wtþ1 y
j¼1 ðUtþ1 Þ j¼1 ððpkTP Þ pk0 Þj Then, using the secret key sk0 , A generates a signature
¼ ¼ P
ðpkTP Þsk
h
r y s 2 about the model information, including the model hash
ðpkTP Þ j¼1 j j
Ph Ph j
mh, the access link ml, and the model accuracy ma. By
r y W y
ðpkTP Þ j¼1 j j ðpk0 Þ j¼1 tþ1 j leveraging two signatures ðs 1 ; s 2 Þ, A builds a new block
¼ Ph and broadcasts it to the participating miners. Receiving
r y
ðpkTP Þ j¼1 j j the new block B, each miner Mi verifies the correctness of
< W;y >
¼ pk0 the new block. If A publishes an error block, which means
that the block may contain an error participant list or the
1 accuracy does not meet the requirement, the new block
where W ¼ fWtþ1 ; . . .; Wtþ1
h
g. Then, A executes the baby-step
giant-step algorithm to obtain < W; y > as the updated will not be passed. After all participants have validated
global model utþ1 . that the new block is correct, the block will be added to
Finally, the aggregation node A needs to verify whether the blockchain networks in series. Obviously, if the
the accuracy of the model utþ1 meets the requirement of the trained model is valid, the block can be generated cor-
task. If the accuracy of utþ1 reaches the value defined by the rectly, and the aggregation node A then obtains the
task publisher, A modifies the status of the current task and rewards. Otherwise, A cannot get any rewards. Note that
returns the model to the task publisher to move into the multiple tasks may be completed simultaneously, the
next phase. Otherwise, the aggregation node A distributes aggregation node A needs to collect all running tasks
the model update utþ1 to each miner Mi for the next itera- locally and records the task status. Then A builds the
tion. Therefore, the model training and model aggregation block in order of task end time (timestamp) to prevent
phases may be repeated several times until the accuracy of forks. We also show the process for the block publishing
the model reaches the requirements. phase in Fig. 6.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 769

5.2.5 Task Reward Releasing To sum up, the security of the NDD-FE scheme guaran-
When a new block is added to the blockchain network suc- tees that any adversary cannot obtain any information about
cessfully, the participants contained by the new block will the local gradients of each miner, and thus the confidential-
get rewards automatically by executing the smart contract ity of our framework is achieved.
deployed by the task publisher TP at the task publishing
phase. 6.2 Efficiency
Each participant Mj can trigger the smart contract by The efficiency of the FL framework is the key factor for its
sending the task information T , the new block B published wide application, and thus we have several ways to opti-
by A, and the trained model u, the pseudocode is shown in mize the efficiency of our ESB-FL. On the one hand, ESB-FL
Algorithm 2. Based on the status of the training task avoids using computation-intensive tools such as secure
taskPool½T , the smart contract determines whether to set MPC and HE, and uses a relatively lightweight function
the rewards or issue the rewards. If taskPool½T  is true, then encryption scheme to protect data privacy. Compared with
the contract will create the transactions for each miner Mj existing MPC-based or HE-based FL frameworks, ESB-FL is
(Line 5) when the model:accuracy meets T:acc. If taskPool½T  considerably more efficient in terms of computation and
is false, it indicates that the task T has been resolved. After communication costs. For example, the size of the ciphertext
that, the smart contract will invite TP to initialize a new in our framework is only Utþ1 j
2 G, about 512 bits (ECDSA
request T 0 . It is straightforward to see that each participant parameters). Apart from interaction for model training,
can get rewards as long as the accuracy of the trained model each participant does not need to interact with others for
is valid and qualified. achieving privacy protection, thereby reducing the commu-
nication costs. In addition, our framework adopts the DGC
6 SECURITY ANALYSIS algorithm to further reduce communication costs. The gra-
In this section, we theoretically analyze that the ESB-FL dients will be transmitted if and only if they become large
achieves the following design goals: confidentiality, effi- enough, which can significantly reduce the number of
ciency, and fair payment. rounds of interaction.
On the other hand, ESB-FL supports parallel publishing
and processing of multiple FL tasks. Multiple tasks are
6.1 Confidentiality
effectively arranged for each miner Mi to work on, and the
The confidentiality guarantees the privacy of miners’ local statuses of them will be broadcast in time. Finally, the
data and prevents attackers from reconstructing the private aggregation node A will be rewarded by publishing new
medical data from data acquired task processing. The confi- blocks, where multiple tasks are organized by the deadline
dentiality of the ESB-FL relies on the security of the NDD- of tasks.
FE scheme used to encrypt local gradients.
Theorem 1. If the underlying NDD-FE scheme is secure, then 6.3 Fair Payment
the confidentiality of local training models sent to the aggrega- Fair payment is achieved by combining our designed
tion node is guaranteed. blockchain and smart contracts. It mainly shows in the
Proof: In the model training phase, each miner Mj following two aspects: (1) the task publisher can obtain a
j valid model as long as he pays for his request, (2) each
encrypts the gradient Wtþ1 by using the encryption algo-
rithm of the NDD-FE scheme before sending to the aggrega- participant can get rewards as long as he participates in
tion node A. Based on the description of NDD-FE, the model training.
j
j j r Wtþ1 For the task publisher, at the task publishing phase, he
ciphertext of each gradient Wtþ1 is Utþ1 ¼ pkTP
j
 pk0 ,
sk first needs to publish the payment token and deploy a pay
where rj ¼ H1 ðpkTPj ; crt; TÞ. For any adversary, rj is random smart contract to complete the task release. Note that when
sk
and unknown since pkTPj is difficult to be calculated and deploying the smart contract, he must make sure that the
skj j
ðpkTP ; pkj ; pkTP Þ forms a CDH hard problem. Thus, Utþ1 can corresponding account has a sufficient balance. When the
be regarded as a standard ElGamal ciphertext so that any trained model is published, the smart contract will judge
j
adversary cannot recover the information about Wtþ1 . Note whether the accuracy of the model meets the task require-
j
Wtþ1 ments. If yes, the smart contract will create a reward trans-
that for the task publisher, although he can obtain pk0 by action from the task publisher to the task participants.
using his secret key skTP , no information about isj
Wtþ1 Otherwise, the new block cannot be generated and the
leaked since sk0 is unknown for him. smart contract is not triggered, and thus all participants can-
In the model aggregation phase, the aggregation node A not get any rewards.
can obtain all encrypted gradients Utþ1 ¼ ðUtþ1 1 2
; Utþ1 ; . . .; For the participating miners, there are two types of roles:
Utþ1 Þ from h miners and holds the function key sk ¼
h the aggregation node and the miner node. The aggregation
Ph node is rewarded by publishing a new block, while all min-
j¼1 rj yj . Based on the correctness and functionality of the ers are rewarded by smart contracts. If the trained model is
P j
FE scheme, the aggregation node A only obtain hj¼1 yj Wtþ1 correct and has been determined to meet the requirements,
by decrypting the ciphertext Uj using the corresponding a new block is generated and the smart contract has trig-
secret key sk . However, since yi ¼ h1 , the probability of the gered automatically, thereby completing reward payment.
j
aggregation node A guessing the specific gradient Wtþ1 cor- Note that the payment process cannot be stopped even for
rectly is negligible. the creator of smart contracts.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
770 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

Fig. 7. Blockchain network topology.

Fig. 8. The chest X-ray image dataset used in our proposed framework.
Due to the characteristics of blockchain and smart con- (a) and (d), (b) and (e), (c) and (f) are normal images, virus images and
tracts, such as immutability and automatic execution, the bacteria images, respectively.
interests of both the task publisher and miners are guaranteed
without a trusted party. Therefore, our framework achieves
fair payment and sustains the activity levels of users. TABLE 1
Time Costs of Blockchain Operations

7 EXPERIMENTS Blockchain operation Ours PEFL


We conduct experiments in this section to check the perfor- Task publishing < 1h < 1h
mance of our proposed ESB-FL. We first introduce our Model Training (80,000 images) 4.3 h 7.4h
Model Aggregation (10 nodes) 6.44 min 8.03min
experimental settings, and then give the experimental
Block Publishing < 1h < 1h
results. Meanwhile, we compare our FL scheme with exist- Task Reward < 1 min < 1 min
ing representative work.

7.1 Experimental Settings


7.1.1 Configuration 7.1.3 Dataset
We implement our ESB-FL by Python on a Linux server In our framework, we use the chest X-ray image (pneumo-
with Intel Xeon CPU E5-1650 v4 @ 3.60 GHz, 64 Gb RAM, nia) dataset ,4 partial samples are shown in Fig. 8. We use
GTX 1080 Ti. We adopt an open-source project1 to provide training samples as the basis of the generator and randomly
the blockchain service. Our blockchain network topology is generate 80,000 images for model training. We greyscale
shown in Fig. 7, in our experiments, the number of regis- each image and set its size to 200 200. We test our trained
tered miners is set to 100 and our medical image dataset is model with 1,000 test images from this dataset, where nor-
divided equally among these 100 miners. The DGC algo- mal, virus, and bacteria images are considered.
rithm is implemented based on [22], the compression
threshold of the DGC algorithm is set to 90%. The NDD-FE
scheme is implemented based on FE.2 7.1.4 Comparatives
We compare the performance of our FL scheme with several
representative approaches, including PEFL [9], Lu’s [47]
7.1.2 Model and Kumar’s [20]. We use the same dataset to train their FL
We refer to some convolutional neural network models to frameworks and analyze their experimental results.
classify medical images. First, we use denseblock [46] net-
work structure to extract features from medical images, the 7.2 Results
network contains 4 convolutional layers, the numbers of
7.2.1 Blockchain Operations
channels in each convolutional layer are 1; 16 16; 32
16; 48 16, and the size of the convolution kernel is 3 3. Blockchain technology is applied to ensure security and
Then, we use SSD 3 network to locate and classify extracted solve the payment problem, its performance has a signifi-
features, which contains five localization and classification cant impact on the practicality of our ESB-FL framework.
layers. The learning rate and batch size of the training We first test the time costs of main blockchain operations
model are set to 104 and 2, respectively. Meanwhile, we set in each phase, the results are the average values of running
the number of iterations to be large enough (such as 1000) to 100 times over 80,000 images. As shown in Table 1, in the
keep the miners training so that the aggregation model phases such as task publishing, blockchain publishing,
meets the required accuracy. and task reward, our framework and the FL scheme based
on homomorphic encryption (PEFL) take approximately
1. https://github.com/guanchao/mini_blockchain
2. https://github.com/OpenMined/PyFE 4. https://www.kaggle.com/paultimothymooney/chest-xray-
3. https://github.com/AIZOOTech/FaceMaskDetection pneumonia
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 771

Fig. 9. Training time with different epoches.

the same length of time. However, in terms of model train- Fig. 10. Test results of our FL model. (a) and (d), (b) and (e), (c) and (f)
are the test results of normal images, virus images and batceria images
ing and aggregation, our framework saves more time cost respectively.
compared with PEFL. For example, the model training in
our framework only takes 4.3 hours, while it takes about
7.4 hours in PEFL. In addition, since the task selection and detect lung medical images is helpful for rapid localization
new block publishing do not involve any encryption oper- and accurate identification of lung lesions in patients with
ations, the time costs of these stages are not affected in pneumonia, which greatly reduces the burden of doctors
either case. and is of great significance for clinical treatment.
Fig. 10 shows the test results of our model after training
7.2.2 FL Training on the complete data set. Columns 1, 2, and 3 are normal
images, virus images, and bacteria images, respectively. We
We compare the efficiency of our framework based on can observe that the test results for each set of images are
NDD-FE with the PEFL scheme. The baseline scheme is an very accurate.
FL framework that does not use encryption algorithms. Fig. 11 further shows the results of our FL model on 1,000
Fig. 9 shows the training time accumulated as the epoch test datasets. We can discover that the test accuracy of nor-
increased in FL. We can find that the time cost of our frame- mal images, virus images and bacteria images are 93.3%,
work is higher than the baseline, which can be regarded as 90%, and 96.1% respectively, which further verified the
a tradeoff to improve security. However, the performance effectiveness of our FL scheme.
of our framework is higher than that of the PEFL frame-
work. This is because the aggregation node in the PEFL
7.3 Comparative Fusion Performance
framework needs to interact with the task publisher to
decrypt the aggregation model frequently. While the aggre- 7.3.1 Privacy-Preserving Cost
gation node in our framework can directly decrypt the We test the cumulative model accuracy of our framework
aggregation model while maintaining the privacy of the and other advanced FL frameworks [45], [46], [47], as shown
model. in Fig. 12. Compared with the unencrypted FL scheme, our
Besides, we also test the security costs of our framework framework will lose 1-2% accuracy due to the introduction
and the PEFL framework, the results are shown in Table 2. of the DGC algorithm and NDD-FE, while the PEFL
Clearly, the NDD-FE scheme proposed in this paper is more
efficient than the FE scheme adopted by PEFL in terms of
performance. For example, the encryption algorithm of the
NDD-FE scheme only takes 23.33 seconds, while that of the
HE scheme takes about 45.28 seconds.

7.2.3 FL Testing
The normal, virus and bacteria images are considered to be
tested in the experiment. Using deep learning models to

TABLE 2
Time Costs of Encryption Scheme

Operations (for a gradient) Ours (NDD-FE) PEFL (HE)


Encryption 23.33 s 45.28 s
Decryption 37.44 s 47.51 s
Fig. 11. Confusion matrix of test dataset.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
772 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

Through the above evaluation, we can observe that our


scheme not only improves communication efficiency, but
also ensures the secure aggregation of gradient data, which
well solves the privacy leakage and communication prob-
lems that may be encountered in FL. Parallel local training
in FL can greatly improve the efficiency of centralized train-
ing and ensure stable model accuracy. With the increase of
epoch, the time of encryption and update transmission in
the model training process also accumulates, but it increases
the quality of the detection model.

8 CONCLUSION
Leveraging FL into smart healthcare offers new ways to
improve the quality of medical services. FL can train a high-
Fig. 12. Model accuracy with different epoches. precision detection model while keeping all the training
data on local devices. This paper presents an efficient and
secure blockchain-based FL framework called ESB-FL. ESB-
framework will lose 5-6% accuracy due to the polynomial FL effectively solves the privacy, communication, and pay-
activation function and the encryption algorithm error. ment problems of the existing FL frameworks. The compu-
Other FL frameworks use non-cryptographic DP technology tation and communication costs are reduced by adopting
to protect data privacy, their model accuracies are affected the NDD-FE scheme and DGC algorithm. The blockchain
by the introduced DP noise. Therefore, while under the technology in our framework is used to address the fair
same security condition, the accuracy of our framework will payment problem between FL task publishers and miners.
be higher than that of the HE-based framework. Further- The security analysis and extensive experiments of ESB-FL
more, our framework still performs better than some are conducted in this paper. The results show that ESB-FL
advanced FL frameworks based on DP technology. achieves enhanced security and efficient communication in
implementing FL for multiple hospital nodes without the
involvement of a third party.
7.3.2 Communication and Computation Consumption
We compare the communication and computation costs of REFERENCES
our scheme with PEFL, Lu’s and Kumar’s. The baseline [1] D. Sui, Y. Chen, J. Zhao, Y. Jia, Y. Xie, and W. Sun, “Feded: Feder-
scheme is our FL framework without the DGC algorithm. ated learning via ensemble distillation for medical relation extrac-
tion,” in Proc. Conf. Empirical Methods Natural Lang. Process., 2020,
Fig. 13 shows the communication and computation con- pp. 2118–2128.
sumption of our framework and some other advanced FL [2] Y.-H. Wu et al., “JCS: An explainable COVID-19 diagnosis system
frameworks. As can be seen from the figure, the perfor- by joint classification and segmentation,” IEEE Trans. Image Pro-
mance of baseline is worse than PEFL and Lu’s scheme, cess., vol. 30, pp. 3113–3126, 2021.
[3] J. Geiping, H. Bauermeister, H. Dr€ oge, and M. Moeller, “Inverting
requiring longer communication and computation time. gradients-how easy is it to break privacy in federated learning?,”
After adopting the DGC compression algorithm, our in Proc. Adv. Neural Inf. Process. Syst., pp. 16 937–16 947, 2020.
framework becomes the most efficient method, which fur- [4] L. Zhu, Z. Liu, and S. Han, “Deep leakage from gradients,” in
Proc. Adv. Neural Inf. Process. Syst., vol. 32, 2019, pp. 17–31.
ther confirms that our framework can control communica- [5] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership
tion and computing costs well, and can be applied in inference attacks against machine learning models,” in Proc. IEEE
practical applications to improve model accuracy and Symp. Secur. Privacy, 2017, pp. 3–18.
computing efficiency. [6] H. Chen et al., “Practical membership inference attack against col-
laborative inference in industrial IoT,” IEEE Trans. Ind. Informat.,
vol. 18, no. 1, pp. 477–487, Jan. 2022.
[7] M. Zhang, Y. Zhang, and G. Shen, “PPDDS: A privacy-preserving
disease diagnosis scheme based on the secure mahalanobis
distance evaluation model,” IEEE Syst. J., pp. 1–11, 2021,
doi: 10.1109/JSYST.2021.3093415.
[8] M. Gong, Y. Xie, K. Pan, K. Feng, and A. K. Qin, “A survey on dif-
ferentially private machine learning,” IEEE Comput. Intell. Mag.,
vol. 15, no. 2, pp. 49–64, May 2020.
[9] M. Hao, H. Li, X. Luo, G. Xu, H. Yang, and S. Liu, “Efficient and
privacy-enhanced federated learning for industrial artificial
intelligence,” IEEE Trans. Ind. Informat., vol. 16, no. 10, pp. 6532–6542,
Oct. 2020.
[10] J. So, B. Guler, and S. Avestimehr, “A scalable approach for pri-
vacy-preserving collaborative machine learning,” in Proc. Adv.
Neural Inf. Process. Syst., 2020, pp. 8054–8066.
[11] K. Bonawitz et al., “Practical secure aggregation for privacy-pre-
serving machine learning,” in Proc. ACM SIGSAC Conf. Comput.
Commun. Secur., 2017, pp. 1175–1191.
[12] Y. Chen, X. Qin, J. Wang, C. Yu, and W. Gao, “FedHealth: A feder-
ated transfer learning framework for wearable healthcare,” IEEE
Fig. 13. Running time of different FL schemes. Intell. Syst., vol. 35, no. 4, pp. 83–93, Jul./Aug. 2020.
Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
CHEN ET AL.: ESB-FL: EFFICIENT AND SECURE BLOCKCHAIN-BASED FEDERATED LEARNING WITH FAIR PAYMENT 773

[13] V. Mugunthan, A. Polychroniadou, D. Byrd, and T. H. Balch, [37] Y. Lu, X. Huang, K. Zhang, S. Maharjan, and Y. Zhang,
“Smpai: Secure multi-party computation for federated learning,” “Blockchain empowered asynchronous federated learning for
in Proc. NeurIPS Workshop Robust AI Financial Serv., 2019, pp. 1–9. secure data sharing in internet of vehicles,” IEEE Trans. Veh. Tech-
[14] V. Goyal, A. Jain, Z. Jin, and G. Malavolta, “Statistical zaps and nol., vol. 69, no. 4, pp. 4298–4311, Apr. 2020.
new oblivious transfer protocols,” in Proc. Int. Conf. Theory Appl. [38] Y. Wan, Y. Qu, L. Gao, and Y. Xiang, “Privacy-preserving block-
Cryptographic Techn., 2020, pp. 668–699. chain-enabled federated learning for B5G-driven edge computing,”
[15] T. Song, Y. Tong, and S. Wei, “Profit allocation for federated Comput. Netw., , 204, p. 108671, 2022.
learning,” in Proc. IEEE Int. Conf. Big Data, 2019, pp. 2577–2586. [39] J. Kang, Z. Xiong, D. Niyato, S. Xie, and J. Zhang, “Incentive
[16] Y. Liu, Z. Ai, S. Sun, S. Zhang, Z. Liu, and H. Yu, “Fedcoin: mechanism for reliable federated learning: A joint optimization
A peer-to-peer payment system for federated learning,” in Proc. approach to combining reputation and contract theory,” IEEE
Federated Learn., 2020, pp. 125–138. Internet Things J., vol. 6, no. 6, pp. 10700–10714, Dec. 2019.
[17] Y. Zhan, J. Zhang, Z. Hong, L. Wu, P. Li, and S. Guo, “A survey of [40] P. Ramanan and K. Nakayama, “Baffle: Blockchain based aggre-
incentive mechanism design for federated learning,” IEEE Trans. gator free federated learning,” in Proc. IEEE Int. Conf. Blockchain,
Emerg. Topics Comput., to be published, doi: 10.1109/TETC.2021. 2020, pp. 72–81.
3063517. [41] J. Zhang, Y. Wu, and R. Pan, “Incentive mechanism for horizontal
[18] X. Bao, C. Su, Y. Xiong, W. Huang, and Y. Hu, “FLChain: A block- federated learning based on reputation and reverse auction,” in
chain for auditable federated learning with trust and incentive,” Proc. Web Conf., 2021, pp. 947–956.
in Proc. Int. Conf. Big Data Comput. Commun., 2019, pp. 151–159. [42] L. Gao, L. Li, Y. Chen, W. Zheng, C. Xu, and M. Xu, “FIFL: A fair
[19] H. Kim, J. Park, M. Bennis, and S.-L. Kim, “Blockchained on- incentive mechanism for federated learning,” in Proc. Int. Conf.
device federated learning,” IEEE Commun. Lett., vol. 24, no. 6, Parallel Process., 2021, pp. 1–10.
pp. 1279–1283, Jun. 2019. [43] A. Abdaoui, A. Erbad, A. Al-Ali, A. Mohamed, and M. Guizani,
[20] R. Kumar et al., “Blockchain-federated-learning and deep learning “Fuzzy elliptic curve cryptography for authentication in Internet
models for COVID-19 detection using ct imaging,” IEEE Sensors J., of Things,” IEEE Internet Things J., to be published, doi: 10.1109/
vol. 21, no. 14, pp. 16 301–16 314, Jul. 2021. JIOT.2021.3121350.
[21] Y. Qu et al., “Decentralized privacy using blockchain-enabled fed- [44] E. Dufour-Sans, R. Gay, and D. Pointcheval, “Reading in the
erated learning in fog computing,” IEEE Internet Things J., vol. 7, dark: Classifying encrypted digits with functional encryption,”
no. 6, pp. 5171–5183, Jun. 2020. IACR Cryptol. ePrint Arch., vol. 2018, p. 206, 2018.
[22] Y. Lin, S. Han, H. Mao, Y. Wang, and W. J. Dally, “Deep gradient [45] A. Kiayias, A. Russell, B. David, and R. Oliynykov, “Ouroboros:
compression: Reducing the communication bandwidth for distrib- A provably secure proof-of-stake blockchain protocol,” in Proc.
uted training,” 2017, arXiv:1712.01887. Annu. Int. Cryptol. Conf., 2017, pp. 357–388.
[23] L. Zelei et al., “Contribution-aware federated learning for smart [46] H. Li and X.-J. Wu, “DenseFuse: A fusion approach to infrared
healthcare,” in Proc. 34th Annu. Conf. Innov. Appl. Artif. Intell., and visible images,” IEEE Trans. Image Process., vol. 28, no. 5,
2022. pp. 2614–2623, May 2019.
[24] K. Wei et al., “Federated learning with differential privacy: Algo- [47] Y. Lu, X. Huang, Y. Dai, S. Maharjan, and Y. Zhang, “Blockchain and
rithms and performance analysis,” IEEE Trans. Inf. Forensics Secur., federated learning for privacy-preserved data sharing in industrial
vol. 15, pp. 3454–3469, 2020. IoT,” IEEE Trans. Ind. Informat., vol. 16, no. 6, pp. 4177–4186,
[25] H. Zheng, H. Hu, and Z. Han, “Preserving user privacy for Jun. 2020.
machine learning: Local differential privacy or federated machine
learning?,” IEEE Intell. Syst., vol. 35, no. 4, pp. 5–14, Jul./Aug.
2020.
[26] M. Kim, O. G€ unl€u, and R. F. Schaefer, “Federated learning with Biwen Chen received the PhD degree from the
local differential privacy: Trade-offs between privacy, utility, and School of Computer, Wuhan University, in 2020.
communication,” in Proc. IEEE Int. Conf. Acoust. Speech Signal Pro- He is currently an assistant professor with the
cess., 2021, pp. 2650–2654. School of Computer, Chongqing University. His
[27] Y. Li, H. Li, G. Xu, T. Xiang, and R. Lu, “Practical privacy-preserv- main research interests include cryptography,
ing federated learning in vehicular fog computing,” IEEE Trans. information security, and blockchain.
Veh. Technol., vol. 71, no. 5, pp. 4692–4705, 2022.
[28] I. Damgaard, D. Escudero, T. Frederiksen, M. Keller, P. Scholl, and
N. Volgushev, “New primitives for actively-secure MPC over
rings with applications to private machine learning,” in Proc.
IEEE Symp. Secur. Privacy, 2019, pp. 1102–1120.
[29] J. Zhang, B. Chen, S. Yu, and H. Deng, “PEFL: A privacy-
enhanced federated learning scheme for Big Data analytics,” in Honghong Zeng received the BE degree from
Proc. IEEE Glob. Commun. Conf., 2019, pp. 1–6. the School of Information Engineering, Nanchang
[30] C. Zhang, S. Li, J. Xia, W. Wang, F. Yan, and Y. Liu, “fBatchCrypt University, China, where she is currently working
g: Efficient homomorphic encryption for {Cross-Silo} federated toward the master’s degree with the College of
learning,” in Proc. USENIX Annu. Tech. Conf., 2020, pp. 493–506. Computer Science, Chongqing University. Her
[31] H. Chaudhari, R. Rachuri, and A. Suresh, “Trident: Efficient 4pc research interests include blockchain and secure
framework for privacy preserving machine learning,” 2019, arXiv: medical image processing.
1912.02631.
[32] S. D. Gordon, S. Ranellucci, and X. Wang, “Secure computation
with low communication from cross-checking,” in Proc. Int. Conf.
Theory Appl. Cryptol. Inf. Secur., 2018, pp. 59–85.
[33] M. S. Riazi, K. Laine, B. Pelton, and W. Dai, “HEAX: An architec-
ture for computing on encrypted data,” in Proc. Int. Conf. Architec-
tural Support Program. Lang. Operating Syst., 2020, pp. 1295–1309. Tao Xiang (Senior Member, IEEE) received the
[34] R. Xu, J. B. Joshi, and C. Li, “CryptoNN: Training neural networks BEng, MS, and PhD degrees in computer science
over encrypted data,” in Proc. Int. Conf. Distrib. Comput. Syst., from Chongqing University, China, in 2003, 2005,
2019, pp. 1199–1209. and 2008, respectively. He is currently a profes-
[35] T.-I. Szatmari, M. K. Petersen, M. J. Korzepa, and T. Giannetsos, sor with the College of Computer Science,
“Modelling audiological preferences using federated learning,” Chongqing University, China. His research inter-
in Proc. ACM Conf. User Model. Adapt. Personalization, 2020, ests include multimedia security, cloud security,
pp. 187–190. data privacy and cryptography. He has pub-
[36] S. Guo et al., “Robust and privacy-preserving collaborative learn- lished more than 100 papers on international
ing: A comprehensive survey,” 2021. [Online]. Available: https:// journals and conferences. He also served as a
arxiv.org/abs/2112.10183 referee for numerous international journals and
conferences.

Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.
774 IEEE TRANSACTIONS ON BIG DATA, VOL. 10, NO. 6, NOVEMBER/DECEMBER 2024

Shangwei Guo received the PhD degree in com- Yang Liu (Senior Member, IEEE) received the
puter science from Chongqing University, Chon- BComp (Hons.) degree from the National Univer-
gqing, China, 2017. He is currently an associate sity of Singapore (NUS), in 2005, and the PhD
professor with the College of Computer Science, degree from National University of Singapore
Chongqing University. He worked as a postdoctoral (NUS) and MIT, in 2010. He started his postdoc-
research fellow with the Hong Kong Baptist Univer- toral work in NUS and MIT, in 2012, he joined
sity and Nanyang Technological University from Nanyang Technological University (NTU). He is
2018 to 2020. His research interests include currently a full professor and the director of the
secure deep learning, secure cloud/edge comput- Cybersecurity Laboratory, NTU. He specializes in
ing, and database security. software verification, security, and software engi-
neering. His research has bridged the gap between
the theory and practical usage of formal methods and program analysis to
Tianwei Zhang (Member, IEEE) received the evaluate the design and implementation of software for high assurance
bachelor’s degree from Peking University, in 2011, and security. By now, he has more than 270 publications in top tier confer-
and the PhD degree from Princeton University, in ences and journals. He received a number of prestigious awards, including
2017. He is currently an assistant professor with the MSRA Fellowship, the TRF Fellowship, the Nanyang Assistant Profes-
the School of Computer Science and Engineering, sor, the Tan Chin Tuan Fellowship, the Nanyang Research Award, and eight
Nanyang Technological University. His research best paper awards in top conferences, such as ASE, FSE, and ICSE.
focuses on computer system security. He is partic-
ularly interested in security threats and defenses in
machine learning systems, autonomous systems, " For more information on this or any other computing topic,
computer architecture, and distributed systems. please visit our Digital Library at www.computer.org/csdl.

Authorized licensed use limited to: Nanyang Technological University Library. Downloaded on December 10,2024 at 06:43:32 UTC from IEEE Xplore. Restrictions apply.

You might also like