Privacy-Preserving Cross-Silo Federated Learning Atop Blockchain for IoT

Abstract

Cross-silo federated learning (FL) is promising in facilitating data collaboration across various organizations, which greatly alleviates the information silo problem in industries and promotes the data intelligence of internet of things. With the advances of decentralized FL, the higher requirements of trust and privacy are put forward. Traditional FL heavily relies on a central coordinating server, which suffers from single points of failure and lacks trust in the correctness of aggregation results. What’s more, the intrinsic privacy issues of FL have aroused public attention, such as gradient inversion attack in local gradients. However, the privacy of quantized gradients remains serious and lacks attention, especially the most extremely 1-bit quantization in sign-based FL. In this paper, we demonstrate the potential privacy risk in sign-based FL by presenting a new gradient inversion attack, which successfully restores the original data from sign-based quantized gradients. And then we tackle the above two challenges via constructing a self-aggregation privacy-preserving federated learning atop blockchain, which takes advantage of a variant of ElGamal encryption to protect the privacy of local sign-based quantized gradients, and leverages the smart contract to achieve secure self-aggregation for participants without involving a centralized server. Moreover, we analyze that the proposed protocol achieves privacy and public verifiability. Finally, we evaluate the performance of the proposed protocol with a real deep learning model, and the results show that our protocol is resilient against gradient inversion attack in a decentralized environment without sacrificing learning accuracy.