Federated learning with bilateral defense via blockchain

Abstract

Federated Learning (FL) offers benefits in protecting client data privacy but also faces multiple security challenges, such as privacy breaches from unencrypted data transmission and poisoning attacks that compromise model performance, however, most existing solutions address only one of these issues. In this paper, we consider a more challenging threat model—the non-fully trusted model, wherein both malicious clients and honest-but-curious servers coexist. To this end, we propose a Federated Learning with Bilateral Defense via Blockchain (FedBASS) scheme that tackles both threats by implementing a dual-server architecture (Analyzer and Verifier), using CKKS encryption to secure client-uploaded gradients, and employing cosine similarity to detect malicious clients. Additionally, we address the problem of non-IID data by proposing a gradient compensation strategy based on dynamic clustering. To further enhance privacy during clustering, we propose a weakened differential privacy scheme augmented with shuffling. Moreover, in FedBASS, the communication process between servers is recorded on the blockchain to ensure the robustness and transparency of FedBASS and to prevent selfish behaviors by clients and servers. Finally, extensive experiments conducted on three datasets prove that FedBASS effectively achieves a balance among model fidelity, robustness, efficiency, privacy, and practicality.