# Blockchain-Based Trusted Federated Learning with Pre-Trained Models for COVID-19 Detection

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

- We generally build complex deep learning models to improve the accuracy of detection, which meets the requirements of training with huge medical data. Therefore, how to reduce the computational and communication overhead of the big model is a problem.
- The medical data has strong privacy attributes, and individuals and society broadly raise the requirements for data security. Therefore, how to strengthen the privacy preserving of medical data and prevent the disclosure of sensitive patient data is an urgent problem.
- The parties participating in federated learning may be untrustworthy, they may accidentally use unprocessed dirty data, or they may intentionally use poisoned data. Therefore, how to identify untrusted participants and avoid global model poisoning is an open problem.
- It is best to record the behavior of untrusted participants and dishonest servers for traceability at anytime. Therefore, how to preserve the training process of federated learning and promote the transparency of cooperative governance is a problem that needs to be solved.

- Instead of training new models from scratch, we propose to use pre-trained models in federated learning. The pre-trained models can improve the accuracy of the model and need to train fewer model parameters, which can significantly reduce the training time. Meanwhile, participants only need to upload the parameters of the trained part, which can considerably reduce the communication and computational overhead of the server.
- We propose to use differential privacy mechanisms and homomorphic encryption algorithms to enhance privacy protection. The differential privacy mechanism adds perturbation to the model parameters to prevent untrusted clients or servers from inferring sensitive information of the model updates. The homomorphic encryption algorithm ensures that the calculation process on the server is invisible to the server, which can effectively prevent the malicious behavior of the server.
- Untrusted participants may submit harmful model updates to interfere with the aggregation process and poison the global model. We propose a secure Multi-Krum aggregation algorithm using the CKKS homomorphic encryption scheme. The CKKS algorithm supports fast homomorphism calculation with float numbers, and the Multi-Krum algorithm is based on the Krum aggregation rule, which can filter out abnormal model updates to prevent the global model being poisoned.
- We propose using blockchain to record the federated learning training process. Hyperledger Fabric is a permissioned blockchain that supports smart contract and pluggable consensus protocol, and we use it as a distributed storage to hold the model parameters of each training round. In addition, we integrate the SmartBFL consensus algorithm for it, which further enhances the robustness and has a relatively high efficiency.

## 2. Related Works

## 3. System Definition

#### 3.1. System Model

- Key Management Center (KMC): A third-party trusted authority responsible for managing and distributing the public/private key pairs of client and validator.
- Client: As the data owner and federated learning participant, the client holds the public and private key pair $({pk}_{x},\phantom{\rule{4pt}{0ex}}{sk}_{x})$ published by the KMC, aiming to benefit from the best global model through collaborative training.
- Trainer: It uses the client’s local data to perform specific federated learning tasks to obtain local model updates.
- Resolver: This is an honest but curious central server which is responsible for collecting the gradient information submitted from the client and executing the gradient validating and filtering.
- Validator: This is another honest but curious and non-collusive central server holding a pair of public/private keys $({pk}_{v},\phantom{\rule{4pt}{0ex}}{sk}_{v})$ published by the KMC, which collaborates with the resolver to compute gradient validating and filtering.

- Hyperledger Fabric CA: This is the default CA Server component and is used to issue PKI-based certificates to the organization’s members and users.
- Organization: This is authorized to join the blockchain network, also known as the “member”, and performs transactions by the peer nodes.
- Peer: Owned by the organization’s members, this maintains the ledger and uses a chaincode container to perform read and write operations.
- Orderer: This provides an ordering service for all channels on the network and packages transactions into a block for distribution to the connected peer nodes for verification and submission.
- Channel: Each channel in the network corresponds to a ledger, which is shared by all peer nodes in the channel. The transaction parties must be authenticated to the channel to interact with the ledger.
- Ledger: This consists of a “blockchain”, which forms the immutable structure, and a “world state”, which stores the value of the current state of the ledger.
- Chaincode: The chaincode, or smart contract, represents the business logic of the blockchain application. Smart contract programmatically accesses the “blockchain” as well as manipulates the “world state” in the ledger.

#### 3.2. FL Model

#### 3.3. ViT Model

#### 3.4. Threat Model

#### 3.5. Design Objective

## 4. System Design

#### 4.1. System Initialization

Algorithm 1: SystemInitialization |

#### 4.2. Local Model Training

Algorithm 2: LocalModelTraining |

#### 4.3. Upload Local Model

Algorithm 3: UploadLocalModel |

#### 4.4. Global Model Aggregation

Algorithm 4: GlobalModelAggregate |

#### 4.5. SmartBFT Consensus

Algorithm 5: SmartBFTConsensus |

#### 4.6. Download Global Model

Algorithm 6: DownloadGlobalModel |

## 5. System Analysis

#### 5.1. Privacy and Security

- The Multi-Krum aggregate rule is able to resist the threat of poisoning attack launching by malicious participants. In order to poison the global model, malicious participants upload malicious models to the server to participate in the aggregation process, and the malicious model behaves far away from the general benign model on the vector space. By calculating the Euclidean distance between each model, we select models that are similar to majority models to aggregate the global model, thereby filtering out malicious models. Therefore, when the proportion of malicious actors is not dominant, the Multi-Krum algorithm is able to guarantee the robustness of the global model without affecting the normal convergence.
- The ($\u03f5$, $\delta $)-differential privacy mechanism can prevent the threat caused by an inference attack. The model contains the knowledge of the training data from which we can infer sensitive information of users, leading to privacy leakage. Differential privacy proposes a strict definition of privacy protection, and we satisfy the constraint of differential privacy through the noise mechanism. Meanwhile, differential privacy is transitive; that is, for a random algorithm $\mathcal{M}$ satisfying ($\u03f5$, $\delta $)-DP, the new algorithm $f\circ \mathcal{M}$ constituted by any form of processing on its result also satisfies ($\u03f5$, $\delta $)-DP. In the training process, we trim the gradient and add Gaussian noise to it, then the gradient with noise also has the characteristic of differential privacy, which can be passed to the subsequent inference process.
- The CKKS fully homomorphic encryption scheme avoids the threat of a model extraction attack while strengthening the protection of data security. It provides a homomorphic operation based on floating-point numbers, which we adopt to encrypt the model. Since the model is encrypted and stored in the blockchain, anyone who does not hold the decryption key will not be able to decrypt the plaintext model from it during transmission and aggregation. Meanwhile, we set two non-colluding servers to execute the Multi-Krum algorithm on the encrypted models to prevent the servers from stealing the plaintext models.
- The permissioned blockchain provides the functions of member management and data management. The users with permission can upload or download models stored in the blockchain, while others cannot access the models. Meanwhile, the models stored in the blockchain can only be added and queried, but not deleted or modified, which is supported by the tamper-proof feature of the blockchain. In addition, anyone with audit authority can access the historical models stored in the blockchain for model verification.

#### 5.2. Convergence Analysis

**Assumption 1**

**Assumption 2**

**Assumption 3**

**Theorem 1.**

**Remark 1.**

**Definition 1**

**Definition 2**

**Assumption 4**

**Theorem 2.**

#### 5.3. Complexity Analysis

## 6. Experiments and Numerical Results

#### 6.1. Dataset and Experimental Setting

#### 6.2. Evaluation Metrics

- TP (True Positive): the number of positive samples predicted as positive.
- TN (True Negative): the number of negative samples predicted as negative.
- FP (False Positive): the number of negative samples predicted as positive.
- FN (False Negative): the number of positive samples predicted as negative.
- Accuracy: the proportion of correctly predicted samples (TP + TN) to all samples (TP + TN + FP + FN), which measures how well a binary classifier correctly predicts.$$Accuracy=\frac{TP+TN}{TP+TN+FP+FN}$$
- Error rate: the proportion of incorrectly predicted samples (FP + FN) to all samples (TP + TN + FP + FN), which is relative to Accuracy with Error = 1 − Accuracy.$$Error=\frac{FP+FN}{TP+TN+FP+FN}$$
- Precision: the proportion of positive samples predicted as positive (TP) to positive predicted samples (TP + FP), which is also known as the positive predictive value in binary classification.$$Precision=\frac{TP}{TP+FP}$$
- Recall: the proportion of positive samples predicted as positive (TP) to the actual positive samples (TP + FN), which is also known as Sensitivity or the true positive rate (TPR) in binary classification.$$Recall=\frac{TP}{TP+FN}$$
- ${F}_{1}$-Score: the traditional F-measure or F-score (${F}_{1}$) is the harmonic mean of Precision (P) and Recall (R), which is a symmetric representation of both Precision and Recall in one metric. The highest possible value of an F-score is 1, indicating perfect Precision and Recall, and the lowest possible value is 0, if either Precision or Recall are 0.$${F}_{1}=2\xb7\frac{P\xb7R}{P+R}$$
- ${F}_{\beta}$-Score: the more general F-score (${F}_{\beta}$) applies additional weights, valuing one of Precision or $Recall$ more than the other. The positive real factor $\beta $ is chosen such that Recall is considered $\beta $ times as important as Precision, and when $\beta =1$, it is the ${F}_{1}$-Score.$${F}_{\beta}=(1+{\beta}^{2})\xb7\frac{P\xb7R}{{\beta}^{2}\xb7P+R}$$
- PR Curve: the Precision-Recall (PR) curve shows the tradeoff between Precision and Recall for different thresholds, which can be used to evaluate the output quality of a binary classifier at all classification thresholds.
- TPR: the true positive rate (TPR) is the proportion of positive samples predicted as positive (TP) to actual positive samples (TP + FN), which is the same as Recall.$$TPR=\frac{TP}{TP+FN}$$
- FPR: the false positive rate (FPR) is the proportion of negative samples predicted as positive (FP) to actual negative samples (TN + FP).$$FPR=\frac{FP}{TN+FP}$$
- ROC Curve: the receiver operating characteristic (ROC) curve plots TPR against FPR at various threshold settings, which illustrates the performance of a binary classifier as its classification threshold is varied.
- AUC: the area under the ROC curve (AUC) measures the entire two-dimensional area underneath the entire ROC curve from (0, 0) to (1, 1), which provides an aggregate measure of performance across all possible classification thresholds.
- Sensitivity: the probability of a positive predicted sample (TP), conditioned on being an actual positive sample (TP + FN), which is the same as TPR.$$Sensitivity=\frac{TP}{TP+FN}$$
- Specificity: the probability of a negative predicted sample (TN), conditioned on being an actual negative sample (TN + FP), which equals the true negative rate (TNR).$$Specificity=\frac{TN}{TN+FP}$$

#### 6.3. Performance Evaluation

#### 6.3.1. Evaluation of Pre-Trained Models

#### 6.3.2. Effectiveness of Differential Privacy

#### 6.3.3. Robustness of Byzantine Aggregation

#### 6.3.4. Efficiency of Homomorphic Encryption

#### 6.3.5. Performance of Blockchain Storage

## 7. Conclusions and Future Work

## Author Contributions

## Funding

## Data Availability Statement

## Acknowledgments

## Conflicts of Interest

## Appendix A

#### Appendix A.1

**Proof**

**of**

**Theorem**

**1.**

- for $r<1,\gamma =0$ and $\eta \propto 1/\sqrt{T}$, $\mathcal{F}\left(x\right)=\frac{x}{{\mathrm{min}}_{0<c<1}f(c,r)}$ where$$f(c,r):=\frac{(1+rc)}{\sqrt{{r}^{2}+2rc+1}}+\frac{(1-rc)}{\sqrt{{r}^{2}-2rc+1}}$$
- for $r\ge 1,\gamma =0$ and $\eta \propto 1/\sqrt{T}$, $\mathcal{F}\left(x\right)=\infty $
- for $r\ge 1,\gamma >0$ and $\eta \propto 1/\sqrt{T}$, $\mathcal{F}$ is the convex envelope of Equation (A3) and strictly increasing.

#### Appendix A.2

**Proof**

**of**

**Theorem**

**2.**

## References

- Bedford, J.; Enria, D.; Giesecke, J.; Heymann, D.L.; Ihekweazu, C.; Kobinger, G.; Lane, H.C.; Memish, Z.; don Oh, M.; Sall, A.A.; et al. COVID-19: Towards controlling of a pandemic. Lancet
**2020**, 395, 1015–1018. [Google Scholar] [CrossRef] - Li, M. Chest CT features and their role in COVID-19. Radiol. Infect. Dis.
**2020**, 7, 51–54. [Google Scholar] [CrossRef] - Zhao, J.Y.; Yan, J.Y.; Qu, J.M. Interpretations of “Diagnosis and Treatment Protocol for Novel Coronavirus Pneumonia (Trial Version 7)”. Chin. Med J.
**2020**, 133, 1347–1349. [Google Scholar] [CrossRef] - Wang, J.; Liu, J.; Wang, Y.; Liu, W.; Chen, X.; Sun, C.; Shen, X.; Wang, Q.; Wu, Y.; Liang, W.; et al. Dynamic changes of chest CT imaging in patients with COVID-19. J. Zhejiang Univ. Med Sci.
**2020**, 49, 191–197. [Google Scholar] [CrossRef] - Song, Y.; Zheng, S.; Li, L.; Zhang, X.; Zhang, X.; Huang, Z.; Chen, J.; Wang, R.; Zhao, H.; Chong, Y.; et al. Deep Learning Enables Accurate Diagnosis of Novel Coronavirus (COVID-19) With CT Images. IEEE/ACM Trans. Comput. Biol. Bioinform.
**2021**, 18, 2775–2780. [Google Scholar] [CrossRef] - Ozturk, T.; Talo, M.; Yildirim, E.A.; Baloglu, U.B.; Yildirim, O.; Acharya, U.R. Automated detection of COVID-19 cases using deep neural networks with X-ray images. Comput. Biol. Med.
**2020**, 121, 103792. [Google Scholar] [CrossRef] - Tai, Y.; Gao, B.; Li, Q.; Yu, Z.; Zhu, C.; Chang, V. Trustworthy and Intelligent COVID-19 Diagnostic IoMT Through XR and Deep-Learning-Based Clinic Data Access. IEEE Internet Things J.
**2021**, 8, 15965–15976. [Google Scholar] [CrossRef] - Voigt, P.; von dem Bussche, A. The EU General Data Protection Regulation (GDPR); Springer International Publishing: Cham, Switzerland, 2017. [Google Scholar] [CrossRef]
- Yang, J.J.; Li, J.Q.; Niu, Y. A hybrid solution for privacy preserving medical data sharing in the cloud environment. Future Gener. Comput. Syst.
**2015**, 43–44, 74–86. [Google Scholar] [CrossRef] - Zhao, Y.; Zhao, J.; Jiang, L.; Tan, R.; Niyato, D.; Li, Z.; Lyu, L.; Liu, Y. Privacy-Preserving Blockchain-Based Federated Learning for IoT Devices. IEEE Internet Things J.
**2021**, 8, 1817–1829. [Google Scholar] [CrossRef] - Wang, R.; Lai, J.; Zhang, Z.; Li, X.; Vijayakumar, P.; Karuppiah, M. Privacy-Preserving Federated Learning for Internet of Medical Things under Edge Computing. IEEE J. Biomed. Health Inform.
**2022**, 27, 854–865. [Google Scholar] [CrossRef] - Treleaven, P.; Smietanka, M.; Pithadia, H. Federated Learning: The Pioneering Distributed Machine Learning and Privacy-Preserving Data Technology. Computer
**2022**, 55, 20–29. [Google Scholar] [CrossRef] - Yang, Q.; Liu, Y.; Chen, T.; Tong, Y. Federated Machine Learning. ACM Trans. Intell. Syst. Technol.
**2019**, 10, 1–19. [Google Scholar] [CrossRef] - Kairouz, P.; McMahan, H.B.; Avent, B.; Bellet, A.; Bennis, M.; Bhagoji, A.N.; Bonawitz, K.; Charles, Z.; Cormode, G.; Cummings, R.; et al. Advances and Open Problems in Federated Learning. arXiv
**2019**, arXiv:1912.04977. [Google Scholar] - Ronneberger, O.; Fischer, P.; Brox, T. U-Net: Convolutional Networks for Biomedical Image Segmentation. In Proceedings of the Medical Image Computing and Computer-Assisted Intervention—MICCAI 2015, Munich, Germany, 5–9 October 2015; pp. 234–241. [Google Scholar] [CrossRef]
- Badrinarayanan, V.; Kendall, A.; Cipolla, R. SegNet: A Deep Convolutional Encoder-Decoder Architecture for Image Segmentation. IEEE Trans. Pattern Anal. Mach. Intell.
**2017**, 39, 2481–2495. [Google Scholar] [CrossRef] - Dosovitskiy, A.; Beyer, L.; Kolesnikov, A.; Weissenborn, D.; Zhai, X.; Unterthiner, T.; Dehghani, M.; Minderer, M.; Heigold, G.; Gelly, S.; et al. An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale. arXiv
**2020**, arXiv:2010.11929. [Google Scholar] - Rajpurkar, P.; Irvin, J.; Zhu, K.; Yang, B.; Mehta, H.; Duan, T.; Ding, D.; Bagul, A.; Langlotz, C.; Shpanskaya, K.; et al. CheXNet: Radiologist-Level Pneumonia Detection on Chest X-Rays with Deep Learning. arXiv
**2017**, arXiv:1711.05225. [Google Scholar] - Habib, N.; Hasan, M.M.; Reza, M.M.; Rahman, M.M. Ensemble of CheXNet and VGG-19 Feature Extractor with Random Forest Classifier for Pediatric Pneumonia Detection. SN Comput. Sci.
**2020**, 1, 359. [Google Scholar] [CrossRef] - Lee, E.H.; Zheng, J.; Colak, E.; Mohammadzadeh, M.; Houshmand, G.; Bevins, N.; Kitamura, F.; Altinmakas, E.; Reis, E.P.; Kim, J.K.; et al. Deep COVID DeteCT: An international experience on COVID-19 lung detection and prognosis using chest CT. Npj Digit. Med.
**2021**, 4, 11. [Google Scholar] [CrossRef] - Al-Waisy, A.S.; Al-Fahdawi, S.; Mohammed, M.A.; Abdulkareem, K.H.; Mostafa, S.A.; Maashi, M.S.; Arif, M.; Garcia-Zapirain, B. COVID-CheXNet: Hybrid deep learning framework for identifying COVID-19 virus in chest X-rays images. Soft Comput.
**2023**, 27, 2657–2672. [Google Scholar] [CrossRef] - Gozes, O.; Frid-Adar, M.; Greenspan, H.; Browning, P.D.; Zhang, H.; Ji, W.; Bernheim, A.; Siegel, E. Rapid AI Development Cycle for the Coronavirus (COVID-19) Pandemic: Initial Results for Automated Detection & Patient Monitoring using Deep Learning CT Image Analysis. arXiv
**2020**, arXiv:2003.05037. [Google Scholar] - Gupta, R.K.; Kunhare, N.; Pathik, N.; Pathik, B. An AI-enabled pre-trained model-based Covid detection model using chest X-ray images. Multimed. Tools Appl.
**2022**, 81, 37351–37377. [Google Scholar] [CrossRef] - Xiao, B.; Yang, Z.; Qiu, X.; Xiao, J.; Wang, G.; Zeng, W.; Li, W.; Nian, Y.; Chen, W. PAM-DenseNet: A Deep Convolutional Neural Network for Computer-Aided COVID-19 Diagnosis. IEEE Trans. Cybern.
**2022**, 52, 12163–12174. [Google Scholar] [CrossRef] - Kumar, R.; Khan, A.A.; Kumar, J.; Zakria; Golilarz, N.A.; Zhang, S.; Ting, Y.; Zheng, C.; Wang, W. Blockchain-Federated-Learning and Deep Learning Models for COVID-19 Detection Using CT Imaging. IEEE Sens. J.
**2021**, 21, 16301–16314. [Google Scholar] [CrossRef] - Yang, D.; Xu, Z.; Li, W.; Myronenko, A.; Roth, H.R.; Harmon, S.; Xu, S.; Turkbey, B.; Turkbey, E.; Wang, X.; et al. Federated semi-supervised learning for COVID region segmentation in chest CT using multi-national data from China, Italy, Japan. Med. Image Anal.
**2021**, 70, 101992. [Google Scholar] [CrossRef] - Dayan, I.; Roth, H.R.; Zhong, A.; Harouni, A.; Gentili, A.; Abidin, A.Z.; Liu, A.; Costa, A.B.; Wood, B.J.; Tsai, C.S.; et al. Federated learning for predicting clinical outcomes in patients with COVID-19. Nat. Med.
**2021**, 27, 1735–1743. [Google Scholar] [CrossRef] - Kandati, D.R.; Gadekallu, T.R. Genetic Clustered Federated Learning for COVID-19 Detection. Electronics
**2022**, 11, 2714. [Google Scholar] [CrossRef] - Yang, Q.; Zhang, J.; Hao, W.; Spell, G.P.; Carin, L. FLOP: Federated Learning on Medical Datasets using Partial Networks. ACM
**2021**, 8, 3845–3853. [Google Scholar] [CrossRef] - McMahan, H.B.; Moore, E.; Ramage, D.; Hampson, S.; y Arcas, B.A. Communication-Efficient Learning of Deep Networks from Decentralized Data. arXiv
**2016**, arXiv:1602.05629. [Google Scholar] - Blanchard, P.; Mhamdi, E.M.E.; Guerraoui, R.; Stainer, J. Byzantine-Tolerant Machine Learning. arXiv
**2017**, arXiv:1703.02757. [Google Scholar] - Yin, D.; Chen, Y.; Ramchandran, K.; Bartlett, P. Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates. arXiv
**2018**, arXiv:1803.01498. [Google Scholar] - Truex, S.; Baracaldo, N.; Anwar, A.; Steinke, T.; Ludwig, H.; Zhang, R.; Zhou, Y. A Hybrid Approach to Privacy-Preserving Federated Learning. In Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, London, UK, 15 November 2019; pp. 1–11. [Google Scholar] [CrossRef]
- Wibawa, F.; Catak, F.O.; Kuzlu, M.; Sarp, S.; Cali, U. Homomorphic Encryption and Federated Learning based Privacy-Preserving CNN Training: COVID-19 Detection Use-Case. In Proceedings of the European Interdisciplinary Cybersecurity Conference (EICC), Barcelona, Spain, 15–16 June 2022; pp. 85–90. [Google Scholar] [CrossRef]
- Miao, Y.; Liu, Z.; Li, H.; Choo, K.K.R.; Deng, R.H. Privacy-Preserving Byzantine-Robust Federated Learning via Blockchain Systems. IEEE Trans. Inf. Forensics Secur.
**2022**, 17, 2848–2861. [Google Scholar] [CrossRef] - Qu, Y.; Gao, L.; Luan, T.H.; Xiang, Y.; Yu, S.; Li, B.; Zheng, G. Decentralized Privacy Using Blockchain-Enabled Federated Learning in Fog Computing. IEEE Internet Things J.
**2020**, 7, 5171–5183. [Google Scholar] [CrossRef] - Shayan, M.; Fung, C.; Yoon, C.J.M.; Beschastnikh, I. Biscotti: A Blockchain System for Private and Secure Federated Learning. IEEE Trans. Parallel Distrib. Syst.
**2021**, 32, 1513–1525. [Google Scholar] [CrossRef] - Nguyen, D.C.; Ding, M.; Pathirana, P.N.; Seneviratne, A.; Zomaya, A.Y. Federated Learning for COVID-19 Detection With Generative Adversarial Networks in Edge Cloud Computing. IEEE Internet Things J.
**2022**, 9, 10257–10271. [Google Scholar] [CrossRef] - Yang, Z.; Shi, Y.; Zhou, Y.; Wang, Z.; Yang, K. Trustworthy Federated Learning via Blockchain. IEEE Internet Things J.
**2023**, 10, 92–109. [Google Scholar] [CrossRef] - Islam, A.; Amin, A.A.; Shin, S.Y. FBI: A Federated Learning-Based Blockchain-Embedded Data Accumulation Scheme Using Drones for Internet of Things. IEEE Wirel. Commun. Lett.
**2022**, 11, 972–976. [Google Scholar] [CrossRef] - Yoosuf, M.S.; Muralidharan, C.; Shitharth, S.; Alghamdi, M.; Maray, M.; Rabie, O.B.J. FogDedupe: A Fog-Centric Deduplication Approach Using Multi-Key Homomorphic Encryption Technique. J. Sensors
**2022**, 2022, 6759875. [Google Scholar] [CrossRef] - Paillier, P. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes; Springer: Berlin/Heidelberg, Germany, 1999; pp. 223–238. [Google Scholar] [CrossRef]
- Brakerski, Z.; Gentry, C.; Vaikuntanathan, V. Fully Homomorphic Encryption without Bootstrapping. Cryptology ePrint Archive, Paper 2011/277. 2011. Available online: https://eprint.iacr.org/2011/277 (accessed on 1 June 2022).
- Fan, J.; Vercauteren, F. Somewhat Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Paper 2012/144. 2012. Available online: https://eprint.iacr.org/2012/144 (accessed on 1 June 2022).
- Cheon, J.H.; Kim, A.; Kim, M.; Song, Y. Homomorphic Encryption for Arithmetic of Approximate Numbers. In Proceedings of the Advances in Cryptology–ASIACRYPT 2017: 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, 3–7 December 2017; pp. 409–437. [Google Scholar] [CrossRef]
- Ghadimi, S.; Lan, G. Stochastic First- and Zeroth-Order Methods for Nonconvex Stochastic Programming. SIAM J. Optim.
**2013**, 23, 2341–2368. [Google Scholar] [CrossRef] - Revel, M.P.; Boussouar, S.; de Margerie-Mellon, C.; Saab, I.; Lapotre, T.; Mompoint, D.; Chassagnon, G.; Milon, A.; Lederlin, M.; Bennani, S.; et al. Study of Thoracic CT in COVID-19: The STOIC Project. Radiology
**2021**, 301, E361–E370. [Google Scholar] [CrossRef] - STOIC2021 Training—Registry of Open Data on AWS. Available online: https://registry.opendata.aws/stoic2021-training/ (accessed on 30 September 2022).
- Paszke, A.; Gross, S.; Massa, F.; Lerer, A.; Bradbury, J.; Chanan, G.; Killeen, T.; Lin, Z.; Gimelshein, N.; Antiga, L.; et al. PyTorch: An Imperative Style, High-Performance Deep Learning Library. In Proceedings of the Advances in Neural Information Processing Systems 32, Vancouver, BC, Canada, 8–14 December 2019; Wallach, H., Larochelle, H., Beygelzimer, A., d’Alché Buc, F., Fox, E., Garnett, R., Eds.; Curran Associates, Inc.: New York, NY, USA, 2019; pp. 8024–8035. [Google Scholar]
- Yousefpour, A.; Shilov, I.; Sablayrolles, A.; Testuggine, D.; Prasad, K.; Malek, M.; Nguyen, J.; Ghosh, S.; Bharadwaj, A.; Zhao, J.; et al. Opacus: User-Friendly Differential Privacy Library in PyTorch. arXiv
**2021**, arXiv:2109.12298. [Google Scholar] - Ibarrondo, A.; Viand, A. Pyfhel: Python for homomorphic encryption libraries. ACM
**2021**, 11, 11–16. [Google Scholar] [CrossRef] - Androulaki, E.; Barger, A.; Bortnikov, V.; Cachin, C.; Christidis, K.; Caro, A.D.; Enyeart, D.; Ferris, C.; Laventman, G.; Manevich, Y.; et al. Hyperledger fabric: A distributed operating system for permissioned blockchains. ACM
**2018**, 4, 1–15. [Google Scholar] [CrossRef] - Barger, A.; Manevich, Y.; Meir, H.; Tock, Y. A Byzantine Fault-Tolerant Consensus Library for Hyperledger Fabric. IEEE
**2021**, 5, 1–9. [Google Scholar] [CrossRef] - Manoharan, H.; Haleem, S.L.A.; Shitharth, S.; Kshirsagar, P.R.; Tirth, V.; Thangamani, M.; Chandan, R.R. A machine learning algorithm for classification of mental tasks. Comput. Electr. Eng.
**2022**, 99, 107785. [Google Scholar] [CrossRef] - Kshirsagar, P.R.; Manoharan, H.; Shitharth, S.; Alshareef, A.M.; Albishry, N.; Balachandran, P.K. Deep Learning Approaches for Prognosis of Automated Skin Disease. Life
**2022**, 12, 426. [Google Scholar] [CrossRef] - Shitharth, S.; Winston, D.P. Comparison of PRC based RVM classification versus SVM classification in SCADA network. J. Electr. Eng.
**2017**, 17, 318–331. [Google Scholar] - Jégou, S. Weights of Two ViT-L Models. 2022. Available online: https://zenodo.org/record/6547999 (accessed on 30 September 2022).
- Zhou, J.; Wei, C.; Wang, H.; Shen, W.; Xie, C.; Yuille, A.; Kong, T. iBOT: Image BERT Pre-Training with Online Tokenizer. arXiv
**2021**, arXiv:2111.07832. [Google Scholar] - Simonyan, K.; Zisserman, A. Very Deep Convolutional Networks for Large-Scale Image Recognition. arXiv
**2014**, arXiv:1409.1556. [Google Scholar] - He, K.; Zhang, X.; Ren, S.; Sun, J. Deep Residual Learning for Image Recognition. IEEE
**2016**, 6, 770–778. [Google Scholar] [CrossRef]

**Figure 7.**Confusion Matrix of Seven Models in Positive Prediction. (

**a**) VGG-16 Model without PTM Weights. (

**b**) VGG-16 Model with PTM Weights (ImageNet). (

**c**) ResNet-50 Model without PTM Weights. (

**d**) ResNet-50 Model with PTM Weights (ImageNet). (

**e**) ViT-L/16 Model without PTM Weights. (

**f**) ViT-L/16 Model with PTM Weights (ImageNet). (

**g**) ViT-L/16 Model with PTM Weights (CT scan).

**Figure 9.**Confusion Matrix of Seven Models in Severe Prediction. (

**a**) VGG-16 Model without PTM Weights. (

**b**) VGG-16 Model with PTM Weights (ImageNet). (

**c**) ResNet-50 Model without PTM Weights. (

**d**) ResNet-50 Model with PTM Weights (ImageNet). (

**e**) ViT-L/16 Model without PTM Weights. (

**f**) ViT-L/16 Model with PTM Weights (ImageNet). (

**g**) ViT-L/16 Model with PTM Weights (CT scan).

**Figure 10.**Federated Learning with Pre-Trained Models. (

**a**) The Accuracy of Positive Prediction. (

**b**) The Accuracy of Severe Prediction.

**Figure 11.**Federated Learning with $(\u03f5,\delta )$-Differential Privacy. (

**a**) The Accuracy at Different $\u03f5$. (

**b**) The Accuracy at Different $\delta $.

**Figure 12.**Federated Learning with BFT Aggregation Rule. (

**a**) The Accuracy under 0% Malicious Clients. (

**b**) The Accuracy under 10% Malicious Clients. (

**c**) The Accuracy under 30% Malicious Clients. (

**d**) The Accuracy under 50% Malicious Clients.

Study | A | B | C | D | E | F |
---|---|---|---|---|---|---|

Gozes et al. [22] | ✓ | |||||

Kumar et al. [25] | ✓ | ✓ | ||||

Blanchard et al. [31] | ✓ | |||||

Wibawa et al. [34] | ✓ | ✓ | ||||

Miao et al. [35] | ✓ | ✓ | ||||

Shayan et al. [37] | ✓ | ✓ | ||||

Nguyen et al. [38] | ✓ | ✓ | ||||

Yang et al. [39] | ✓ | ✓ | ✓ | |||

Ours | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

**A**: Federated Learning for COVID-19.

**B**: Training with Pre-Trained Models.

**C**: Privacy-Preserving Mechanism.

**D**: Byzantine Resilient Aggregation.

**E**: Permissioned Blockchain.

**F**: Byzantine Fault Tolerance Consensus.

Notation | Description |
---|---|

${pk}_{x}/{sk}_{x}$ | A pair of public/private keys of the client |

${pk}_{v}/{sk}_{v}$ | A pair of public/private keys of the validator |

N | Number of clients participating in federated learning |

$\mathcal{C}$ | A set of all clients participating in federated learning |

${c}_{i}$ | Federated learning participant, client ${c}_{i}\in \mathcal{C}$ |

$\mathcal{D}$ | A set of training datasets on all clients |

${\mathcal{D}}_{i}$ | Training dataset ${\mathcal{D}}_{i}\subseteq \mathcal{D}$ on the client ${c}_{i}$ |

b | Batch size |

t | Number of local iterations |

r | Number of global iterations |

$\eta $ | Local training learning rate |

${\mathit{g}}_{i}$ | Local gradient of the client ${c}_{i}$ |

${\mathit{w}}_{i}$ | Local model of the client ${c}_{i}$ |

${\mathit{w}}_{g}$ | Global model |

${\u27e6{\mathit{w}}_{i}\u27e7}_{{pk}_{x}}$ | Encrypted ${\mathit{w}}_{i}$ with ${pk}_{x}$ |

${\u27e6{\mathit{w}}_{i}\u27e7}_{{pk}_{v}}$ | Encrypted ${\mathit{w}}_{i}$ with ${pk}_{v}$ |

${\u27e6{\mathit{w}}_{g}\u27e7}_{{pk}_{x}}$ | Encrypted ${\mathit{w}}_{g}$ with ${pk}_{x}$ |

Role | Computation Cost | Communication Cost | |
---|---|---|---|

Clients | $\mathcal{O}\left(\right)open="("\; close=")">{T}_{enc}+{T}_{dec}$ | $\mathcal{O}\left({S}_{ct}\right)$ | |

Servers | Resolver | $\mathcal{O}\left(\right)open="("\; close=")">({n}^{3}+{n}^{2}+k)\xb7{T}_{add}+({n}^{2}+3)\xb7{T}_{mul}+{n}^{3}\xb7{T}_{rot}+\tau $ | $\mathcal{O}\left(\right)open="("\; close=")">(\frac{{n}^{2}-n}{2}+n+3)\xb7{S}_{ct}+\varsigma $ |

Validator | $\mathcal{O}\left(\right)open="("\; close=")">{T}_{enc}+(\frac{{n}^{2}-n}{2}+1)\xb7{T}_{dec}+\tau $ | $\mathcal{O}\left(\right)open="("\; close=")">(\frac{{n}^{2}-n}{2}+2)\xb7{S}_{ct}+\varsigma $ |

Label | Positive | Severity |
---|---|---|

0 | 795 | 904 |

1 | 1205 | 301 |

Software | Version | Purpose |
---|---|---|

Python | 3.9 | Program Language |

Golang | 1.18 | Program Language |

PyTorch | 1.12 | Deep Learning |

Opacus | 1.2 | Differential Privacy |

Pyfhel | 3.3 | Homomorphic Encryption |

Hyperledger Fabric | 2.3 | Blockchain |

SmartBFT | 2.3 | Consensus Protocol |

Docker | 20.10 | Container |

Ubuntu | 20.04 | Operating System |

Total = P + N = P${}^{\prime}$ + N${}^{\prime}$ | Predicted Outcome | ||
---|---|---|---|

Positive (P${}^{\prime}$) | Negative (N${}^{\prime}$) | ||

Actual Condition | Positive (P) | TP | FN |

Negative (N) | FP | TN |

Task | Model | Accuracy | Precision | Recall | ${\mathit{F}}_{1}$-Score | FPR | AUC | Specificity |
---|---|---|---|---|---|---|---|---|

T${}_{1}$ | A | 0.7049 | 0.7174 | 0.8212 | 0.7658 | 0.4606 | 0.7606 | 0.5394 |

B | 0.7699 | 0.7826 | 0.8425 | 0.8114 | 0.3333 | 0.8310 | 0.6667 | |

C | 0.7149 | 0.7265 | 0.8255 | 0.7729 | 0.4424 | 0.7721 | 0.5576 | |

D | 0.7774 | 0.7851 | 0.8553 | 0.8187 | 0.3333 | 0.8481 | 0.6667 | |

E | 0.7074 | 0.7122 | 0.8425 | 0.7719 | 0.4849 | 0.7810 | 0.5151 | |

F | 0.8450 | 0.8777 | 0.8553 | 0.8663 | 0.1697 | 0.9158 | 0.8303 | |

G | 0.8500 | 0.8691 | 0.8765 | 0.8728 | 0.1879 | 0.9162 | 0.8121 | |

T${}_{2}$ | A | 0.7344 | 0.5106 | 0.7272 | 0.6000 | 0.2629 | 0.8075 | 0.7371 |

B | 0.7717 | 0.5617 | 0.7575 | 0.6451 | 0.2229 | 0.8630 | 0.7771 | |

C | 0.7012 | 0.4741 | 0.8333 | 0.6043 | 0.3486 | 0.8260 | 0.6514 | |

D | 0.7593 | 0.5392 | 0.8333 | 0.6547 | 0.2686 | 0.8621 | 0.7314 | |

E | 0.7095 | 0.4830 | 0.8636 | 0.6195 | 0.3486 | 0.8400 | 0.6514 | |

F | 0.8464 | 0.6629 | 0.8939 | 0.7612 | 0.1714 | 0.9531 | 0.8286 | |

G | 0.8506 | 0.6666 | 0.9090 | 0.7690 | 0.1714 | 0.9514 | 0.8286 |

**T${}_{\mathbf{1}}$**: Positive Prediction task.

**T${}_{\mathbf{2}}$**: Severe Prediction task.

**A**: VGG-16 model without pre-trained weights.

**B**: VGG-16 model with pre-trained weights trained on the ImageNet-1k dataset.

**C**: ResNet-50 model without pre-trained weights.

**D**: ResNet-50 model with pre-trained weights trained on the ImageNet-1k dataset.

**E**: ViT-L/16 without pre-trained weights.

**F**: ViT-L/16 with pre-trained weights trained on the ImageNet-22k dataset.

**G**: ViT-L/16 with pre-trained weights trained on the ImageNet-22k dataset and fine-tuned with 165k CT slices.

**Note**: Recall = TPR = Sensitivity.

Plaintext Size | Scheme | Ciphertext Size | Encrypt Time (s) | Decrypt Time (s) | Aggregate Time (s) |
---|---|---|---|---|---|

1024 (8 KB) | Paillier | 372B | 43.08 | 12.70 | 48.90 |

BFV | 524KB | 0.06 | 0.04 | 0.15 | |

CKKS | 1MB | 0.17 | 0.06 | 0.24 |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Bian, G.; Qu, W.; Shao, B.
Blockchain-Based Trusted Federated Learning with Pre-Trained Models for COVID-19 Detection. *Electronics* **2023**, *12*, 2068.
https://doi.org/10.3390/electronics12092068

**AMA Style**

Bian G, Qu W, Shao B.
Blockchain-Based Trusted Federated Learning with Pre-Trained Models for COVID-19 Detection. *Electronics*. 2023; 12(9):2068.
https://doi.org/10.3390/electronics12092068

**Chicago/Turabian Style**

Bian, Genqing, Wenjing Qu, and Bilin Shao.
2023. "Blockchain-Based Trusted Federated Learning with Pre-Trained Models for COVID-19 Detection" *Electronics* 12, no. 9: 2068.
https://doi.org/10.3390/electronics12092068