EPFed: Achieving Optimal Balance between Privacy and Efficiency in Federated Learning

Abstract

Federated learning (FL) is increasingly challenged by security and privacy concerns, particularly vulnerabilities exposed by malicious participants. There remains a gap in effectively countering threats such as model inversion and poisoning attacks in existing research. To address these challenges, this paper proposes the Effective Private-Protected Federated Learning Aggregation Algorithm (EPFed), a framework that utilizes a blockchain platform, homomorphic encryption, and secret sharing to fortify the data privacy and computational efficiency in a federated learning environment. EPFed works by establishing “trust groups” through the unique integration of a Chinese Remainder Theorem-based secret sharing scheme with Paillier homomorphic encryption, streamlining secure model parameter exchange and aggregation while minimizing the computational load. Our performance-driven aggregation strategy leverages local performance metrics to safeguard against malicious contributions, ensuring both the integrity and efficiency of the learning process. The evaluations demonstrate that EPFed achieves a remarkable accuracy rate of 92.5%, thereby confirming the advanced nature of the proposed solution in addressing the pressing challenges of FL.

1. Introduction

As computing and storage resources continue to advance, mobile phones, smart wearable devices, and various sensors are constantly collecting people’s daily activity data and storing them in large storage clusters. Meanwhile, vast amounts of collected data can be utilized more efficiently in practical problem-solving and modeling processes with the maturation of large-scale machine learning algorithms and big data processing technologies, along with the continuous improvement of computer hardware performance. Successful applications such as face recognition, speech recognition, machine translation, and personalized recommendations rely on large amounts of annotated data. However, real-world applications often lack billion-level data, requiring the integration of decentralized resources to expand the data scale and support machine learning algorithms.

In 2016, Google proposed federated learning for mobile devices [1], with the goal of creating customized machine learning models based on data from multiple distributed devices while preventing data leakages. At that time, issues related to the misuse of personal data and privacy breaches were globally recognized concerns. Addressing these concerns, laws and regulations were enacted gradually to protect data privacy, such as the General Data Protection Regulation (GDPR) established by the European Union [2]. These regulations require companies to obtain users’ consent before collecting personal data and to safeguard against data breaches. Given the paramount importance of compliance with data privacy and security laws and regulations, the challenge of jointly training machine learning models utilizing data from multiple parties assumes critical significance. In this context, federated learning is considered the foundation of the next generation of artificial intelligence (AI) collaborative algorithms and cooperative networks. It allows participants to collectively build models without sharing data, thus breaking down data silos and facilitating AI collaboration [3].

As the use of federated learning becomes increasingly common, there have been concerns about its capacity to protect privacy [4]. It is known that federated learning protects local data by exchanging model parameters with the server. Nevertheless, scholars have found that the privacy information of training data may also be exposed via exchanged model gradients. Hitaj et al. [5] devise a privacy attack method by employing a generative adversarial network (GAN) that allows them to deduce sensitive information relating to a select group of clients’ local data. Similarly, Zhu et al. [6] propose deep leakage from gradients (DLG), which can reconstruct the training data through gradient computation. Specifically, the adversary generates random “virtual” data and labels $\left(x^{\prime },y^{\prime }\right)$ and computes the forward and backward propagation of the model F. After obtaining the corresponding virtual gradient $w^{\prime }$, the inputs and labels are then optimized to minimize the distance between $w^{\prime }$ and the genuine gradient w, effectively matching $\left(x^{\prime },y^{\prime }\right)$ to the original data $\left(x,y\right)$. In response to these challenges, researchers have suggested solutions to enhance the privacy protection in federated learning aggregation, such as incorporating secret sharing, homomorphic encryption, and differential privacy technologies. Although these methods can enhance the security during training, they often require significant additional computational or communication overheads, potentially at the expense of model performance. Therefore, designing an efficient federated learning scheme that balances privacy protection, communication costs, and model performance is crucial.

In this paper, we present the Effective Private-Protected Federated Learning Aggregation Algorithm (EPFed), which is an innovative federated learning framework designed to enhance the data privacy and computational efficiency. EPFed ingeniously integrates blockchain technology, homomorphic encryption, and secret sharing mechanisms. Its primary goal is to facilitate secure and efficient model parameter exchange and updates without compromising data privacy. Unlike traditional approaches that heavily rely on blockchain in establishing trust, blockchain serves merely as a platform for trusted data exchanges in EPFed. The framework establishes “trust groups” to allow participants to share and aggregate model parameters securely and effectively, maintaining data privacy and security.

The framework’s innovation lies in its utilization of a secret sharing scheme, integrated with Paillier homomorphic encryption, to streamline the processes of data exchange and model aggregation in federated learning. This approach significantly alleviates the computational load and minimizes decryption-related delays. EPFed is anchored by two foundational elements: firstly, the creation of trust groups and a secure mechanism for the exchange of model parameters within these groups. This is achieved through a secret sharing scheme inspired by the Chinese Remainder Theorem, coupled with Paillier’s homomorphic encryption, to adeptly manage encrypted data’s aggregation calculations. This scheme employs addition for encryption, markedly reducing the computational complexity compared to conventional cryptographic encryption methods. Paillier’s encryption ensures that the model parameters can be aggregated without decryption, thus shortening the decryption times while preserving the privacy of the data exchange.

Secondly, EPFed introduces a model parameter aggregation and update mechanism predicated on an accuracy-driven approach. This method uses performance metrics from local sample data validation, such as accuracy, recall, and MAP, to steer the aggregation process. This method utilizes local data samples to calculate the accuracy-related parameters, which can effectively counter the risk of model contamination by malicious actors providing invalid model parameters, thereby safeguarding the process’s efficiency and security. Moreover, the framework achieves an optimal balance between communication performance and security during the data exchange phase, proposing a novel solution to enhance the privacy protection and efficiency in federated learning.

The primary contributions are as follows.

(1) Enhanced Privacy through Advanced Cryptography: The EPFed framework integrates homomorphic encryption with a secret sharing scheme to fortify data confidentiality and participant authentication in federated learning systems. Specifically, it employs Paillier homomorphic encryption to facilitate encrypted data aggregation, alongside a secret sharing mechanism based on the Chinese Remainder Theorem for secure model parameter exchange within trust groups. This approach not only ensures robust privacy protection but also streamlines the computational process by minimizing the need for decryption, thereby enhancing the security and efficiency of data exchange among participants.

(2) Performance-Driven Model Aggregation: The EPFed framework prioritizes accuracy- related parameters through a performance-driven model aggregation process, which evaluates model parameters using local sample data. This local evaluation leverages metrics such as accuracy, recall, and mean average precision (MAP) to calculate a comprehensive score for each participant’s model. By utilizing local data to verify these performance indicators, EPFed effectively prevents collusion among participants from contaminating the model parameters. This approach ensures that only models verified for their accuracy and reliability contribute to the federated learning process, thereby maintaining the integrity and quality of the aggregated model. The performance-driven strategy not only enhances the federated learning system’s efficacy but also safeguards against potential security threats posed by malicious participants.

(3) Empirical Validation of Practical Efficacy: The EPFed framework underwent comprehensive empirical validation to affirm its practical applicability, particularly focusing on its contribution to data privacy and computational efficiency in federated learning. Our experiments were conducted using the NSL-KDD dataset to evaluate the framework’s performance in identifying network traffic anomalies. When compared to FedAvg, EPFed demonstrated a marked improvement in latency, thereby enhancing the overall efficiency of the federated learning process. Specifically, while EPFed maintained an accuracy level around 0.9, FedAvg’s performance dropped to approximately 0.8 under similar conditions. Moreover, the evaluation of the model update latency indicated a linear increase with the number of clients, a critical metric for federated learning systems’ scalability and responsiveness.

2. Related Works

Federated learning (FL), first proposed by Konean et al. [7], is a distributed machine learning paradigm that aims to train a shared model through collaboration among multiple participants while maintaining the privacy and security of their data. FL’s essence is in enabling multiple entities to collaboratively train a shared model, while ensuring that data remain decentralized—thus circumventing the concentration or dissemination of sensitive information. FedAvg is a widely utilized algorithm in federated learning, known for aggregating model parameters via a process of weighted averaging [7]. Fundamentally, FedAvg involves uploading the parameters from local models to a central server. The server then computes the weighted average of all these model parameters and subsequently distributes this computed average back to each participating local device. This iterative process is repeated multiple times, aiming for the convergence of the model parameters. Despite FL’s inherent privacy safeguards, it remains susceptible to potential threats, notably inference attacks and membership leakage, prompting the imperative development of robust privacy-preserving mechanisms.

Differential privacy (DP), a widely endorsed privacy preservation technique, mitigates the risk of individual data inference by integrating noise into the data or model parameters. Agarwal et al. [8,9,10] advanced methodologies such as cpSGD, the binomial mechanism with random k-level quantization, and the multi-dimensional Skellam mechanism. These approaches aim to enhance the communication efficacy, particularly under scenarios of client–server distrust. Wei et al. [11] introduced NbAFL, a novel FL methodology infusing noise into client parameters pre-aggregation, aligning with central differential privacy standards. Concurrently, Li et al. [12] introduced a personalized FL approach, amalgamating differential privacy and convergence assurances, thus bolstering both model personalization and privacy protection. Additionally, Triastcyn et al. [13] and Zhang et al. [14] elevated the privacy precision and efficiency via Bayesian differential privacy and the clipping-enabled federated learning method, respectively. Progress in local differential privacy (LDP) research is ongoing. Ponomareva et al. [15] and Rathee et al. [16] have, respectively, introduced FL methods based on LDP and the Randomized Aggregatable Privacy-Preserving Ordinal Response mechanism. Truex et al. [17,18] have proposed a hybrid privacy-protected FL framework and LDP-Fed, integrating differential privacy and homomorphic encryption.

Secret sharing technology also plays a significant role in fortifying FL privacy measures. Dong et al. [19] devised an efficacious FL strategy, amalgamating secret sharing with Top-K gradient selection, thereby striking a balance between privacy, communication overhead, and model efficacy. Further, He et al. [20] present an FL model in IoT settings, enhancing the privacy through adaptive local differential privacy and clustering methodologies. Moreover, Zhang et al. [21] underscore the enhancement in privacy protection and learning efficiency in intricate scenarios through sophisticated algorithms and frameworks.

Secure aggregation protocols, too, are instrumental. Bonawitz et al. [22] introduced SecAgg, a protocol for the aggregation of multiple updates, primarily utilizing one-time passwords for input obfuscation. Cheng et al. [23] developed a secure federated enhanced tree algorithm with homomorphic encryption, yielding accuracy on par with that of centralized learning models. Wang et al. [24] proposed a novel privacy preservation technique by integrating diverse technologies, offering a fresh perspective in the FL domain. Further, Phong et al. [25], Hao et al. [26], and Chai et al. [27] have proposed encryption and decryption methodologies using public and private key pairs, ensuring secure update uploads and model aggregation.

Recent investigations have concentrated on augmenting FL’s privacy and efficiency. Jahani-Nezhad et al. [28] proposed Swiftagg, an efficient, packet-loss-resistant secure aggregation method with comprehensive security assurances. Tian et al. [29] developed Sphinx, facilitating privacy-protected online learning in cloud environments. Lu et al. [30] introduced practical, lightweight secure aggregation methods for sparsified secure aggregation and federated submodel learning, aimed at privacy preservation.

The inherent architecture of blockchain technology plays a pivotal role in distributing trust among a network of nodes, thereby significantly mitigating the risk associated with single-point failures. This decentralization is particularly beneficial in the realm of federated learning (FL), where it not only fosters resilience but also ensures the auditability of operations and data processed on the blockchain. Blockchain technology’s incorporation offers an alternative avenue for privacy and data security within FL. Wu et al. [31] explored Fed-SMP, a scheme ensuring differential privacy at the data owner level. Boenisch et al. [32] highlighted FL’s privacy loopholes, particularly data reconstruction attack risks, underscoring the necessity for robust protection in FL systems. Fang C. et al. [33] introduced a pivotal advancement in blockchain-based federated learning, articulating a methodology that preserves privacy while ensuring verifiability. Central to their approach is a secure aggregation protocol that maintains the confidentiality of gradients, coupled with an innovative blockchain architecture designed for the verification of global gradients, thereby safeguarding against potential tampering threats. Furthermore, the selection of encryption algorithms not only ensures varying levels of security protection but also significantly influences the performance of federated learning systems. Fang et al. [33] employed an ElGamal-based encryption method to enhance the security of parameter transmission in federated learning. In a similar vein, Yang et al. [34] and Xu et al. [35] implemented comparable blockchain frameworks. However, they differed in their encryption choices, utilizing RSA-based and BGN-based algorithms, respectively. These choices were specifically aimed at ensuring the privacy of parameter updates within federated learning environments.

In summary, the realm of federated learning is witnessing swift advancements in privacy protection technologies, a response to the escalating privacy and security challenges. This evolution spans differential privacy and homomorphic encryption to blockchain technology, each striving to optimize the learning efficiency and accuracy within the confines of data privacy. These methods confront a triad of challenges, including the trade-off between computational efficiency, communication overhead, and the extent of privacy safeguarding. Future research requires the further exploration of more sophisticated and dependable privacy protection mechanisms, thereby broadening the scope and applicability of federated learning across diverse domains.

3. Preliminaries

This section provides an introduction to the homomorphic encryption algorithm, the secret sharing scheme algorithm, and the principles of federated learning utilized in the paper. The presented information is of the utmost importance and relevance, as these algorithms and principles serve as the foundation for the work conducted in this study.

3.1. Paillier Homomorphic Encryption

Homomorphic encryption schemes can be categorized into three main groups: partial homomorphic encryption (PHE), somewhat homomorphic encryption (SHE), and fully homomorphic encryption (FHE) [36]. PHE enables an unlimited number of homomorphic operations for addition or multiplication in the ciphertext domain. SHE, on the other hand, supports a limited number of homomorphic operations for both addition and multiplication. FHE, unlike PHE and SHE, allows for an unlimited number of homomorphic operations for both addition and multiplication in the ciphertext domain. In this paper, we use the Paillier public key encryption algorithm, a classical PHE scheme. Algorithm 1 presents the key generation, encryption, and decryption procedures.

Algorithm 1 Paillier homomorphic encryption algorithm

(1) Key Generation Input: NULL Output: public key $pk(n,g)$, private key $sk(\lambda ,\mu )$ 1: Randomly select two large prime numbers p and q that satisfy $gcd(p·q,(p-1)·(q-1\left)\right)=1$ and are of equal length. 2: Compute the value of $n=p·q, \lambda =lcm(p-1,q-1)$. 3: Select random integer $g\in {\mathbb{Z}}_{n^2}^{*}$. 4: Define function $L\left(x\right)=\frac{x-1}{n}$ and compute $\mu ={\left(L\left(g^{\lambda }\mathrm{mod}{n}^2\right)\right)}^{-1}\mathrm{mod}n$. (2) Encryption Input: plaintext $m\in (0,n)$, public key $pk$ Output: ciphertext c 1: Randomly select $r\in (0,n),r\in {\mathbb{Z}}_n^{*}$. 2: Calculate the ciphertext $c={Enc}_{pk}\left(m\right)=g^m{r}^n\mathrm{mod}{n}^2$. (3) Decryption Input: ciphertext c, private key $sk$ Output: Plaintext m 1: Decrypt the plaintext $m={Dec}_{sk}\left(c\right)=L\left(c^{\lambda }\mathrm{mod}{n}^2\right)·\mu \mathrm{mod}n$.

It should be noted that gcd refers to the greatest common divisor and lcm refers to the least common multiple. For the specified plaintexts $m_1$, $m_2$, the corresponding ciphertexts are $c_1=g^{m_1}{r}^n\mathrm{mod}{n}^2$, and $c_2=g^{m_2}{r}^n\mathrm{mod}{n}^2$, respectively. The correctness of Pailler homomorphism addition can be proven by ${Dec}_{sk}\left(\left(c_1·c_2\right)\mathrm{mod}{n}^2\right)={Dec}_{sk}$$\left(\left(g^{m_1+m_2}{r}^{2n}\right)\mathrm{mod}{n}^2\right)=m_1+m_2$. This implies that with only the public key and ciphertexts $c_1$ and $c_2$ corresponding to $m_1$ and $m_2$, we can compute the ciphertext of $m_1+m_2$. Moreover, it is possible to obtain the value of $m_1+m_2$ through the decryption algorithm.

3.2. Chinese Remainder Theorem-Based Secret Sharing Scheme

The proposed secret sharing scheme is based on the Chinese Remainder Theorem’s $(t,n)$ threshold access structure [37]. To recover the secret through shares, only t or more participants must be present during the reconstruction phase. The scheme comprises two primary operations, namely secret share generation and secret reconstruction, with their specific algorithms exhibited in Algorithm 2.

Algorithm 2 Chinese Remainder Theorem-based secret sharing

(1) Secret share generation Input: secret S, total number of participants n, threshold t Output: secret shares $\left(S_i,d_i\right),i\in [1,n]$ 1: Randomly select n mutually prime numbers $d_1,d_2\dots ,d_n$, while ensuring that the product of the t smallest random numbers is greater than the secret S, and the product of the $t-1$ largest random numbers is less than the secret S. 2: Compute $S_i\equiv S\mathrm{mod}{d}_i$ separately for $i\in [1,n]$. 3: Issue the secret shares $\left(S_i,d_i\right)$ for $i\in [1,n]$. (2) Secret reconstruction Input: t secret shares $\left(S_j,d_j\right),j\in [1,t]$. Output: secret S 1: List the secret share equations $$\left(\begin{array}{c}S\equiv S_1\left(\mathrm{mod}{d}_1\right)\\ S\equiv S_2\left(\mathrm{mod}{d}_2\right)\\ \cdots \\ S\equiv S_t\left(\mathrm{mod}{d}_t\right)\end{array}\right)$$ 2: Calculate the product $d=d_1·d_2·\dots ·d_t$, and, for each $i\in [1,t]$, compute $D_i$ and $D_i^{\prime }$ such that $d=d_i·D_i$ and $D_i·D_i^{\prime }\equiv 1\left(\mathrm{mod}{d}_i\right)$, 3: Compute the secret $S\equiv S_1·D_1^{\prime }·D_1+S_2·D_2^{\prime }·D_2+\cdots +S_t·D_t^{\prime }$. $D_t\left(\mathrm{mod}d\right)$

3.3. Traditional Federated Learning Architecture

Figure 1 illustrates the architecture of traditional federated learning. In this method, the central server randomly selects a specific number of participants for each training round to participate in the whole training procedure. Each of the selected participants downloads the current global model parameters from the central server and uses the gradient descent method with a fixed learning rate ($\eta$) to find the model parameter values that correspond to the minimum loss function on their local data. The solution formula is as follows:

$$w_i^{t+1}⟵w_i^t-\eta \Delta loss\left(w_i^t\right);$$

(1)

The central server collects the model parameters uploaded by the participants and assigns weights to each participant’s model parameters according to the number of training set samples. Then, the server obtains a new round of global parameter models. The equation for the aggregation of the global model is as follows. The details of the central server’s parameter aggregation process are described in Algorithm 3.

$$w_{global}^{t+1}={\sum }_{i=1}^m{k}_i{w}_i^{t+1},k_i=\frac{m_i}{{\sum }_{j=1}^N{m}_j};$$

(2)

In federated learning, the entire model is trained with the goal of

$$min\left\{Loss\left(w\right):={\sum }_{i=1}^n{k}_{i}los{s}_i\left(w_i\right)\right\},k_i=\frac{m_i}{{\sum }_{j=1}^N{m}_j}$$

(3)

In summary, the training process of federated learning achieves data isolation by keeping data locally stored by each participant, resulting in data privacy protection. Furthermore, the federated learning architecture empowers participants with the same responsibility, jointly training the same model, thus giving them equal status.

Algorithm 3 Federated learning aggregation algorithm

Input: number of participants N, number of local epochs E, loss function loss, number of iterations T, learning rate $\eta$ Output: Global model ${\mathrm{M}}_{\mathrm{global}}^{\mathrm{T}}$, global model parameters ${\mathrm{W}}_{\mathrm{global}}^{\mathrm{T}}$ 1: for $i=0\to T-1$do 2:     The central server employs a random selection process to determine a set of m participants ${\mathrm{S}}_{\mathrm{t}}$ for $roun{d}_i$ 3:     for ${\mathrm{p}}_{\mathrm{i}}\in {\mathrm{S}}_{\mathrm{t}}$ do 4:         ${\mathrm{w}}_{\mathrm{i}}^{\mathrm{t}}\leftarrow {\mathrm{W}}_{\mathrm{global}}^{\mathrm{t}}$ 5:         for $j=0\to E-1$ do 6:            ${\mathrm{w}}_{\mathrm{i}}^{\mathrm{t}+1}\leftarrow {\mathrm{w}}_{\mathrm{i}}^{\mathrm{t}}-\eta \Delta \mathrm{loss}\left({\mathrm{w}}_{\mathrm{i}}^{\mathrm{t}}\right)$ 7:         end for 8:         Send the local model parameters ${\mathrm{w}}_{\mathrm{i}}^{\mathrm{t}+1}$ to the central server 9:     end for 10:     Central server aggregation model parameters 11:     ${\mathrm{w}}_{\mathrm{global}}^{\mathrm{t}+1}={\sum }_{\mathrm{i}=1}^{\mathrm{m}}{\mathrm{k}}_{\mathrm{i}}{\mathrm{w}}_{\mathrm{i}}^{\mathrm{t}+1},{\mathrm{k}}_{\mathrm{i}}=\frac{{\mathrm{m}}_{\mathrm{i}}}{{\sum }_{\mathrm{j}=1}^{\mathrm{m}}{\mathrm{m}}_{\mathrm{j}}}$ 12: end for

4. Architecture

In this section, we provide a comprehensive overview of the threat models inherent in the current federated learning, with a specific focus on two entities: clients and servers. Each entity is vulnerable to two distinct threat types: semi-honest and malicious. Subsequently, we introduce a decentralized federated learning architecture that effectively harnesses the intrinsic structure of blockchain. Publicly transparent smart contracts serve as the primary operational nodes, displacing the server in occupying the central position in traditional federated learning to mitigate the undue reliance on the server during the model training process.

Following this, we propose a streamlined model sharing scheme capable of establishing trust groups through identity authentication, fostering intra-group information transparency and reducing the communication overhead. Additionally, we design a model weight allocation method based on the model performance. This method not only optimizes the local models but also safeguards against malicious clients and servers attempting to upload low-quality models, thereby contaminating the user-customized models. In the model aggregation phase, the employed model obfuscation algorithm robustly guards against threats posed by semi-honest servers and malicious servers. Finally, a thorough security analysis is conducted on aspects related to the disconnection tolerance and confidentiality in the aforementioned scenarios.

4.1. Threat Model

Before designing efficient architectures and solutions based on the threat model, it is crucial to identify the types of adversaries initiating privacy and safety attacks. We assume that both the servers and clients have undergone qualification audits before registering on the blockchain. The server has powerful computational abilities that can assist in global model training, while the client resources are limited, and some clients may include semi-honest or malicious adversaries.

*

Semi-honest adversaries faithfully comply with and execute the communication protocol’s procedures during participating rounds, exhibiting no malicious behavior when interacting with other nodes. However, they attempt to infer more content based on the received information. They do not interfere with the training process or compromise the integrity and availability of the model.

*

Malicious adversaries operate without constraints, potentially violating the communication or model exchange protocols established by the system. For instance, they may maliciously tamper with messages sent by other nodes, inducing them to disclose more information. Alternatively, they might intentionally upload low-quality models, thereby disrupting or even sabotaging the model training process.

In a federated learning setting, clients and servers can be either semi-honest or malicious.

• Semi-honest clients can view all the messages exchanged during the training process, including the global model and the local models of other clients. However, they do not interfere with the training process.
• Malicious clients can disrupt the training process by poisoning the data or models.
• Semi-honest servers can inspect the models uploaded by the clients. They may engage in reconstruction attacks or model reverse engineering. However, they do not disrupt the training process.
• Malicious servers can interfere with the training process by updating clients with incorrect models.

Existing research predominantly relies on the assumption of semi-honest adversaries to design privacy protection solutions. In cryptographic protocols like secure multiparty computation, resisting both semi-honest and malicious adversaries often requires substantial additional computational and communication overheads, making it challenging to ensure the efficiency and practicality of the solution. Balancing the security, efficiency, and usability of federated learning is the central focus of this section.

4.2. EPFed Architecture

In the realm of federated learning, traditional training architectures often center around a central server handling communication and computation. However, this centralization poses significant privacy risks, especially if the server is compromised or inherently untrustworthy. The EPFed architecture marks a paradigm shift from this traditional model, emphasizing decentralization to effectively counter these privacy concerns.

At the heart of EPFed’s innovation is the integration of blockchain technology, which is pivotal in ensuring secure information exchange, storage, and overall system transparency, as illustrated in Figure 2. This decentralized approach comprises three main components: client devices, a blockchain network, and a large-scale computation server. Client devices focus on training local models and interfacing with the blockchain for information exchange. The blockchain network, serving as the backbone of EPFed, securely stores model data from both the clients and the server. The computation server, on the other hand, retrieves client models from the blockchain and contributes by uploading aggregated global model parameters back to the network. A unique aspect of this architecture is that the nodes within the blockchain are designed to prevent direct communication channels amongst each other, thereby enhancing the security and mitigating the potential risks associated with centralized models.

4.2.1. Initialization

• The clients ($C_i$) and server (S) nodes are both registered on the blockchain network. The blockchain issues node identification $id$, threshold value t, and secret update time $st$, and n numbers that are mutually prime $d_1,d_2,\dots ,d_n$.
• The verified $C_i$ generates Paillier public key $p{k}_i$ and private key $s{k}_i$. S generates Paillier public key $p{k}_s$ and private key $s{k}_s$.
• The EPFed system publishes transaction ($i{d}_i$, $p{k}_i$) to the blockchain, and S publishes ($i{d}_s$, $p{k}_s$) for public key exchange.
• Initialize the local model $M_i^0$ and local model parameters $w_i^0$.

4.2.2. User Secret Sharing and Trust Group Establishment

• When $t\%st=0$, $C_i$ randomly generates a local secret and secret shares ${\rho }_{ij}={\rho }_i\mathrm{mod}{d}_j,$, where $i,j\in \left[1,n\right]$. Simultaneously, it generates a digital signature $Sig{n}_i=En{c}_{s{k}_i}\left({\rho }_{ij}\right)$. Here, ’Enc’ denotes Paillier encryption.
• $C_i$ encrypts the secret shares to get $En{c}_{p{k}_j}\left({\rho }_{ij}\right)$, representing the secret share that client $C_i$ needs to transmit to $C_j$.
• $C_i$ publishes the transaction $\left\{i{d}_j,i{d}_i,‘s’,En{c}_{p{k}_i}(\left({\rho }_{ij}\right)\left|\right|Sig{n}_i|j\ne i\right\}$ to the blockchain. In this transaction, the first parameter $i{d}_j$ specifies that $C_j$ is intended to decrypt this message, while the second parameter $i{d}_i$ indicates that the information originates from $C_i$. $\prime s^{\prime }$ signifies ‘secret’. Other clients can use the public key of $C_i$ to encrypt the signature. This process allows them to verify the authenticity of the message source and authenticate the identity of $C_i$.
• $C_i$ retrieves the latest encryption $En{c}_{p{k}_i}(\left({\rho }_{ij}\right)\left|\right|Sig{n}_j$ and the public key of $C_j$ from the blockchain. Using its private key, $C_i$ decrypts the information to obtain the secret share ${\rho }_{ji}$ and signature $Sig{n}_j$. Subsequently, it employs the public key $p{k}_i$ to verify the signature. Upon successful verification, $C_i$ publishes a transaction to share its secret share with $C_j$.
• $C_i$ publishes $\left\{i{d}_j,i{d}_i,‘v’,En{c}_{p{k}_j}({\rho }_{ji}+{\rho }_{ij})|j\ne i\right\}$ and downloads a transaction for mutual verification with $C_j$, where the first parameter is $i{d}_i$. $C_i$ uses its private key to decrypt the corresponding encryption $En{c}_{p{k}_j}({\rho }_{ji}^{\prime }+{\rho }_{ij}^{\prime })$. It then compares the values of ${\rho }_{ji}^{\prime }+{\rho }_{ij}^{\prime }$ and ${\rho }_{ji}+{\rho }_{ij}$ to perform a secondary identity confirmation and confirm the value of the secret share. If they are the same, $i{d}_j$ is added to the trust table of $C_i$. $‘v’$ signifies ‘verification’.
• $C_i$ publishes transaction $\left\{i{d}_i,‘t’,t{b}_i=\left\{i{d}_j\right\}\right\}$, where $t{b}_i$ is the user group trusted by $C_i$, called the trust table.
• The smart contract in the blockchain checks each trust table to determine which users exceed the threshold t and then adds these users to the trust group. The smart contract publishes the trust group $T=\left\{i{d}_i\right\}$.
• $C_i$ publishes $C_j$ decryptable message $\left\{i{d}_j,‘r’,‘d’,En{c}_{p{k}_j}\left({\rho }_{ki}\right|c_k\in T)\right\}$ to the blockchain, where $C_i,C_j\in T$. $‘r’$ signifies recovery.
• $C_i$ recovers the secrets of other clients.

4.2.3. Training

• $C_i$ trains the local model $M_i^r$ to obtain the optimal model parameters $w_i^r$.
• $C_i$ confuses the initial model with secret ${\rho }_i$ to acquire $c{w}_i^r=w_i^r+{\rho }_i$, and publishes $c{w}_i^r$ to the blockchain.
• $C_i$ downloads models from other trusted nodes, validates the performance of these models using a locally verified dataset, and then calculates the proportion list $A{P}_i=\left\{p_i^r\right\}$ for each model during aggregation. Additionally, it obtains the corresponding model parameter lists $w_j^r$.
  During the training process, the metrics of accuracy, recall, and mean average precision (MAP), collectively forming the judging metric ($\left\{ac{c}_i,recal{l}_i,ma{p}_i\right\}$) for each model, serve as the basis for the calculation of the aggregation weights. Subsequently, the calculation of $v_i=\sqrt[3]{ac{c}_i\times recal{l}_i\times ma{p}_i}$ is performed, allowing the derivation of a comprehensive score for each model.
  Following this, $p_i=\frac{v_i}{{\sum }_{i=1}^n{v}_i}$ is computed, representing the weight of each model during the model aggregation process, ensuring that the sum of all weights is equal to 1. Here, ‘n’ represents the total number of models to be aggregated.
• $C_i$ re-generates a random noise model ${\rho }_i^{\prime }$, confuses all the models in the list to be aggregated, obtaining $U{W}_i^r=\left\{u{w}_i^r|u{w}_i^r=w_i^r+{\rho }_i^{\prime }\right\}$, and publishes $(i{d}_s{,}^{\prime }{a}^{\prime },U{W}_i^r,A{P}_i)$.

4.2.4. Server Aggregation

Server S downloads the parameter list and corresponding proportions that $C_i$ wishes to aggregate, calculates the corresponding aggregation result $W_i^r=\left\{{\sum }_{uw\in U{W}_i,p\in A{P}_i}uw\times p\right\}$, and publishes it to the blockchain.

4.2.5. Client Update

$C_i$ downloads the corresponding aggregation parameters, validates the new model, and calculates the comprehensive scores v1 and v2 for the aggregated model $W_i^r$ and the local model $w_i^r$, respectively. Then, it computes the corresponding aggregation weights, $p_1=\frac{v_1}{v_1+v_2}$ and $p_2=\frac{v_2}{v_1+v_2}$. Finally, the models are fused according to the specified proportions $w_i^{r+1}=p_1\times (W_i-{\rho }_i^{\prime })+p_2\times w_i^r$.

The communication complexity is very high when the secret sharing algorithm is employed in every federated learning training process. Therefore, we introduce the concept of a trust group. The communication and encryption/decryption procedure can be simplified by performing periodic mutual authentication and secret sharing processes between nodes. During each secret sharing process, client $C_i$ generates n shares of its secret ${\rho }_i$, which are used to confuse the model parameters. The remaining $n-1$ shares are transmitted to the blockchain after being encrypted with corresponding clients’ Paillier public keys. Finally, each client independently downloads and decrypts their respective shares from the blockchain.

During the mutual authentication process, $C_i$ transmits the encrypted ${\rho }_{ij}$ to $C_j$ and $C_j$ transmits the encrypted ${\rho }_{ji}$ to $C_i$. If either client is able to decrypt the value received from the other party without revealing their private keys, their identity is proven authentic. Therefore, $C_i$ can confirm $C_j^{\prime }s$ identity by decrypting $En{c}_{p{k}_i}({\rho }_{ij}+{\rho }_{ji})$, and subsequently all clients can verify each other and add the validated clients to their respective trust tables.

Once all clients have published their trust tables, the smart contract written in the blockchain aggregates the tables and initiates the establishment process of the trust group T. $C_i^{\prime }s$ appearance above a certain threshold value (t) indicates that $C_i$ is trusted by t or more clients. Afterward, the secret shares are shared among the members of T. $C_i$ encrypts ${\rho }_{ki}\mid c_k=\in T$ and disseminates it to all trusted clients; as a result, each client can aggregate the secret shares linked with other clients within T and calculate their secrets.

During the iterative process of federated learning, every client employs secret obfuscation mechanisms to guard their model parameters. Access to fellow clients’ models and secrets is exclusive to the trusted group. Once the models of other clients have been verified, high-quality models will be obfuscated and published on the blockchain. With the help of computing servers, these models are fused with the client’s model, resulting in a significant boost to the quality of the local model without impairing its integrity.

4.3. Security Analysis

This section presents an in-depth security analysis of the EPFed architecture, with a specific emphasis on its capabilities in handling drop tolerance and ensuring confidentiality. These elements are fundamental to the integrity and effectiveness of decentralized federated learning systems, where the security challenges are inherently more intricate due to the dispersed nature of operations.

Firstly, we explore the aspect of drop tolerance in Section 4.3.1. Drop tolerance is crucial in maintaining the continuity and reliability of the learning process, especially in scenarios where participant nodes may unpredictably leave or join the network. We assess how EPFed mitigates the impacts of such disruptions, ensuring consistent performance and data integrity. Subsequently, in Section 4.3.2, the focus shifts to confidentiality, a paramount concern in federated learning environments. We examine the mechanisms employed by EPFed to safeguard data against unauthorized access and leaks, particularly in the context of collaborative learning among multiple participants. This analysis highlights the encryption techniques and protocols integral to EPFed, demonstrating its commitment to maintaining stringent data privacy and security standards.

4.3.1. Tolerance for Disconnection

All types of information, including the initialization information, information required for authentication, and information about the training process, are uploaded to the blockchain. Due to the tamper-proof nature of blockchain security, the uploaded information remains unmodifiable while being available for access and viewing.

During the secret sharing process, client $C_i$ can access shares sent by other clients from the blockchain and upload its shares within the secret update period $st$, in case of a temporary disconnection. $C_i$ can join the trust group if it reconnects and completes prior authentication before other clients publish their trust tables. If this window is missed, other clients can resubmit their trust tables to include $C_i$ in the trust group. Once the trust group has been established, other clients transmit the secret shares to $C_i$. $C_i$ obtains secrets from other clients to participate in the subsequent model sharing process.

If $C_i$ briefly drops during the secret recovery process, it may not affect the recovery of secrets if the number of online clients exceeds the threshold t. In cases where the number of online clients is below t, they can wait for other clients to reconnect before proceeding with the secret recovery process. Once $C_i$ is online, it can directly retrieve the necessary information from the blockchain to restore the secrets. It is worth noting that the aforementioned operations are only valid within the secret update time period $st$.

4.3.2. Confidentiality Analysis

Due to the public and transparent nature of the blockchain, all necessary information must be encrypted before being uploaded, whether this is secret share or model parameter information. For instance, information shared between clients is encrypted using the recipient’s public key, and no entity can access the relevant content unless they obtain the corresponding private key. Additionally, the model parameters sent from clients to the server are obfuscated by a random noise model and encrypted using the server’s public key. After decryption, the server can only obtain the confused model list and not extract any privacy information. Moreover, due to the tamper-resistant nature of the blockchain, the information stored on the chain is traceable. If a server or client uploads a low-quality model to the blockchain, it will receive a significantly lower weight before aggregation. Therefore, the impact on user-customized models is minimal, and such behavior is traceable. In summary, this solution can resist semi-honest and malicious servers, as well as malicious clients, in the absence of collusion.

5. Evulation

5.1. Experimental Setup

The experiments were conducted on an Intel(R) Core(TM) i7-8700 CPU @ 3.20 GHz 3.19 GHz, utilizing the python3.7 programming language alongside the PyTorch framework and fabric-python-sdk. To assess the efficacy of the proposed model, we employed it in a network traffic anomaly detection scenario and conducted tests on the identification performance using the NSL-KDD dataset [38]. The NSL-KDD dataset, a collection of TCP/IP traffic data amassed from authentic internet environments, encompasses not only normal traffic but also 22 distinct classes of cyber-attacks. This dataset is characterized by data samples each comprising 41 attributes and a single label. These attributes are categorized into three categorical features and 38 numerical features. This dataset is widely used in the performance testing of federated learning methods.

5.2. Performance Analysis

We evaluated the model’s performance using various training cycles and recorded the results, as shown in Figure 3. Based on our observations, we can draw the following conclusions: (1) for smaller epoch values, the recognition accuracy of each model progressively improves as the number of training rounds increases; (2) the convergence times vary depending on the number of participants. The loss function graph shows that when only one participant is involved, the function converges more slowly than in other scenarios, requiring the largest number of training rounds to achieve convergence.

This outcome could be attributed to the characteristics of federated learning. When the number of participants is limited, the model lacks adequate data resources to learn diversified features, leading to relatively poor overall training outcomes. Nevertheless, as the number of participants increases, the number of training sets consequently enlarges, which eventually translates to better overall training outcomes. However, when the participant count reaches a critical threshold, the data aggregation algorithm in federated learning cannot extract any fresh data features, rendering it increasingly difficult to enhance the overall model performance.

To assess the effectiveness of our EPFed based on the model accuracy, we conducted several tests across diverse scenarios. The training dataset was segmented into five distinct parts, each representing different application scenarios with unique data type distributions. Similarly, the test dataset was sampled following the same distribution pattern as the training data. Under these conditions, we compared EPFed’s performance against the traditional federated learning aggregation algorithm, FedAvg [7]. FedAvg is currently the most popular federated learning framework. It is frequently utilized as a standard benchmark for the assessment of performance in academic studies. In our decentralized accuracy-based approach, each participant’s model is uniquely trained, leading to varied accuracy. The reported experimental results reflect the average accuracy across all participant models.

As shown in Figure 4, when the distribution of the training datasets is identical for each participant, both the accuracy-based EPFed and FedAvg algorithms maintain the accuracy of network traffic anomalies between 0.92 and 0.93. Nevertheless, the accuracy of EPFed is higher than that of FedAvg. However, in scenarios wherein the network traffic anomalies are identified in multiple distributions of the training datasets for different participants, the recognition accuracy of EPFed remains approximately 0.9, whereas the performance of FedAvg drops to around 0.8.

The local model update latency is impacted by several factors, namely communication, model obfuscation, model validation, and transaction updates to the blockchain. In Figure 5, it is evident that the average client local model latency increases linearly as the number of clients increases. When comparing EPFed with FedAvg, it is clear that the additional functionalities that EPFed introduces, including secret sharing and recovery, the trust group establishment process, and model validation, significantly enhance the latency.

The results demonstrate that the EPFed mechanism effectively facilitates the personalization of participant client models, reducing the necessity of sharing the same global model among various participants, which enhances the model’s performance in diverse scenarios. Nevertheless, the adoption of certain functionalities, such as secret sharing and model confusion, leads to a noticeable increase in the model update latency. Despite this, such latency is acceptable within the distributed architecture model training process when compared to transmitting an extensive quantity of data.

Moreover, we present a comparative analysis between the EPFed scheme introduced in this paper and the federated learning schemes proposed by Fang [33], Yang [34], and Xu [35], as shown in

Table 1. Program overhead comparison.

Number of Gradients	User Overhead (s)				Server Overhead (s)				Total Expenditure (s)
	Fang’s Scheme	Yang’s Scheme	Xu’s Scheme	EPFed	Fang’s Scheme	Yang’s Scheme	Xu’s Scheme	EPFed	Fang’s Scheme	Yang’s Scheme	Xu’s Scheme	EPFed
1 × 105	7.534	7.432	7.823	7.612	1.327	1.426	1.120	0.67	8.861	9.201	8.298	8.282
2 × 105	13.438	12.980	14.203	13.687	2.649	3.274	2.389	1.267	16.087	18.492	15.892	14.954
3 × 105	34.621	34.032	35.081	35.056	5.926	7.302	5.292	3.007	40.547	42.397	39.093	38.063

. All these schemes incorporate blockchain technology to supplant the central server in federated learning, thereby offering federated learning with enhanced privacy protection. The primary distinction among these schemes is their use of various encryption algorithms to safeguard the privacy of models. This is primarily achieved by applying protective measures to the data gradient parameters, pivotal in the model training process. Specifically, Fang’s scheme utilizes an ElGamal-based algorithm, Yang’s scheme employs an RSA-based algorithm, and Xu’s scheme is grounded in a BGN-based algorithm. In contrast, the EPFed scheme introduced in this paper also leverages a form of homomorphic encryption but diverges in its privacy protection approach. Predominantly, it implements a secret sharing scheme—a technique for the distributed storage of critical information—emphasizing the safeguarding of clients’ confidential data. This strategy not only indirectly bolsters the overall model security but also contributes to a reduction in computational resource demands. The comparative analysis of these four schemes, focusing on the user overhead, server overhead, and total expenditure, distinctly underscores the performance benefits derived from EPFed’s implementation of the secret sharing scheme.

The comparison in Table 1, centered around the user overhead, server overhead, and total expenditure, is crucial in understanding the relative efficiencies and computational demands of these schemes, particularly in the context of varying gradient quantities.

EPFed, the mechanism introduced in our research, demonstrates a nuanced balance between the computational overhead and privacy protection. Despite exhibiting a marginally higher user overhead compared to Fang’s and Yang’s schemes, it maintains a comparable level to Xu’s. This slight increase in user overhead is a direct consequence of the enhanced privacy measures intrinsic to EPFed’s design, specifically its implementation of a secret sharing scheme. While this approach slightly intensifies the computational load on the client side, it plays a pivotal role in fortifying the confidentiality of client data, a critical aspect in the landscape of federated learning.

A significant distinction of EPFed lies in its server-side efficiency. The data clearly indicate a substantial reduction in server overhead for EPFed, in comparison to the other schemes. This efficiency is attributed to the scheme’s streamlined design, which notably omits the signature aggregation step. Such a reduction in server-side computational demands not only highlights the innovative nature of EPFed but also underscores its potential in optimizing server resource utilization.

The total computational expenditure, encompassing both the user and server overheads, is a key metric in evaluating the overall efficiency of federated learning mechanisms. Here, EPFed excels, consistently showcasing lower total expenditure across all gradient scenarios. This efficiency reflects EPFed’s strategic design, which, while placing a slightly higher computational demand on clients, substantially alleviates the burden on servers, resulting in a net reduction in the overall computational overhead.

In conclusion, the analysis presented in Table 1, following the detailed discussions, firmly positions EPFed as a promising and balanced approach in the domain of federated learning. Its innovative integration of a secret sharing scheme for heightened privacy, combined with its marked reduction in server-side computational demands, not only enhances the scheme’s efficiency but also strengthens its applicability in diverse federated learning environments.

6. Conclusions

In conclusion, our research introduces EPFed, a novel decentralized federated learning architecture that redefines the approach to secure and efficient machine learning. By integrating blockchain technology, advanced encryption methods, and an accuracy-centric aggregation strategy, we have crafted a system that ensures the secure and verifiable exchange of encrypted data between participants and a central server. The use of homomorphic encryption and secret sharing schemes not only authenticates participant nodes but also creates trust groups, enhancing the security in multi-party computations and optimizing the communication overhead.

Our architecture adapts to multiple training scenarios through a client-customized model aggregation mechanism. This approach allows clients to improve their local models’ generalization abilities without sacrificing performance. To combat the risk of low-quality model contributions, we have implemented a model aggregation proportion allocation mechanism based on model scores, ensuring that higher-quality models have a greater influence in the aggregation process.

The effectiveness of EPFed is demonstrated through its application in network traffic anomaly detection using the NSL-KDD dataset, where it achieved an impressive 92.5% accuracy in five-category recognition. This performance highlights the robustness and practicality of EPFed in addressing the critical challenges of security and privacy in federated learning, making it a promising solution for real-world federated learning applications.