EVFL-DCs: Enhancing verifiability of federated learning by double commitments based on blockchain

Abstract

In decentralized federated learning networks, the presence of malicious users can lead to distrust among participants, significantly undermining the efficiency of model training. Polynomial commitment techniques map gradients into polynomials and have been widely used in decentralized federated learning schemes. However, existing schemes have yet to address the consistency issue between noisy or masked gradients and their corresponding commitments, specifically the verification of whether a commitment is derived from the original gradient of the noisy or masked gradient. To address this issue, this paper proposes an Enhancing Verifiability and Privacy-Preserving of Federated Learning by Double Commitments based on Blockchain (EVFL-DCs). This scheme addresses the consistency issue between noisy gradients and commitments by designing two commitments based on the statistical properties of differential privacy. In the verification committee, the Central Limit Theorem (CLT) is used to constrain the difference between a noisy gradient and the double commitments, ensuring their consistency. Additionally, the scheme achieves lossless aggregation by aggregating masked gradients. Given that attackers may upload masked gradients inconsistent with their signature commitments, a grouped verification mechanism is introduced. This mechanism refines the scope of consistency verification between masked gradients and commitments by performing aggregation within groups and verifying the consistency of the aggregated gradients and commitments for each group. Even if the verification fails for a particular group, the results of the other groups remain unaffected, thereby ensuring the correctness of the overall aggregation result. Experimental results demonstrate that EVFL-DCs effectively verifies the consistency between noisy or masked gradients and their commitments. Moreover, when the proportion of deceptive attackers is less than 30%, the model’s accuracy is nearly identical to that of a decentralized federated learning scheme without attackers. Furthermore, even when noise impacts the gradients, the accuracy of filtering benign noisy gradients is close to that of filtering benign original gradients.