Blockfd: Blockchain-based federated distillation against poisoning attacks

Federated learning (FL) is a novel framework that distributes the model training to the participant devices to realize privacy-preserving machine learning. To achieve this, clients upload the parameters of the local model to the central server for aggregation rather than the raw data. Despite the potential of FL, one of the significant challenges in FL applications is the communication constraints caused by the transmission of the high-dimensional parameter. To overcome this, federated distillation (FD) has been widely studied to address the significant communication overhead through transmitting the low-dimensional logits, which is used to assist the training of the local model rather than transmitting the model parameters. However, the traditional FD framework applies the centralized architecture, which is vulnerable to single-point-of-failure. Moreover, the emerging poisoning attacks also significantly impact the security of FD. Specifically, attackers can easily launch poisoning attack by uploading crafted logits, leading to inaccurate global logits aggregation and hazard the accuracy of local models. To address these issues, we propose a federated distillation framework based on blockchain, named BlockFD, by exploiting two mechanisms in blockchain architecture to realize decentralized and security FD. First, we propose a novel multi-dimension consensus algorithm (BlockFD-PoM) that leverages multiple attributions to perform consensus process, solving the existing computation-intensive and unfair problems of traditional consensus algorithms, such as the PoW and the PoS. Second, we introduce an aggregation-based validation algorithm (BFV) such that the legitimacy of local logits can be verified to guarantee the security of FD aggregation. Extensive evaluation results show that the proposed BlockFD framework can effectively and fairly realize decentralized federated distillation. Besides that, the proposed BFV algorithm can efficiently prevent federated distillation from poisoning attacks while maintaining the loss within 2.77%. Copyright © The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.