CN111915294A - Safety, privacy protection and tradable distributed machine learning framework based on block chain technology - Google Patents

Safety, privacy protection and tradable distributed machine learning framework based on block chain technology Download PDF

Info

Publication number
CN111915294A
CN111915294A CN202010496847.9A CN202010496847A CN111915294A CN 111915294 A CN111915294 A CN 111915294A CN 202010496847 A CN202010496847 A CN 202010496847A CN 111915294 A CN111915294 A CN 111915294A
Authority
CN
China
Prior art keywords
node
model
nodes
machine learning
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010496847.9A
Other languages
Chinese (zh)
Other versions
CN111915294B (en
Inventor
曹向辉
梁伦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN202010496847.9A priority Critical patent/CN111915294B/en
Publication of CN111915294A publication Critical patent/CN111915294A/en
Application granted granted Critical
Publication of CN111915294B publication Critical patent/CN111915294B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Mathematical Physics (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • General Business, Economics & Management (AREA)
  • Biomedical Technology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Strategic Management (AREA)
  • Medical Informatics (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Finance (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a block chain technology-based safe, privacy-protecting and tradable distributed machine learning framework, which comprises the following parts: the certificate authority center CA is responsible for issuing and revoking digital certificates for the block chain nodes and carrying out authority management on the nodes; the block chain node is responsible for maintaining the machine learning model and participating in machine learning model transaction; the intelligent contract defines the operation rule of distributed machine learning and divides the benefit of the nodes according to the contribution degree of the model; the distributed account book records model data and model transaction data in the machine learning model training process; and the data provider is responsible for collecting local data and uploading the local data to the blockchain node server.

Description

Safety, privacy protection and tradable distributed machine learning framework based on block chain technology
Technical Field
The invention relates to a block chain technology-based safe, privacy-protecting and tradable distributed machine learning framework, in particular to a framework which solves the problem of Byzantine attack in distributed machine learning by using a block chain (alliance chain) technology, simultaneously protects the data set privacy of each participant by using a differential privacy technology and can complete machine learning model transaction, and belongs to the fields of artificial intelligence, block chains and information security.
Background
In a parameter server framework commonly used in distributed machine learning, a plurality of working nodes are trained by using local data and a current global model to obtain a local model, the local model is sent to a parameter server, and the parameter server aggregates all local models and updates the global model. However, there may be security problems in this process, and both the working node and the parameter server node may be subject to byzantine attacks. Specifically, the working node is attacked by Byzantine, an error local gradient is sent to the parameter server, and therefore the model effect of final training is affected; the parameter server nodes are attacked by the Byzantine attack to aggregate a wrong global model, making the previous training useless. In recent years, researchers have tried to apply the blockchain to the fields of internet of things, medical treatment, finance and the like, and have solved the problems of security, transaction and the like in the field, because the blockchain has the advantages of being not falsifiable, traceability, distributed storage, public maintenance and the like.
To date, the problem of Byzantine attack in distributed machine learning has achieved some success. However, there are also the following problems: 1) existing distributed machine learning algorithms do not take into account the fact that the parameter server is under a Byzantine attack when aggregating models; 2) how to process the detected Byzantine nodes to prevent the detected Byzantine nodes from interfering with model training; 3) how to implement an incentive mechanism in a blockchain system in conjunction with distributed machine learning to help the system run more efficiently; therefore, a new solution to solve the above technical problems is urgently needed.
Disclosure of Invention
The invention aims to solve the problems that aiming at distributed machine learning, an algorithm is provided to solve the problem that a work node and a parameter server node are attacked by Byzantine, if a block chain technology is introduced, the consensus problem in a block chain needs to be solved, an effective incentive mechanism is provided, and the block chain system is promoted to operate effectively and permanently.
In order to solve the above technical problem, the present invention provides a block chain technology-based secure, privacy-preserving, tradable distributed machine learning framework, which comprises: part 1, a multi-Certificate Authority (CA) is responsible for issuing and revoking digital certificates for block chain nodes and performing authority management on the nodes; the block link points are composed of user nodes and transaction nodes and are respectively responsible for maintaining the machine learning model and participating in the machine learning model transaction; part 3, the intelligent contract is composed of a machine learning intelligent contract (MLMC) and a model contribution intelligent contract (MCMC), and the distribution defines the operation rule of distributed machine learning and the profit division is carried out on the nodes according to the model contribution degree; part 4, the distributed account book records model data (including local model and global model conditions) and model transaction data in the machine learning model training process; and 5, the data provider is responsible for collecting local data and uploading the local data to the blockchain node server. In the scheme, the Certificate Authority (CA) can perform condition examination, supervision and authority management on all nodes to be added into the system, so that malicious nodes can be prevented from being added to a certain extent, and the safety of the system is guaranteed. Both the transaction node and the subsequently joined user node need to pay an entry commission (model transaction fee). The transaction node will exit the system after synchronizing the block information. If the user nodes are distinguished as malicious nodes, the user nodes can exit the system, the user nodes cannot return the previous entering commission charge and cannot obtain the following model transaction charge, the punishment on the malicious nodes is realized, the rules of the intelligent contract are opened for all the user nodes, the contents of the user nodes are difficult to be tampered by the malicious nodes, the distributed book records model data and model transaction data in the machine learning model training process, the traceability of the data is guaranteed, all the malicious data can be recorded, and the safety of the system is guaranteed to a certain extent. If each node of the system does not need data set privacy protection, Gaussian noise can not be added to the local gradient; meanwhile, there are many methods for privacy protection of the data set, and if there is a more appropriate method, the method can be switched to other privacy protection methods.
A running method of a safe, privacy-protecting and transactable distributed machine learning framework based on a block chain technology comprises the following steps:
step 1, alliance chain initialization stage: the CA server issues a digital certificate to an initial node of the alliance chain, and all participants establish connection to achieve some initial consensus;
step 2, parameter initialization stage: all user nodes achieve consistency consensus of the neural network model and synchronize test set data of the system;
step 3, local gradient calculation stage: all user nodes select main nodes in sequence according to the order from small id to large id, the rest nodes are endorsement nodes, then each node calculates local gradient by using local data and a current model, Gaussian noise is added to the gradient to enable the local gradient to meet the difference privacy, and finally the local gradient is sent to the main nodes and the endorsement nodes;
step 4, global model updating stage: the main node calculates a global gradient according to the local gradient of each node and a gradient aggregation algorithm with Byzantine fault tolerance, then the system runs an IPBFT consensus algorithm, if the global gradient obtains the system consensus, the global model is updated, and the related information of the global model is written into the block;
step 5, training termination stage: when the training model meets the expected requirements, the system does not train the model any more, and the subsequent action is maintenance model transaction.
As an improvement of the invention, step 1: the alliance chain initialization stage specifically comprises the following steps:
the CA server issues a digital certificate to the initial node of the alliance chain, all participants establish connection, and some initial consensus is achieved: a. unifying criteria established by the data set of everybody; b. unifying the standard of the model transaction fee; c. and unifying the selection rules of the main node and the endorsement node.
As an improvement of the present invention, step 2: the parameter initialization stage is as follows: in the parameter initialization stage, all user nodes achieve the consistency consensus of the neural network model, including the determination of the network structure of the neural network model, the batch size B, the training iteration times T and the learning rate etatInitial weight w0The cutting threshold value is C, the noise size is sigma and other parameters, meanwhile, the block chain node issues the data set standard to the data provider, the data provider collects the training set and uploads the training set to the block chain node, and when the neural network model and the data set are both prepared, the data provider can obtain the data set standardAnd the user nodes contribute test sets and unify the test set data of the system. The entire system can then begin neural network model training.
As an improvement of the present invention, step 3: the local gradient calculation stage is as follows:
firstly, determining a main node and an endorsement node by all user nodes in a block chain, if the id of the main node is i, the id of the endorsement node is i +1, i +2, …, i + m, then obtaining a local gradient by each node according to a data set and a current model of each node, adding differential privacy on the local gradient, and sending the local gradient to the main node and the endorsement node;
the specific calculation process is as follows: suppose that in the t-th iteration, B training data sets are obtained from the kth node
Figure BDA0002523210140000031
Global model weight of wtThe clipping threshold is C, and the noise size is sigma;
in the t-th iteration, the local gradient of each sample of the k-th working node is
Figure BDA0002523210140000032
Wherein the model predicts as
Figure BDA0002523210140000033
l () is a loss function;
then cutting the local gradient, adding Gaussian noise, and finally obtaining the local gradient g of the kth nodek(wt) Is composed of
Figure BDA0002523210140000034
And finally, each node sends the local gradient of the node to the main node and the endorsement node.
As a modification of the present invention, step 4: the global model updating stage specifically includes: main jointAfter receiving the local gradients of each node, the point operates a gradient aggregation algorithm with Byzantine fault tolerance to aggregate the local gradients to obtain a global gradient and update a model, meanwhile, moments account is adopted to track privacy loss, and then, the system operates an IPBFT consensus algorithm: the master node first writes the aggregate computation result (including master node id, aggregate gradient, differential privacy loss, selected node id and local gradient information) into a block of blockstThen block is put intSending the block to an endorsement node for verification, and if the block passes the verification, sending the block to a block of endorsements for verificationtBroadcast to all blockchain nodes and the block is successfully added into the blockchain.
In step 4, the block chain consensus algorithm IPBFT can effectively verify the gradient aggregation result and effectively identify malicious nodes, and meanwhile, the algorithm is applicable to an alliance chain, and compared with a public chain consensus algorithm (such as PoW, PoS, PoET and the like), the algorithm can complete transaction confirmation in a shorter time and has lower communication complexity.
Compared with the prior art, the invention has the following advantages: 1) the distributed machine learning framework based on the block chain technology has strong practicability and can be used for all distributed machine learning algorithms based on gradient descent; 2) the invention adopts CA to realize effective authority management on the block chain nodes (including transaction nodes and user nodes). For the transaction node, the CA can charge the transaction fee of the machine learning model of the transaction node and control the validity period of the authority; for a malicious node, the CA can revoke the user authority of the malicious node, so that the malicious node is prevented from damaging a machine learning model; 3) the IPBFT consensus algorithm provided by the invention can effectively resist the parameter server node aggregation process from Byzantine attack and simultaneously distinguish and remove malicious nodes, so that the system is safer and safer; 4) the invention effectively realizes an excitation mechanism on the block chain. Particularly, intelligent contracts are deployed on a blockchain to realize reasonable distribution of model transaction fees; 5) the method adds differential privacy in the distributed machine learning, and can effectively protect the data set privacy of system participants.
Drawings
FIG. 1 is a block chain technique based distributed machine learning framework proposed by the present invention;
FIG. 2 is a diagram of the CA framework of the present invention;
FIG. 3 is a flow chart of the operation of the present invention;
FIG. 4 is a schematic diagram of a normal condition;
fig. 5 is a schematic diagram illustrating comparison of accuracy of test sets of models obtained by different aggregation methods after 8 nodes in 20 nodes of a blockchain are subjected to a byzantine attack when local gradient calculation (without introducing differential privacy) is performed in example 2 of the present invention.
Fig. 6 is a schematic diagram illustrating comparison of accuracy of test sets of models obtained by different aggregation methods after 8 nodes in 20 nodes in a blockchain are subjected to a byzantine attack when local gradient calculation (introducing differential privacy) is performed in example 3 of the present invention.
FIG. 7 is a schematic diagram of an extremely malicious situation;
fig. 8 is a comparison graph of the number of nodes along with the change of the number of iterations when 20 of 100 nodes in a block chain are attacked by byzantine attack and an IPBFT algorithm and a PoW algorithm are respectively run in a gradient aggregation process according to a second embodiment of the present invention.
Fig. 9 is a schematic diagram illustrating comparison of accuracy of test sets of models obtained by different aggregation methods after 8 nodes in 20 nodes in a blockchain are subjected to a byzantine attack when local gradient calculation (without introducing differential privacy) is performed according to a second embodiment of the present invention.
Fig. 10 is a schematic diagram illustrating comparison of accuracy of test sets of models obtained by different aggregation methods after 8 nodes in 20 nodes in a blockchain are subjected to a byzantine attack when local gradient calculation (introducing differential privacy) is performed according to a second embodiment of the present invention.
Detailed Description
The following detailed description of the embodiments of the present invention will be provided with reference to the drawings and examples, so that how to apply the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented. It should be noted that, as long as there is no conflict, the embodiments and the features of the embodiments of the present invention may be combined with each other, and the technical solutions formed are within the scope of the present invention.
Example 1: fig. 1 is a block chain technology-based secure, tradable distributed machine learning framework proposed by the present invention. Referring now to FIG. 1, the various components of the frame will be described in detail.
A secure, privacy-preserving, tradable distributed machine learning framework based on blockchain techniques, the framework comprising:
part 1: a certificate authority CA;
and the CA is responsible for issuing and revoking digital certificates for the block chain nodes and managing the authority of the nodes. It needs to be trusted by all block nodes and also supervised by all block nodes. The structure is shown in fig. 2. For security, our CA employs a root certificate chain implementation of a more common root CA and intermediate CAs. The root CA does not issue certificates directly to the server, it generates two intermediate CAs (user CA and trader CA) for itself, which act as representatives of the root CA for client application visas, which can reduce the administrative burden of the root CA.
Part 2: a block chain node;
within the framework of the system of the invention, there are two types of block link points: a transaction node and a user node.
The transaction node is a temporary node which an external user wants to obtain a training model and joins the blockchain network. After the transaction node obtains the CA permission to join the block chain, the block synchronization is executed once, after the block synchronization is executed, the digital certificate is cancelled, and the node exits from the network.
The user nodes are main components forming the blockchain network and are used for maintaining and training a machine learning model of the user nodes and writing data into a distributed account book in the blockchain in a packaging mode. Each user node has the functions of local gradient calculation, global model aggregation, accounting, block information verification and the like.
Part 3: an intelligent contract;
in the inventive system framework, there are two intelligent contracts, the distribution being a Machine Learning intelligent Contract (MLSC) and a Model Contribution intelligent Contract (MCSC).
MLSCs specify operational rules for distributed machine learning, including local gradient computations, global model computations, IPBFT consensus mechanisms, and so on.
The MCSC calculates the model contribution degree of each node by checking the account book information in the block chain, divides the model transaction fee according to the contribution degree, and writes the transaction information into the accounting nodes of the block chain to obtain an accounting commission charge.
Contribution C of ith nodeiThe specific calculation process is as follows:
Ci=c1*li+c2*gi
wherein liIs the number of times a node participates in the global gradient computation, giIs the number of times a node contributes a local gradient, c1And c2Are the contribution coefficients of the global gradient calculation and the local gradient calculation.
Because the model transaction fee F ═ accounting commission R + model contribution revenue R for each nodeiThe sum of (1). Thus, the model contribution yield R for each nodeiThe calculation process of (2) is as follows:
Figure BDA0002523210140000051
where K is the total number of user nodes.
Part 4: a distributed account book;
the distributed ledger records model data (including local model and global model conditions) and model transaction data during machine learning model training. The method ensures the traceability of data, all malicious data can be recorded, and the safety of the system is ensured to a certain extent.
And part 5: a data provider;
the data provider is responsible for collecting and uploading data to the local server.
Example 2: a running method of a safe, privacy-protecting and transactable distributed machine learning framework based on a block chain technology comprises the following steps:
fig. 3 is a flow chart of the operation of the framework of the invention, and each stage of the operation of the system is explained in detail below with reference to fig. 3.
Step 1: a alliance chain initialization stage;
the CA server issues a digital certificate to the initial node of the alliance chain, all participants establish connection, and some initial consensus is achieved: a. unifying standards established for large data sets (e.g., pictures must all be MNIST handwriting data set standards); b. unifying the standard of the model transaction fee; c. and unifying selection rules of the main node and the endorsement node (wherein the main node is selected circularly from small to large according to the node id, m nodes with the node id behind the main node id are selected as the endorsement node, and if the number of the nodes larger than the main node id is not enough m, the nodes are sequentially supplemented from the minimum id).
Step 2: a parameter initialization stage;
in the parameter initialization stage, all user nodes achieve the consistency consensus of the neural network model, including the determination of the network structure, the blocksize, the training iteration times T and the learning rate eta of the neural network modeltInitial weight w0C is a clipping threshold value, a noise size sigma and other parameters. Meanwhile, the block link point issues the data set standard to the data provider. The data provider collects the training set and uploads it to the blockchain node.
When the neural network model and the data set are prepared, all the user nodes contribute to the test set and unify the test set data of the system. The entire system can then begin neural network model training.
And step 3: a local gradient calculation stage;
firstly, all user nodes in a block chain determine a main node and an endorsement node, and if the id of the main node is i, the id of the endorsement node is i +1, i +2, …, i + m. Then each node obtains a local gradient according to the own data set and the current model, Gaussian noise is added to the local gradient to enable the local gradient to meet a difference privacy mechanism, and finally the local gradient is sent to the main node and the endorsement node.
The specific calculation process is as follows: suppose that in the t-th iteration, B training data sets are obtained from the kth node
Figure BDA0002523210140000061
Global model weight of wtThe clipping threshold is C, the noise magnitude σ.
In the t-th iteration, the local gradient of each sample of the k-th working node is
Figure BDA0002523210140000062
Wherein the model predicts as
Figure BDA0002523210140000063
l () is a loss function.
Then cutting the local gradient, adding Gaussian noise, and finally obtaining the local gradient g of the kth nodek(wt) Is composed of
Figure BDA0002523210140000064
And 4, step 4: a global model updating stage;
after receiving the local gradients of each node, the master node runs a gradient aggregation algorithm with Byzantine fault tolerance (such as multi-Krum, l-nearest aggregation, and the like) to aggregate the local gradients to obtain a global gradient and update the model, and meanwhile moments account is adopted to track privacy loss. Next, the system will run the IPBFT consensus algorithm: the master node first writes the aggregate computation result (including master node id, aggregate gradient, differential privacy loss, selected node id and local gradient information) into a block of blockstThen block is put intSending the block to an endorsement node for verification, and if the block passes the verification, sending the block to a block of endorsements for verificationtBroadcast to all blockchain nodes and the block is successfully added into the blockchain.
IPBFT: among them, as shown in FIGS. 4, 5, 6, and 7, IPBFThe consensus process of the T algorithm consists of 8 stages, with the distributions being request-1(R-1), pre-preparation-1 (Pp-1), preparation-1 (P-2), commit-1(C-1), request-2(R-2), pre-preparation-2 (Pp-2), preparation-2 (P-2) and commit-2 (C-2). All user nodes are divided into a master node (L), an endorsement node (E) and a general node (G). Normally, as shown in FIG. 4, the system only needs to perform 4 steps of R-1, Pp-1, P-1 and C-1 to achieve consensus. And the 4 steps of R-2, Pp-2, P-2 and C-2 are executed more than the normal condition by the system in the abnormal condition shown in the figures 5 and 6. The time when the system starts to operate IPBFT is defined as 0, if the system is at t1If the consensus is reached before the moment, a new main node is selected and the next consensus process is started; otherwise, the IPBFT will determine whether the host node is a malicious node. If the system is at t2And if the consensus is not achieved at the moment, the main node in the consensus process is considered as a malicious node and is removed from the system. Fig. 7 belongs to a very abnormal situation, in which the wrong aggregation result is known, but in our system, the malicious node is removed continuously, and in the federation chain, the possibility of the node doing malicious is low due to the addition of the CA, so that the very malicious situation is a small-probability event and is almost impossible to occur. And such erroneous aggregated results, even if introduced at the initial stage of training, do not affect the final training model.
As shown in fig. 4, under normal circumstances, the master node is honest and the number of honest endorsement nodes is not less than
Figure BDA0002523210140000071
m, then the consensus process for IPBFT at this time is as follows:
1) r-1: each user node sends its local gradient to the master node and the endorsement node.
2) Pp-1: the master node calculates the blocktAnd sending the data to the endorsement node for verification.
3) P-1: if blocktNode E of being endorsediAfter verification, the endorsement node sends a valid endorsement voucher Vote (block)t,Ei) To the master node.
4) C-1: in this case, the master node will receive at least
Figure BDA0002523210140000072
m agrees to the voucher and then generates a block certificate Cert (block)t). The master node will then block the blocktAnd a block certificate Cert (block)t) And sending the data to other user nodes for block synchronization.
As shown in fig. 5, in this exceptional case, the master node is malicious and the honest endorsement node number is not less than
Figure BDA0002523210140000073
m, then the consensus process for IPBFT at this time is as follows:
1) r-1: each user node sends its local gradient to the master node and the endorsement node.
2) Pp-1: the master node calculates the blocktAnd sending the data to the endorsement node for verification.
3) P-1: because of blocktThe malicious endorsement nodes can not pass the verification, and the malicious nodes can not send approval certificates to the main node. Thus, the number of approval credentials received by the master node may be less than
Figure BDA0002523210140000074
m, the master node will not generate a block certificate Cert (block)t)。
4) R-2: in this abnormal situation, the system is at t1Block not reached before timetAll the user nodes send their local gradients to the rest of the user nodes.
5) Pp-2: the master node will broadcast the blocktAnd verifying all the other user nodes. However, in such an abnormal situation, the number of approval credentials received by the master node may be less than
Figure BDA0002523210140000075
K (K is the number of user nodes), the system does not achieve block to blocktAnd (4) consensus is carried out. At the same time, the system will not be at t2By reaching consensus before the moment, the master node will be considered malicious and will be removed from the system.
As shown in fig. 6, in this exceptional case, the master node is honest and the number of honest endorsement nodes is less than
Figure BDA0002523210140000076
m, then the consensus process for IPBFT at this time is as follows:
1) r-1: each user node sends its local gradient to the master node and the endorsement node.
2) Pp-1: the master node calculates the blocktAnd sending the data to the endorsement node for verification.
3) P-1: if blocktNode E of being endorsediAfter verification, the endorsement node sends a valid endorsement voucher Vote (block)t,Ei) To the master node. However, in this case, the number of valid approval documents may be less than
Figure BDA0002523210140000081
m, the master node will not be able to generate a block certificate.
4) R-2: in this abnormal situation, the system is at t1Block not reached before timetAll the user nodes send their local gradients to the rest of the user nodes.
5) Pp-2: the master node will broadcast the blocktAnd verifying all the other user nodes.
6) P-2: if blocktUser node PiAfter verification, the user node sends valid approval voucher Vote (block)t,Pi) To the master node.
7) C-2: in this case, the number of approval credentials received by the master node may be no less than
Figure BDA0002523210140000082
K, it can generate a block certificate Cert (block)t). Then main sectionDot-to-dot blocktAnd a block certificate Cert (block)t) And sending the data to other user nodes for block synchronization.
As shown in fig. 7, in such an extremely malicious case, the master node is malicious, and the number of endorsement nodes that are malicious and collude with the master node is not less than
Figure BDA0002523210140000083
m, then the consensus process for IPBFT at this time is as follows:
1) r-1: each user node sends its local gradient to the master node and the endorsement node.
2) Pp-1: the malicious master node can obtain wrong aggregation results and blocktAnd sending the data to the endorsement node for verification.
3) P-1: in this case, the blocktEndorsement node E that can be maliciously colluded with the master nodeiAfter verification, the endorsement node sends an approval voucher Vote (block)t,Ei) To the master node.
4) C-1: in this case, the master node will receive at least
Figure BDA0002523210140000084
m agrees with the certificate, a block certificate Cert (block) is generatedt) The master node will then block the blocktAnd a block certificate Cert (block)t) And sending the data to other user nodes for block synchronization.
It can be seen that in the very abnormal situation of fig. 7, the main node and some endorsement nodes are malicious and colluding, and the probability of occurrence in our system is extremely small. Because as training progresses, the malicious nodes are gradually removed by our system, and in the federation chain, the probability of the nodes doing malicious is extremely small due to the addition of the CA.
Table 1 shows the performance comparison of the correlation consensus algorithm applied in the distributed machine learning framework proposed in the present invention. It can be seen that the consensus algorithm IPBFT proposed by the present invention can distinguish malicious nodes, while PBFT and PoW cannot distinguish malicious nodes. In addition, PBFT and PoW are required in the fieldThere are nodes that communicate local gradients with each other, so their communication complexity is O (K)2) And K is the number of the user nodes. After the IPBFT is operated, along with the training, the malicious nodes are gradually eliminated, and the user node only needs to send the local gradient to 1 main node and m endorsement nodes, so the communication complexity of the IPBFT is O (mK) under the general condition; only in the two malicious cases of fig. 5 and 6, its communication complexity is O (K)2). Therefore, IPBFT has a better communication complexity than PBFT and PoW.
TABLE 1 comparison of related consensus algorithms
Figure BDA0002523210140000091
And 5: a training termination stage;
when the training model reaches the expected requirement (the precision of the model reaches the requirement or the privacy loss of the model exceeds the privacy budget requirement), the system does not start to train any more. Subsequently, the main role of the blockchain is to maintain the transaction of the machine learning model, and if new data is added or the model algorithm needs to be improved, the process of machine learning training can be restarted.
Example 2:
fig. 8 is a comparison graph of the number of nodes along with the change of the number of iterations when 20 of 100 nodes in a block chain are attacked by byzantine attack and an IPBFT algorithm and a PoW algorithm are respectively run in a gradient aggregation process according to a second embodiment of the present invention.
Fig. 9 is a schematic diagram illustrating comparison of accuracy of test sets of models obtained by different aggregation methods after 8 nodes in 20 nodes in a blockchain are subjected to a byzantine attack when local gradient calculation (without introducing differential privacy) is performed according to a second embodiment of the present invention.
Fig. 10 is a schematic diagram illustrating comparison of accuracy of test sets of models obtained by different aggregation methods after 8 nodes in 20 nodes in a blockchain are subjected to a byzantine attack when local gradient calculation (introducing differential privacy) is performed according to a second embodiment of the present invention.
As can be seen from fig. 8, as the system runs, the IPBFT algorithm finds 20 malicious nodes and removes the malicious nodes from the system, while the malicious nodes in the system running the PoW algorithm are always present.
As can be seen from fig. 9, in the case where differential privacy is not introduced, after the node is subjected to a byzantine attack (random gradient attack), the multi-Krum algorithm has better aggregation effect than the median algorithm, and is closer to the ideal situation.
As can be seen from fig. 10, in the case of introducing differential privacy, after the node is subjected to a byzantine attack (random gradient attack), the median algorithm has better aggregation effect than the multi-Krum algorithm and is closer to the ideal condition.
From the experimental results, the framework provided by the inventor can effectively solve the problem that both the parameter server and the working nodes in distributed machine learning are attacked by Byzantine, and meanwhile, the framework can reward the contribution nodes and eliminate malicious nodes, so that the system can be better operated. In addition, the framework can also apply other different Byzantine aggregation algorithms to optimize the model effect.
Although the embodiments of the present invention have been described above, the above descriptions are only for the convenience of understanding the present invention, and are not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (6)

1. A secure, privacy preserving, tradable distributed machine learning framework based on blockchain techniques, comprising:
part 1, a Certificate Authority (CA) is responsible for issuing and revoking digital certificates for block chain nodes and carrying out authority management on the nodes;
the block link points are composed of user nodes and transaction nodes and are respectively responsible for maintaining the machine learning model and participating in the machine learning model transaction;
part 3, the intelligent contract is composed of a machine learning intelligent contract (MLMC) and a model contribution intelligent contract (MCMC), and the distribution defines the operation rule of distributed machine learning and the profit division is carried out on the nodes according to the model contribution degree;
part 4, the distributed account book records model data (including local model and global model conditions) and model transaction data in the machine learning model training process;
and part 5, the data provider is responsible for collecting local data and uploading the local data to the blockchain node server.
2. The method of claim 1 for operating a distributed machine learning framework based on blockchain technology for security, privacy protection and tradable, the method comprising the steps of:
step 1, alliance chain initialization stage: the CA server issues a digital certificate to an initial node of the alliance chain, and all participants establish connection to achieve some initial consensus;
step 2, parameter initialization stage: all user nodes achieve consistency consensus of the neural network model and synchronize test set data of the system;
step 3, local gradient calculation stage: all user nodes sequentially and circularly select main nodes according to the sequence that id is from small to large, m nodes behind the id of the main node are endorsement nodes, then each node calculates local gradient by using local data and a current model, Gaussian noise is added to the gradient to enable the local gradient to meet a differential privacy mechanism, and finally the local gradient is sent to the main node and the endorsement nodes;
step 4, global model updating stage: the main node calculates a global gradient according to the local gradient of each node and a gradient aggregation algorithm with Byzantine fault tolerance, then the system runs an IPBFT consensus algorithm, if the global gradient obtains the system consensus, the global model is updated, and the related information of the global model is written into the block;
step 5, training termination stage: when the training model meets the expected requirements, the system does not train the model any more, and the subsequent action is maintenance model transaction.
3. The method of claim 2 for operating a distributed machine learning framework based on blockchain technology for security, privacy protection and tradable, wherein the step 1: the alliance chain initialization stage specifically comprises the following steps:
the CA server issues a digital certificate to the initial node of the alliance chain, all participants establish connection, and some initial consensus is achieved: a. unifying criteria established by the data set of everybody; b. unifying the standard of the model transaction fee, wherein the transaction fee can be increased along with the perfection degree of the model; c. and unifying the selection rules of the main nodes and the endorsement nodes, wherein the main nodes are sequentially selected in a circulating mode according to the sequence from small to large of the node ids, and m nodes behind the main node ids are the endorsement nodes.
4. The method of claim 2 for operating a distributed machine learning framework based on blockchain technology for security, privacy protection and tradable, wherein step 2: the parameter initialization stage is as follows: in the parameter initialization stage, all user nodes achieve the consistency consensus of the neural network model, including the determination of the network structure of the neural network model, the batch size B, the training iteration times T and the learning rate etatInitial weight w0The cutting threshold value is C, the noise size sigma and other parameters, meanwhile, the block chain node issues the data set standard to a data provider, the data provider collects a training set and uploads the training set to the block chain node, and after the neural network model and the data set are prepared, all user nodes contribute to a test set and unify the test set data of the system. The entire system can then begin neural network model training.
5. The method of claim 2 for operating a distributed machine learning framework based on blockchain technology for security, privacy protection and tradable, wherein step 3: the local gradient calculation stage is as follows:
firstly, determining a main node and an endorsement node by all user nodes in a block chain, if the id of the main node is i, the id of the endorsement node is i +1, i +2, …, i + m, then obtaining a local gradient by each node according to a data set and a current model of the node, adding Gaussian noise to the local gradient to enable the local gradient to meet a differential privacy mechanism, and finally sending the local gradient to the main node and the endorsement node;
the specific calculation process is as follows: suppose that in the t-th iteration, B training data sets are obtained from the kth node
Figure FDA0002523210130000021
Global model weight of wtThe clipping threshold is C, and the noise size is sigma;
in the t-th iteration, the local gradient of each sample of the k-th working node is
Figure FDA0002523210130000022
Wherein the model predicts as
Figure FDA0002523210130000023
l () is a loss function;
then cutting the local gradient, adding Gaussian noise, and finally obtaining the local gradient g of the kth nodek(wt) Is composed of
Figure FDA0002523210130000024
6. The method of claim 2 for operating a distributed machine learning framework based on blockchain technology for security, privacy protection and tradable, wherein step 4: the global model updating stage specifically includes: after receiving the local gradients of each node, the master node operates a gradient aggregation algorithm with Byzantine fault tolerance to aggregate the local gradients to obtain a global gradient and update a model, meanwhile, a moments accounting method is adopted to track privacy loss, and then,the system will run the IPBFT consensus algorithm: the master node writes the result of the aggregation calculation into the blocktThen block is put intSending the block to an endorsement node for verification, and if the block passes the verification, sending the block to a block of endorsements for verificationtBroadcast to all blockchain nodes and the block is successfully added into the blockchain.
CN202010496847.9A 2020-06-03 2020-06-03 Safe, privacy-preserving and tradable distributed machine learning framework operation method based on blockchain technology Active CN111915294B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010496847.9A CN111915294B (en) 2020-06-03 2020-06-03 Safe, privacy-preserving and tradable distributed machine learning framework operation method based on blockchain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010496847.9A CN111915294B (en) 2020-06-03 2020-06-03 Safe, privacy-preserving and tradable distributed machine learning framework operation method based on blockchain technology

Publications (2)

Publication Number Publication Date
CN111915294A true CN111915294A (en) 2020-11-10
CN111915294B CN111915294B (en) 2023-11-28

Family

ID=73237547

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010496847.9A Active CN111915294B (en) 2020-06-03 2020-06-03 Safe, privacy-preserving and tradable distributed machine learning framework operation method based on blockchain technology

Country Status (1)

Country Link
CN (1) CN111915294B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112819177A (en) * 2021-01-26 2021-05-18 支付宝(杭州)信息技术有限公司 Personalized privacy protection learning method, device and equipment
CN113434873A (en) * 2021-06-01 2021-09-24 内蒙古大学 Federal learning privacy protection method based on homomorphic encryption
CN113806764A (en) * 2021-08-04 2021-12-17 北京工业大学 Distributed support vector machine based on block chain and privacy protection and optimization method thereof
CN113822758A (en) * 2021-08-04 2021-12-21 北京工业大学 Self-adaptive distributed machine learning method based on block chain and privacy
CN114118438A (en) * 2021-10-18 2022-03-01 华北电力大学 Privacy protection machine learning training and reasoning method and system based on block chain
CN116094732A (en) * 2023-01-30 2023-05-09 山东大学 Block chain consensus protocol privacy protection method and system based on rights and interests proving

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107864198A (en) * 2017-11-07 2018-03-30 济南浪潮高新科技投资发展有限公司 A kind of block chain common recognition method based on deep learning training mission
US20190236559A1 (en) * 2018-01-31 2019-08-01 Salesforce.Com, Inc. Systems, methods, and apparatuses for implementing smart flow contracts using distributed ledger technologies in a cloud based computing environment
WO2019222993A1 (en) * 2018-05-25 2019-11-28 北京大学深圳研究生院 Blockchain consensus method based on trust relationship
CN110599261A (en) * 2019-09-21 2019-12-20 江西理工大学 Electric automobile safety electric power transaction and excitation system based on energy source block chain
CN110738375A (en) * 2019-10-16 2020-01-31 国网湖北省电力有限公司电力科学研究院 Active power distribution network power transaction main body optimization decision method based on alliance chain framework

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107864198A (en) * 2017-11-07 2018-03-30 济南浪潮高新科技投资发展有限公司 A kind of block chain common recognition method based on deep learning training mission
US20190236559A1 (en) * 2018-01-31 2019-08-01 Salesforce.Com, Inc. Systems, methods, and apparatuses for implementing smart flow contracts using distributed ledger technologies in a cloud based computing environment
WO2019222993A1 (en) * 2018-05-25 2019-11-28 北京大学深圳研究生院 Blockchain consensus method based on trust relationship
CN110599261A (en) * 2019-09-21 2019-12-20 江西理工大学 Electric automobile safety electric power transaction and excitation system based on energy source block chain
CN110738375A (en) * 2019-10-16 2020-01-31 国网湖北省电力有限公司电力科学研究院 Active power distribution network power transaction main body optimization decision method based on alliance chain framework

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112819177A (en) * 2021-01-26 2021-05-18 支付宝(杭州)信息技术有限公司 Personalized privacy protection learning method, device and equipment
CN113434873A (en) * 2021-06-01 2021-09-24 内蒙古大学 Federal learning privacy protection method based on homomorphic encryption
CN113806764A (en) * 2021-08-04 2021-12-17 北京工业大学 Distributed support vector machine based on block chain and privacy protection and optimization method thereof
CN113822758A (en) * 2021-08-04 2021-12-21 北京工业大学 Self-adaptive distributed machine learning method based on block chain and privacy
CN113822758B (en) * 2021-08-04 2023-10-13 北京工业大学 Self-adaptive distributed machine learning method based on blockchain and privacy
CN113806764B (en) * 2021-08-04 2023-11-10 北京工业大学 Distributed support vector machine based on blockchain and privacy protection and optimization method thereof
CN114118438A (en) * 2021-10-18 2022-03-01 华北电力大学 Privacy protection machine learning training and reasoning method and system based on block chain
CN114118438B (en) * 2021-10-18 2023-07-21 华北电力大学 Privacy protection machine learning training and reasoning method and system based on blockchain
CN116094732A (en) * 2023-01-30 2023-05-09 山东大学 Block chain consensus protocol privacy protection method and system based on rights and interests proving

Also Published As

Publication number Publication date
CN111915294B (en) 2023-11-28

Similar Documents

Publication Publication Date Title
CN111915294A (en) Safety, privacy protection and tradable distributed machine learning framework based on block chain technology
CN109426952B (en) Block chain structure
US11177939B2 (en) Blockchain system including a distributed network of a plurality of nodes and a method for achieving an agreement between the plurality of nodes executed by processors of the block chain system
CN112434280B (en) Federal learning defense method based on blockchain
CN107341402B (en) Program execution method and device
US11381589B2 (en) Systems and methods for distributed extended common vulnerabilities and exposures data management
CN110519246B (en) Trust degree calculation method based on trust block chain node
CN109819022A (en) A kind of block chain common recognition method based on credit appraisal
CN109347651B (en) MSVL (modeling, simulation and verification language) -based block chain system modeling and security verification method and system
CN112907252B (en) Block chain transaction method and system based on multi-person chain lower channel
CN110751468A (en) Multi-directional state channel method, system and medium for block chain expansion
CN110610421B (en) Guarantee fund management method and device under fragment framework
Pupyshev et al. Gravity: a blockchain-agnostic cross-chain communication and data oracles protocol
Sun et al. A decentralized cross-chain service protocol based on notary schemes and hash-locking
Yaish et al. Uncle maker:(time) stamping out the competition in ethereum
CN116361759B (en) Intelligent compliance control method based on quantitative authority guidance
Blum et al. Superlight–A permissionless, light-client only blockchain with self-contained proofs and BLS signatures
CN117171786A (en) Decentralizing federal learning method for resisting poisoning attack
CN116796864A (en) Power data distributed federation learning system and method based on data similarity aggregation
CN114172661B (en) Bidirectional cross-link method, system and device for digital asset
CN111598389B (en) Transaction system for preventing bill market risk based on blockchain
CN114860615A (en) Rule automatic testing method and device, electronic equipment and storage medium
Ozisik et al. Estimation of miner hash rates and consensus on blockchains (draft)
Eisentraut et al. Assessing Security of Cryptocurrencies with Attack-Defense Trees: Proof of Concept and Future Directions
CN113435949B (en) Decentralized federal machine learning method, system and storage medium based on intelligent contracts

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant