CN114826699B - Byzantine attack resisting method in decentralized federal learning based on block chain - Google Patents
Byzantine attack resisting method in decentralized federal learning based on block chain Download PDFInfo
- Publication number
- CN114826699B CN114826699B CN202210369653.1A CN202210369653A CN114826699B CN 114826699 B CN114826699 B CN 114826699B CN 202210369653 A CN202210369653 A CN 202210369653A CN 114826699 B CN114826699 B CN 114826699B
- Authority
- CN
- China
- Prior art keywords
- local
- message
- local user
- users
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000008569 process Effects 0.000 claims abstract description 29
- 238000004364 calculation method Methods 0.000 claims abstract description 24
- 238000004891 communication Methods 0.000 claims abstract description 19
- 238000012549 training Methods 0.000 claims description 25
- 238000004220 aggregation Methods 0.000 claims description 18
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 claims description 4
- 230000002776 aggregation Effects 0.000 claims description 4
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 claims description 4
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 3
- 239000002243 precursor Substances 0.000 claims 1
- 230000006399 behavior Effects 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 230000000977 initiatory effect Effects 0.000 description 4
- 238000013527 convolutional neural network Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 239000013598 vector Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- VKYKSIONXSXAKP-UHFFFAOYSA-N hexamethylenetetramine Chemical compound C1N(C2)CN3CN1CN2C3 VKYKSIONXSXAKP-UHFFFAOYSA-N 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Molecular Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biomedical Technology (AREA)
- Computer Hardware Design (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Bioethics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a block chain-based method for defending against Byzantine attacks in decentralized Federal learning, which mainly solves the problem that the calculation overhead and communication overhead in the prior art are too high when the decentralized Federal learning has the Byzantine attacks. The method comprises the following implementation steps: 1) The local user acquires a pre-trained model and establishes a credit contrast relation; 2) The local user trains the model and then transmits the model, and then generates and broadcasts a signature message; 3) The local user verifies and stores the signature message, and when the signature message stores a certain amount, a block is generated and the block is subjected to consensus by using an improved PBFT consensus algorithm and then uplink is carried out; 4) And the local user updates the credit contrast relation of the transmission and broadcast behaviors of other local users, then adjusts the generation difficulty of the signature message, and repeatedly executes the process until the model is converged. The method can effectively reduce the calculation overhead and the communication overhead in the prior art, and can be used for improving the Byzantine robustness of decentralized federal learning.
Description
Technical Field
The invention belongs to the technical field of information security, and further relates to attack resistance, in particular to a Byzantine attack resistance method in decentralized federal learning based on a block chain. The method is used for resisting Byzantine attacks generated in decentralized federal learning, reducing the calculated amount and transmission scale of message data and improving the security of decentralized federal learning.
Background
The decentralized federal learning does not need a central server, and adjacent users can ensure that the trained model has good generalization capability through continuously exchanging and updating the model for many times. Specifically, users participating in decentralized federal learning hold respective privacy data and acquire a pre-trained global model as a local model, train the local model by using the privacy data to obtain a local update model, send the local update model to an adjacent user, and receive the local update model sent by the adjacent user as the local model to train again. This process continues until the local model of the user converges. A user in decentralized federal learning selects an adjacent user to send a model according to a pseudo-random algorithm, so that a model training route is established. However, due to the absence of the central server, a malicious user who is not authenticated may launch a byzantine attack, which attempts to send the local model without training the model, thereby changing the model training route and affecting the user's consensus on the model training route. Finally, the actual training process of the model deviates from the correct direction, thereby affecting the generalization ability of the model. Therefore, on the premise of ensuring the generalization capability of the model, how to improve the capability of decentralized federal learning to resist the Byzantine attack and reduce the calculation overhead of message data and the communication overhead of the consensus process becomes a key problem for developing decentralized federal learning.
The Hangzhou interest chain science and technology Limited company provides a method and a device for defending member reasoning and attacking of federated study based on block chain decentralization in the patent document ' Federal study member reasoning and attacking based on block chain decentralization ' (application number CN202110553163.2, application publication number CN113467928A, publication date 2021.10.01) '. Although the method enhances the capability of the decentralized federated learning system against reasoning attacks to a certain extent, the decentralized method is not strong in decentralized because the user is randomly selected as a temporary central server in each round of aggregation model process, and the user needs to obtain the accounting right of a block in a workload proving mode, so that a large amount of computing resources are wasted, and the computing cost of the user in the accounting right competition process is overlarge. Therefore, there is a problem that the user's calculation power is wasted and the calculation cost is increased.
Li et al, in its published paper "Byzantine Resistant Secure blocked fed Learning at the Edge" (IEEE Network,2021, PP (99): 1-7.) proposes a Secure blockchain federal Learning framework for resistance to Bytocain named Bytocain. In the bytecain framework proposed by the thesis, an abnormal model is detected by three-party collaborative training model of a block chain packing node, a data holder and a verifier, and a bexastine-resistant consensus algorithm PoA is used, so that the capability of federal learning to resist bexastine attack is enhanced, but the defect is that: during each round of training, a data holder needs to acquire the latest global model from the block chain packing node and send the local model to the verifier for checking, so that a large amount of communication is generated in the model transmission process, and the communication overhead is increased.
Disclosure of Invention
The invention aims to provide a Byzantine attack resisting method in decentralized federal learning based on a block chain, aiming at overcoming the defects of the prior art, and the method is used for resisting the Byzantine attack implemented by a malicious user in the decentralized federal learning model training process and optimizing the problems of high calculation cost and high communication cost in the prior art.
The technical idea for realizing the purpose of the invention is as follows: firstly, aiming at the problem of Byzantine attack in the process of training and transmitting a decentralized Federal learning model, the invention designs and constructs a block chain, emphatically designs the content of a message for broadcasting a model transmission behavior, and prevents malicious nodes from tampering a model training route in a mode of a front-driving pointer and a subsequent public key; secondly, aiming at the problem of overlarge calculation cost in the message generation process, the credit value is used for dynamically adjusting the generation difficulty of the message, so that the calculation expense is reduced; finally, aiming at the problem that the PBFT consensus algorithm used for block uplink has excessive message communication quantity, the invention improves the submission stage of the PBFT algorithm, thereby reducing the communication overhead in the message consensus process. The invention effectively improves the calculation efficiency and the communication efficiency on the premise of resisting Raja-taeda attacks and ensuring the generalization capability of the model.
In order to achieve the purpose, the technical scheme adopted by the invention comprises the following steps:
1) Let the total number of local users be n, and denote the ith local user as u i I =1,2,. N; each local user holds respective spam data, and the acquired global model pre-trained by the system is used as a local model;
2) Local users respectively establish respective local public and private key pairs and broadcast public keys:
(2a) Local user u i Calculating a private key sk conforming to PKCS #8 standard by using an ECC signature algorithm i ;
(2b) Local user u i Using DSS encryption algorithm and private key sk i Computing public key pk i To obtain its local public and private key pair < sk i ,pk i >;
(2c) Local user u i To other local users u j ∈U i Broadcast public key pk i Wherein U is i ={u j I j ≠ i } represents a local set of users, j =1, 2., n;
3) Local user u i For other local users u j Reputation value of R ij Establishing a reputation contrast relation & lt u j ,R ij >, setting R ij The initial value is 0.5;
4) Local user u i Generating a local update model using a local model and its spam data
5) Local user u i Randomly selecting a certain adjacent local user u A And u is and u A ∈U i Send it a local update model
6) Local user u i Generating a signed message M i And broadcasts the message to other local users u j :
(6a) Local user u i Constructing a message number id, a message content mess and an adjacent local user u A Public key u i Message aggregation
Message M consisting of middle and tail end message number prevId and random value nonce i ':
<id,mess,nextPubKey,prevId,nonce>,
Wherein the message is collected
The initial state is null and is used for storing the local user u i Self-generated message and other legal messages received by the user, wherein the message number id is the local user u i For message aggregation
The message number of the middle tail end message is obtained by adding 1, and the initial number of the message number id is 1; the message content mess is' local user u i To adjacent local users u A A model is sent "; the initial value of the random value nonce is 1;
(6b) Local user u i According to the reputation value R ij Calculating a difficulty value using a reputation matching formula
(6c) Local user u i Judging message M i ' of
Whether the number of characters in hexadecimal string which are 0 in succession from the left is equal to the difficulty value
If yes, directly executing the step (6 d), otherwise, adding 1 to the random value nonce and judging again until the random value nonce is equal to the difficulty value
Then entering the step (6 d);
(6d) Local user u i Using the private key sk i For message M i ' sign to get a signed message M i :
<id,mess,nextPubKey,prevId,nonce> σi ,
Wherein σ i For a local user u i The signature of (2);
(6e) Local user u i Will sign the message M i Store to message collections
Then to other local users u j Broadcasting the signature message M i ;
7) Other local users u j Will sign message M i Transfer to blockchain:
(7a) Other local users u j For signature message M i Carrying out validity check and updating the credit comparison relationship;
(7b) Other local users u j For u storing fixed quantity j Message aggregation
Generating a Block B j Then using the improved PBFT consensus algorithm to the block B j Block serialized hash value of
Performing consensus to obtain a consensus result;
the improved PBFT consensus algorithm is realized according to the following steps:
(7b1) Local user u i To other local users u in the system j Broadcasting a pre-preparation message:
wherein,
for pre-prepare message flags, m is Block B i Block serialized hash value of
h is the height of the block chain, d is the abstract of m;
(7b2) Other local users u j Checking whether a local block chain contains a pre-preparation message with the same block height h but different abstract d, if so, executing a step (7 b 10), otherwise, executing a step (7 b 3);
(7b3) Other local users u j To other local users u than it k Broadcasting a preparation message:
wherein k =1,2,. Cndot.n and k ≠ j,
marking for preparing messages;
(7b4) Other local users u j Checking whether 2f preparation messages with the heights h and the abstracts d corresponding to one are received, if so, executing a step (7 b 5), otherwise, executing a step (7 b 10);
(7b5) Other local users u j To local user u i Sending pre-commit messages
Wherein
Marking for a pre-submitted message;
(7b6) Local user u i Checking whether 2f +1 pre-submission messages are received, if so, executing the step (7 b 7), otherwise, executing the step (7 b 10);
(7b7) Local user u i To other local users u j Broadcasting a submit message
Wherein
Marking for a submitted message;
(7b8) Other local users u j Checking whether a submission message is received, if so, judging the local user u i And other local users u j The consensus is successful; otherwise, the local user u is judged to be the local user u i And other local users u j Failure of consensus;
(7c) Other local users u j Judging whether the consensus succeeds or not according to the consensus result, if so, executing the step (7 d), otherwise, judging that the number of malicious local users in the system exceeds the range of the Byzantine fault-tolerant algorithm, failing to achieve system consistency consensus, ending the process and exiting the system;
(7d) Other local users u j Block B j Placing on a block chain;
8) Neighboring local user u A Will local user u i Transmitted local update model
As an updated local model;
9) Local user u i Judging whether the updated local model is converged, if so, directly executing the step 10), otherwise, using the updated local model as the local model, and returning to execute the step 4);
10 Finish training.
Compared with the prior art, the invention has the following advantages:
firstly, the difficulty of generating the message by each user is dynamically adjusted through the credit value, the calculation cost in the process of generating the legal message is reduced, and the problem of high calculation cost in the prior art is solved, so that the calculation cost in the process of generating the message is reduced and the efficiency of the training process of the decentralized federal learning model is improved on the premise of resisting the Byzantine attack and ensuring the generalization capability of the model.
Secondly, the invention improves the submission stage of the PBFT consensus algorithm, reduces the number of message communications in the block consensus process, overcomes the problem of large number of communications in the existing PBFT consensus algorithm, reduces the number of communications in the consensus process and improves the communication efficiency on the premise of resisting Byzantine attack and ensuring the generalization capability of the model.
Drawings
FIG. 1 is a flow chart of an implementation of the present invention;
FIG. 2 is a schematic diagram of an application scenario of the method of the present invention;
FIG. 3 is a flow chart of reputation value updating in the present invention;
FIG. 4 is a flow chart of the improved PBFT consensus algorithm of the present invention.
Detailed Description
Decentralized federal learning relies on direct interaction between adjacent users to distribute the training model task to other users in the system, thereby obtaining a model with good generalization ability. Specifically, users participating in decentralized federal learning hold respective privacy data and acquire a pre-trained global model as a local model, train the local model by using the privacy data to obtain a local update model, send the local update model to an adjacent user, and receive the local update model sent by the adjacent user as the local model to train again. The decentralized federated learning model update process is iterated until the user's local model converges.
The invention is described in further detail below with reference to the figures and examples.
Referring to fig. 1 and fig. 2, a method for defending against byzantine attacks in decentralized federal learning based on a block chain according to the present invention is further described in detail, and the specific implementation steps are as follows:
Step 2, local users respectively establish respective local public and private key pairs and broadcast public keys:
local user u i Establishing local public and private key pair < sk i ,pk i Firstly, calculating a private key sk conforming to PKCS #8 standard by using an ECC signature algorithm in a PyCryptodome encryption library i Then, the DSS encryption algorithm and the private key sk in the encryption library are utilized i Computing a public key pk compliant with PKCS #8 i And finally to other local users u j ∈U i Broadcast public key pk i Wherein the local user set U i ={u j |j≠i},j=1,2,...,n。
Step 3, local user u i For other local users u j Reputation value of R ij Establishing a reputation contrast relation < u j ,R ij >, setting R ij The initial value is 0.5;
step 4, local user u i Generating a local update model M using a local model and its spam data i 。
At this step, the local user u i Converting self spam data into acceptable model by utilizing dictionaryAnd (5) vectors are utilized to train the local model again, and then the local updating model is obtained.
Step 5, local user u i Randomly selecting a certain adjacent local user u A And u is A ∈U i To which the locally updated model is sent
In this embodiment, the local user u i Selecting a certain adjacent local user u according to a pseudo-random algorithm A The adjacent local user u A In addition to the need to validate other messages, it is also necessary to decide whether the received model should be discarded based on the legitimacy of the message.
Step 6, local user u i Generating a signed message M i And broadcasts the signature message to other local users u j :
(6a) Local user u i Constructing a message M containing model send behavior i ',M i The structure of' is:
<id,mess,nextPubKey,prevId,nonce>,
wherein id is message M i ' Mess is message M i The specific content is' local user u i To adjacent local users u A Sent a model "nextpubKey for the neighboring local user u A Public key pk A prevId is the message set
The number of the middle and tail end messages and the nonce is a random value. Message aggregation
The initial state is null and is used for storing the local user u i Self-generated signature message and legal signature message broadcasted by other users and received by the local user, wherein the message number id is the local user u i For message aggregation
The message number of the middle tail end message is obtained by adding 1, and the initial number of the message number id is 1; the initial value of the random value nonce is 1.
(6b) Local user u i According to the reputation value R ij Calculating a difficulty value using a reputation matching formula
(6c) Local user u i Judging message M i ' message serialized hash value
Whether the number of characters which are 0 consecutively from the left in the hexadecimal character string form of (1) is equal to the difficulty value
If yes, directly executing the step (6 d), otherwise, adding 1 to the random value nonce and judging again until the random value nonce is equal to the difficulty value
Then entering the step (6 d);
(6d) Local user u i Using the private key sk i For message M i ' sign to get a signed message M i :
<id,mess,nextPubKey,prevId,nonce> σi ,
Wherein σ i For a local user u i The signature of (2);
(6e) Local user u i Will sign the message M i Store to message collections
Then to other local users u j Broadcasting the signature message M i ;
In the construction ofIn the signed message of (3), id is not only the signed message M i In combination with the prevId, the message M can be signed i Arranged in order in message sets in chain form
In (1). Random value nonce and hash function difficulty value
In the combination of (2) and (3), when a malicious local user tampers any signature message in the chain, the subsequent signature message needs to be regenerated, which causes a large calculation overhead. In order to ensure that the calculation cost of the normal local user is reduced when generating the signature message, the invention uses the credit value R ij And dynamically adjusting the difficulty value of the hash function. nextpubKey is neighboring local user u A Public key pk of A Specifying other local users to which the local update model is to be sent. Sigma i Guarantee to sign message M i Non-repudiation of (a). And, for other local users u j Received signed message M i In other words, its signature σ i Can only be assembled by messages
And the nextPubKey of the middle-tail end signature message is successfully verified.
By specifying the form of the public key of the subsequent local user, the invention ensures that the model training route of decentralized federal learning is not tampered. When a malicious local user launches a Byzantine attack, the identity of the local user to be reached is pretended to be the model training route, the model is sent, and the signature message is broadcasted, the nextPubKey stored in the tail end message in the message set of other local users is not the public key of the malicious local user, and the error of the signature message can be verified.
Step 7, other local users u j Will sign message M i Transfer to blockchain:
(7a) Other local users u j For signature message M i Performing validity check and updatingA reputation comparison relationship;
the legality checking comprises the following processes:
(7 a 1-1) other local users u j Obtaining the local user u by using the credit contrast relation and the credit contrast formula i Difficulty value of
(7 a 1-2) other local users u j Judging whether the following conditions are met simultaneously:
case 1: signing messages M i Is out of u j Message aggregation
And sign message M i Signature σ of i Can be covered by u j Message aggregation
The nextPubKey of the middle and tail end messages is successfully verified;
case 2: signing messages M i Message serialized hash value of
Is equal to the difficulty value in the form of a hexadecimal string in which the number of consecutive 0's starting from the left
If yes, executing the step (7 a 1-4); otherwise, the message M is signed i Originating from a malicious local user initiating a byzantine attack, performing step (7 a 1-3);
(7 a 1-3) other local users u j Discarding signed message M i If other local users u j Is a neighboring local user u A Then the local update model also needs to be discarded
The step ensures that the model training route is not tampered by a malicious local user;
(7 a 1-4) other local users u j Will sign message M i Is stored to u j Message aggregation
Referring to fig. 3, the process of updating the user reputation comparison relationship in the embodiment of the present invention is further described in detail, specifically, the reputation value R is set ij The following updates are performed:
(7 a 2-1) local user u i Counting the time of receiving other local users u within x times of training model and generating message sum j Signed message M of j Number N of j Wherein x is more than 1 and less than 2;
(7 a 2-2) local user u i To number N j The following judgment was made:
a) If N is present j If greater than 1, the reputation value R is set ij Updating to 0;
b) If N is present j Equal to 0, the reputation value R ij Updated to yxR ij ,0<y<1;
c) If N is present j Equal to 1, then the local user u i The reputation value R ij Is updated to
Wherein min is the minimum operation, and t is the training round.
The sum time of x times ensures the time required by a normal local user to execute a round of operation, but cannot meet the time required by a malicious local user to launch an attack. In the x times total time, if the local user broadcasts a signature message, the local user is performing the process normally, and the reputation value of the local user is increased. As the number of aggregation rounds increases, the reputation value of a normal local user will slowly grow to no more than 1. If the local user does not broadcast a signature message within the time period, meaning that the current network status of the local user is likely to be poor, then its reputation value will drop, with the speed of the drop being determined by the value of y. If the local user broadcasts more than one signature message in the time period, the local user is regarded as a malicious local user initiating the Byzantine attack, the credit value of the local user is directly reduced to 0, and the difficulty value of generating the signature message exceeds the calculation force requirement range of a normal device.
The invention scores the credit value according to the behavior of the local user sending model and the broadcast message, and dynamically adjusts the difficulty value generated by the message by using the credit value, so that the normal local user has lower and lower calculation cost, which is beneficial to the forward development of the system; while the reputation value of the malicious local user is reduced, the computation cost is exponentially increased.
(7b) Other local users u j For u storing fixed quantity j Message aggregation
Generating a Block B j Then using the improved PBFT consensus algorithm to the block B j Block serialized hash value of
Performing consensus to obtain a consensus result; the fixed number here is at least 50, and is specifically set according to needs, and the fixed number in this embodiment is preferably set to 100.
The process of improving the PBFT consensus algorithm described in the embodiments of the present invention is described in further detail with reference to fig. 4.
The improved PBFT consensus algorithm is realized according to the following steps:
(7b1) Local user u i To other local users u in the system j Broadcasting a pre-preparation message:
wherein,
for pre-prepare message flags, m is Block B i Block serialized hash value of
h is the height of the block chain, d is the abstract of m;
the original PBFT consensus algorithm comprises a view v and a message sequence number n, and when a local user initiating a consensus request needs to execute view switching to select a next local user due to a fault such as downtime, the request sequence of the message is guaranteed to be consistent. Each local user in the decentralized federated learning system may initiate a consensus request and need not undergo the process of view switching. Therefore, the present invention guarantees order consistency of m using the blockchain height h. m is only broadcast to other local users in this step, and the decision-making criterion is then dependent on h and d.
(7b2) Other local users u j Checking whether a local block chain contains pre-preparation messages with the same block height h but different abstract d, if so, executing a step (7 b 10), otherwise, executing a step (7 b 3);
at the same block height h, there is only one block stored in the blockchain after successful consensus. If the received pre-prepared message has the same block height h but different digests d, it means that the local user who initiated the consensus is a malicious local user, who broadcasts the wrong pre-prepared message.
(7b3) Other local users u j To other local users u than it k Broadcasting a preparation message:
wherein k =1,2,. Cndot.n and k ≠ j,
marking for preparing messages;
(7b4) Other local users u j Checking whether 2f preparation messages with the heights h and the abstracts d corresponding to one are received, if so, executing a step (7 b 5), otherwise, executing a step (7 b 10);
in the preparation phase, the local user is required to receive 2f messages because if f malicious local users do not respond, normal local users in the network can send at least 2f messages, so that the system can operate.
This step can ensure the order consistency of m for each local user in the system. Without the process of view switching, the commit phase of the PBFT consensus algorithm can be optimized into two parts: a pre-commit phase and a commit phase.
(7b5) Other local users u j To local user u i Sending pre-commit messages
Wherein
Marking a pre-submission message;
(7b6) Local user u i Checking whether 2f +1 pre-submission messages are received, if so, executing the step (7 b 7), otherwise, executing the step (7 b 10);
the step is that the local user initiating the consensus collects the feedback of other local users, and the knowledge of the other local users in the consensus process is obtained.
The reason why the local users who initiate consensus receive 2f +1 pre-submission messages containing the same content in the pre-submission stage is that the system considers that f malicious local users at most drop on purpose, and in fact the f malicious local users send out malicious pre-submission messages, only when the number of correct pre-submission messages is at least f +1, namely 2f +1 messages containing the local users are received, the number of effective normal local users is larger than that of malicious local users, and the algorithm can be run certainly.
(7b7) Local user u i To other local users u j Broadcasting a submit message
Wherein
Marking for a submitted message;
(7b8) Other local users u j Checking whether a submission message is received, if so, judging the local user u i And other local users u j The consensus is successful; otherwise, the local user u is judged to be the local user u i And other local users u j Failure of consensus;
the step is that after the local user who initiates consensus confirms m consistency of other local users, the result is fed back to other local users.
(7c) Other local users u j Judging whether the consensus is successful according to the consensus result, if so, executing the step (7 d), otherwise, judging that the number of malicious users in the system exceeds the scope of the Byzantine fault-tolerant algorithm and cannot achieve the system consistency consensus, ending the execution flow of the method and exiting the system;
(7d) Other local users u j Block B j Placing on a block chain;
step 8, adjacent local user u A Will local user u i Transmitted local update model M i As an updated local model.
Step 9, local user u i Judging whether the updated local model is converged, if so, directly executing the step 10, otherwise, using the updated local model as the local model, and returning to execute the step 4;
and step 10, finishing the training.
Decentralized federal learning is subject to byzantine attacks during model training. The Byzantine attack is specifically embodied in the way that a malicious user randomly sends a model under the condition of not training the model, and a model training route is tampered, so that the condition that the generalization capability of a local area model of a system is optimal and the generalization capability of a global model is deficient is achieved. The existing scheme faces two difficulties: difficulty one, the calculation cost is overlarge; in the existing scheme, the calculation cost of message generation is increased by adopting a workload certification mode, the difficulty of malicious users in launching Byzantine attacks is increased to a certain extent, however, for normal users in the system, unnecessary counting can be caused by overhigh message generation difficultyThe waste of calculation resources greatly increases the calculation overhead; the difficulty is two, the communication overhead is overlarge; in the existing scheme, a PBFT consensus algorithm is adopted to perform consensus uplink on messages containing model sending behaviors, and the availability of a system is still ensured when a certain number of Byzantine users appear in the system; however, the PBFT consensus algorithm has two stages with O (n) as the number of network messages to be transmitted 2 ) Therefore, a large communication overhead is caused, and the communication efficiency of decentralized federal learning is reduced.
Aiming at the first difficulty, the invention dynamically adjusts the difficulty of generating the message by each user by utilizing the credit value, reduces the calculation cost in the message generation process and overcomes the problem of high calculation expense in the prior art. The invention reduces the calculation overhead in the message generation process on the premise of resisting Byzantine attack and ensuring the generalization capability of the model. Aiming at the difficulty II, the invention reduces the quantity of network messages transmitted by a system by improving the submission stage of the PBFT consensus algorithm, and overcomes the problem of high communication overhead of the existing PBFT consensus algorithm. The invention reduces the communication overhead in the process of message consensus on the premise of resisting Byzantine attack and ensuring the generalization capability of the model.
The invention has not been described in detail in part of the common general knowledge of those skilled in the art.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.
Claims (5)
1. A method for defending Byzantine attacks in decentralized federal learning based on a block chain is characterized in that a local user reduces system calculation cost based on a dynamic credit value and reduces system communication cost by utilizing an improved PBFT consensus algorithm; the implementation steps comprise:
1) Setting the total number of local users asn, representing the ith local user as u i I =1,2,. N; each local user holds respective spam data, and the acquired global model pre-trained by the system is used as a local model;
2) Local users respectively establish respective local public and private key pairs and broadcast public keys:
(2a) Local user u i Calculating a private key sk conforming to PKCS #8 standard by using an ECC signature algorithm i ;
(2b) Local user u i Using DSS encryption algorithm and private key sk i Computing the public key pk i Obtaining its local public and private key pair < sk i ,pk i >;
(2c) Local user u i To other local users u j ∈U i Broadcast public key pk i Wherein U is i ={u j I j ≠ i } represents a local set of users, j =1, 2., n;
3) Local user u i For other local users u j Reputation value of R ij Establishing a reputation contrast relation < u j ,R ij >, setting R ij The initial value is 0.5;
4) Local user u i Generating local update model using local model and its spam data
5) Local user u i Randomly selecting a certain adjacent local user u A And u is and u A ∈U i Send it a local update model
6) Local user u i Generating a signed message M i And broadcasts the message to other local users u j :
(6a) Local user u i Constructing a message number id, a message content mess and an adjacent local user u A Public key u i Message aggregation
Message M consisting of middle and tail end message number prevId and random value nonce i ':
<id,mess,nextPubKey,prevId,nonce>,
Wherein the message is collected
Initial state is null for storing local user u i Self-generated message and other legal messages received by the user, wherein the message number id is the local user u i For message aggregation
The message number of the middle and tail end messages is obtained by adding 1, and the initial number of the message number id is 1; message content mess of' local user u i To adjacent local users u A A model is sent "; the initial value of the random value nonce is 1;
(6b) Local user u i According to the reputation value R ij Calculating a difficulty value using a reputation matching formula
(6c) Local user u i Judging message M i ' message serialized hash value
Whether the number of characters in hexadecimal string which are 0 in succession from the left is equal to the difficulty value
If yes, directly executing step (6 d), otherwise, adding 1 to the random value nonce and then executing step (6 d) againJudging until the value is equal to the difficulty value
Then entering the step (6 d);
(6d) Local user u i Using the private key sk i For message M i ' sign to get a signed message M i :
Wherein σ i For a local user u i The signature of (2);
(6e) Local user u i Will sign message M i Store to message collections
Then to other local users u j Broadcasting the signature message M i ;
7) Other local users u j Will sign the message M i Transfer to block chain:
(7a) Other local users u j For signature message M i Carrying out validity check and updating the credit contrast relation;
(7b) Other local users u j For u storing fixed quantity j Message aggregation
Generating a Block B j Then using the improved PBFT consensus algorithm to the block B j Block serialized hash value of
Performing consensus to obtain a consensus result;
the improved PBFT consensus algorithm is realized according to the following steps:
(7b1) Local user u i To other local users u in the system j Broadcasting a pre-preparation message:
wherein,
for pre-prepare message flags, m is Block B i Block serialized hash value of
h is the height of the block chain, d is the abstract of m;
(7b2) Other local users u j Checking whether a local block chain contains a pre-preparation message with the same block height h but different digests d, if so, executing a step (7 b 10), otherwise, executing a step (7 b 3);
(7b3) Other local users u j To other local users u than it k Broadcast preparation message:
wherein k =1, 2., n and k ≠ j,
marking for preparing messages;
(7b4) Other local users u j Checking whether 2f preparation messages with the heights h and the abstracts d corresponding to one are received, if so, executing a step (7 b 5), otherwise, executing a step (7 b 10);
(7b5) Other local users u j To local user u i Sending a Pre-commit message
Wherein
Marking a pre-submission message;
(7b6) Local user u i Checking whether 2f +1 pre-submission messages are received, if so, executing the step (7 b 7), otherwise, executing the step (7 b 10);
(7b7) Local user u i To other local users u j Broadcasting a submit message
Wherein
Marking for a submitted message;
(7b8) Other local users u j Checking whether a submission message is received, if so, judging the local user u i And other local users u j The consensus is successful; otherwise, the local user u is judged i And other local users u j Failure of consensus;
(7c) Other local users u j Judging whether the consensus is successful according to the consensus result, if so, executing the step (7 d), otherwise, judging that the number of malicious local users in the system exceeds the range of the Byzantine fault-tolerant algorithm, failing to achieve the system consistency consensus, ending the process and exiting the system;
(7d) Other local users u j Block B j Placing on a block chain;
8) Neighboring local user u A A local user u i Transmitted local update model
As an updated local model;
9) Local user u i Judging whether the updated local model is converged, if so, directly executing the step 10), otherwise, using the updated local model as the local model, and returning to execute the step 4);
10 Finish training.
2. The method of claim 1, wherein: the validity check in the step (7 a) comprises the following steps:
(7 a 1-1) other local users u j Obtaining the local user u by using the credit contrast relation and the credit contrast formula i Difficulty value of
(7 a 1-2) other local users u j Judging whether the following conditions are met simultaneously:
case 1: signing message M i Is out of u j Message aggregation
And sign message M i Signature σ of i Can be covered by j Message aggregation
The nextPubKey of the middle and tail end messages is successfully verified;
case 2: signing message M i Message serialized hash value of
The number of the hexadecimal character string starting from the left with the characters being 0 in succession is equal to the difficulty value
If yes, executing the step (7 a 1-4), otherwise, executing the step (7 a 1-3);
(7 a 1-3) other local users u j Discarding signed message M i Adjacent local user u A Discarding local update models
(7 a 1-4) other local users u j Will sign message M i Is stored to u j Message aggregation
3. The method of claim 1, wherein: updating the user reputation comparison in step (7 a), specifically for the reputation value R ij The following updates are made:
(7 a 2-1) local user u i Counting the received other local users u within x times of training model and generating message sum time j Signed message M of j Number N of j Wherein x is more than 1 and less than 2;
(7 a 2-2) local user u i To number N j The following judgment is made:
a) If N is present j If greater than 1, the reputation value R is set ij Updating to 0;
b) If N is present j Equal to 0, the reputation value R ij Updated to y × R ij ,0<y<1;
c) If N is present j Equal to 1, then the local user u i Will value R ij Is updated to
Wherein min is the minimum operation, and t is the training round.
4. The method of claim 1, wherein: generating the block B as described in step (7B) j The process is as follows:
(7b1)u j obtaining the tail end block of the block chain, adding 1 to the number as block B j The block-serialized hash value of the index of (1) is used as a block B j The precursor hash prevHash of (1);
(7b2) Calculating the number index, the predecessor hash prevHash and u j Message aggregation
As the hash value of (a), as a block B j Block serialized hash value of
I.e. the hash part of the block;
(7b3)u j generating a Block B j :
<index,prevHash,messages,hash>,
Wherein, messages represents u j Message collection of
All signature messages stored therein;
(7b4)u j clearing collections
The signed message in (1) enters the message storage of the next block.
5. The method of claim 1, wherein: the fixed number in step (7 b) is at least 50, and is specifically set as required.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210369653.1A CN114826699B (en) | 2022-04-08 | 2022-04-08 | Byzantine attack resisting method in decentralized federal learning based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210369653.1A CN114826699B (en) | 2022-04-08 | 2022-04-08 | Byzantine attack resisting method in decentralized federal learning based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114826699A CN114826699A (en) | 2022-07-29 |
| CN114826699B true CN114826699B (en) | 2022-12-06 |
Family
ID=82534736
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210369653.1A Active CN114826699B (en) | 2022-04-08 | 2022-04-08 | Byzantine attack resisting method in decentralized federal learning based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114826699B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117094420B (en) * | 2023-10-20 | 2024-02-06 | 浙江大学 | Model training method, device, power prediction method, equipment and medium |
| CN118214564B (en) * | 2024-05-17 | 2024-07-23 | 北京航空航天大学 | Asymptotic consensus method capable of coping with Bayesian attack and related products |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110493198A (en) * | 2019-07-26 | 2019-11-22 | 北京工业大学 | A method of it is attacked based on Sybil in PBFT algorithm defence block chain is improved |
| CN112100659A (en) * | 2020-09-14 | 2020-12-18 | 电子科技大学 | Block chain federal learning system and Byzantine attack detection method |
| CN113794675A (en) * | 2021-07-14 | 2021-12-14 | 中国人民解放军战略支援部队信息工程大学 | Distributed Internet of things intrusion detection method and system based on block chain and federal learning |
-
2022
- 2022-04-08 CN CN202210369653.1A patent/CN114826699B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110493198A (en) * | 2019-07-26 | 2019-11-22 | 北京工业大学 | A method of it is attacked based on Sybil in PBFT algorithm defence block chain is improved |
| CN112100659A (en) * | 2020-09-14 | 2020-12-18 | 电子科技大学 | Block chain federal learning system and Byzantine attack detection method |
| CN113794675A (en) * | 2021-07-14 | 2021-12-14 | 中国人民解放军战略支援部队信息工程大学 | Distributed Internet of things intrusion detection method and system based on block chain and federal learning |
Non-Patent Citations (2)
| Title |
|---|
| 《LEGATO:A LayerwisE Gradient AggregaTiOn Algorithm for Mitigating Byzantine Attacks in Federated Learing》;VArma;《IEEE》;20220203;全文 * |
| 《基于区块链的拜占庭容错分布式机器学习算法研究》;梁伦;《中国硕士学位论文全文库》;20210525;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114826699A (en) | 2022-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109447795B (en) | Byzantine consensus method supporting rapid achievement of final confirmation | |
| US20210099294A1 (en) | Systems and methods for pipelining processes of selecting and utilizing a committee of validator nodes in a distributed system | |
| CN108667614B (en) | Byzantine fault-tolerant method and implementation system thereof | |
| CN114826699B (en) | Byzantine attack resisting method in decentralized federal learning based on block chain | |
| CN111131209B (en) | Improved efficient consensus method, system, computer device and storage medium | |
| CN109685505B (en) | Byzantine fault-tolerant consensus optimization method based on association ring signature | |
| CN115378604B (en) | Identity authentication method of edge computing terminal equipment based on reputation value mechanism | |
| CN109949034A (en) | Block chain common recognition method based on Credibility Assessment | |
| CN113141414B (en) | Grouped multi-chain asynchronous consensus method for block chain nodes in CNFS protocol | |
| CN112651830B (en) | Block chain consensus method applied to power resource sharing network | |
| CN110445795B (en) | Block chain authentication uniqueness confirmation method | |
| Liang et al. | Seer: A secure and efficient service review system for service-oriented mobile social networks | |
| KR20200081533A (en) | Blockchain Consensus Method based Improved Dynamic Blind Voting for Internet of Things Environment | |
| CN113422805B (en) | Fragment consensus method based on verifiable random function | |
| Xu et al. | TJET: Ternary join-exit-tree based dynamic key management for vehicle platooning | |
| CN111798234B (en) | Lightweight block chain system and construction method | |
| CN114745140B (en) | Urban planning field block chain consensus verification method and system based on aggregation encryption | |
| CN112039837B (en) | Electronic evidence preservation method based on block chain and secret sharing | |
| CN116017509A (en) | Task unmanned plane network-oriented lightweight asynchronous provable consensus method and application | |
| CN114615281B (en) | Block chaining and block outputting method based on small-scale committee and PoS protocol confirmation method | |
| CN115174570A (en) | Cross-chain consensus method and system based on dynamic committee | |
| CN111970370B (en) | Communication equipment system-oriented multilayer block chain protocol expansion system and method | |
| CN109274674B (en) | Block chain heterogeneous consensus method with high security and terminal | |
| Selvakumar et al. | Secure group key management protocol for mobile ad hoc networks | |
| CN115883578A (en) | 5G power network node trust management method based on block chain technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |