Biscotti: A Ledger for Private and Secure Peer-to-Peer Machine Learning
This addresses security and privacy issues in multi-party machine learning for decentralized applications, representing a novel paradigm shift rather than an incremental improvement.
The authors tackled the problem of centralized trust and poisoning attacks in federated learning by proposing Biscotti, a fully decentralized peer-to-peer approach using blockchain and cryptographic primitives, which demonstrated scalability, fault tolerance, and defense against attacks, such as protecting privacy and model performance with 30% adversaries.
Federated Learning is the current state of the art in supporting secure multi-party machine learning (ML): data is maintained on the owner's device and the updates to the model are aggregated through a secure protocol. However, this process assumes a trusted centralized infrastructure for coordination, and clients must trust that the central service does not use the byproducts of client data. In addition to this, a group of malicious clients could also harm the performance of the model by carrying out a poisoning attack. As a response, we propose Biscotti: a fully decentralized peer to peer (P2P) approach to multi-party ML, which uses blockchain and cryptographic primitives to coordinate a privacy-preserving ML process between peering clients. Our evaluation demonstrates that Biscotti is scalable, fault tolerant, and defends against known attacks. For example, Biscotti is able to protect the privacy of an individual client's update and the performance of the global model at scale when 30% of adversaries are trying to poison the model. The implementation can be found at: https://github.com/DistributedML/Biscotti