Proof of Reasoning for Privacy Enhanced Federated Blockchain Learning at the Edge

Consensus mechanisms are the core of any blockchain system. However, the majority of these mechanisms do not target federated learning directly nor do they aid in the aggregation step. This paper introduces Proof of Reasoning (PoR), a novel consensus mechanism specifically designed for federated learning using blockchain, aimed at preserving data privacy, defending against malicious attacks, and enhancing the validation of participating networks. Unlike generic blockchain consensus mechanisms commonly found in the literature, PoR integrates three distinct processes tailored for federated learning. Firstly, a masked autoencoder (MAE) is trained to generate an encoder that functions as a feature map and obfuscates input data, rendering it resistant to human reconstruction and model inversion attacks. Secondly, a downstream classifier is trained at the edge, receiving input from the trained encoder. The downstream network's weights, a single encoded datapoint, the network's output and the ground truth are then added to a block for federated aggregation. Lastly, this data facilitates the aggregation of all participating networks, enabling more complex and verifiable aggregation methods than previously possible. This three-stage process results in more robust networks with significantly reduced computational complexity, maintaining high accuracy by training only the downstream classifier at the edge. PoR scales to large IoT networks with low latency and storage growth, and adapts to evolving data, regulations, and network conditions.

Key Contributions

Proof of Reasoning (PoR): a novel blockchain consensus mechanism purpose-built for federated learning aggregation and validation
MAE-based encoder that obfuscates local training data to resist model inversion attacks while preserving downstream task utility
Scalable three-stage pipeline for edge IoT networks with low latency and reduced computational complexity by training only the downstream classifier locally

🛡️ Threat Analysis

Data Poisoning Attack

The paper explicitly targets defense against 'malicious attacks' in a federated learning context; the blockchain-based PoR consensus mechanism provides verifiable aggregation to detect/reject malicious participant updates, addressing Byzantine/poisoning threats.

Model Inversion Attack

A masked autoencoder (MAE) encoder is explicitly trained to obfuscate input data, making it 'resistant to human reconstruction and model inversion attacks' — a direct defense against model inversion in the federated learning setting.