Biscotti: A Ledger for Private and Secure Peer-to-Peer Machine Learning

TL;DR

Biscotti introduces a decentralized peer-to-peer framework for secure, privacy-preserving multi-party machine learning using blockchain and cryptography, effectively resisting poisoning attacks and eliminating reliance on trusted central servers.

Contribution

It presents Biscotti, a novel decentralized P2P system that enhances security and privacy in multi-party ML without centralized coordination.

Findings

Scalable and fault-tolerant design demonstrated.

Effective defense against poisoning attacks with 30% adversaries.

Preserves client privacy and model performance at scale.

Abstract

Federated Learning is the current state of the art in supporting secure multi-party machine learning (ML): data is maintained on the owner's device and the updates to the model are aggregated through a secure protocol. However, this process assumes a trusted centralized infrastructure for coordination, and clients must trust that the central service does not use the byproducts of client data. In addition to this, a group of malicious clients could also harm the performance of the model by carrying out a poisoning attack. As a response, we propose Biscotti: a fully decentralized peer to peer (P2P) approach to multi-party ML, which uses blockchain and cryptographic primitives to coordinate a privacy-preserving ML process between peering clients. Our evaluation demonstrates that Biscotti is scalable, fault tolerant, and defends against known attacks. For example, Biscotti is able to protect the privacy of an individual client's update and the performance of the global model at scale when 30% of adversaries are trying to poison the model. The implementation can be found at: https://github.com/DistributedML/Biscotti