Voltran: Unlocking Trust and Confidentiality in Decentralized Federated Learning Aggregation

TL;DR

Voltran addresses the vulnerability of centralized aggregation in Federated Learning by integrating TEEs (Intel SGX) with blockchain for secure, verifiable off-chain aggregation and on-chain audit. It introduces a three-layer Voltran architecture, a committee-driven scheduling mechanism, and a multi-SGX parallel execution strategy to handle large FL workloads while preserving confidentiality through RA-facilitated session keys and encryption. Formal security properties (authenticity, confidentiality, correctness) are defined and proven under standard cryptographic assumptions, and a Voltran-Fabric prototype demonstrates substantial speedups over ciphertext-based schemes with minimal impact on model performance. The work has practical significance for deploying privacy-preserving, decentralized FL at scale, balancing security, throughput, and decentralization in real-world blockchain environments.

Abstract

The decentralized Federated Learning (FL) paradigm built upon blockchain architectures leverages distributed node clusters to replace the single server for executing FL model aggregation. This paradigm tackles the vulnerability of the centralized malicious server in vanilla FL and inherits the trustfulness and robustness offered by blockchain. However, existing blockchain-enabled schemes face challenges related to inadequate confidentiality on models and limited computational resources of blockchains to perform large-scale FL computations. In this paper, we present Voltran, an innovative hybrid platform designed to achieve trust, confidentiality, and robustness for FL based on the combination of the Trusted Execution Environment (TEE) and blockchain technology. We offload the FL aggregation computation into TEE to provide an isolated, trusted and customizable off-chain execution, and then guarantee the authenticity and verifiability of aggregation results on the blockchain. Moreover, we provide strong scalability on multiple FL scenarios by introducing a multi-SGX parallel execution strategy to amortize the large-scale FL workload. We implement a prototype of Voltran and conduct a comprehensive performance evaluation. Extensive experimental results demonstrate that Voltran incurs minimal additional overhead while guaranteeing trust, confidentiality, and authenticity, and it significantly brings a significant speed-up compared to state-of-the-art ciphertext aggregation schemes.

Figures (19)

• Figure 1: System workflow of Voltran.
• Figure 2: Architecture of Voltran. Voltran is designed and modularized in three layers. Each module can be implemented according to the requirements of different tasks.
• Figure 3: The data transmission mechanism depicted in a secret key flow in our system.
• Figure 4: Spilt by clients. This strategy contains metadata from most different clients into one single SGX. In this figure's case, assuming one SGX can contain four metadata, the strategy puts metadata of $w_1$ from $c_1$ to $c_4$ into SGX 1. SGXs carrying data from $w_1$ are divided into a partition to compute and generate $g_{w_1}$ of the global model.
• Figure 5: Protocol of Voltran for the Task Owner.