A Decentralized Federated Learning Using Reputation*

Olive Chakraborty

and Aymen Boudguiga

CEA LIST, France

Keywords:

Decentralized Federated Learning, Reputation, Secret-Sharing, Fully Homomorphic Encryption,

Zero-Knowledge Proofs, Secure Shufﬂing.

Abstract:

Nowadays Federated learning (FL) is established as one of the best techniques for collaborative machine

learning. It allows a set of clients to train a common model without disclosing their sensitive and private

dataset to a coordination server. The latter is in charge of the model aggregation. However, FL faces some

problems, regarding the security of updates, integrity of computation and the availability of a server.

In this paper, we combine some new ideas like clients’ reputation with techniques like secure aggregation using

Homomorphic Encryption and veriﬁable secret sharing using Multi-Party Computation techniques to design a

decentralized FL system that addresses the issues of incentives, security and availability amongst others. One

of the original contributions of this work is the new leader election protocol which uses a secure shufﬂing and

is based on a proof of reputation. Indeed, we propose to select an aggregator among the clients participating to

the FL training using their reputations. That is, we estimate the reputation of each client at every FL iteration

and then we select the next round aggregator from the set of clients with the best reputations. As such, we

remove misbehaving clients (e.g., byzantines) from the list of clients eligible for the role of aggregation server.

1 INTRODUCTION

Federated Learning (FL, (McMahan et al., 2017)) is

a machine learning training technique where multiple

clients collaborate with a server to train a common

model. Each client computes a local model update

based on its training data and shares it with the server.

The server, in turn, aggregates these local updates to

generate a global model update.

FL allows clients to contribute to training with-

out revealing their private data, providing a degree

of privacy. However, these updates can still dis-

close information about the client’s data (Bhowmick

et al., 2018). FL addresses this issue by employing

Secure Aggregation (Bonawitz et al., 2017), which

utilizes techniques such as Multi-party computation

(MPC) (Evans et al., 2018), Homomorphic Encryp-

tion (S

ebert et al., 2021), and Differential privacy

(Dwork et al., 2014). FL generally assumes that par-

ticipating clients and servers fulﬁll their roles reliably

and honestly, though this is often not the case in real-

world scenarios (Bhagoji et al., 2019; Fang et al.,

2020). Clients deviating from expected behavior are

termed Byzantine, and various resilient aggregation

https://orcid.org/0000-0003-0396-908X

https://orcid.org/0000-0001-6717-8848

∗

This work is submitted as a position paper as it is still

in progress.

techniques have been proposed, including (Blanchard

et al., 2017; Yin et al., 2018).

However, FL’s privacy-preserving and Byzantine-

resilient nature is insufﬁcient on its own. Two com-

monly overlooked issues are the availability and live-

liness of an aggregator

. A single aggregator intro-

duces a single point of failure in an FL system, mak-

ing it susceptible to Denial-of-Service (DoS) attacks

by malicious clients in a centralized setting. Addi-

tionally, there may be scenarios where a trusted third-

party server is unachievable. Decentralized federated

learning models address these issues by using the re-

sources of participating clients as aggregators while

relying on mutual trust. The second issue is the lack

of veriﬁability of computations in the presence of

Byzantine clients and aggregators.

In this work, we propose a theoretical construction

of a decentralized peer-to-peer federated learning al-

gorithm that ensures secure Byzantine resilience, se-

cure aggregation, and veriﬁability. We introduce the

concept of reputation and utilize it to elect aggrega-

tors in various rounds of FL training. In the state-of-

the-art, there exists few works (Rehman et al., 2020;

Moudoud et al., 2021) which have started to use the

concept of incentives but all of them utilize an exist-

ing blockchain architecture. Our work is based on the

In this article, we use server, leader, and aggregator

interchangeably.

Chakraborty, O. and Boudguiga, A.

A Decentralized Federated Learning Using Reputation.

DOI: 10.5220/0012428300003648

Paper published under CC license (CC BY-NC-ND 4.0)

In Proceedings of the 10th International Conference on Information Systems Security and Privacy (ICISSP 2024), pages 799-806

ISBN: 978-989-758-683-5; ISSN: 2184-4356

799

use of cryptographic tools that can work efﬁciently

on any system without the need of computationally

expensive systems like blockchains.

The remainder of the paper is organized as fol-

lows: Section 2 describes the addressed problem and

provides the required background for our construc-

tion, presenting the different cryptography building

blocks we will use. Section 3 outlines our construc-

tion of a decentralized federated learning algorithm.

Finally, Section 4 concludes the paper and provides

perspectives.

2 BACKGROUND AND

SOLUTION OVERVIEW

2.1 Peer-2-Peer Building Blocks

2.1.1 Leader Election in Peer-2-Peer Network

In this work, we consider a mesh network topology,

where every client communicates with the others. In

such a network, usually, one client acts as an aggre-

gator. One method to select such a client is leader

election. From a group of registered users participat-

ing in the election, the leader election chooses exactly

one leader. In this work, we utilize the method of se-

cure shufﬂing for leader election in a fair and unique

manner. The method is similar to (Boneh et al., 2020),

however we don’t utilize the same framework.

2.1.2 Reputation

In certain scenarios, a Byzantine user may engage

in malicious activities, attempting to manipulate the

aggregation process in Federated Learning (FL) by

providing inaccurate updates or improperly aggregat-

ing updates. Consequently, it becomes essential to

prevent certain users in the network from participat-

ing in the training or leader election. To address

this concern, various solutions, such as those based

on Proof-of-Work (Jakobsson and Juels, 1999) and

Proof-of-Stake (Shayan et al., 2020), have been pro-

posed. However, when malicious users hold substan-

tial stakes, they could potentially become leaders and

act maliciously. Drawing inspiration from such sce-

narios, this work introduces the concept of reputation.

The trustworthiness of a client, as perceived by other

clients, is generally known as reputation. It serves as

a reliable indicator of a client’s future behavior within

a network of interacting nodes. A positive reputation

tends to correlate with expected good behavior, while

a negative reputation correlates with anticipated mis-

conduct. Reputation is determined based on a client’s

actions during a speciﬁc interaction, which can be ei-

ther positive or negative. We utilize this reputation

metric as an input to identify the leader among the

parties with the highest reputation.

2.2 Cryptographic Building Blocks

2.2.1 Homomorphic Encryption

Homomorphic encryption (HE) allows the evaluation

of arbitrary functions on encrypted data. It allows

performing operations on a ciphertext, whose decryp-

tion corresponds to algebraic operations on the plain-

text. An HE is characterized by mainly four opera-

tions: KeyGen,Enc,Dec and Eval. KeyGen generates

a secret and public key pair for the asymmetric vari-

ants and a symmetric key for the symmetric variants

of HE and an evaluation key. The Enc and Dec are

similar to their classical tasks in conventional encryp-

tion schemes. Eval is a HE-speciﬁc operations, which

takes ciphertexts as input and outputs a ciphertext cor-

responding to a functioned plaintext. The most im-

portant point in homomorphic encryption is that the

format of the ciphertexts after an evaluation process

must preserve the form a readable ciphertext in order

for it to be decrypted correctly. In the state-of-the-art,

HE can be broadly classiﬁed into Partially HE (PHE),

Somewhat SHE (SHE) and Fully HE (FHE). PHE

(Rivest et al., 1978; ElGamal, 1985; Paillier, 1999)

supports the Eval function for only either addition or

multiplication, while SHE (Boneh et al., 2005; Sander

et al., 1999; Ishai and Paskin, 2007) supports for

only limited number of operations or limited circuit.

FHE (Gentry, 2009; Brakerski and Vaikuntanathan,

2011; Fan and Vercauteren, 2012; Brakerski et al.,

2014; Chillotti et al., 2016a; Cheon et al., 2017) sup-

ports evaluation of any arbitrary function for unlim-

ited number of times over ciphertexts. In this work

we use the TFHE (Chillotti et al., 2016a) cryptosys-

tem on the aggregator side.

2.2.2 Shamir Secret Sharing

Adi Shamir in (Shamir, 1979) proposed an idea of

sharing a secret s amongst n parties such that the com-

plete secret can be reconstructed from any combina-

tion of t ≤ n shares and any t −1 or less shares reveals

no information about the secret s. This t is called the

threshold of the secret sharing scheme. The scheme

is deﬁned over a ﬁnite ﬁeld F and has two algorithms:

• {(i,s

)}

i∈P

←− Share (s, P,t). For a secret s ∈ F, a

set of n unique ﬁeld elements P ∈ F

and a thresh-

old t, this algorithm chooses a random polynomial

p ∈ F[X] such that p(0) = s and generates shares

ICISSP 2024 - 10th International Conference on Information Systems Security and Privacy

800

as (i, p(i)) i ∈ P.

• s ← Rec((i,s

)

i∈Q

). Given shares of a secret from

a subset Q ⊂ P,|Q| ≥ t, this algorithm reconstruct

the secret s.

To tolerate cases of user dropouts or message errors,

a more robust reconstruction technique is used in Se-

cret Sharing. One can leverage Reed-Solomon decod-

ing (Blahut, 1983) for robust construction of Shamir’s

Secret Shares (Roy Chowdhury et al., 2022).

• s ← RobustRec((i,s

)

i∈Q

). The previous scheme

results in a [n,t, n−t +1] Reed-Solomon code that

can tolerate up to q errors and e message dropouts

such that 2q + e < n − t + 1. Given any subset

of n − e shares, with upto q errors, any standard

Reed Solomon decoding algorithm can robustly

reconstruct s.

For achieving a Veriﬁable Secret Sharing (VSS) from

Shamir’s secret sharing scheme, one can use of the

Feldman’s technique (Feldman, 1987). For a share

of a secret, a party must be able to check its valid-

ity. If the share is valid, there exists a unique secret

which will be the output of the reconstruction algo-

rithm when run on any t distinct valid shares. More

formally, we have:

• 1/0 ← Verify((i,v),Ψ). For an input of a share

and a check string Ψ

such that:

∀ V ⊂ F × F. where |V | = t,∃s ∈ F s.t

(∀(i,v) ∈ V,Verify((i,v),Ψ) = 1)

=⇒ Rec(V ) = s.

The check string are the commitments to the coefﬁ-

cients given by:

= g

,i ∈ {0,... ,t − 1},

where g denotes a generator of F. All arithmetic is

taken modulo q such that:

(p|q − 1)

where p is the prime of F. For verifying a share ( j,s

a party needs to check whether g

∏

t−1

i=0

. The

privacy of the secret s = c

is implied by the the in-

tractability of computing discrete logarithms.

2.2.3 Dynamic Threshold Homomorphic

Encryption

A threshold fully homomorphic cryptosystem brings

together three main algorithms: a distributed key gen-

eration protocol, an FHE scheme, and a threshold de-

cryption protocol. A threshold decryption protocol

makes use of a secret sharing scheme, such as Shamir

Secret Sharing (Shamir, 1979) for a distributed de-

cryption such that t out of n parties (t ≤ n ∈ Z

)

can decrypt the secret, however, no combination of

t − 1 parties can get any information about the secret.

Threshold HE can be either static or dynamic. In this

work, we consider the case of a dynamic threshold

system, where a new user can join the training pro-

cess without the need to regenerate the keys for all

existing parties along with the new party.

2.2.4 Zero-Knowledge Proofs, Secret-Shared

Non Interactive Proofs and Commitments

Non-interactive zero-knowledge (NIZK) proofs are

cryptographic primitives that allow a prover P , to

convince a veriﬁer V that a statement is true us-

ing a single message (the proof) without the veriﬁer

learning anything more. NIZKs are particularly use-

ful as a single proof can be re-utilized to convince

multiple veriﬁers. A secret-shared non-interactive

proof (SNIP) (Corrigan-Gibbs and Boneh, 2017) is an

information-theoretic zero-knowledge proof (ZKP)

system for distributed data. When a secret data is

distributed amongst multiple parties, receivers act as

veriﬁers, verifying the validity of their shares. SNIP,

relies speciﬁcally on a additive secret sharing scheme

over a ﬁnite ﬁeld. A commitment is a cryptographic

primitive that allows a user to publish a value, com-

mitment, which binds the user to its message with-

out revealing it. Any commitment scheme satis-

ﬁes the properties of correctness, binding and hiding.

Commitments have been used quite a lot as a part

of veriﬁable secret sharing, secure MPCs and ZKPs

(Damg

ard and Nielsen, 2008).

2.2.5 Secure Shufﬂing

The leader election process employs a consensus pro-

tocol to securely and provably select a leader in a ran-

dom manner, gaining the consensus of participating

clients. The deﬁnition of the single secret leader elec-

tion SSLE protocol was formalized by (Boneh et al.,

2020), where the leader’s identity remains unknown

to clients except for the leader themselves. Boneh

et al., proposed an intriguing idea in this article by

introducing the use of shufﬂing, a well-known tech-

nique for randomly selecting members from a list,

commonly applied in tasks like choosing a leader or a

group of validators in blockchains.

However, our work necessitates a lightweight and

non-secret leader election process. In this endeavor,

we adopt a secure and lightweight ‘swap-or-not’ shuf-

ﬂing technique (Hoang et al., 2012), notably forming

the foundation of the oblivious shufﬂing-based secure

single leader election protocol utilized in Ethereum

A Decentralized Federated Learning Using Reputation

801

Figure 1: An illustration of the scheme : Secure Privacy

Preserving aggregation provides privacy, Veriﬁable Secret

Sharing provides veriﬁability and data3 integrity, while our

Leader election protocol ensures availability.

2.0 (Asn et al., 2022; Sanso, 2022). This shuf-

ﬂing technique is a modiﬁed version of (Boneh et al.,

2020)’s proposal. It employs deterministic functions

to generate pseudo-random outputs from inputs, en-

suring veriﬁability by any client when required. The

function takes two inputs: a random value seed, and

the size of the list to be shufﬂed. In the subsequent

sections, we denote this shufﬂing process using the

function SECURESHUFFLE(seed,size).

2.2.6 Public-Key Infrastructure and Public

Bulletin

In this work we require the presence of a public-key

infrastructure PKI that allows clients to register their

identities, and sign messages which other clients can

verify, but cannot impersonate them. This prevents

the aggregator from simulating an arbitrary number

of clients. One can assume that a public bulletin B is

available to every client. Every client can read/write

access to B which will be used as a medium for broad-

casting information (Bonawitz et al., 2017). The bul-

letin contains information about each round of the

training along with the public keys of all the partic-

ipating clients. The details on the content of B are

given in the subsequent sections.

3 OUR PROPOSAL

In this section we present a peer-2-peer decentralized

federated learning model, which combines secure ag-

gregation, veriﬁability and a new leader election pro-

cess (see Figure 1). Figure 2 shows an high-level

overview of the proposal. We assume that participat-

ing clients have enough computational capabilities.

We also assume that the proposed protocol works un-

der the Common Reference String (CRS) model.

3.1 Threat Model

We consider a threat model where we can have:

Figure 2: High-level view of our protocol. Red parts are

required to guarantee of robustness and veriﬁabilty.

• Malicious Clients: We consider a set of m ma-

licious client, C

. These malicious clients can

deviate from the protocol, arbitrarily by either 1)

sending malformed inputs, 2) sending inputs with

the intention of leading the aggregation further

away from the actual convergence, 3) by, violat-

ing the privacy of an honest client, by colluding

with other clients or the aggregator.

• Malicious Aggregator: We consider that the ag-

gregator can deviate from the protocol arbitrar-

ily by either 1) providing incorrect aggregation

results acting independently or via collusion, 2)

aiming at recovering individual updates of an hon-

est client.

3.2 Setup

Let T = {C

,...,C

} be a set of n clients. In the setup

phase, all parties are initialized with system parame-

ters, including the security parameter λ, the number of

clients n, the threshold parameter t (representing the

maximum number of potentially malicious clients),

and a ﬁeld F where |F| ≥ 2

. A standard PKI is em-

ployed for clients to register on B with speciﬁc user

IDs. For simplicity, we assume that each client C

assigned a user ID i ∈ Z

. In each round j of the

training process, each client C

maintains a local up-

date w

i, j

∈ F

. All clients have read and write access

to B through authenticated channels.

Prior to the ﬁrst round, under the CRS model,

each client C

has access to the public parameter A

and independently generates the key pair (s

,pk

)

←−

FHE.KeyGen(), where pk

= As

+ e

, for some e

←−

D, where D is some error distribution (Fan and Ver-

cauteren, 2012). Clients then update their public keys

and user IDs on the bulletin B. Additionally, each

client uploads a random value r

∈ Z. Once all pub-

lic keys have been broadcasted on B, each client can

construct the the global public key as pk

∑

This public key is used by each client to send their en-

ICISSP 2024 - 10th International Conference on Information Systems Security and Privacy

802

crypted weights. This one-time communication over-

head does not need to be repeated when a new client

joins the training. Upon a new client joining, she in-

dependently creates her public key and uploads it to

Additionally, on the public bulletin B, a reputa-

tion vector R ∈ Z

is maintained. This vector tracks

the reputation values of each participating client to

the FL training. Initially set to 1 during setup, this

vector is appended with the reputation of each new

user upon registration, i.e., 1. Finally, each client also

maintains a list, C

∗

, of identiﬁed malicious clients.

Leader Selection. Along with computing the

collective public key pk

, a leader is also selected.

Using the random values r

∈ Z uploaded during

registration, every client computes a common random

seed value r

beg

∑

. Each client then calls the

function SECURESHUFFLE(r

beg

,1,n) to receive the

index of the leader for the ﬁrst round.

Note 1. For ensuring the availability of a

leader/aggregator, after the selection of a leader, the

clients wait for a certain time threshold, after which

the leader election process is repeated.

3.3 Send Secure Updates

The aggregation of d-dimension gradients from n

clients requires a communication complexity of O(d)

in terms of communication trafﬁcs, which generally

limits the system scalability. Gradient sparsiﬁcation

(Ergun et al., 2021) is a promising technique for dis-

tributed stochastic gradient, which can signiﬁcantly

reduce the communication trafﬁc while preserving the

model convergence. In gradient sparsiﬁcation, a com-

pressor Comp

is applied on each update to locally

select k, k ≤ d, gradients for aggregation and Comp

∈ {Top-k, Rand-k} (Ergun et al., 2021). Comp

ze-

ros out (d − k) elements of the update and keeps k

elements unchanged. For every round j, each partic-

ipating client encrypts their sparsiﬁed local updates

i, j

= Comp

i, j

) using pk

. Each client C

up-

loads the encrypted weight, Enc(w

i, j

,pk

) on B.

Since the public key has been constructed in a thresh-

old manner, the leader is unable to learn anything

about the local updates sent from the other clients.

The client also uploads a commitment χ

i, j

to the

weight w

i, j

. This can be later utilized if a malicious

client tries to deny sending a malformed or ‘mali-

cious’ input. In order to prove that the encrypted value

is a well-formed input, the client also sends a SNIP

i, j

. For the rest of the document, we shall denote

any encrypted entity as [·].

3.4 Perform Secure Aggregation and

Update Reputation

Before initiating the aggregation, the leader awaits a

time threshold to receive the updates [wi, j]pk

. Uti-

lizing the proofs π

i, j

, the leader conducts a valid-

ity check on the encrypted inputs. Updates failing

the validity check are rejected, and the correspond-

ing clients are marked as malicious, and are added

to C

∗

. In this study, we opt for SABLE, (Choffrut

et al., 2023), a novel Byzantine-resilient secure ag-

gregation method. SABLE efﬁciently implements the

coordinate-wise Trimmed mean over the encrypted

domain using Homomorphic Encryption and can tol-

erate up to t-out-of-n Byzantines. While our selec-

tion of this secure aggregation method is speciﬁc to

this paper, any other privacy-preserving aggregation

method capable of handling Byzantine clients and ag-

gregators in the encrypted domain can be employed.

It is crucial to note that the choice of the aggre-

gation method impacts both the accuracy and efﬁ-

ciency of the overall scheme. Additionally, the cho-

sen leader may still be in the process of complet-

ing their own training. In such cases, clients await

a time counter time

limit

for the leader to return the

aggregated weight. If there’s no response, the leader

is added to the malicious clients’ list C

∗

, prompting

clients to restart the leader selection process by up-

loading new random values r

s to B.

3.4.1 Compute Reputation

As already stated earlier, each participating user in

the scheme is associated with a reputation, that is up-

dated at the end of each round. In each round the

leader computes the reputation change of each client

based on their round performance. The reputation up-

date is based on the distance of the individual weights

i, j

] from the aggregated weight [w

agg

]. To compute

this, we make use of the Homomorphic encryption.

In particular we use functional bootstrapping (Clet

et al., 2022) over TFHE (Chillotti et al., 2016b). The

ﬁrst step is to compute the distance between the two

weights homomorphically : [d

] = ||[w

agg

] − [w

i, j

]||

and this is mapped onto the top half of the T = R /Z.

T is the additive group of real numbers modulo 1 (R

mod [1]) and it is a Z module. Given a base b with

which we encode the reputation changes 1 and 2, such

that

∈ T and proceed to create the test vector as:

testv =

−1

∑

i=0

−1

∑

−

−1

∑

−

N−1

∑

For a random distance of d

∈ [0,

[, the outputs of the

bootstrapping algorithm (Algorithm 9, in (Chillotti

A Decentralized Federated Learning Using Reputation

803

et al., 2016b)) are:

Rep=











[

] if [d

] ∈ [0,1/8[

[

] if [d

] ∈ [1/8,1/4[

[

−1

] if [d

] ∈ [1/4,3/8[

[

−2

] if [d

] ∈ [3/8,1/2[

(1)

The leader performs this bootstrapping procedure and

decrypts the reputation update (scaled by a factor of

b) for each of the participating clients in the train-

ing. The clients that perform well, i.e., whose weights

are closer to the aggregated weights, are incentivized

with respect to their distance. While, the users whose

weights are further away, and hence more likely to

have performed maliciously are de-incentivized. The

leader then decrypts the reputation changes and up-

dates the global reputation vector R .

We introduce a concept of maximum reputation,

denoted as maxrep, beyond which a client’s reputa-

tion is reset to 1. This ensures fairness by providing

every client an equal opportunity to become a leader.

Additionally, the leader must also reset its reputation

to 1, preventing the current leader from immediate re-

election and promoting fairness in the leader selection

process. Both the reputation resets are performed by

the current leader.

Due to the lack of a trusted setup, to attest

to the honesty of the computation, the leader fur-

nishes a zero-knowledge proof using zk-SNARKS

(e.g., Aurora (Ben-Sasson et al., 2019)). While zk-

SNARKS are generally faster for both prover and ver-

iﬁer (Viand et al., 2023), in a decentralized setting

like this, achieving a trusted environment is challeng-

ing. Therefore, we choose to prioritize larger times

for creating proofs. If however, the generations of the

proofs are somehow done in a Trusted Execution En-

vironments (Damg

ard et al., 2008), zk-SNARKS can

be used guaranteeing faster executing times.

Any participating client engaged in the aggrega-

tion process can verify the authenticity of updates,

ensuring they were sent by the correct leader and that

no other malicious client attempted to upload faulty

updates. Furthermore, after each round, any client

can verify whether the previous leader accurately up-

dated their reputation and refrained from maliciously

attempting to become the leader again, thereby in-

ﬂuencing the aggregation process. In cases where

a leader maliciously attempts to decrease another

client’s reputation, the affected client can dispute this

action by making its weight public. Other clients can

then use this information to compute a bootstrapped

reputation update. If successful, all clients collec-

tively decide to abort the protocol, concluding that the

leader has acted maliciously. The misbehaving leader

is subsequently added to the malicious set C

∗

and is

prohibited from further participation in the protocol.

In situations where a leader colludes with another

client to increase its weight and to become the leader

in the subsequent round, the colluding client is still

obligated to perform an honest aggregation. Failure to

adhere to this results in the client being banned from

further participation.

3.4.2 Leader Election for Next Round

Before, sending the shares of the global update,

the leader must also elect the leader for the next

round. Firstly, the reputation vector needs to be

sorted to shortlist all the indices with the maximum

reputation. Recall that every client also sends a

random value r

i, j

∈ Z. The leader then computes

∑

i, j

and determines the leader for the next round

using SecureShuffle(

∑

i, j

,k), where k is the size

of the shortlist with the maximum reputation. The

leader also provides a SNIP π

ℓ, j

to attest to the

honesty of the shufﬂing for the j

round.

3.5 Send Updated Weight Using VSS

After the aggregation has been computed, the aggre-

gator now sends [w

agg

] for collaborative decryption.

The leader generates the secret shares of aggregated

weight {(1, u

),..., (n,u

),π}

←− Share(w

agg

,T ,t).

The π is a SNIP that proves the consistency of the

computation done by the leader. The leader C

ℓ

also

generates the proof Ψ

of validity of the share u

i.e. u

is indeed a share of [w

agg

]. This will allow

the receiving client to verify the validity of the their

corresponding share. Finally, it encrypts the updates’

shares and the proof’s shares (i,u

)||(Ψ

) for each

individual client C

using the public key pk

, signs

them with his signing key and publishes it on the

public bulletin B.

3.6 Distributed Decryption,

Reconstruction of Update &

Veriﬁcation

Once, the leader has uploaded the shares of the

new aggregate weights and the proofs on B, each

client downloads and computes the shares σ

= Dec(([i, u

],sk

). He also downloads the check

string Ψ

and veriﬁes the validity of the share using

SNIP. The clients must also validate the signatures of

the sender and veriﬁes if it has been sent by the cor-

rect leader. If not, then the sender whose signatures

ICISSP 2024 - 10th International Conference on Information Systems Security and Privacy

804

Table 1: Cost summary of the protocol.

Client Leader

computation O(n) O(mn

)

communication O(n + m) O(n

)

storage O(n + m) O(n + m)

matches that of the received share, must be added to

∗

. Also, since we have the presence of t malicious

clients, this allows any cohort of n − t clients to re-

construct the weight and instantiate a SNIP protocol.

If any of the shares are not valid, the client ﬂags the

leader and also adds the leader to the malicious list

∗

. If the share is valid, the client broadcasts its

share (i, σ

) to B. This is necessary for all the other

honest clients to recover the aggregated weight for

the new round. After downloading all the shares of

the other clients, σ

j̸=i

, C

ﬁnally performs a robust

reconstruction on its side to recover the aggregated

weight for the round as w

agg

= RobustRec(i,σ

Note 2. For the new round, it might happen that the

elected leader is still in the process of completing its

own training and therefore unavailable to complete

the secure aggregation. In such a case, the leader

election process might be appended to select a deputy

leader which takes up the job of the leader. This

would of course result in de-incentivizing the origi-

nally elected leader.

4 CONCLUSION AND

PERSPECTIVES

Modern practical FL models have introduced the need

of ensuring the privacy, integrity and availability of

model aggregators, with no single point of failure. In

this work, we provide a new theoretical construction

which addresses all of them. We use the secure byzan-

tine resilient model aggregation technique of SABLE,

which protects the system from byzantine attacks as

well providing privacy to private updates. We use

VSS as well as SNIPs which allows veriﬁable data in-

tegrity in secure aggregation. Also to the best of our

knowledge, this article provides the ﬁrst leader elec-

tion protocol which is based on reputation unlike the

state-of-the-art. We consider that the use of reputation

opens up a new avenue for future research. We also

provide an initial cost analysis of the scheme in Table

We remind that this is a theoretical work and it is still

in progress. As for future work, we aim to provide an

empirical evaluation of the FL scheme as well as an

implementation of this construction.

REFERENCES

Asn, B., Killari, B., and Genya-Z (2022). Whisk: A practi-

cal shufﬂe-based ssle protocol for ethereum.

Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N.,

Virza, M., and Ward, N. P. (2019). Aurora: Trans-

parent succinct arguments for r1cs. In EUROCRYPT

2019, pages 103–128. Springer.

Bhagoji, A. N., Chakraborty, S., Mittal, P., and Calo, S.

(2019). Analyzing federated learning through an ad-

versarial lens. In International Conference on Ma-

chine Learning, pages 634–643. PMLR.

Bhowmick, A., Duchi, J., Freudiger, J., Kapoor, G., and

Rogers, R. (2018). Protection against reconstruc-

tion and its applications in private federated learning.

arXiv preprint arXiv:1812.00984.

Blahut, R. E. (1983). Theory and practice of error control

codes. (No Title).

Blanchard, P., El Mhamdi, E. M., Guerraoui, R., and

Stainer, J. (2017). Machine learning with adversaries:

Byzantine tolerant gradient descent. Advances in neu-

ral information processing systems, 30.

Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A.,

McMahan, H. B., Patel, S., Ramage, D., Segal, A.,

and Seth, K. (2017). Practical secure aggregation for

privacy-preserving machine learning. In proceedings

of the 2017 ACM SIGSAC Conference on Computer

and Communications Security, pages 1175–1191.

Boneh, D., Eskandarian, S., Hanzlik, L., and Greco, N.

(2020). Single secret leader election. In Proceedings

of the 2nd ACM Conference on Advances in Financial

Technologies, pages 12–24.

Boneh, D., Goh, E.-J., and Nissim, K. (2005). Evaluating

2-dnf formulas on ciphertexts. In Theory of Cryptog-

raphy: Second Theory of Cryptography Conference,

TCC 2005, Cambridge, MA, USA, February 10-12,

2005. Proceedings 2, pages 325–341. Springer.

Brakerski, Z., Gentry, C., and Vaikuntanathan, V. (2014).

(leveled) fully homomorphic encryption without boot-

strapping. ACM Transactions on Computation Theory

(TOCT), 6(3):1–36.

Brakerski, Z. and Vaikuntanathan, V. (2011). Fully homo-

morphic encryption from ring-lwe and security for key

dependent messages. In Annual cryptology confer-

ence, pages 505–524. Springer.

Cheon, J. H., Kim, A., Kim, M., and Song, Y. (2017). Ho-

momorphic encryption for arithmetic of approximate

numbers. In Advances in Cryptology–ASIACRYPT

2017: 23rd International Conference on the Theory

and Applications of Cryptology and Information Se-

curity, Hong Kong, China, December 3-7, 2017, Pro-

ceedings, Part I 23, pages 409–437. Springer.

Chillotti, I., Gama, N., Georgieva, M., and Izabachene,

M. (2016a). Faster fully homomorphic encryption:

Bootstrapping in less than 0.1 seconds. In Advances

in Cryptology–ASIACRYPT 2016: 22nd International

Conference on the Theory and Application of Cryp-

tology and Information Security, Hanoi, Vietnam, De-

cember 4-8, 2016, Proceedings, Part I 22, pages 3–33.

Springer.

A Decentralized Federated Learning Using Reputation

805

Chillotti, I., Gama, N., Georgieva, M., and Izabach

ene, M.

(2016b). Faster fully homomorphic encryption: Boot-

strapping in less than 0.1 seconds. In ASIACRYPT

2016, pages 3–33. Springer Berlin Heidelberg.

Choffrut, A., Guerraoui, R., Pinot, R., Sirdey, R., Stephan,

J., and Zuber, M. (2023). Practical homomor-

phic aggregation for byzantine ml. arXiv preprint

arXiv:2309.05395.

Clet, P.-E., Zuber, M., Boudguiga, A., Sirdey, R., and Gouy-

Pailler, C. (2022). Putting up the swiss army knife

of homomorphic calculations by means of tfhe func-

tional bootstrapping. Cryptology ePrint Archive.

Corrigan-Gibbs, H. and Boneh, D. (2017). Prio: Private, ro-

bust, and scalable computation of aggregate statistics.

In 14th USENIX symposium on networked systems de-

sign and implementation (NSDI 17), pages 259–282.

Damg

ard, I. and Nielsen, J. (2008). Commitment schemes

and zero-knowledge protocols (2007). In LNCS’08:

Lecture Notes in Computer Science.

Damg

ard, I., Nielsen, J. B., and Wichs, D. (2008). Isolated

proofs of knowledge and isolated zero knowledge. In

Advances in Cryptology–EUROCRYPT 2008: 27th

Annual International Conference on the Theory and

Applications of Cryptographic Techniques, Istanbul,

Turkey, April 13-17, 2008. Proceedings 27, pages

509–526. Springer.

Dwork, C., Roth, A., et al. (2014). The algorithmic founda-

tions of differential privacy. Foundations and Trends®

in Theoretical Computer Science, 9(3–4):211–407.

ElGamal, T. (1985). A public key cryptosystem and a signa-

ture scheme based on discrete logarithms. IEEE trans-

actions on information theory, 31(4):469–472.

Ergun, I., Sami, H. U., and Guler, B. (2021). Sparsiﬁed

secure aggregation for privacy-preserving federated

learning. arXiv preprint arXiv:2112.12872.

Evans, D., Kolesnikov, V., Rosulek, M., et al. (2018). A

pragmatic introduction to secure multi-party compu-

tation. Foundations and Trends® in Privacy and Se-

curity, 2(2-3):70–246.

Fan, J. and Vercauteren, F. (2012). Somewhat practical fully

homomorphic encryption.

Fang, M., Cao, X., Jia, J., and Gong, N. (2020). Local

model poisoning attacks to {Byzantine-Robust} fed-

erated learning. In 29th USENIX security symposium

(USENIX Security 20), pages 1605–1622.

Feldman, P. (1987). A practical scheme for non-interactive

veriﬁable secret sharing. In 28th Annual Sympo-

sium on Foundations of Computer Science (sfcs 1987),

pages 427–438. IEEE.

Gentry, C. (2009). Fully homomorphic encryption using

ideal lattices. In Proceedings of the forty-ﬁrst annual

ACM symposium on Theory of computing, pages 169–

178.

Hoang, V. T., Morris, B., and Rogaway, P. (2012). An enci-

phering scheme based on a card shufﬂe. In Advances

in Cryptology–CRYPTO 2012: 32nd Annual Cryptol-

ogy Conference, Santa Barbara, CA, USA, August 19-

23, 2012. Proceedings, pages 1–13. Springer.

Ishai, Y. and Paskin, A. (2007). Evaluating branching pro-

grams on encrypted data. In Theory of Cryptography

Conference, pages 575–594. Springer.

Jakobsson, M. and Juels, A. (1999). Proofs of work and

bread pudding protocols (extended abstract). secure

information networks (s. 258-272).

McMahan, B., Moore, E., Ramage, D., Hampson, S., and

y Arcas, B. A. (2017). Communication-efﬁcient learn-

ing of deep networks from decentralized data. In Ar-

tiﬁcial intelligence and statistics, pages 1273–1282.

PMLR.

Moudoud, H., Cherkaoui, S., and Khoukhi, L. (2021). To-

wards a secure and reliable federated learning using

blockchain. In 2021 IEEE Global Communications

Conference (GLOBECOM), pages 01–06. IEEE.

Paillier, P. (1999). Public-key cryptosystems based on com-

posite degree residuosity classes. In International

conference on the theory and applications of crypto-

graphic techniques, pages 223–238. Springer.

Rehman, M. H., Salah, K., Damiani, E., and Svetinovic, D.

(2020). Towards blockchain-based reputation-aware

federated learning. In IEEE INFOCOM 2020-IEEE

Conference on Computer Communications Workshops

(INFOCOM WKSHPS), pages 183–188. IEEE.

Rivest, R. L., Shamir, A., and Adleman, L. (1978). A

method for obtaining digital signatures and public-

key cryptosystems. Communications of the ACM,

21(2):120–126.

Roy Chowdhury, A., Guo, C., Jha, S., and van der Maaten,

L. (2022). Eiffel: Ensuring integrity for federated

learning. In Proceedings of the 2022 ACM SIGSAC

Conference on Computer and Communications Secu-

rity, pages 2535–2549.

Sander, T., Young, A., and Yung, M. (1999). Non-

interactive cryptocomputing for nc/sup 1. In 40th An-

nual Symposium on Foundations of Computer Science

(Cat. No. 99CB37039), pages 554–566. IEEE.

Sanso, A. (2022). Towards practical post quantum single

secret leader election (ssle).

ebert, A. G., Pinot, R., Zuber, M., Gouy-Pailler, C., and

Sirdey, R. (2021). SPEED: secure, PrivatE, and efﬁ-

cient deep learning. Machine Learning, 110(4):675–

694.

Shamir, A. (1979). How to share a secret. Communications

of the ACM, 22(11):612–613.

Shayan, M., Fung, C., Yoon, C. J., and Beschastnikh, I.

(2020). Biscotti: A blockchain system for private and

secure federated learning. IEEE Transactions on Par-

allel and Distributed Systems, 32(7):1513–1525.

Viand, A., Knabenhans, C., and Hithnawi, A. (2023). Ver-

iﬁable fully homomorphic encryption. arXiv preprint

arXiv:2301.07041.

Yin, D., Chen, Y., Kannan, R., and Bartlett, P. (2018).

Byzantine-robust distributed learning: Towards opti-

mal statistical rates. In International Conference on

Machine Learning, pages 5650–5659. PMLR.

ICISSP 2024 - 10th International Conference on Information Systems Security and Privacy

806