Blockchain Layer

This section describes how the blockchain layer of FLock enhances both incentivisation and security.

Incentivisation

The blockchain layer plays a pivotal role in reward distribution. It ensures that participants can securely lock in their stakes, fostering an environment of trust and transparency. The process is designed to incentivise participation by allocating rewards based on contributions, thus encouraging a more engaged and active community. Through the use of smart contracts, the system automates the rewards process, making it both efficient and fair. This automation not only reduces the potential for human error but also ensures that rewards are distributed in a timely and fair manner.

Security

At FLock, we propose a generic framework that can integrate an FL system with a blockchain system and can defend against poisoning attacks without adopting complex cryptographic protocols, which is adopted from our peer-reviewed work here.

Specifically, FLock employs a proof-of-stake mechanism with the goal of ensuring robust security and consensus within the network. Such system enhances Byzantine fault tolerance by aligning participants' incentives with network integrity— those who act dishonestly or fail to reach consensus risk losing their staked tokens. This economic disincentive promotes honest behaviour, ensuring the network remains secure and reliable.

The table below describes how FLock mitiagtes vairous types of risks which could occur in decentralised training platforms.

Attacks	Description	FLock Mitigation
Sybil Attacks	An attacker might gain disproportionate influence in the FLock system by creating and controlling multiple fake identities of participants.	Staking assets increases the difficulty of controlling many training nodes or validators. Blind validation mechanism prevents collusion between training nodes and validators. In each task, only the top $k_1$ training nodes and the top $k_2$ validators will rewarded, ensuring that participants with poor performance do not receive rewards.
DoS Attacks	An attacker might exhaust the FLock system resource and make it unavailable to honest participants.	Rate limiting is implemented to restrict the frequency and volume of actions within a certain time frame, ensuring that no single participant can overwhelm the system.
Free-rider Attacks	Free riders benefit from a system without contributing fairly. In the FLock system, a free rider training node may randomly submit models without actuall training. Similarly, free rider validators give random scores instead of honestly evaluating models.	In each task, only the top $k_1$ training nodes and the top $k_2$ validators will rewarded, ensuring that participants with poor performance do not receive compensation. FLock AI Arena consensus guarantees that honest participants who contribute diligently are appropriately recognised and rewarded, deterring free riders from exploiting the process.
Lookup Attacks	Training nodes could cheat by learning to predict past validation score calculations.	Two datasets, i.e., Datasets A and B, are used as validation sets to evaluate the models. Consequently, even if a training node manages to optimise its performance for Dataset A, it could still underperform on Dataset B. By carefully calibrating the rewards between Dataset A and B, FLock effectively motivates training nodes towards developing genuinely high-quality models.
FL Model Poisoning Attacks	In FL Alliance, an attacker may use biased or corrupted data during the training process to degrade the model's performance.	By aggregating contributions, majority voting minimises the impact of single malicious participants. The slashing mechanism penalizes malicious clients, deterring model poisoning by reducing their rewards and discouraging future attacks.

Attacks

Description

FLock Mitigation

Sybil Attacks

An attacker might gain disproportionate influence in the FLock system by creating and controlling multiple fake identities of participants.

Staking assets increases the difficulty of controlling many training nodes or validators.
Blind validation mechanism prevents collusion between training nodes and validators.
In each task, only the top $k_1$ training nodes and the top $k_2$ validators will rewarded, ensuring that participants with poor performance do not receive rewards.

DoS Attacks

An attacker might exhaust the FLock system resource and make it unavailable to honest participants.

Rate limiting is implemented to restrict the frequency and volume of actions within a certain time frame, ensuring that no single participant can overwhelm the system.

Free-rider Attacks

Free riders benefit from a system without contributing fairly. In the FLock system, a free rider training node may randomly submit models without actuall training. Similarly, free rider validators give random scores instead of honestly evaluating models.

In each task, only the top $k_1$ training nodes and the top $k_2$ validators will rewarded, ensuring that participants with poor performance do not receive compensation.
FLock AI Arena consensus guarantees that honest participants who contribute diligently are appropriately recognised and rewarded, deterring free riders from exploiting the process.

Lookup Attacks

Training nodes could cheat by learning to predict past validation score calculations.

Two datasets, i.e., Datasets A and B, are used as validation sets to evaluate the models. Consequently, even if a training node manages to optimise its performance for Dataset A, it could still underperform on Dataset B. By carefully calibrating the rewards between Dataset A and B, FLock effectively motivates training nodes towards developing genuinely high-quality models.

FL Model Poisoning Attacks

In FL Alliance, an attacker may use biased or corrupted data during the training process to degrade the model's performance.

By aggregating contributions, majority voting minimises the impact of single malicious participants.
The slashing mechanism penalizes malicious clients, deterring model poisoning by reducing their rewards and discouraging future attacks.

PreviousSystem Design NextAI Layer

Last updated 1 month ago