A federated learning method for enhancing privacy and robustness

By detecting malicious gradients through fully homomorphic encryption and attention mechanisms, and combining this with a publicly verifiable incentive mechanism built using blockchain, the problems of privacy protection and model robustness in federated learning are solved, achieving security and fair incentives even under malicious attacks.

CN122311501APending Publication Date: 2026-06-30NANTONG UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NANTONG UNIV
Filing Date
2026-03-16
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

Existing federated learning technologies are inadequate in terms of privacy protection and model robustness, especially in their inability to effectively prevent malicious attacks and ensure incentive mechanisms for participants to contribute data.

Method used

The local gradient is encrypted using fully homomorphic encryption technology, and malicious gradients are detected through an attention mechanism. A publicly verifiable incentive mechanism is built using blockchain to achieve gradient aggregation and reward distribution.

Benefits of technology

It effectively protects participant privacy, enhances the robustness of the model under poisoning attacks, and ensures a fair incentive mechanism through blockchain, thereby improving the system's security and training efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122311501A_ABST
    Figure CN122311501A_ABST
Patent Text Reader

Abstract

This invention discloses a federated learning method that enhances privacy and robustness, relating to the fields of privacy protection and federated learning technology. The technical solution includes the following steps: S10, system initialization; S20, encrypting the local model; S30, calculating the weights of the local gradients; S40, model aggregation; S50, local model update; S60, reward allocation. This method employs fully homomorphic encryption to encrypt the participants' local gradients, protecting their privacy; and introduces an attention mechanism to detect and suppress malicious gradients in the encrypted state, effectively resisting poisoning attacks and improving the robustness of the global model. Simultaneously, it uses a consortium blockchain to record the federated learning training process, calculates contribution values ​​based on the participants' attention weights, and allocates rewards or deducts deposits accordingly to incentivize honest participants to provide high-quality data over the long term.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of blockchain, federated learning, attention mechanisms, and privacy protection, and particularly to a federated learning method that enhances privacy and robustness. Background Technology

[0002] With the rapid development of big data and artificial intelligence technologies, data privacy and security issues are becoming increasingly prominent. Federated learning, as an emerging distributed machine learning paradigm, allows participants to collaboratively train a global model by exchanging local model parameters or gradient updates without directly sharing raw local data. This feature effectively breaks down "data silos" and allows participants to mitigate the risk of directly exposing raw data to some extent, thus it is widely used in data-sensitive fields such as healthcare, finance, and smart cities. However, mainstream federated learning frameworks still face serious challenges in terms of privacy protection and model security, specifically in the following two aspects:

[0003] First, the risk of privacy breaches remains. Although federated learning does not require the exchange of raw data, research shows that sensitive information from the original data may still be hidden in the local model gradients or parameter updates uploaded by participants. Malicious attackers or untrusted central servers can reconstruct users' training data from plaintext gradients through attacks such as gradient inversion or member inference, seriously threatening user privacy. Therefore, the conventional federated mechanism of "data remains unchanged, model moves" cannot provide sufficient privacy protection, and stronger privacy protection technologies, such as homomorphic encryption, are urgently needed to ensure that even during parameter aggregation, the local gradient information of participants remains in a encrypted state and is not spied on by any third party (including the aggregation server).

[0004] Secondly, the global model is vulnerable to malicious attacks and lacks robustness. The distributed nature of federated learning leaves the system open to attacks from malicious actors. Malicious nodes can impersonate honest participants, uploading carefully crafted malicious model updates to the server, thereby manipulating and disrupting the integrity of the global model, leading to performance degradation or backdoors, or even reducing model performance to the level of random guessing. Although various robust aggregation algorithms have been proposed in academia (such as...), , Traditional methods (such as median aggregation) are used to detect and filter anomalous gradients to defend against Byzantine attacks, but these defense mechanisms are typically designed in plaintext environments. When homomorphic encryption and other techniques are introduced to encrypt gradients, the server cannot directly decrypt the ciphertext, making it difficult to perform traditional anomaly detection and robust aggregation operations directly on the ciphertext domain. This results in a trade-off between privacy protection and robustness.

[0005] Furthermore, in the practical application of federated learning, how to incentivize participants with high-quality data to contribute computing resources honestly and consistently over the long term is also a key issue. A lack of reasonable contribution evaluation and reward allocation mechanisms will lead to a lack of motivation for participants to contribute continuously, affecting the training efficiency and final performance of the overall model.

[0006] In summary, existing federated learning techniques fall short in balancing data privacy protection, model robustness (especially the ability to resist malicious attacks), and participant incentives. How to effectively detect and suppress malicious gradients while ensuring end-to-end data encryption, and how to establish a fair incentive mechanism, are technical problems that urgently need to be solved by those skilled in the art. Summary of the Invention

[0007] The purpose of this invention is to provide a federated learning method that enhances privacy and robustness. By utilizing blockchain, federated learning, and attention mechanisms, it effectively suppresses poisoning attacks by malicious participants and significantly improves the robustness of the model under poisoning attacks while ensuring system privacy and security.

[0008] The core idea of ​​this invention is to provide a federated learning method that enhances privacy and robustness. First, each participant normalizes its gradient calculation, and then employs fully homomorphic encryption. Normalized local gradients are encrypted to effectively protect the gradient privacy of participants. Then, model checkers use an attention-based gradient quality detection method to calculate the attention score of each participant's gradient and generate corresponding aggregation weights. The aggregator generates a global aggregated gradient ciphertext based on the participants' gradient ciphertext and weight ciphertext, effectively identifying and suppressing the impact of malicious gradients on the global model. The platform administrator then calculates each participant's contribution value based on their weights and distributes bonuses accordingly. This invention no longer treats privacy protection and robustness as a trade-off, but instead constructs a privacy barrier through fully homomorphic encryption, penetrates this barrier through a ciphertext attention mechanism to detect malicious behavior, and finally uses blockchain to transform this perception into fair incentives. It marks the evolution of federated learning from "simple connections between data silos" to a "value internet with self-defense and ecosystem governance capabilities."

[0009] To achieve the aforementioned objectives, the present invention employs the following technical solution: a federated learning method that enhances privacy and robustness, comprising the following steps:

[0010] S10, System Initialization, Platform Administrator Build a A consortium blockchain composed of edge servers as consensus nodes, where all participants, model detection servers, and edge servers register and generate accounts. The first on-chain release Each federated learning task involves users matching and joining tasks based on keywords, forming a participant list. , Configure system public parameters and generate a public-private key pair. Using fully homomorphic encryption The key generation algorithm is The participants generate a set of public and private keys to distribute the ciphertext of the aggregation model. A pseudo-random number generator and a random seed are secretly distributed to all edge servers to generate a quadratic blinded random number sequence. Participants and Retrieve the corresponding key and training parameters from the blockchain;

[0011] S20, Encrypted local model Participants The local gradient is obtained by training using the model parameters from the previous round and the local dataset. After normalization, the public key and scaling factor are obtained based on the transaction, and then fully homomorphic encryption is used. The encryption algorithm encrypts the random number and gradient, performs a second blinding, and finally broadcasts the blinded gradient ciphertext to the consortium blockchain.

[0012] S30. Calculate the weights of the local gradient, model detection server. Standard gradients were obtained and normalized using the root dataset, and then the blinded gradient ciphertexts of the participants were downloaded from the edge server. The blinded gradient is obtained by decryption. The inner product of each blinded gradient and the normalized standard gradient is calculated. The gradient weight of each participant is determined accordingly. The weights are then encrypted. All weight ciphertexts and the ciphertext of the sum of weights are used to generate a transaction and publish it on the consortium blockchain.

[0013] S40, Model Aggregation An edge server is randomly selected through consensus as the aggregator for the current round. This aggregator collects the blinded gradient ciphertext and corresponding weight ciphertext from all participants, and then utilizes... Homomorphic multiplication and rescaling algorithms are used to calculate aggregated ciphertext. The aggregator generates a transaction from the aggregated ciphertext and publishes it to the consortium blockchain. When more than two-thirds of the edge servers have verified the transaction, it is recorded on the blockchain and stored on all edge servers.

[0014] S50, local model update Participants download the aggregated ciphertext and the weight sum ciphertext from the consortium blockchain, decrypt them, calculate the aggregated gradient, and update their local models. If the current round does not reach the set limit, the next round of training continues; otherwise, the task ends, and participants calculate their respective bonuses based on the weight ciphertext and submit them to the platform administrator.

[0015] S60, Reward Distribution, Platform Administrator Each participant's contribution is calculated based on weights, rewards are allocated, and the rewards are deposited into the corresponding participant's wallet.

[0016] The main entities in the aforementioned privacy-enhancing and robust federated learning method include: platform administrators. Edge servers Consortium blockchain, model testing server And participants.

[0017] Further, step S10 includes:

[0018] S101, Platform Administrator Will Each edge server is connected to form a consortium blockchain network, and each edge server... As a consensus node in a consortium blockchain, it executes the consensus protocol. Set a security parameter Choose an integer A polynomial quotient ring A rescaling factor and an integer Calculate the modulus And satisfy From the business environment Choose 3 random distributions , , ,in It is a random distribution used to generate user private keys. It is a random distribution of error used to generate noise. It is a random distribution used for homomorphic encryption, platform administrator. Generate a public-private key pair It is used to generate digital signatures and establish secure channels for other entities to transmit confidential information, by setting a hash function. , used to map strings of arbitrary length to strings of length . From the binary string, obtain the system common parameters. Generate a transaction The system's public parameters are published on the consortium blockchain, among which... yes Scaling factor of encryption algorithm yes Digital signature;

[0019] S102, Participants, Model Detection Server and edge servers Register on this consortium blockchain to obtain legitimate account information, assuming the first... Edge servers Account information obtained during registration Model detection server Obtaining account information during registration on the consortium blockchain ,in, and They are and A public-private key pair, the private key and They are and The public key used to generate their digital signatures and They are and Used to verify their digital signatures and They are and A unique identifier and They are and wallet address, and They are and The deposit is used to establish a guarantee mechanism in multi-party transactions in federal learning;

[0020] S103, Assumption Publish a federated learning task on a consortium blockchain, utilizing smart contracts. The reward for this task Locked on the blockchain, the address of the contract is recorded as follows: Generate an asset declaration transaction for a federated learning task: ,in, It is the model number. These are the initial model parameters. It's the learning rate. It is the total amount of bonuses awarded for completing the federal learning task. yes hash value, It is used to prove release Digital signature, These are keywords that describe the characteristics of a federated learning task model;

[0021] S104, Participants according to Asset Declaration Transactions Keywords in To determine whether someone voluntarily participates in the model training task, assuming there are... Each participant Voluntary application to join The model training task Using consortium blockchains for participants Generate the corresponding account information ,in, yes A unique identifier and They are public and private keys, yes wallet address, yes The deposit Will indivual Add to the List of Federated Learning Tasks ;

[0022] S105, Model Detection Server use Key generation algorithm Generate a set of public and private keys. Used for transactions In the model training task, aggregated gradient ciphertexts are distributed, enabling each participant to update their local model. for Each participant Calculate the corresponding session key Calculate the ciphertext using the AES symmetric encryption algorithm ,Will and Send to , Calculate the session key after receiving. ,use Decryption algorithm, calculate and obtain decryption private key , Generate a transaction Published on the blockchain, in which, yes A public-private key pair, yes Digital signature;

[0023] S106, Platform Administrator Choose a random seed and a pseudo-random number generator For each edge server Using its public key Calculate session key Calculate ciphertext ,Will , and Send to the corresponding Each edge server Calculate session key ,use Decryption algorithm obtained A set of numbers of length is generated by a pseudo-random number generator. random vectors ,in This is the maximum number of training iterations for the model, let ,set up yes Used for blinding the first The second blinding factor of the local model parameter ciphertext for each round;

[0024] S107 and Participants According to the transaction Download system common parameters and public key ,Then, and According to the transaction download public key and a group public key set , Each participant get public and private key sets and system common parameters .

[0025] Further, step S20 includes:

[0026] S201, For participants According to the transaction Obtain the initial model and learning rate In the In the rounds, Using the model parameters from the previous round and local dataset Train the model to obtain the local gradient vector. , Calculate the local gradient vector model ,right Perform normalization calculation ,in It is the normalized local gradient vector, i.e., the unit gradient vector;

[0027] S202, due to Participants According to the transaction Get a set public key set and scaling factor , use The encoding algorithm calculates and obtains the polynomial of the normalized gradient vector encoding. ,use Encryption algorithm, calculate and obtain local gradient ciphertext :

[0028] ;

[0029] Will Send to the nearest edge server ,because Unable to obtain private key Unable to decrypt Local gradient ciphertext ;

[0030] S203, due to each edge server According to the transaction Get a set public key set and scaling factor , use The encoding and encryption algorithms are used to calculate the first... Each round of secondary blinding random numbers ciphertext For gradient ciphertext Perform a second blinding to obtain the blinded gradient ciphertext. :

[0031] ;

[0032] Each edge server Store locally Blinded gradient ciphertext Broadcast to the consortium blockchain network, enabling all edge servers to store... Participants of .

[0033] Further, step S30 includes:

[0034] S301, Model Detection Server Using the root dataset Training a local model yields the standard gradient vector. Calculate the standard gradient vector model ,right Perform normalization calculations to obtain the normalized gradient. and download from the nearest edge server Participants Blinded gradient ciphertext ,in It is the normalized standard gradient vector;

[0035] S302, to Each participant , use The decryption algorithm is obtained. The polynomial of the blinded gradient ,use The decoding algorithm is used to calculate and obtain... Blinding gradient ,calculate and inner product value :

[0036] ;

[0037] in, It is a blinded gradient Dimensions The dot product operator for two vectors;

[0038] S303, for Each of , calculate The aggregate weights of the gradient :

[0039] ;

[0040] use Encoding and encryption algorithms, calculation Ciphertext of aggregate weights and will Store in a collection middle;

[0041] S304, Ciphertext for calculating the sum of aggregate weights , will set and ciphertext Generate a transaction Published on the consortium blockchain, among which yes Digital signature.

[0042] Further, step S40 includes:

[0043] S401 Utilizing the consensus protocol of consortium blockchains, from indivual Randomly select one As the first Aggregators in each round The aggregator Using the first rounds Participants Encryption of blinded gradient According to the transaction Obtain the weighted ciphertext and using auxiliary keys and The multiplication algorithm calculates the multiplication of each participant. The weighted gradient ciphertext is obtained by multiplying the weighted ciphertext and the blinded gradient ciphertext. ,pass rescaling algorithm and addition algorithm ,Will Participants weight gradient ciphertext Perform summation and calculate the first... Round-based aggregation gradient ciphertext :

[0044] ;

[0045] S402, Aggregator Generate a transaction , will aggregate ciphertext Published to the consortium blockchain network, only when more than 2 / 3 of the members... Once verified, the transaction is appended to the blockchain and stored in all [repositories / organizations]. superior.

[0046] Further, step S50 includes:

[0047] S501, Participants According to the transaction Download aggregated ciphertext from blockchain Using transactions Download from blockchain The ciphertext of the sum of gradient aggregation weights of the participants ;

[0048] S502, Participants use The decryption algorithms calculate respectively plaintext polynomial and plaintext polynomial Then use The decoding algorithm calculates the aggregate gradient. Sum of gradient weights Calculate the first Global gradient of rounds ;

[0049] S503, Participants Calculate the first Local model of rounds ,when hour, Proceed to the next round of local model training, repeating S20, S30, S40 and S50; otherwise, terminate the model training task.

[0050] S504. When the federated learning task ends. According to the transaction download List of participants' gradient weight ciphertext ,in ,use The decryption and decoding algorithms are calculated and obtained. Aggregate weights ,calculate Contribution value and will Send to platform administrator .

[0051] Further, step S60 includes:

[0052] S601, When the platform administrator Received Participants Contribution value hour, calculate Rewards :

[0053] ;

[0054] Reward Store to wallet In, among them, This is the total amount of the bonus for the federal learning mission.

[0055] Meanwhile, this invention proposes a federated learning system that enhances privacy and robustness. The system, applying the method described in this invention, includes the following steps:

[0056] The initialization module is configured to execute the following process: Platform Administrator Build a A consortium blockchain composed of edge servers as consensus nodes, where all participants, model detection servers, and edge servers register and generate accounts. The first on-chain release Each federated learning task involves users matching and joining tasks based on keywords, forming a participant list. , Configure system public parameters and generate a public-private key pair. Using fully homomorphic encryption The key generation algorithm is The participants generate a set of public and private keys to distribute the ciphertext of the aggregation model. A pseudo-random number generator and a random seed are secretly distributed to all edge servers to generate a quadratic blinded random number sequence. Participants and Retrieve the corresponding key and training parameters from the blockchain;

[0057] The encrypted local model module is configured to perform the following process: Participants The local gradient is obtained by training using the model parameters from the previous round and the local dataset. After normalization, the public key and scaling factor are obtained based on the transaction, and then fully homomorphic encryption is used. The encryption algorithm encrypts the random number and gradient, performs a second blinding, and finally broadcasts the blinded gradient ciphertext to the consortium blockchain.

[0058] The computation module is configured to perform the following processes: calculating the weights of the local gradient, and the model detection server. Standard gradients were obtained and normalized using the root dataset, and then the blinded gradient ciphertexts of the participants were downloaded from the edge server. The blinded gradient is obtained by decryption. The inner product of each blinded gradient and the normalized standard gradient is calculated. The gradient weight of each participant is determined accordingly. The weights are then encrypted. All weight ciphertexts and the ciphertext of the sum of weights are used to generate a transaction and publish it on the consortium blockchain.

[0059] The model aggregation module is configured to perform the following process: An edge server is randomly selected through consensus as the aggregator for the current round. This aggregator collects the blinded gradient ciphertext and corresponding weight ciphertext from all participants, and then utilizes... Homomorphic multiplication and rescaling algorithms are used to calculate aggregated ciphertext. The aggregator generates a transaction from the aggregated ciphertext and publishes it to the consortium blockchain. When more than two-thirds of the edge servers have verified the transaction, it is recorded on the blockchain and stored on all edge servers.

[0060] The local model update module is configured to perform the following process: Participants download the aggregated ciphertext and the weight sum ciphertext from the consortium blockchain, decrypt them, calculate the aggregated gradient, and update their local models. If the current round does not reach the set limit, the next round of training continues; otherwise, the task ends, and participants calculate their respective bonuses based on the weight ciphertext and submit them to the platform administrator.

[0061] The reward allocation module is configured to execute the following process: Platform Administrator Each participant's contribution is calculated based on weights, rewards are allocated, and deposited into the corresponding participant's wallet.

[0062] Meanwhile, the present invention proposes an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the computer program is executed, it implements the steps of the method described in the present invention.

[0063] Furthermore, the present invention proposes a computer-readable storage medium having a computer program stored thereon, the computer program being configured to implement the steps of the method described in the present invention when invoked by a processor.

[0064] Finally, the present invention provides a computer program product comprising a computer program / instructions that, when executed by a processor, implement the steps of the method described in the present invention.

[0065] Compared with the prior art, the beneficial effects of the present invention are as follows:

[0066] (1) The present invention provides a federated learning method that enhances privacy and robustness, employing Fully homomorphic encryption technology encrypts the participants' local gradients, achieving privacy-preserving gradient aggregation, thereby effectively protecting the participants' privacy.

[0067] (2) The federated learning method provided by this invention enhances privacy and robustness by introducing gradient normalization detection, which improves the stability of model training and the security of the system, and effectively prevents poisoning attacks.

[0068] (3) The present invention provides a federated learning method that enhances privacy and robustness. It designs a malicious gradient detection method based on attention mechanism. By calculating the attention score of each participant's gradient, it generates the contribution value of the corresponding weight, incentivizes honest participants, and identifies and suppresses the influence of malicious gradients on the global model, which significantly improves the robustness of the model.

[0069] (4) The present invention provides a federated learning method that enhances privacy and robustness by utilizing the determinism and automatic execution capability of smart contracts and the decentralized characteristics of blockchain to construct a publicly verifiable and trustless federated learning environment. Attached Figure Description

[0070] The accompanying drawings are provided to further illustrate the invention and form part of the specification. They are used together with the embodiments of the invention to explain the invention and do not constitute a limitation thereof.

[0071] Figure 1 A flowchart illustrating a federated learning method for enhancing privacy and robustness provided by this invention.

[0072] Figure 2 This invention provides a hierarchical architecture diagram for a federated learning method that enhances privacy and robustness. Detailed Implementation

[0073] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. Of course, the specific embodiments described herein are merely illustrative and not intended to limit the invention.

[0074] Example 1: See Figures 1 to 2 As shown, embodiments of the present invention provide a federated learning method that enhances privacy and robustness, the entities of which include: platform administrator, edge server, consortium blockchain, model detection server, and participants.

[0075] Includes the following steps:

[0076] S10, System Initialization, Platform Administrator Build a A consortium blockchain composed of edge servers as consensus nodes, where all participants, model detection servers, and edge servers register and generate accounts. The first on-chain release Each federated learning task involves users matching and joining tasks based on keywords, forming a participant list. , Configure system public parameters and generate a public-private key pair. Using fully homomorphic encryption The key generation algorithm is The participants generate a set of public and private keys to distribute the ciphertext of the aggregation model. A pseudo-random number generator and a random seed are secretly distributed to all edge servers to generate a quadratic blinded random number sequence. Participants and Retrieve the corresponding key and training parameters from the blockchain;

[0077] S20, Encrypted local model Participants The local gradient is obtained by training using the model parameters from the previous round and the local dataset. After normalization, the public key and scaling factor are obtained based on the transaction, and then fully homomorphic encryption is used. The encryption algorithm encrypts the random number and gradient, performs a second blinding, and finally broadcasts the blinded gradient ciphertext to the consortium blockchain.

[0078] S30. Calculate the weights of the local gradient, model detection server. Standard gradients were obtained and normalized using the root dataset, and then the blinded gradient ciphertexts of the participants were downloaded from the edge server. The blinded gradient is obtained by decryption. The inner product of each blinded gradient and the normalized standard gradient is calculated. The gradient weight of each participant is determined accordingly. The weights are then encrypted. All weight ciphertexts and the ciphertext of the sum of weights are used to generate a transaction and publish it on the consortium blockchain.

[0079] S40, Model Aggregation An edge server is randomly selected through consensus as the aggregator for the current round. This aggregator collects the blinded gradient ciphertext and corresponding weight ciphertext from all participants, and then utilizes... Homomorphic multiplication and rescaling algorithms are used to calculate aggregated ciphertext. The aggregator generates a transaction from the aggregated ciphertext and publishes it to the consortium blockchain. When more than two-thirds of the edge servers have verified the transaction, it is recorded on the blockchain and stored on all edge servers.

[0080] S50, local model update Participants download the aggregated ciphertext and the weight sum ciphertext from the consortium blockchain, decrypt them, calculate the aggregated gradient, and update their local models. If the current round does not reach the set limit, the next round of training continues; otherwise, the task ends, and participants calculate their respective bonuses based on the weight ciphertext and submit them to the platform administrator.

[0081] S60, Reward Distribution, Platform Administrator Each participant's contribution is calculated based on weights, rewards are allocated, and the rewards are deposited into the corresponding participant's wallet.

[0082] The main entities in the aforementioned privacy-enhancing and robust federated learning method include: platform administrators. Edge servers Consortium blockchain, model testing server And participants.

[0083] Step S10 specifically includes the following steps:

[0084] S101, Platform Administrator Will Each edge server is connected to form a consortium blockchain network, and each edge server... As a consensus node in a consortium blockchain, it executes the consensus protocol. Set a security parameter Choose an integer A polynomial quotient ring A rescaling factor and an integer Calculate the modulus And satisfy From the business environment Choose 3 random distributions , , ,in It is a random distribution used to generate user private keys. It is a random distribution of error used to generate noise. It is a random distribution used for homomorphic encryption, platform administrator. Generate a public-private key pair It is used to generate digital signatures and establish secure channels for other entities to transmit confidential information, by setting a hash function. , used to map strings of arbitrary length to strings of length . From the binary string, obtain the system common parameters. Generate a transaction The system's public parameters are published on the consortium blockchain, among which... yes Scaling factor of encryption algorithm yes Digital signature;

[0085] S102, Participants, Model Detection Server and edge servers Register on this consortium blockchain to obtain legitimate account information, assuming the first... Edge servers Account information obtained during registration Model detection server Obtaining account information during registration on the consortium blockchain ,in, and They are and A public-private key pair, the private key and They are and The public key used to generate their digital signatures and They are and Used to verify their digital signatures and They are and A unique identifier and They are and wallet address, and They are and The deposit is used to establish a guarantee mechanism in multi-party transactions in federal learning;

[0086] S103, Assumption Publish a federated learning task on a consortium blockchain, utilizing smart contracts. The reward for this task Locked on the blockchain, the address of the contract is recorded as follows: Generate an asset declaration transaction for a federated learning task: ,in, It is the model number. These are the initial model parameters. It's the learning rate. It is the total amount of bonuses awarded for completing the federal learning task. yes hash value, It is used to prove release Digital signature, These are keywords that describe the characteristics of a federated learning task model;

[0087] S104, Participants according to Asset Declaration Transactions Keywords in To determine whether someone voluntarily participates in the model training task, assuming there are... Each participant Voluntary application to join The model training task Using consortium blockchains for participants Generate the corresponding account information ,in, yes A unique identifier and They are public and private keys, yes wallet address, yes The deposit Will indivual Add to the List of Federated Learning Tasks ;

[0088] S105, Model Detection Server use Key generation algorithm Generate a set of public and private keys. Used for transactions In the model training task, aggregated gradient ciphertexts are distributed, enabling each participant to update their local model. for Each participant Calculate the corresponding session key Calculate the ciphertext using the AES symmetric encryption algorithm ,Will and Send to , Calculate the session key after receiving. ,use Decryption algorithm, calculate and obtain decryption private key , Generate a transaction Published on the blockchain, in which, yes A public-private key pair, yes Digital signature;

[0089] S106, Platform Administrator Choose a random seed and a pseudo-random number generator For each edge server Using its public key Calculate session key Calculate ciphertext ,Will , and Send to the corresponding Each edge server Calculate session key ,use Decryption algorithm obtained A set of numbers of length is generated by a pseudo-random number generator. random vectors ,in This is the maximum number of training iterations for the model, let ,set up yes Used for blinding the first The second blinding factor of the local model parameter ciphertext for each round;

[0090] S107 and Participants According to the transaction Download system common parameters and public key ,Then, and According to the transaction download public key and a group public key set , Each participant get public and private key sets and system common parameters .

[0091] Step S20 specifically includes the following steps:

[0092] S201, For participants According to the transaction Obtain the initial model and learning rate In the In the rounds, Using the model parameters from the previous round and local dataset Train the model to obtain the local gradient vector. , Calculate the local gradient vector model ,right Perform normalization calculation ,in It is the normalized local gradient vector, i.e., the unit gradient vector;

[0093] S202, due to Participants According to the transaction Get a set public key set and scaling factor , use The encoding algorithm calculates and obtains the polynomial of the normalized gradient vector encoding. ,use Encryption algorithm, calculate and obtain local gradient ciphertext :

[0094] ;

[0095] Will Send to the nearest edge server ,because Unable to obtain private key Unable to decrypt Local gradient ciphertext ;

[0096] S203, due to each edge server According to the transaction Get a set public key set and scaling factor , use The encoding and encryption algorithms are used to calculate the first... Each round of secondary blinding random numbers ciphertext For gradient ciphertext Perform a second blinding to obtain the blinded gradient ciphertext. :

[0097] ;

[0098] Each edge server Store locally Blinded gradient ciphertext Broadcast to the consortium blockchain network, enabling all edge servers to store... Participants of .

[0099] S203, each edge server According to the transaction Get a set public key set and scaling factor Calculate the first Each round of secondary blinding random numbers ciphertext For gradient ciphertext Perform secondary blinding and calculate the blinded gradient ciphertext. :

[0100] ,

[0101] Each edge server Store locally Blinded gradient ciphertext Broadcast to the consortium blockchain network, enabling all edge servers to store... Participants of .

[0102] Step S30 specifically includes the following steps:

[0103] S301, Model Detection Server Using the root dataset Training a local model yields the standard gradient vector. Calculate the standard gradient vector model ,right Perform normalization calculations to obtain the normalized gradient. and download from the nearest edge server Participants Blinded gradient ciphertext ,in It is the normalized standard gradient vector;

[0104] S302, to Each participant , use The decryption algorithm is obtained. The polynomial of the blinded gradient ,use The decoding algorithm is used to calculate and obtain... Blinding gradient ,calculate and inner product value :

[0105] ;

[0106] in, It is a blinded gradient Dimensions The dot product operator for two vectors;

[0107] S303, for Each of , calculate The aggregate weights of the gradient :

[0108] ;

[0109] use Encoding and encryption algorithms, calculation Ciphertext of aggregate weights and will Store in a collection middle;

[0110] S304, Ciphertext for calculating the sum of aggregate weights , will set and ciphertext Generate a transaction Published on the consortium blockchain, among which yes Digital signature.

[0111] Step S40 specifically includes the following steps:

[0112] S401 Utilizing the consensus protocol of consortium blockchains, from indivual Randomly select one As the first Aggregators in each round The aggregator Using the first rounds Participants Encryption of blinded gradient According to the transaction Obtain the weighted ciphertext and using auxiliary keys and The multiplication algorithm calculates the multiplication of each participant. The weighted gradient ciphertext is obtained by multiplying the weighted ciphertext and the blinded gradient ciphertext. ,pass rescaling algorithm and addition algorithm ,Will Participants weight gradient ciphertext Perform summation and calculate the first... Round-based aggregation gradient ciphertext :

[0113] ;

[0114] S402, Aggregator Generate a transaction , will aggregate ciphertext Published to the consortium blockchain network, only when more than 2 / 3 of the members... Once verified, the transaction is appended to the blockchain and stored in all [repositories / organizations]. superior.

[0115] Step S50 specifically includes the following steps:

[0116] S501, Participants According to the transaction Download aggregated ciphertext from blockchain Using transactions Download from blockchain The ciphertext of the sum of gradient aggregation weights of the participants ;

[0117] S502, Participants use The decryption algorithms calculate respectively plaintext polynomial and plaintext polynomial Then use The decoding algorithm calculates the aggregate gradient. Sum of gradient weights Calculate the first Global gradient of rounds ;

[0118] S503, Participants Calculate the first Local model of rounds ,when hour, Proceed to the next round of local model training, repeating S20, S30, S40 and S50; otherwise, terminate the model training task.

[0119] S504. When the federated learning task ends. According to the transaction download List of participants' gradient weight ciphertext ,in ,use The decryption and decoding algorithms are calculated and obtained. Aggregate weights ,calculate Contribution value and will Send to platform administrator .

[0120] Step S60 specifically includes the following steps:

[0121] S601, When the platform administrator Received Participants Contribution value hour, calculate Rewards :

[0122] ;

[0123] Reward Store to wallet In, among them, This is the total amount of the bonus for the federal learning mission.

[0124] The following explains some of the terms mentioned in this embodiment:

[0125] It is a widely used symmetric encryption algorithm that processes data by dividing it into fixed-length blocks. It offers three key length options: 128-bit, 192-bit, and 256-bit, and boasts extremely high security and computational efficiency. Taking the 128-bit version as an example, its encryption algorithm... With decryption algorithm The process is as follows:

[0126] The encryption algorithm operates on a byte matrix (state). The entire process consists of an initial round key addition, nine standard rounds, and a final round. Each round mainly comprises four steps. The initial round requires key expansion, which extends the initial 128-bit key into eleven 128-bit round keys to support each round.

[0127] (1) Byte replacement: This is a non-linear replacement, where each byte in the state is replaced by a fixed byte. box Replace it.

[0128] (2) Row shift: Each row of the state matrix is ​​cyclically shifted to the left, so that the state bytes are spread between columns, breaking the independence and increasing the overall confusion.

[0129] (3) Column confusion: Each column of the state matrix is ​​operated on a fixed polynomial in a finite field, causing the bytes in the same column to spread and enhancing the overall confusion.

[0130] (4) Round key addition: XOR the current byte matrix with the round key of the current round.

[0131] Input symmetric key He Mingwen The input data is padded to an integer multiple of the block size. A key expansion algorithm is executed based on the key to generate the required round keys. The above four steps are repeated to process each data block, resulting in the ciphertext. .

[0132] The decryption algorithm process is the inverse process of encryption, corresponding to the inverse operation of each step.

[0133] (1) Reverse shift: Each row of the state matrix is ​​cyclically shifted to the right, and the row shift is used when the encryption is canceled.

[0134] (2) Reverse byte replacement: Each byte in the state is replaced by a reverse byte replacement. Replace the box and undo the byte replacement during encryption.

[0135] (3) Round key addition: Use the round key in reverse order to perform an XOR operation between the current byte matrix and the round key of the current round.

[0136] (4) Reverse column obfuscation: Multiply the state column with a different fixed matrix to undo the column obfuscation during encryption.

[0137] Input symmetric key and ciphertext The ciphertext is divided into blocks of the same size. The same key is used to generate the required round keys, but in reverse order. This process is repeated four times to perform the inverse transformation on each data block, removing padding and outputting the plaintext. .

[0138] Fully homomorphic encryption algorithm ( ) is one of the mainstream solutions in the field of privacy protection. It allows addition, multiplication and other operations to be performed on encrypted complex numbers or real number vectors to obtain an encrypted approximation. It is mainly used to efficiently process floating-point or fixed-point number operations in the encrypted state.

[0139] Step one involves encoding and scaling. First, a vector... Multiply by a very large number This is the scaling factor, and then the amplified integer vector is encoded into a plaintext polynomial through mathematical transformations. .

[0140] Step two is encryption. This is done using a public key. For the encoded plaintext polynomial Encryption is performed to generate a ciphertext containing several polynomials. At the same time, it will introduce a small amount of encryption noise. .

[0141] Step three involves homomorphic operations. During homomorphic addition, the corresponding ciphertext polynomials can be directly added together to obtain a ciphertext containing two polynomials. When performing homomorphic multiplication, a tensor product is first performed, followed by multiplication of the ciphertext polynomials to obtain a ciphertext containing three polynomials. Then, relinearization is performed, and the relinearization key is used to convert the three-element ciphertext back to two-element form. This prevents the ciphertext from expanding in size. Finally, rescaling is performed by dividing the ciphertext by a modulus approximately equal to the scaling factor, thus achieving noise control and resetting the scaling factor.

[0142] Step four involves decryption and decoding. This is done using a private key. Decrypting the ciphertext yields a polynomial. This polynomial is then processed through canonical embeddings (i.e., the polynomial is evaluated on specific roots of unity used during encoding) to obtain a complex vector. Finally, each component of this vector is divided by a scaling factor. This yields an approximate result vector. .

[0143] The following are fully homomorphic encryption algorithms. Key generation algorithm Encoding Algorithm Encryption algorithms Homomorphic addition Homomorphic multiplication Rescaling algorithm Decryption algorithm and decoding algorithm Explanation:

[0144] Parameter settings: Enter security parameters Output polynomial quotient ring Scaling factor used for rescaling ciphertext modulus A random distribution for generating user private keys A random distribution of noise generation error A homomorphic encryption random distribution ,in It is an integer. It is a positive integer. satisfy Finally, the common parameters are obtained.

[0145] Input common parameters This generates one or more pairs of secure keys with sufficient randomness. The private key is... The function used for decryption is a polynomial with very small coefficients (e.g., 0, -1, or 1), derived directly from a random distribution. Mid-sample generation, i.e. Public key Used for encryption. It is a polynomial of uniform random sampling. , It is a small noise polynomial sampled from the error distribution; auxiliary computation key Used to support homomorphic multiplication and rotation operations on ciphertext. It is a polynomial of uniform random sampling. , It is a new noise polynomial sampled from the error distribution.

[0146] Input a complex vector , Let the vector be a complex vector space. Through inverse mapping Perform dimensional expansion, mapping to a conjugate symmetric subspace. Then, inverse canonical embedding is applied to the expanded full vector. This yields a polynomial with complex coefficients. Then, by scaling and rounding each coefficient, a plaintext polynomial with integer coefficients is obtained. .

[0147] Input encoded plaintext polynomial and public key Randomly sample a polynomial from a small distribution Two noise polynomials are sampled independently from the small noise distribution. ,calculate , By using a public key and random noise to disguise the plaintext, a ciphertext polynomial that supports addition and multiplication while maintaining semantic security is output. .

[0148] Input two ciphertexts at the same level and Calculate separately and The sum of the homomorphic ciphertext is obtained. .

[0149] Input two ciphertexts at the same level and Calculate separately , and The product of homomorphic ciphertexts is obtained. .

[0150] Enter ciphertext and scaling factor , ciphertext scaling factor from Down to ,get And reduce noise.

[0151] Enter ciphertext and private key Calculate the inner product of the ciphertext and the private key on the polynomial ring. This yields a plaintext polynomial with noise. .

[0152] Input a noisy plaintext polynomial Paradigm Embedded Computing That is, through a discrete Fourier transform, in the same Calculate the value of the polynomial on each unit root, and then obtain the complex vector. Divide each component by the scaling factor Finally, based on conjugate symmetry, the previous step was extracted. The components are used to obtain the final result. .

[0153] In embodiments of the present invention, the solution is mainly based on , , and Select Datasets and The dataset is used to train and test the federated learning model, and the main body of the model adopts... The two-layer convolutional neural network will be used to explain and evaluate this solution from two metrics: computational overhead and communication overhead.

[0154] Table 1 shows the computational cost of this method: where the learning rate is... Number of participants Global training rounds Batch size .

[0155] Table 1 Calculation Cost

[0156]

[0157] Table 2 shows the communication overhead of this method: where the gradient ciphertext of the participants is... Storing and transmitting data in the form of files.

[0158] Table 2 Communication Overhead

[0159]

[0160] Table 3 provides an explanation and description of the symbols used in this method.

[0161] Table 3. Explanation of Symbols

[0162]

[0163] This invention constructs a three-in-one trusted federated learning closed loop of "privacy computation - robust aggregation - incentive mechanism". For the first time, it systematically integrates fully homomorphic encryption, Byzantine fault tolerance based on attention mechanism, and blockchain incentive mechanism, solving the systemic problem of "how to judge the quality of data (detecting malice) and encourage good contributors to continue contributing (incentivizing) when the data is invisible (encrypted)", thus constructing a complete ecosystem. It achieves the identification of malicious gradients by calculating attention scores under end-to-end data encryption. Because malicious updates differ from the mainstream direction of honest gradients, the attention mechanism automatically assigns them extremely low aggregation weights, effectively "drowning" them during model aggregation. This design successfully resists model poisoning attacks without sacrificing privacy. It achieves quantifiable and fair incentives for contribution, using the aggregation weight calculated by the attention mechanism as the core standard for contribution value, and the platform allocates rewards accordingly. This not only incentivizes honest participants to provide high-quality data but also creates an economic constraint because malicious behavior cannot be rewarded, constructing a defense system with both technological and economic constraints. By combining fully homomorphic encryption with ciphertext attention, the trade-off between privacy and robustness is resolved. It shifts the basis for attack detection from "analyzing gradient content" to "analyzing the relationships between gradients," thus achieving strong robustness without decryption.

[0164] This invention has a wide range of applications covering fields where data is highly sensitive and requires multi-party collaboration. In the healthcare field, multiple institutions can jointly train disease diagnostic models, with fully homomorphic encryption ensuring patient privacy compliance and attention mechanisms preventing malicious nodes from compromising model accuracy. In the financial sector, banks and payment platforms can jointly build cross-institutional anti-fraud systems, protecting customer financial data as a trade secret while defending against poisoning attacks launched by spoofed nodes. In the Internet of Things (IoT) and edge computing, smart home and industrial sensor data are used to train environmental perception models in an encrypted state, while attention scores automatically reduce the malicious weight of hijacked devices, ensuring system security. In smart city construction, government departments such as transportation and environmental protection can achieve collaborative governance where "data is usable but not visible." In the vehicle-to-everything (V2X) scenario, massive amounts of driving data from various automakers can be encrypted and aggregated to train safer autonomous driving models, filtering misleading information from faulty or malicious vehicles. Furthermore, privacy-protected computing power crowdsourcing platforms can use attention weights to screen honest contributors and fairly distribute rewards based on contributions, protecting model intellectual property rights and forming a defense system with both technological and economic constraints, incentivizing the continuous supply of high-quality data.

[0165] Example 2: This example proposes a federated learning system that enhances privacy and robustness. The system, applying the method of this invention, includes the following steps:

[0166] The initialization module is configured to execute the following process: Platform Administrator Build a A consortium blockchain composed of edge servers as consensus nodes, where all participants, model detection servers, and edge servers register and generate accounts. The first on-chain release Each federated learning task involves users matching and joining tasks based on keywords, forming a participant list. , Configure system public parameters and generate a public-private key pair. Using fully homomorphic encryption The key generation algorithm is The participants generate a set of public and private keys to distribute the ciphertext of the aggregation model. A pseudo-random number generator and a random seed are secretly distributed to all edge servers to generate a quadratic blinded random number sequence. Participants and Retrieve the corresponding key and training parameters from the blockchain;

[0167] The encrypted local model module is configured to perform the following process: Participants The local gradient is obtained by training using the model parameters from the previous round and the local dataset. After normalization, the public key and scaling factor are obtained based on the transaction, and then fully homomorphic encryption is used. The encryption algorithm encrypts the random number and gradient, performs a second blinding, and finally broadcasts the blinded gradient ciphertext to the consortium blockchain.

[0168] The computation module is configured to perform the following processes: calculating the weights of the local gradient, and the model detection server. Standard gradients were obtained and normalized using the root dataset, and then the blinded gradient ciphertexts of the participants were downloaded from the edge server. The blinded gradient is obtained by decryption. The inner product of each blinded gradient and the normalized standard gradient is calculated. The gradient weight of each participant is determined accordingly. The weights are then encrypted. All weight ciphertexts and the ciphertext of the sum of weights are used to generate a transaction and publish it on the consortium blockchain.

[0169] The model aggregation module is configured to perform the following process: An edge server is randomly selected through consensus as the aggregator for the current round. This aggregator collects the blinded gradient ciphertext and corresponding weight ciphertext from all participants, and then utilizes... Homomorphic multiplication and rescaling algorithms are used to calculate aggregated ciphertext. The aggregator generates a transaction from the aggregated ciphertext and publishes it to the consortium blockchain. When more than two-thirds of the edge servers have verified the transaction, it is recorded on the blockchain and stored on all edge servers.

[0170] The local model update module is configured to perform the following process: Participants download the aggregated ciphertext and the weight sum ciphertext from the consortium blockchain, decrypt them, calculate the aggregated gradient, and update their local models. If the current round does not reach the set limit, the next round of training continues; otherwise, the task ends, and participants calculate their respective bonuses based on the weight ciphertext and submit them to the platform administrator.

[0171] The reward allocation module is configured to execute the following process: Platform Administrator Each participant's contribution is calculated based on weights, rewards are allocated, and deposited into the corresponding participant's wallet.

[0172] Example 3: This example proposes an electronic system, including: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the method steps of the present invention.

[0173] Example 4: This example proposes a computer-readable storage medium storing a computer program thereon. When the computer program is executed by a processor, it implements the steps of the method described in this invention, which will not be repeated here.

[0174] Example 5: This example proposes a computer program product, including a computer program / instructions. When the computer program / instructions are executed by a processor, they implement the steps of the method described in this invention, which will not be repeated here.

[0175] It should be noted that the processing flow of embodiments 2-5 corresponds to the specific steps of the method provided in embodiment 1 of the present invention, and has the corresponding functional modules and beneficial effects of the method. Technical details not described in detail in this embodiment can be found in the method provided in embodiment 1 of the present invention.

[0176] The program code used to implement the methods of this application may be written in any combination of one or more programming languages. This program code may be provided to a processor or controller of a general-purpose computer, special-purpose computer, or other programmable data processing device, such that when executed by the processor or controller, the functions / operations specified in the flowcharts and / or block diagrams are implemented. The program code may be executed entirely on a machine, partially on a machine, as a standalone software package partially on a machine and partially on a remote machine, or entirely on a remote machine or server.

[0177] The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.

Claims

1. A federated learning method that enhances privacy and robustness, characterized in that, Includes the following steps: S10, System Initialization, Platform Administrator Build a A consortium blockchain composed of edge servers as consensus nodes, where all participants, model detection servers, and edge servers register and generate accounts. The first on-chain release Each federated learning task involves users matching and joining tasks based on keywords, forming a participant list. , Configure system public parameters and generate a public-private key pair. Using fully homomorphic encryption The key generation algorithm is The participants generate a set of public and private keys to distribute the ciphertext of the aggregation model. A pseudo-random number generator and a random seed are secretly distributed to all edge servers to generate a quadratic blinded random number sequence. Participants and Retrieve the corresponding key and training parameters from the blockchain; S20, Encrypted local model Participants The local gradient is obtained by training using the model parameters from the previous round and the local dataset. After normalization, the public key and scaling factor are obtained based on the transaction, and then fully homomorphic encryption is used. The encryption algorithm encrypts the random number and gradient, performs a second blinding, and finally broadcasts the blinded gradient ciphertext to the consortium blockchain. S30. Calculate the weights of the local gradient, model detection server. Standard gradients were obtained and normalized using the root dataset, and then the blinded gradient ciphertexts of the participants were downloaded from the edge server. The blinded gradient is obtained by decryption. The inner product of each blinded gradient and the normalized standard gradient is calculated. The gradient weight of each participant is determined accordingly. The weights are then encrypted. All weight ciphertexts and the ciphertext of the sum of weights are used to generate a transaction and publish it on the consortium blockchain. S40, Model Aggregation An edge server is randomly selected through consensus as the aggregator for the current round. This aggregator collects the blinded gradient ciphertext and corresponding weight ciphertext from all participants, and then utilizes... Homomorphic multiplication and rescaling algorithms are used to calculate aggregated ciphertext. The aggregator generates a transaction from the aggregated ciphertext and publishes it to the consortium blockchain. When more than two-thirds of the edge servers have verified the transaction, it is recorded on the blockchain and stored on all edge servers. S50, local model update Participants download the aggregated ciphertext and the weight sum ciphertext from the consortium blockchain, decrypt them, calculate the aggregated gradient, and update their local model. If the current round does not reach the set upper limit, they continue to the next round of training. Otherwise, the task ends, and participants calculate their respective bonuses based on the weighted ciphertext and submit them to the platform administrator; S60, Reward Distribution, Platform Administrator Each participant's contribution is calculated based on weights, rewards are allocated, and the rewards are deposited into the corresponding participant's wallet. The main entities in the aforementioned privacy-enhancing and robust federated learning method include: platform administrators. Edge servers Consortium blockchain, model testing server And participants.

2. The federated learning method for enhancing privacy and robustness according to claim 1, characterized in that, S10 includes the following steps: S101, Platform Administrator Will Each edge server is connected to form a consortium blockchain network, and each edge server... As a consensus node in a consortium blockchain, it executes the consensus protocol. Set a security parameter Choose an integer A polynomial quotient ring A rescaling factor and an integer Calculate the modulus And satisfy From the business environment Choose 3 random distributions , , ,in It is a random distribution used to generate user private keys. It is a random distribution of error used to generate noise. It is a random distribution used for homomorphic encryption, platform administrator. Generate a public-private key pair It is used to generate digital signatures and establish secure channels for other entities to transmit confidential information, by setting a hash function. , used to map strings of arbitrary length to strings of length . From the binary string, obtain the system common parameters. Generate a transaction The system's public parameters are published on the consortium blockchain, among which... yes Scaling factor of encryption algorithm yes Digital signature; S102, Participants, Model Detection Server and edge servers Register on this consortium blockchain to obtain legitimate account information, assuming the first... Edge servers Account information obtained during registration Model detection server Obtaining account information during registration on the consortium blockchain ,in, and They are and A public-private key pair, private key and They are and The public key used to generate their digital signatures and They are and Used to verify their digital signatures and They are and A unique identifier and They are and wallet address, and They are and The deposit is used to establish a guarantee mechanism in multi-party transactions in federal learning; S103, Assumption Publish a federated learning task on a consortium blockchain, utilizing smart contracts. The reward for this task Locked on the blockchain, the address of the contract is recorded as follows: Generate an asset declaration transaction for a federated learning task: ,in, It is the model number. These are the initial model parameters. It's the learning rate. It is the total amount of the bonus for completing the federal learning task. yes hash value, It is used to prove release Digital signature, These are keywords that describe the characteristics of a federated learning task model; S104, Participants according to Asset Declaration Transactions Keywords in To determine whether someone voluntarily participates in the model training task, assuming there are... Each participant Voluntary application to join The model training task Using consortium blockchains for participants Generate the corresponding account information ,in, yes A unique identifier and They are public and private keys, yes wallet address, yes The deposit Will indivual Add to the List of Federated Learning Tasks ; S105, Model Detection Server use Key generation algorithm Generate a set of public and private keys. Used for transactions In the model training task, aggregated gradient ciphertexts are distributed, enabling each participant to update their local model. for Each participant Calculate the corresponding session key Calculate the ciphertext using the AES symmetric encryption algorithm ,Will and Send to , Calculate the session key after receiving. ,use Decryption algorithm, calculate and obtain decryption private key , Generate a transaction Published on the blockchain, in which, yes A pair of public and private keys, yes Digital signature; S106, Platform Administrator Choose a random seed and a pseudo-random number generator For each edge server Using its public key Calculate session key Calculate ciphertext ,Will , and Send to the corresponding Each edge server Calculate session key ,use Decryption algorithm obtained A set of numbers of length is generated by a pseudo-random number generator. random vectors ,in This is the maximum number of training iterations for the model, let ,set up yes Used for blinding the first The second blinding factor of the local model parameter ciphertext for each round; S107 and Participants According to the transaction Download system common parameters and public key ,Then, and According to the transaction download public key and a group public key set , Each participant get public and private key sets and system common parameters .

3. The federated learning method for enhancing privacy and robustness according to claim 1, characterized in that, S20 includes the following steps: S201, For participants According to the transaction Obtain the initial model and learning rate In the In the rounds, Using the model parameters from the previous round and local datasets Train the model to obtain the local gradient vector. , Calculate the local gradient vector model ,right Perform normalization calculation ,in It is the normalized local gradient vector, i.e., the unit gradient vector; S202, due to Participants According to the transaction Get a set public key set and scaling factor , use The encoding algorithm calculates and obtains the polynomial of the normalized gradient vector encoding. ,use Encryption algorithm, calculate and obtain local gradient ciphertext : ; Will Send to the nearest edge server ,because Unable to obtain private key Unable to decrypt Local gradient ciphertext ; S203, due to each edge server According to the transaction Get a set public key set and scaling factor , use The encoding and encryption algorithms are used to calculate the first... Each round of secondary blinding random numbers ciphertext For gradient ciphertext Perform a second blinding to obtain the blinded gradient ciphertext. : ; Each edge server Store locally Blinded gradient ciphertext Broadcast to the consortium blockchain network, enabling all edge servers to store... Participants of .

4. The federated learning method for enhancing privacy and robustness according to claim 1, characterized in that, S30 includes the following steps: S301, Model Detection Server Using the root dataset Training a local model yields the standard gradient vector. Calculate the standard gradient vector model ,right Perform normalization calculations to obtain the normalized gradient. and download from the nearest edge server Participants Blinded gradient ciphertext ,in It is the normalized standard gradient vector; S302, to Each participant , use The decryption algorithm is obtained. The polynomial of the blinded gradient ,use The decoding algorithm is used to calculate and obtain... Blinding gradient ,calculate and inner product value : ; in, It is a blinded gradient Dimensions The dot product operator for two vectors; S303, for Each of , calculate The aggregate weights of the gradient : ; use Encoding and encryption algorithms, calculation Ciphertext of aggregate weights and will Store in a collection middle; S304, Ciphertext for calculating the sum of aggregate weights , will set and ciphertext Generate a transaction Published on the consortium blockchain, among which yes Digital signature.

5. The federated learning method for enhancing privacy and robustness according to claim 1, characterized in that, S40 includes the following steps: S401 Utilizing the consensus protocol of consortium blockchains, from indivual Randomly select one As the first Aggregators in each round The aggregator Using the first rounds Participants Encryption of blinded gradient According to the transaction Obtain the weighted ciphertext and using auxiliary keys and The multiplication algorithm calculates the multiplication of each participant. The weighted gradient ciphertext is obtained by multiplying the weighted ciphertext and the blinded gradient ciphertext. ,pass rescaling algorithm and addition algorithm ,Will Participants weight gradient ciphertext Perform summation and calculate the first... Round-based aggregation gradient ciphertext : ; S402, Aggregator Generate a transaction , will aggregate ciphertext Published to the consortium blockchain network, only when more than 2 / 3 of the members... Once verified, the transaction is appended to the blockchain and stored in all [repositories / organizations]. superior.

6. The federated learning method for enhancing privacy and robustness according to claim 1, characterized in that, S50 includes the following steps: S501, Participants According to the transaction Download aggregated ciphertext from blockchain Using transactions Download from blockchain The ciphertext of the sum of gradient aggregation weights of the participants ; S502, Participants use The decryption algorithms calculate respectively plaintext polynomial and plaintext polynomial Then use The decoding algorithm calculates the aggregate gradient. Sum of gradient weights Calculate the first Global gradient of rounds ; S503, Participants Calculate the first Local model of rounds ,when hour, Proceed to the next round of local model training, repeating S20, S30, S40 and S50; otherwise, terminate the model training task. S504. When the federated learning task ends. According to the transaction download List of participants' gradient weight ciphertext ,in ,use The decryption and decoding algorithms are calculated and obtained. Aggregate weights ,calculate Contribution value and will Send to platform administrator .

7. The federated learning method for enhancing privacy and robustness according to claim 1, characterized in that, S60 includes the following steps: S601, When the platform administrator Received Participants Contribution value hour, calculate Rewards : ; Reward Store to wallet In, among them, This is the total amount of the bonus for the federal learning mission.

8. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the computer program is executed, it implements the steps of the method as described in any one of claims 1 to 6.

9. A computer-readable storage medium having a computer program stored thereon, characterized in that, The computer program is configured to implement the steps of the method according to any one of claims 1 to 6 when invoked by a processor.

10. A computer program product comprising a computer program / instructions, characterized in that, When the computer program / instructions are executed by the processor, they implement the steps of the method according to any one of claims 1 to 6.