WFB: watermarking-based copyright protection framework for federated learning model via blockchain.

Federated learning (FL) enables users to train the global model cooperatively without exposing their private data across the engaged parties, which is widely used in privacy-sensitive business. However, during the life cycle of FL models, both adversaries' attacks and ownership generalization threaten the FL models' copyright and affect the models' reliability. To address these problems, existing model watermarking techniques can be used to verify FL model's ownership. However, due to the lack of credible binding from "model extracted watermarks" to "ownership verification", it is difficult to form a closed-loop watermarking framework for copyright protection. Therefore, starting from the shortcomings of the current watermark verification scheme, this article proposed WFB, a blockchain-empowered watermarking framework for ownership verification of federated models. Firstly, we propose a improved watermark generation algorithm to solve the credibility issue of watermarks. Secondly, we propose a watermark embedding method in federated learning, while blockchain technology is used to ensure the credible storage of watermark information throughout the process. Thirdly, the credibility of ownership verification is improved because of the watermark authenticity. Experimental results demonstrate the fidelity, effectiveness and robustness of WFB, with other superiorities such as improving process security and traceability.