Secure and Privacy-Preserving Consensus

Consensus is fundamental for distributed systems since it underpins key functionalities of such systems ranging from distributed information fusion, decision making, to decentralized control. In order to reach an agreement, existing consensus algorithms require each agent to exchange explicit state...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on automatic control 2019-10, Vol.64 (10), p.4035-4049
Hauptverfasser: Ruan, Minghao, Gao, Huan, Wang, Yongqiang
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Consensus is fundamental for distributed systems since it underpins key functionalities of such systems ranging from distributed information fusion, decision making, to decentralized control. In order to reach an agreement, existing consensus algorithms require each agent to exchange explicit state information with its neighbors. This leads to the disclosure of private state information, which is undesirable in cases where privacy is of concern. In this paper, we propose a novel approach for undirected networks, which can enable secure and privacy-preserving average consensus in a decentralized architecture in the absence of an aggregator or third party. By leveraging partial homomorphic cryptography to embed secrecy in pairwise interaction dynamics, our approach can guarantee convergence to the consensus value (subject to a quantization error) in a deterministic manner without disclosing a node's state to its neighbors. We provide a new privacy definition for dynamical systems, and give a new framework to rigorously prove that a node's privacy can be protected as long as it has at least one legitimate neighbor, which follows the consensus protocol faithfully without attempts to infer other nodes' states. In addition to enabling resilience to passive attackers aiming to steal state information, the approach also allows easy incorporation of defending mechanisms against active attackers who try to alter the content of exchanged messages. Furthermore, in contrast to existing noise-injection-based privacy-preserving mechanisms that have to reconfigure the entire network when the topology or number of nodes varies, our approach is applicable to dynamic environments with time-varying coupling topologies. This secure and privacy-preserving approach is also applicable to weighted average consensus as well as maximum/minimum consensus under a new update rule. Numerical simulations and comparison with existing approaches confirm the theoretical results. Experimental results on a Raspberry-Pi board based microcontroller network are also presented to verify the effectiveness and efficiency of the approach.
ISSN:0018-9286
1558-2523
DOI:10.1109/TAC.2019.2890887