Published

Announcing Flower Node Authentication

Photo of Daniel Nata Nugraha
Daniel Nata Nugraha
Software Engineer at Flower Labs
LinkedInLinkedInGitHubGitHub

Share this post

We are happy to announce a new feature in Flower: the introduction of authentication capabilities! This is an important step in our effort to make Flower secure for deployment in production environments.

In this blog post, we'll take a closer look at the benefits of authentication in Flower, how it works, and how you can get started with this new feature.

Why Authentication in Flower?

Federated learning has revolutionized the way we train machine learning models, allowing for decentralized training while keeping data private on local devices. Flower is at the forefront of this innovation, offering a robust and flexible framework for federated learning.

However, security is a critical concern when deploying federated learning systems, especially when dealing with sensitive data. Without proper authentication, unauthorized parties may join federated learning sessions. If this happens, this could compromise the integrity and privacy of the data and the learning process.

The introduction of authentication in Flower helps address these concerns by ensuring that only authorized clients and servers can participate in a federated learning session.

Getting started with Authentication

In the Flower 1.9 release, Flower now has built-in support for authenticating SuperNodes connecting to a SuperLink. Flower node authentication works similar to how GitHub SSH authentication works:

  • SuperLink (server) stores a list of known SuperNode (client) public keys
  • Using Elliptic Curve Diffie–Hellman (ECDH) key exchange, both SuperNode and SuperLink independently derive a shared secret
  • Shared secret is used to compute the Hash-Based Message Authentication Codes (HMAC) value of the message sent from SuperNode to SuperLink as a token
  • SuperLink verifies the token and rejects the connection of SuperNode with unverified token

To get started with authentication, we already prepare a complete code example and a video demonstrating federated learning with Flower in an authenticated setting. We invite you to explore this new capability and share your feedback with us. As always, our community's input is invaluable in shaping the future of Flower and federated learning.

Share this post