Byzantine-Resilient Secure Aggregation for Federated Learning Without Privacy Compromises

• URL: http://arxiv.org/abs/2405.08698v2
• Date: Mon, 8 Jul 2024 17:48:43 GMT
• Title: Byzantine-Resilient Secure Aggregation for Federated Learning Without Privacy Compromises
• Authors: Yue Xia, Christoph Hofmeister, Maximilian Egger, Rawad Bitar,
• Abstract summary: Federated learning (FL) shows great promise in large scale machine learning, but brings new risks in terms of privacy and security. We propose ByITFL, a novel scheme for FL that provides resilience against Byzantine users while keeping the users' data private from the federator and private from other users.
• Score: 4.242342898338019
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Federated learning (FL) shows great promise in large scale machine learning, but brings new risks in terms of privacy and security. We propose ByITFL, a novel scheme for FL that provides resilience against Byzantine users while keeping the users' data private from the federator and private from other users. The scheme builds on the preexisting non-private FLTrust scheme, which tolerates malicious users through trust scores (TS) that attenuate or amplify the users' gradients. The trust scores are based on the ReLU function, which we approximate by a polynomial. The distributed and privacy-preserving computation in ByITFL is designed using a combination of Lagrange coded computing, verifiable secret sharing and re-randomization steps. ByITFL is the first Byzantine resilient scheme for FL with full information-theoretic privacy.

Related papers

• DMM: Distributed Matrix Mechanism for Differentially-Private Federated Learning using Packed Secret Sharing [51.336015600778396]
  Federated Learning (FL) has gained lots of traction recently, both in industry and academia. In FL, a machine learning model is trained using data from various end-users arranged in committees across several rounds. Since such data can often be sensitive, a primary challenge in FL is providing privacy while still retaining utility of the model.
  arXiv  Detail & Related papers  (2024-10-21T16:25:14Z)
• Accuracy-Privacy Trade-off in the Mitigation of Membership Inference Attack in Federated Learning [4.152322723065285]
  federated learning (FL) has emerged as a prominent method in machine learning, emphasizing privacy preservation by allowing multiple clients to collaboratively build a model while keeping their training data private. Despite this focus on privacy, FL models are susceptible to various attacks, including membership inference attacks (MIAs)
  arXiv  Detail & Related papers  (2024-07-26T22:44:41Z)
• PriRoAgg: Achieving Robust Model Aggregation with Minimum Privacy Leakage for Federated Learning [49.916365792036636]
  Federated learning (FL) has recently gained significant momentum due to its potential to leverage large-scale distributed user data. The transmitted model updates can potentially leak sensitive user information, and the lack of central control of the local training process leaves the global model susceptible to malicious manipulations on model updates. We develop a general framework PriRoAgg, utilizing Lagrange coded computing and distributed zero-knowledge proof, to execute a wide range of robust aggregation algorithms while satisfying aggregated privacy.
  arXiv  Detail & Related papers  (2024-07-12T03:18:08Z)
• LoByITFL: Low Communication Secure and Private Federated Learning [4.242342898338019]
  Federated Learning (FL) faces several challenges, such as the privacy of the clients data and security against Byzantine clients. We introduce LoByITFL, the first communication-efficient Information-Theoretic (IT) private and secure FL scheme.
  arXiv  Detail & Related papers  (2024-05-29T16:00:19Z)
• Enhancing Security and Privacy in Federated Learning using Update Digests and Voting-Based Defense [23.280147155814955]
  Federated Learning (FL) is a promising privacy-preserving machine learning paradigm. Despite its potential, FL faces challenges related to the trustworthiness of both clients and servers. We introduce a novel framework named underlinetextbfFederated underlinetextbfLearning with underlinetextbfUpdate underlinetextbfDigest (FLUD) FLUD addresses the critical issues of privacy preservation and resistance to Byzantine attacks within distributed learning environments.
  arXiv  Detail & Related papers  (2024-05-29T06:46:10Z)
• SaFL: Sybil-aware Federated Learning with Application to Face Recognition [13.914187113334222]
  Federated Learning (FL) is a machine learning paradigm to conduct collaborative learning among clients on a joint model. On the downside, FL raises security and privacy concerns that have just started to be studied. This paper proposes a new defense method against poisoning attacks in FL called SaFL.
  arXiv  Detail & Related papers  (2023-11-07T21:06:06Z)
• FheFL: Fully Homomorphic Encryption Friendly Privacy-Preserving Federated Learning with Byzantine Users [19.209830150036254]
  federated learning (FL) technique was developed to mitigate data privacy issues in the traditional machine learning paradigm. Next-generation FL architectures proposed encryption and anonymization techniques to protect the model updates from the server. This paper proposes a novel FL algorithm based on a fully homomorphic encryption (FHE) scheme.
  arXiv  Detail & Related papers  (2023-06-08T11:20:00Z)
• Unraveling the Connections between Privacy and Certified Robustness in Federated Learning Against Poisoning Attacks [68.20436971825941]
  Federated learning (FL) provides an efficient paradigm to jointly train a global model leveraging data from distributed users. Several studies have shown that FL is vulnerable to poisoning attacks. To protect the privacy of local users, FL is usually trained in a differentially private way.
  arXiv  Detail & Related papers  (2022-09-08T21:01:42Z)
• Decepticons: Corrupted Transformers Breach Privacy in Federated Learning for Language Models [58.631918656336005]
  We propose a novel attack that reveals private user text by deploying malicious parameter vectors. Unlike previous attacks on FL, the attack exploits characteristics of both the Transformer architecture and the token embedding.
  arXiv  Detail & Related papers  (2022-01-29T22:38:21Z)
• Understanding Clipping for Federated Learning: Convergence and Client-Level Differential Privacy [67.4471689755097]
  This paper empirically demonstrates that the clipped FedAvg can perform surprisingly well even with substantial data heterogeneity. We provide the convergence analysis of a differential private (DP) FedAvg algorithm and highlight the relationship between clipping bias and the distribution of the clients' updates.
  arXiv  Detail & Related papers  (2021-06-25T14:47:19Z)
• Blockchain Assisted Decentralized Federated Learning (BLADE-FL) with Lazy Clients [124.48732110742623]
  We propose a novel framework by integrating blockchain into Federated Learning (FL) BLADE-FL has a good performance in terms of privacy preservation, tamper resistance, and effective cooperation of learning. It gives rise to a new problem of training deficiency, caused by lazy clients who plagiarize others' trained models and add artificial noises to conceal their cheating behaviors.
  arXiv  Detail & Related papers  (2020-12-02T12:18:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.