[Resource Topic] 2021/993: FLOD: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority

Welcome to the resource topic for 2021/993

FLOD: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority

Authors: Ye Dong, Xiaojun Chen, Kaiyun Li, Dakui Wang, Shuai Zeng


\textit{Privacy} and \textit{Byzantine-robustness} are two major concerns of federated learning (FL), but mitigating both threats simultaneously is highly challenging: privacy-preserving strategies prohibit access to individual model updates to avoid leakage, while Byzantine-robust methods require access for comprehensive mathematical analysis. Besides, most Byzantine-robust methods only work in the \textit{honest-majority} setting. We present \mathsf{FLOD}, a novel oblivious defender for private Byzantine-robust FL in dishonest-majority setting. Basically, we propose a novel Hamming distance-based aggregation method to resist >1/2 Byzantine attacks using a small \textit{root-dataset} and \textit{server-model} for bootstrapping trust. Furthermore, we employ two non-colluding servers and use additive homomorphic encryption (\mathsf{AHE}) and secure two-party computation (2PC) primitives to construct efficient privacy-preserving building blocks for secure aggregation, in which we propose two novel in-depth variants of Beaver Multiplication triples (MT) to reduce the overhead of Bit to Arithmetic (\mathsf{Bit2A}) conversion and vector weighted sum aggregation (\mathsf{VSWA}) significantly. Experiments on real-world and synthetic datasets demonstrate our effectiveness and efficiency: (\romannumeral1) \mathsf{FLOD} defeats known Byzantine attacks with a negligible effect on accuracy and convergence, (\romannumeral2) achieves a reduction of \approx 2\times for offline (resp. online) overhead of \mathsf{Bit2A} and \mathsf{VSWA} compared to \mathsf{ABY}-\mathsf{AHE} (resp. \mathsf{ABY}-\mathsf{MT}) based methods (NDSS’15), (\romannumeral3) and reduces total online communication and run-time by 167-1416\times and 3.1-7.4\times compared to \mathsf{FLGUARD} (Crypto Eprint 2021/025).

ePrint: https://eprint.iacr.org/2021/993

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .