Secure and Privacy-Preserving Federated Learning via Co-Utility

TL;DR

This paper presents a decentralized federated learning framework that ensures privacy and security against malicious attacks by using co-utility principles, unlinkable anonymity, and a reputation system, maintaining model accuracy and reducing computational costs.

Contribution

It introduces a novel co-utile reputation management system and protocols that provide privacy and security without compromising model accuracy or incurring high computational overhead.

Findings

Provides privacy via unlinkable anonymity without differential privacy.

Ensures security against Byzantine and poisoning attacks.

Reduces computational overhead compared to homomorphic encryption methods.

Abstract

The decentralized nature of federated learning, that often leverages the power of edge devices, makes it vulnerable to attacks against privacy and security. The privacy risk for a peer is that the model update she computes on her private data may, when sent to the model manager, leak information on those private data. Even more obvious are security attacks, whereby one or several malicious peers return wrong model updates in order to disrupt the learning process and lead to a wrong model being learned. In this paper we build a federated learning framework that offers privacy to the participating peers as well as security against Byzantine and poisoning attacks. Our framework consists of several protocols that provide strong privacy to the participating peers via unlinkable anonymity and that are rationally sustainable based on the co-utility property. In other words, no rational party is interested in deviating from the proposed protocols. We leverage the notion of co-utility to build a decentralized co-utile reputation management system that provides incentives for parties to adhere to the protocols. Unlike privacy protection via differential privacy, our approach preserves the values of model updates and hence the accuracy of plain federated learning; unlike privacy protection via update aggregation, our approach preserves the ability to detect bad model updates while substantially reducing the computational overhead compared to methods based on homomorphic encryption.