Preserving Privacy and Security in Federated Learning

TL;DR

This paper presents a framework for federated learning that simultaneously ensures user privacy and detects malicious model updates by combining homomorphic encryption and zero-knowledge proofs, addressing a key challenge in secure and private collaborative learning.

Contribution

It introduces a novel framework integrating privacy-preserving secure aggregation with attack detection, using cryptographic protocols to balance security and privacy in federated learning.

Findings

Secure aggregation with homomorphic encryption preserves privacy.

Zero-knowledge proofs enable attack detection without revealing local models.

Framework effectively detects poisoning attacks while maintaining user privacy.

Abstract

Federated learning is known to be vulnerable to both security and privacy issues. Existing research has focused either on preventing poisoning attacks from users or on concealing the local model updates from the server, but not both. However, integrating these two lines of research remains a crucial challenge since they often conflict with one another with respect to the threat model. In this work, we develop a principle framework that offers both privacy guarantees for users and detection against poisoning attacks from them. With a new threat model that includes both an honest-but-curious server and malicious users, we first propose a secure aggregation protocol using homomorphic encryption for the server to combine local model updates in a private manner. Then, a zero-knowledge proof protocol is leveraged to shift the task of detecting attacks in the local models from the server to the users. The key observation here is that the server no longer needs access to the local models for attack detection. Therefore, our framework enables the central server to identify poisoned model updates without violating the privacy guarantees of secure aggregation.