Practical Differentially Private and Byzantine-resilient Federated Learning

TL;DR

This paper presents a novel federated learning approach that combines differential privacy and Byzantine resilience, leveraging the noise from privacy mechanisms to enhance security and maintain high accuracy even with many malicious workers.

Contribution

It introduces a new method that integrates DP-SGD with Byzantine-resilient algorithms, analyzing their interaction to improve performance and robustness.

Findings

Achieves high accuracy under strong privacy guarantees

Remains effective with up to 90% Byzantine workers

Leverages DP noise to improve Byzantine attack rejection

Abstract

Privacy and Byzantine resilience are two indispensable requirements for a federated learning (FL) system. Although there have been extensive studies on privacy and Byzantine security in their own track, solutions that consider both remain sparse. This is due to difficulties in reconciling privacy-preserving and Byzantine-resilient algorithms. In this work, we propose a solution to such a two-fold issue. We use our version of differentially private stochastic gradient descent (DP-SGD) algorithm to preserve privacy and then apply our Byzantine-resilient algorithms. We note that while existing works follow this general approach, an in-depth analysis on the interplay between DP and Byzantine resilience has been ignored, leading to unsatisfactory performance. Specifically, for the random noise introduced by DP, previous works strive to reduce its impact on the Byzantine aggregation. In contrast, we leverage the random noise to construct an aggregation that effectively rejects many existing Byzantine attacks. We provide both theoretical proof and empirical experiments to show our protocol is effective: retaining high accuracy while preserving the DP guarantee and Byzantine resilience. Compared with the previous work, our protocol 1) achieves significantly higher accuracy even in a high privacy regime; 2) works well even when up to 90% of distributive workers are Byzantine.