FheFL: Fully Homomorphic Encryption Friendly Privacy-Preserving Federated Learning with Byzantine Users

TL;DR

This paper introduces FheFL, a federated learning framework that employs fully homomorphic encryption to enhance privacy and robustness against malicious users, while maintaining model accuracy and computational efficiency.

Contribution

It proposes a novel multi-key additive homomorphic encryption scheme and an encrypted aggregation method that addresses data poisoning and privacy concerns in federated learning.

Findings

FheFL achieves comparable accuracy to traditional FL methods.

The encryption scheme effectively prevents privacy leakage.

The approach is computationally feasible for practical deployment.

Abstract

The federated learning (FL) technique was developed to mitigate data privacy issues in the traditional machine learning paradigm. While FL ensures that a user's data always remain with the user, the gradients are shared with the centralized server to build the global model. This results in privacy leakage, where the server can infer private information from the shared gradients. To mitigate this flaw, the next-generation FL architectures proposed encryption and anonymization techniques to protect the model updates from the server. However, this approach creates other challenges, such as malicious users sharing false gradients. Since the gradients are encrypted, the server is unable to identify rogue users. To mitigate both attacks, this paper proposes a novel FL algorithm based on a fully homomorphic encryption (FHE) scheme. We develop a distributed multi-key additive homomorphic encryption scheme that supports model aggregation in FL. We also develop a novel aggregation scheme within the encrypted domain, utilizing users' non-poisoning rates, to effectively address data poisoning attacks while ensuring privacy is preserved by the proposed encryption scheme. Rigorous security, privacy, convergence, and experimental analyses have been provided to show that FheFL is novel, secure, and private, and achieves comparable accuracy at reasonable computational cost.