Efficient Byzantine-Robust and Provably Privacy-Preserving Federated Learning

TL;DR

BPFL is a novel federated learning framework that ensures robustness against Byzantine attacks and provable privacy preservation through zero-knowledge proofs and homomorphic encryption, with demonstrated efficiency and effectiveness.

Contribution

We introduce BPFL, combining Byzantine robustness and privacy guarantees in federated learning using zero-knowledge proofs and homomorphic encryption, addressing limitations of prior methods.

Findings

BPFL achieves Byzantine robustness in federated learning.

BPFL guarantees provable privacy preservation.

Experimental results show BPFL's efficiency and robustness.

Abstract

Federated learning (FL) is an emerging distributed learning paradigm without sharing participating clients' private data. However, existing works show that FL is vulnerable to both Byzantine (security) attacks and data reconstruction (privacy) attacks. Almost all the existing FL defenses only address one of the two attacks. A few defenses address the two attacks, but they are not efficient and effective enough. We propose BPFL, an efficient Byzantine-robust and provably privacy-preserving FL method that addresses all the issues. Specifically, we draw on state-of-the-art Byzantine-robust FL methods and use similarity metrics to measure the robustness of each participating client in FL. The validity of clients are formulated as circuit constraints on similarity metrics and verified via a zero-knowledge proof. Moreover, the client models are masked by a shared random vector, which is generated based on homomorphic encryption. In doing so, the server receives the masked client models rather than the true ones, which are proven to be private. BPFL is also efficient due to the usage of non-interactive zero-knowledge proof. Experimental results on various datasets show that our BPFL is efficient, Byzantine-robust, and privacy-preserving.