Comments on "Privacy-Enhanced Federated Learning Against Poisoning Adversaries"

TL;DR

This paper critically examines the PEFL framework for federated learning, revealing significant privacy flaws that expose user gradients and demonstrating that existing fixes are inadequate, thereby cautioning against propagating these vulnerabilities.

Contribution

It provides a detailed critique of PEFL's privacy claims, exposing vulnerabilities and highlighting the need for more secure solutions in privacy-preserving federated learning.

Findings

PEFL reveals user gradients to one entity, violating privacy.

Existing fixes for PEFL are insufficient to ensure privacy.

Many subsequent works continue to reference flawed PEFL framework.

Abstract

In August 2021, Liu et al. (IEEE TIFS'21) proposed a privacy-enhanced framework named PEFL to efficiently detect poisoning behaviours in Federated Learning (FL) using homomorphic encryption. In this article, we show that PEFL does not preserve privacy. In particular, we illustrate that PEFL reveals the entire gradient vector of all users in clear to one of the participating entities, thereby violating privacy. Furthermore, we clearly show that an immediate fix for this issue is still insufficient to achieve privacy by pointing out multiple flaws in the proposed system. Note: Although our privacy issues mentioned in Section II have been published in January 2023 (Schneider et. al., IEEE TIFS'23), several subsequent papers continued to reference Liu et al. (IEEE TIFS'21) as a potential solution for private federated learning. While a few works have acknowledged the privacy concerns we raised, several of subsequent works either propagate these errors or adopt the constructions from Liu et al. (IEEE TIFS'21), thereby unintentionally inheriting the same privacy vulnerabilities. We believe this oversight is partly due to the limited visibility of our comments paper at TIFS'23 (Schneider et. al., IEEE TIFS'23). Consequently, to prevent the continued propagation of the flawed algorithms in Liu et al. (IEEE TIFS'21) into future research, we also put this article to an ePrint.