ByzSFL: Achieving Byzantine-Robust Secure Federated Learning with Zero-Knowledge Proofs

TL;DR

ByzSFL introduces a Byzantine-robust, efficient secure federated learning system using zero-knowledge proofs, enabling privacy-preserving, robust model training even with malicious participants, and significantly improves computational speed.

Contribution

The paper presents ByzSFL, a novel system that combines Byzantine robustness with secure federated learning using zero-knowledge proofs, achieving high efficiency and practical deployment.

Findings

ByzSFL is approximately 100 times faster than existing solutions.

It maintains model integrity even with malicious participants.

Supports open-source AI trends by enabling plaintext publication of models.

Abstract

The advancement of AI models, especially those powered by deep learning, faces significant challenges in data-sensitive industries like healthcare and finance due to the distributed and private nature of data. Federated Learning (FL) and Secure Federated Learning (SFL) enable collaborative model training without data sharing, enhancing privacy by encrypting shared intermediate results. However, SFL currently lacks effective Byzantine robustness, a critical property that ensures model performance remains intact even when some participants act maliciously. Existing Byzantine-robust methods in FL are incompatible with SFL due to the inefficiency and limitations of encryption operations in handling complex aggregation calculations. This creates a significant gap in secure and robust model training. To address this gap, we propose ByzSFL, a novel SFL system that achieves Byzantine-robust secure aggregation with high efficiency. Our approach offloads aggregation weight calculations to individual parties and introduces a practical zero-knowledge proof (ZKP) protocol toolkit. This toolkit supports widely used operators for calculating aggregation weights, ensuring correct computations without compromising data privacy. Not only does this method maintain aggregation integrity, but it also significantly boosts computational efficiency, making ByzSFL approximately 100 times faster than existing solutions. Furthermore, our method aligns with open-source AI trends, enabling plaintext publication of the final model without additional information leakage, thereby enhancing the practicality and robustness of SFL in real-world applications.