SLVR: Securely Leveraging Client Validation for Robust Federated Learning

TL;DR

SLVR introduces a flexible framework that enhances federated learning robustness by securely leveraging client data for validation, eliminating the need for public data and improving resistance to poisoning attacks.

Contribution

SLVR is a novel framework that uses secure multi-party computation to enable robust client validation directly from private data, broadening attack detection capabilities in federated learning.

Findings

Improves robustness against model poisoning attacks by up to 50%.

Effectively adapts to distribution shifts in client data.

Maintains stable convergence under various data scenarios.

Abstract

Federated Learning (FL) enables collaborative model training while keeping client data private. However, exposing individual client updates makes FL vulnerable to reconstruction attacks. Secure aggregation mitigates such privacy risks but prevents the server from verifying the validity of each client update, creating a privacy-robustness tradeoff. Recent efforts attempt to address this tradeoff by enforcing checks on client updates using zero-knowledge proofs, but they support limited predicates and often depend on public validation data. We propose SLVR, a general framework that securely leverages clients' private data through secure multi-party computation. By utilizing clients' data, SLVR not only eliminates the need for public validation data, but also enables a wider range of checks for robustness, including cross-client accuracy validation. It also adapts naturally to distribution shifts in client data as it can securely refresh its validation data up-to-date. Our empirical evaluations show that SLVR improves robustness against model poisoning attacks, particularly outperforming existing methods by up to 50% under adaptive attacks. Additionally, SLVR demonstrates effective adaptability and stable convergence under various distribution shift scenarios.