Towards Trustworthy Federated Learning with Untrusted Participants

TL;DR

This paper introduces CafCor, a federated learning algorithm that uses shared randomness among participants to enhance privacy and robustness against malicious actors, achieving utility close to fully trusted models without trusting the server.

Contribution

It demonstrates that shared randomness between participants can replace the need for a trusted server, enabling privacy and robustness in federated learning under weaker assumptions.

Findings

CafCor outperforms local differential privacy methods in utility.

CafCor approaches the utility of fully trusted central differential privacy.

Empirical results validate CafCor's practicality and robustness.

Abstract

Resilience against malicious participants and data privacy are essential for trustworthy federated learning, yet achieving both with good utility typically requires the strong assumption of a trusted central server. This paper shows that a significantly weaker assumption suffices: each pair of participants shares a randomness seed unknown to others. In a setting where malicious participants may collude with an untrusted server, we propose CafCor, an algorithm that integrates robust gradient aggregation with correlated noise injection, using shared randomness between participants. We prove that CafCor achieves strong privacy-utility trade-offs, significantly outperforming local differential privacy (DP) methods, which do not make any trust assumption, while approaching central DP utility, where the server is fully trusted. Empirical results on standard benchmarks validate CafCor's practicality, showing that privacy and robustness can coexist in distributed systems without sacrificing utility or trusting the server.