Armadillo: Robust Single-Server Secure Aggregation for Federated Learning with Input Validation

TL;DR

Armadillo is a secure aggregation system for federated learning that ensures robustness against malicious clients with minimal rounds and computational overhead, enabling reliable model training with input validation.

Contribution

The paper introduces a novel, efficient secure aggregation protocol with disruption resistance and low round complexity, suitable for federated learning environments.

Findings

Achieves disruption resistance with only 3 rounds of communication.

Requires only simple arithmetic computations for secure aggregation.

Maintains lightweight computation for server and clients.

Abstract

This paper presents a secure aggregation system Armadillo that has disruptive resistance against adversarial clients, such that any coalition of malicious clients (within the tolerated threshold) can affect the aggregation result only by misreporting their private inputs in a pre-defined legitimate range. Armadillo is designed for federated learning setting, where a single powerful server interacts with many weak clients iteratively to train models on client's private data. While a few prior works consider disruption resistance under such setting, they either incur high per-client cost (Chowdhury et al. CCS '22) or require many rounds (Bell et al. USENIX Security '23). Although disruption resistance can be achieved generically with zero-knowledge proof techniques (which we also use in this paper), we realize an efficient system with two new designs: 1) a simple two-layer secure aggregation protocol that requires only simple arithmetic computation; 2) an agreement protocol that removes the effect of malicious clients from the aggregation with low round complexity. With these techniques, Armadillo completes each secure aggregation in 3 rounds while keeping the server and clients computationally lightweight.