CQSA: Byzantine-robust Clustered Quantum Secure Aggregation in Federated Learning

TL;DR

This paper introduces CQSA, a modular quantum secure aggregation method for federated learning that improves robustness against Byzantine clients and overcomes the limitations of large-scale GHZ states.

Contribution

The paper proposes a clustered quantum secure aggregation framework that enhances fidelity and Byzantine robustness in quantum federated learning.

Findings

CQSA achieves higher state fidelity than traditional QSA.

CQSA maintains stable model convergence under noise.

CQSA effectively detects malicious clients using statistical analysis.

Abstract

Federated Learning (FL) enables collaborative model training without sharing raw data. However, shared local model updates remain vulnerable to inference and poisoning attacks. Secure aggregation schemes have been proposed to mitigate these attacks. In this work, we aim to understand how these techniques are implemented in quantum-assisted FL. Quantum Secure Aggregation (QSA) has been proposed, offering information-theoretic privacy by encoding client updates into the global phase of multipartite entangled states. Existing QSA protocols, however, rely on a single global Greenberger-Horne-Zeilinger (GHZ) state shared among all participating clients. This design poses fundamental challenges: fidelity of large-scale GHZ states deteriorates rapidly with the increasing number of clients; and (ii) the global aggregation prevents the detection of Byzantine clients. We propose Clustered Quantum Secure Aggregation (CQSA), a modular aggregation framework that reconciles the physical constraints of near-term quantum hardware along with the need for Byzantine-robustness in FL. CQSA randomly partitions the clients into small clusters, each performing local quantum aggregation using high-fidelity, low-qubit GHZ states. The server analyzes statistical relationships between cluster-level aggregates employing common statistical measures such as cosine similarity and Euclidean distance to identify malicious contributions. Through theoretical analysis and simulations under depolarizing noise, we demonstrate that CQSA ensures stable model convergence, achieves superior state fidelity over global QSA.