TEE-based Selective Testing of Local Workers in Federated Learning Systems

Abstract

This paper considers a federated learning system consisting of a central aggregation server and multiple distributed local workers, all having access to trusted execution environments (TEEs). For the local workers, which are untrusted but economically-rational, to conduct local learning honestly, we propose a TEE-based selective testing scheme that also combines techniques from applied cryptography, game theory and smart contract. Theoretical analysis of the scheme indicates that only a small number of tests are needed to enforce honest execution by the local workers. Implementation-based experiments compare the cost of the proposed scheme against two reference schemes (i.e., the original scheme without security measure and the all-SGX scheme which conducts training completely in an SGX enclave). The results show that, our proposed scheme incurs much lower cost at the SGX enclave though introducing a higher cost at the untrusted execution environment. We argue that this tradeoff is appropriate given that computing in the untrusted environment can access more resources and is cheaper than in the trusted environment. The experiment results also show that, the increase of the cost in the untrusted execution environment get smaller as the size of the training model increases, which demonstrates the scalability of the scheme.