Reconciling Privacy and Byzantine-robustness in Federated Learning

Abstract

In this talk, we will discuss how to make federated learning secure for the server and private for the clients simultaneously. Most prior efforts fall into either of the two categories. At one end of the spectrum, some work uses techniques like secure aggregation to hide the individual client’s updates and only reveal the aggregated global update to a malicious server that strives to infer the clients’ privacy from their updates. At the other end of the spectrum, some work uses Byzantine-robust FL protocols to suppress the influence of malicious clients’ updates. We present a protocol that offers bidirectional defense to simultaneously combat against the malicious centralized server and Byzantine malicious clients. Our protocol also improves the dimension dependence and achieve a near-optimal statistical rate for strongly convex cases.