DRIFT: DCT-based robust and intelligent federated learning with trusted privacy

Federated Learning (FL) allows collaborative model training across decentralized clients without sharing private data. However, traditional FL frameworks face dual challenges: vulnerability to Byzantine attacks (where malicious clients submit adversarial model updates) and privacy breaches (where curious clients infer sensitive information from exchanged parameters), exacerbated by decentralized operations and unencrypted communications. While existing work addresses robustness or privacy individually, the interplay between defense mechanisms, particularly the trade-off between attack resilience and utility degradation caused by privacy safeguards, remains understudied. To bridge this gap, we propose DRIFT, a novel FL framework that simultaneously achieves Byzantine robustness and privacy preservation. Our approach uniquely combines spectral analysis with cryptographic protection: By transforming model parameters into the frequency domain through Discrete Cosine Transform, DRIFT identifies malicious updates via spectral clustering while inherently obscuring sensitive parameter patterns. This defense mechanism is further reinforced by a privacy-preserving aggregation protocol leveraging fully homomorphic encryption with floating-point computation. It encrypts client updates during transmission and aggregation without compromising their computational usability. Extensive evaluations on MNIST and PathMNIST demonstrate that DRIFT outperforms baseline methods in resisting state-of-the-art Byzantine attacks while maintaining model utility and providing provable privacy guarantees.