Paper 2021/993
FLOD: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority
Ye Dong, Xiaojun Chen, Kaiyun Li, Dakui Wang, and Shuai Zeng
Abstract
\textit{Privacy} and \textit{Byzantine-robustness} are two major concerns of federated learning (FL), but mitigating both threats simultaneously is highly challenging: privacy-preserving strategies prohibit access to individual model updates to avoid leakage, while Byzantine-robust methods require access for comprehensive mathematical analysis. Besides, most Byzantine-robust methods only work in the \textit{honest-majority} setting. We present $\mathsf{FLOD}$, a novel oblivious defender for private Byzantine-robust FL in dishonest-majority setting. Basically, we propose a novel Hamming distance-based aggregation method to resist $>1/2$ Byzantine attacks using a small \textit{root-dataset} and \textit{server-model} for bootstrapping trust. Furthermore, we employ two non-colluding servers and use additive homomorphic encryption ($\mathsf{AHE}$) and secure two-party computation (2PC) primitives to construct efficient privacy-preserving building blocks for secure aggregation, in which we propose two novel in-depth variants of Beaver Multiplication triples (MT) to reduce the overhead of Bit to Arithmetic ($\mathsf{Bit2A}$) conversion and vector weighted sum aggregation ($\mathsf{VSWA}$) significantly. Experiments on real-world and synthetic datasets demonstrate our effectiveness and efficiency: (\romannumeral1) $\mathsf{FLOD}$ defeats known Byzantine attacks with a negligible effect on accuracy and convergence, (\romannumeral2) achieves a reduction of $\approx 2\times$ for offline (resp. online) overhead of $\mathsf{Bit2A}$ and $\mathsf{VSWA}$ compared to $\mathsf{ABY}$-$\mathsf{AHE}$ (resp. $\mathsf{ABY}$-$\mathsf{MT}$) based methods (NDSS'15), (\romannumeral3) and reduces total online communication and run-time by $167$-$1416\times$ and $3.1$-$7.4\times$ compared to $\mathsf{FLGUARD}$ (Crypto Eprint 2021/025).
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Published elsewhere. Minor revision. 26th European Symposium on Research in Computer Security (ESORICS 2021)
- Keywords
- Privacy-PreservingByzantine-RobustFederated LearningDishonest-Majority
- Contact author(s)
- dongye @ iie ac cn
- History
- 2021-07-28: received
- Short URL
- https://ia.cr/2021/993
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/993, author = {Ye Dong and Xiaojun Chen and Kaiyun Li and Dakui Wang and Shuai Zeng}, title = {{FLOD}: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/993}, year = {2021}, url = {https://eprint.iacr.org/2021/993} }