Paper 2021/993

FLOD: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority

Ye Dong, Xiaojun Chen, Kaiyun Li, Dakui Wang, and Shuai Zeng

Abstract

\textit{Privacy} and \textit{Byzantine-robustness} are two major concerns of federated learning (FL), but mitigating both threats simultaneously is highly challenging: privacy-preserving strategies prohibit access to individual model updates to avoid leakage, while Byzantine-robust methods require access for comprehensive mathematical analysis. Besides, most Byzantine-robust methods only work in the \textit{honest-majority} setting. We present $\mathsf{FLOD}$, a novel oblivious defender for private Byzantine-robust FL in dishonest-majority setting. Basically, we propose a novel Hamming distance-based aggregation method to resist $$ Byzantine attacks using a small \textit{root-dataset} and \textit{server-model} for bootstrapping trust. Furthermore, we employ two non-colluding servers and use additive homomorphic encryption ($$) and secure two-party computation (2PC) primitives to construct efficient privacy-preserving building blocks for secure aggregation, in which we propose two novel in-depth variants of Beaver Multiplication triples (MT) to reduce the overhead of Bit to Arithmetic ($$) conversion and vector weighted sum aggregation ($$) significantly. Experiments on real-world and synthetic datasets demonstrate our effectiveness and efficiency: (\romannumeral1) $$ defeats known Byzantine attacks with a negligible effect on accuracy and convergence, (\romannumeral2) achieves a reduction of $$ for offline (resp. online) overhead of $$ and $$ compared to $$-$$ (resp. $$-$$) based methods (NDSS'15), (\romannumeral3) and reduces total online communication and run-time by $$-$$ and $$-$$ compared to $$ (Crypto Eprint 2021/025).