ScionFL: Efficient and Robust Secure Quantized Aggregation

Yaniv Ben-Itzhak; Helen Möllering; Benny Pinkas; Thomas Schneider; Ajith Suresh; Oleksandr Tkachenko; Shay Vargaftik; Christian Weinert; Hossein Yalame; Avishay Yanai

Paper 2023/652

ScionFL: Efficient and Robust Secure Quantized Aggregation

Yaniv Ben-Itzhak

, VMware Research

Helen Möllering

, TU Darmstadt

Benny Pinkas

, Bar-Ilan University

Thomas Schneider

, TU Darmstadt

Ajith Suresh

, Technology Innovation Institute

Oleksandr Tkachenko

, DFINITY Foundation

Shay Vargaftik

, VMware Research

Christian Weinert

, Royal Holloway University of London

Hossein Yalame

, TU Darmstadt

Avishay Yanai

, VMware Research

Abstract

Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and~(ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands or even millions of (mobile) participants. In this paper, we unite both research directions by introducing ScionFL, the first secure aggregation framework for FL that operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients. Our framework leverages (novel) multi-party computation (MPC) techniques and supports multiple linear (1-bit) quantization schemes, including ones that utilize the randomized Hadamard transform and Kashin's representation. Our theoretical results are supported by extensive evaluations. We show that with no overhead for clients and moderate overhead on the server side compared to transferring and processing quantized updates in plaintext, we obtain comparable accuracy for standard FL benchmarks. Additionally, we demonstrate the robustness of our framework against state-of-the-art poisoning attacks.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: MPC Secure Aggregation Quantization Poisoning Defense Federated Learning Privacy
Contact author(s): ybenitzhak @ vmware com
moellering @ encrypto cs tu-darmstadt de
benny @ pinkas net
schneider @ encrypto cs tu-darmstadt de
ajith suresh @ tii ae
oleksandr tkachenko1 @ gmail com
shayv @ vmware com
christian weinert @ rhul ac uk
yalame @ encrypto cs tu-darmstadt de
yanaia @ vmware com
History: 2023-05-11: approved; 2023-05-08: received; See all versions
Short URL: https://ia.cr/2023/652
License: CC BY

BibTeX

@misc{cryptoeprint:2023/652,
      author = {Yaniv Ben-Itzhak and Helen Möllering and Benny Pinkas and Thomas Schneider and Ajith Suresh and Oleksandr Tkachenko and Shay Vargaftik and Christian Weinert and Hossein Yalame and Avishay Yanai},
      title = {ScionFL: Efficient and Robust Secure Quantized Aggregation},
      howpublished = {Cryptology ePrint Archive, Paper 2023/652},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/652}},
      url = {https://eprint.iacr.org/2023/652}
}