Abstract

Federated learning (FL) trains a model over multiple datasets by collecting the local models rather than raw data, which can help facilitate distributed data analysis in many real-world applications. Since the model parameters can leak information about the training datasets, it is necessary to preserve the privacy of the FL participants’ local models. Furthermore, FL is vulnerable to poisoning attacks which can significantly decrease the model utility. To settle the above issues, we propose a privacy-preserving and Byzantine-robust FL scheme <inline-formula><tex-math notation="LaTeX">$\Pi _{\text{P2Brofl}}$</tex-math></inline-formula> that maintains robustness in the presence of poisoning attacks and preserves the privacy of local models simultaneously. Specifically, <inline-formula><tex-math notation="LaTeX">$\Pi _{\text{P2Brofl}}$</tex-math></inline-formula> leverages three-party computation (3 PC) to securely achieve a Byzantine-robust aggregation method. To improve the efficiency of privacy-preserving local model selection and aggregation, we propose a maliciously secure top- <inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> protocol <inline-formula><tex-math notation="LaTeX">$\Pi _{\text{top}-k}$</tex-math></inline-formula> that has low communication overhead. Moreover, we present an efficient maliciously secure shuffling protocol <inline-formula><tex-math notation="LaTeX">$\Pi _{\text{shuffle}}$</tex-math></inline-formula> since secure shuffling is necessary for our secure top- <inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> protocol. The security proof of the scheme is given and experiments on real-world datasets are conducted in this paper. When the proportion of Byzantine participants is 50%, the error rate of the model only increases by 1.05% while it increases by 23.78% without using our protection.