Byzantine-Robust and Privacy-Preserving Framework for FedML
This work addresses critical security and efficiency issues in federated learning for applications like healthcare or finance, though it is incremental by combining existing TEEs with new encoding techniques.
The paper tackles the dual challenges of privacy and Byzantine robustness in federated learning by proposing a framework that uses trusted execution environments (TEEs) for secure gradient processing and novel encoding to offload robustness checks to accelerators, achieving theoretical privacy bounds and significant speed-up in empirical tests.
Federated learning has emerged as a popular paradigm for collaboratively training a model from data distributed among a set of clients. This learning setting presents, among others, two unique challenges: how to protect privacy of the clients' data during training, and how to ensure integrity of the trained model. We propose a two-pronged solution that aims to address both challenges under a single framework. First, we propose to create secure enclaves using a trusted execution environment (TEE) within the server. Each client can then encrypt their gradients and send them to verifiable enclaves. The gradients are decrypted within the enclave without the fear of privacy breaches. However, robustness check computations in a TEE are computationally prohibitive. Hence, in the second step, we perform a novel gradient encoding that enables TEEs to encode the gradients and then offloading Byzantine check computations to accelerators such as GPUs. Our proposed approach provides theoretical bounds on information leakage and offers a significant speed-up over the baseline in empirical evaluation.