SLVR: Securely Leveraging Client Validation for Robust Federated Learning
This addresses the problem of balancing privacy and robustness in federated learning for collaborative AI systems, representing a novel method for a known bottleneck.
The paper tackles the privacy-robustness tradeoff in Federated Learning by proposing SLVR, a framework that uses secure multi-party computation to enable robust validation of client updates without public data, improving robustness against model poisoning attacks by up to 50% under adaptive attacks.
Federated Learning (FL) enables collaborative model training while keeping client data private. However, exposing individual client updates makes FL vulnerable to reconstruction attacks. Secure aggregation mitigates such privacy risks but prevents the server from verifying the validity of each client update, creating a privacy-robustness tradeoff. Recent efforts attempt to address this tradeoff by enforcing checks on client updates using zero-knowledge proofs, but they support limited predicates and often depend on public validation data. We propose SLVR, a general framework that securely leverages clients' private data through secure multi-party computation. By utilizing clients' data, SLVR not only eliminates the need for public validation data, but also enables a wider range of checks for robustness, including cross-client accuracy validation. It also adapts naturally to distribution shifts in client data as it can securely refresh its validation data up-to-date. Our empirical evaluations show that SLVR improves robustness against model poisoning attacks, particularly outperforming existing methods by up to 50% under adaptive attacks. Additionally, SLVR demonstrates effective adaptability and stable convergence under various distribution shift scenarios.