Towards Trustworthy Federated Learning with Untrusted Participants
This work addresses the challenge of trustworthy federated learning for distributed systems where participants and servers may be untrusted, offering a practical solution that balances privacy, robustness, and utility without incremental assumptions.
The paper tackles the problem of achieving both resilience against malicious participants and data privacy in federated learning without assuming a trusted central server, by proposing CafCor, an algorithm that uses shared randomness between participants to integrate robust gradient aggregation with correlated noise injection, resulting in strong privacy-utility trade-offs that significantly outperform local differential privacy methods and approach central differential privacy utility.
Resilience against malicious participants and data privacy are essential for trustworthy federated learning, yet achieving both with good utility typically requires the strong assumption of a trusted central server. This paper shows that a significantly weaker assumption suffices: each pair of participants shares a randomness seed unknown to others. In a setting where malicious participants may collude with an untrusted server, we propose CafCor, an algorithm that integrates robust gradient aggregation with correlated noise injection, using shared randomness between participants. We prove that CafCor achieves strong privacy-utility trade-offs, significantly outperforming local differential privacy (DP) methods, which do not make any trust assumption, while approaching central DP utility, where the server is fully trusted. Empirical results on standard benchmarks validate CafCor's practicality, showing that privacy and robustness can coexist in distributed systems without sacrificing utility or trusting the server.