Perfect Privacy for Discriminator-Based Byzantine-Resilient Federated Learning
This addresses critical security and privacy issues for federated learning systems, offering a novel solution with theoretical guarantees, though it relies on a trusted third party in one variant.
The paper tackles the dual challenges of privacy and Byzantine resilience in federated learning by proposing two schemes, ByITFL and LoByITFL, which achieve perfect information-theoretic privacy and mitigate corrupt user contributions, with LoByITFL reducing communication costs significantly compared to ByITFL.
Federated learning (FL) shows great promise in large-scale machine learning but introduces new privacy and security challenges. We propose ByITFL and LoByITFL, two novel FL schemes that enhance resilience against Byzantine users while keeping the users' data private from eavesdroppers. To ensure privacy and Byzantine resilience, our schemes build on having a small representative dataset available to the federator and crafting a discriminator function allowing the mitigation of corrupt users' contributions. ByITFL employs Lagrange coded computing and re-randomization, making it the first Byzantine-resilient FL scheme with perfect Information-Theoretic (IT) privacy, though at the cost of a significant communication overhead. LoByITFL, on the other hand, achieves Byzantine resilience and IT privacy at a significantly reduced communication cost, but requires a Trusted Third Party, used only in a one-time initialization phase before training. We provide theoretical guarantees on privacy and Byzantine resilience, along with convergence guarantees and experimental results validating our findings.