BVDFed:Byzantine-resilient and verifiable aggregation for differentially private federated learning  

作　　者：Xinwen GAO Shaojing FU Lin LIU Yuchuan LUO 

机构地区：[1]College of Computer,National University of Defence Technology,Changsha 410000,China

出　　处：《Frontiers of Computer Science》2024年第5期171-187,共17页计算机科学前沿（英文版）

基　　金：This work was supported by the National Natural Science Foundation of China(Grant Nos.62072466,62102430,62102429,62102422,U1811462);Natural Science Foundation of Hunan Province,China(No.2021JJ40688);Science Research Plan Program by NUDT(No.ZK22-50).

摘　　要：Federated Learning(FL)has emerged as a powerful technology designed for collaborative training between multiple clients and a server while maintaining data privacy of clients.To enhance the privacy in FL,Differentially Private Federated Learning(DPFL)has gradually become one of the most effective approaches.As DPFL operates in the distributed settings,there exist potential malicious adversaries who manipulate some clients and the aggregation server to produce malicious parameters and disturb the learning model.However,existing aggregation protocols for DPFL concern either the existence of some corrupted clients(Byzantines)or the corrupted server.Such protocols are limited to eliminate the effects of corrupted clients and server when both are in existence simultaneously due to the complicated threat model.In this paper,we elaborate such adversarial threat model and propose BVDFed.To our best knowledge,it is the first Byzantine-resilient and Verifiable aggregation for Differentially privateFEDerated learning.In specific,wepropose Differentially Private Federated Averaging algorithm(DPFA)asour primary workflow of BVDFed,which ismore lightweight and easily portable than traditional DPFL algorithm.We then introduce Loss Score to indicate the trustworthiness of disguised gradients in DPFL.Based on Loss Score,we propose an aggregation rule DPLoss to eliminate faulty gradients from Byzantine clients during server aggregation while preserving the privacy of clients'data.Additionally,we design a secure verification scheme DPVeri that are compatible with DPFA and DPLoss to support the honest clients in verifying the integrity of received aggregated results.And DPVeri also provides resistance to collusion attacks with no more than t participants for our aggregation.Theoretical analysis and experimental results demonstrate our aggregation to be feasible and effective in practice.

关 键 词：federated learning differential private verifiable aggregation Byzantine fault-tolerance 

分 类 号：TP181[自动化与计算机技术—控制理论与控制工程]