Federated learning systems that jointly preserve Byzantine robustness and privacy have remained an open problem. Robust aggregation, the standard defense for Byzantine attacks, generally requires server access to individual updates or nonlinear computation -- thus is incompatible with privacy-preserving methods such as secure aggregation via multiparty computation. To this end, we propose SHARE (Secure Hierarchical Robust Aggregation), a distributed learning framework designed to cryptographically preserve client update privacy and robustness to Byzantine adversaries simultaneously. The key idea is to incorporate secure averaging among randomly clustered clients before filtering malicious updates through robust aggregation. Experiments show that SHARE has similar robustness guarantees as existing techniques while enhancing privacy.
翻译:联合保护拜占庭稳健性和隐私的联邦学习系统仍是一个尚未解决的问题。 强力聚合是拜占庭袭击的标准防御,通常要求服务器访问个人更新或非线性计算,因此与通过多功能计算安全聚合等隐私保护方法不相容。 为此,我们提议SHARE(安全等级强健聚合),这是一个分布式学习框架,旨在以加密方式保护客户同时更新拜占庭对手的隐私和稳健性。 关键的想法是,在通过强力聚合过滤恶意更新之前,在随机分组客户中平均纳入安全性。 实验显示,SHARE在加强隐私的同时,具有类似于现有技术的稳健性保障。
相关内容
微信扫码咨询专知VIP会员