SecureDL: Byzantine-Robust and Privacy-Preserving Aggregation for Decentralized Learning

Download PDF

Ali Reza Ghavamipour, Oguzhan Ersoy, Benjamin Zi Hao Zhao, Fatih Turkmen

18 Sept 2025 (modified: 22 Nov 2025)ICLR 2026 Conference Withdrawn SubmissionEveryoneRevisionsBibTeXCC BY 4.0
Keywords: decentralized learning, secure aggregation, Byzantine robustness, secret sharing, multi-party computation
TL;DR: SecureDL is a decentralized learning framework that simultaneously achieves Byzantine robustness and privacy preservation through secure aggregation based on secret sharing.
Abstract: In fully decentralized machine learning (DL), Byzantine failures remain a fundamental challenge. Although Byzantine robust aggregation schemes have strengthened the resilience of DL against malicious updates, the decentralized nature of these systems, which requires clients to access each other’s model updates, makes them more vulnerable to inference attacks than traditional federated learning. This reveals a fundamental tension between robustness and privacy, highlighting the need for aggregation schemes that can detect and neutralize malicious behavior while simultaneously preserving the confidentiality of model updates. In this paper, we introduce SecureDL, the first decentralized learning protocol, to the best of our knowledge, that is secure against Byzantine participants while also providing privacy guarantees. SecureDL leverages secret sharing–based multi-party computation to enhance both the security and privacy of decentralized learning systems in adversarial settings. Notably, it requires only two semi-honest and non-colluding clients to ensure privacy-preserving, robust training regardless of the total number of Byzantine participants. The protocol applies direction and magnitude consistency checks to filter adversarial model updates and employs scoring-based aggregation to achieve fair and resilient global models. Extensive evaluations across diverse datasets, under both IID and non-IID conditions, demonstrate that SecureDL consistently outperforms multiple state-of-the-art defenses, maintaining both accuracy and convergence even under strong data and model poisoning attacks, including sophisticated adaptive threats.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 11571