Go to OpenReview Public Article ORCID homepageArmadillo: Robust Single-Server Secure Aggregation for Federated Learning with Input Validation
Abstract: This paper presents a secure aggregation system Armadillo that has disruptive resistance against adversarial clients, such that any coalition of malicious clients can affect the aggregation result only by misreporting their private inputs in a pre-defined legitimate range. Armadillo is designed for federated learning setting, where a single powerful server interacts with many weak clients iteratively to train models on client's private data. While a few prior works consider disruption resistance under such setting, for an aggregation on n clients they either require high cost per client (Chowdhury et al. CCS '22) or concretely many rounds that is logarithmic in n (Bell et al. USENIX Security '23). Although disruption resistance can be achieved generically with zero-knowledge proof techniques (which we also use in this paper), we realize an efficient system with two new designs: 1) a simple two-layer secure aggregation protocol that requires only simple arithmetic computation; 2) an agreement protocol that removes the effect of malicious clients from the aggregation with low round complexity. With these techniques, Armadillo runs in 3 rounds per aggregation (our round complexity is independent of n) with computationally lightweight server and clients.
External IDs:doi:10.1145/3719027.3765216
Loading