Armadillo: Robust Secure Aggregation for Federated Learning with Input Validation

Yiping Ma; Yue Guo; Harish Karthikeyan; Antigoni Polychroniadou

Armadillo: Robust Secure Aggregation for Federated Learning with Input Validation

Yiping Ma, Yue Guo, Harish Karthikeyan, Antigoni Polychroniadou

Published: 12 Oct 2024, Last Modified: 15 Dec 2024AIM-FM Workshop @ NeurIPS'24 PosterEveryoneRevisionsBibTeXCC BY 4.0

Keywords: Federated Learning, Robustness, Verification

TL;DR: A Robust Secure Aggregation System for Federated Learning with Input Validation

Abstract: Secure aggregation protocols allow a server to compute the sum of inputs from a set of clients without learning anything beyond the sum (and what the sum implies). This paper introduces Armadillo, a single-server secure aggregation system for federated learning with input validation and robustness (guaranteed output delivery). Specifically, Armadillo allows the server to check if the input vectors satisfy some pre-defined constraints (e.g., the vectors have $L_2, L_\infty$ norms bounded by a constant), and ensures the server can always obtain the sum of valid inputs. Armadillo significantly improves the round complexity of ACORN-robust, a recent work by Bell et al. (USENIX Security '23) with similar security properties, from logarithmic rounds (to the number of clients) to constant rounds; concretely, when running one aggregation on 1K clients with corruption rate 10%, ACORN-robust requires at least 10 rounds while Armadillo has 3 rounds.

Supplementary Material: zip

Submission Number: 75

Loading