Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and (ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands or even millions of (mobile) participants. In this paper, we unite both research directions by introducing ScionFL, the first secure aggregation framework for FL that operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients. Our framework leverages (novel) multi-party computation (MPC) techniques and supports multiple linear (1-bit) quantization schemes, including ones that utilize the randomized Hadamard transform and Kashin's representation. Our theoretical results are supported by extensive evaluations. We show that with no overhead for clients and moderate overhead for the server compared to transferring and processing quantized updates in plaintext, we obtain comparable accuracy for standard FL benchmarks. Moreover, we demonstrate the robustness of our framework against state-of-the-art poisoning attacks.

翻译：安全聚合是联邦学习（FL）中常用的一项技术，旨在缓解中心聚合器明文查看所有参数更新所带来的隐私问题。然而，现有的大多数安全聚合方案忽视了两种关键的交叉研究方向，这些方向旨在（i）显著降低客户端与服务器之间的通信量，以及（ii）减轻恶意客户端的影响。但这两个附加属性对于促进包含数千乃至数百万（移动）参与者的跨设备FL至关重要。在本文中，我们通过引入ScionFL来统合这两个研究方向。ScionFL是首个针对FL的安全聚合框架，它能高效处理量化输入，并同时具备抵御恶意客户端的鲁棒性。我们的框架利用（新颖的）多方计算（MPC）技术，支持多种线性（1比特）量化方案，包括利用随机哈达玛变换和Kashin表示的方法。我们的理论结果得到了广泛评估的支持。结果表明，与明文传输和处理量化更新相比，在客户端无额外开销、服务器中等开销的情况下，我们在标准FL基准测试中获得了相当的准确率。此外，我们证明了该框架对最先进的投毒攻击具有鲁棒性。