Federated learning enables isolated clients to train a shared model collaboratively by aggregating the locally-computed gradient updates. However, privacy information could be leaked from uploaded gradients and be exposed to malicious attackers or an honest-but-curious server. Although the additive homomorphic encryption technique guarantees the security of this process, it brings unacceptable computation and communication burdens to FL participants. To mitigate this cost of secure aggregation and maintain the learning performance, we propose a new framework called Encoded Gradient Aggregation (\emph{EGA}). In detail, EGA first encodes local gradient updates into an encoded domain with injected noises in each client before the aggregation in the server. Then, the encoded gradients aggregation results can be recovered for the global model update via a decoding function. This scheme could prevent the raw gradients of a single client from exposing on the internet and keep them unknown to the server. EGA could provide optimization and communication benefits under different noise levels and defend against gradient leakage. We further provide a theoretical analysis of the approximation error and its impacts on federated optimization. Moreover, EGA is compatible with the most federated optimization algorithms. We conduct intensive experiments to evaluate EGA in real-world federated settings, and the results have demonstrated its efficacy.

翻译：联邦学习通过聚合各客户端本地计算的梯度更新，使隔离的客户端能够协作训练共享模型。然而，隐私信息可能从上传的梯度中泄露，并被恶意攻击者或诚实但好奇的服务器获取。尽管加法同态加密技术能保障该过程的安全性，但它为联邦学习参与者带来了不可接受的计算与通信负担。为减轻安全聚合的代价并保持学习性能，我们提出一种名为"编码梯度聚合"（EGA）的新框架。具体而言，EGA首先在服务器聚合前，由各客户端对本地梯度更新注入噪声并编码至编码域中。随后，通过解码函数可恢复编码后的梯度聚合结果，用于全局模型更新。该方案能防止单个客户端的原始梯度暴露于网络，并使其对服务器保持未知。EGA在不同噪声水平下均可提供优化与通信优势，并有效防御梯度泄露。我们进一步理论分析了近似误差及其对联邦优化的影响。此外，EGA与大多数联邦优化算法兼容。我们通过在真实联邦场景下开展大量实验评估EGA，结果证明了其有效性。