Decentralized Federated Learning (DFL) enables privacy-preserving collaborative training without centralized servers but remains vulnerable to Byzantine attacks. Existing Byzantine-robust defenses are predicated on exchanging full, high-dimensional model vectors with every neighbor before filtering, an $O(d|\mathcal{N}_i|)$ communication cost incurred regardless of how many neighbors are ultimately rejected. This design choice is sustainable in small-scale experimental settings but becomes a fundamental barrier to deployment as network scale or model size grows. We propose SketchGuard, a framework that decouples Byzantine filtering from aggregation via sketch-based screening. Each client compresses its $d$-dimensional model to a $k$-dimensional Count Sketch ($k \ll d$), exchanges only sketches for neighbor screening, and fetches full models exclusively from accepted neighbors. This eliminates the pre-filtering communication waste of existing defenses: rejected Byzantine neighbors incur only $O(k)$ sketch cost rather than $O(d)$ full-model cost. Communication savings therefore scale with the Byzantine rejection rate: negligible extra overhead in benign conditions, rising to 50-70% total savings when 50-70% of neighbors are rejected. We prove convergence in both strongly convex and non-convex settings, establishing that Count Sketch's distance-preservation guarantee causes sketch-based filtering to deviate from full-precision filtering by at most a $(1+O(ε))$ factor in the effective threshold, a gap that can be made arbitrarily small. Experiments across three non-IID federated benchmarks, five network topologies, and four attack types confirm that SketchGuard matches state-of-the-art robustness (mean TER deviation $\leq$0.5 percentage points) while reducing computation by up to 82%, with robustness remaining stable across compression ratios up to 13,000:1.

翻译：[translated abstract in Chinese] 去中心化联邦学习（DFL）无需中心化服务器即可实现隐私保护的协作训练，但仍易受拜占庭攻击。现有的拜占庭鲁棒防御机制依赖于在滤波前与每个邻居交换完整的高维模型向量，这会产生$O(d|\mathcal{N}_i|)$的通信开销，且无论最终拒绝多少邻居，该开销始终存在。这种设计在小规模实验场景中可行，但随着网络规模或模型尺寸的增长，它成为部署中的根本性障碍。我们提出SketchGuard框架，该框架通过基于草图筛选将拜占庭滤波与聚合过程解耦。每个客户端将其$d$维模型压缩为$k$维计数草图（$k \ll d$），仅交换草图进行邻居筛选，并仅从被接受的邻居处获取完整模型。这消除了现有防御机制中预滤波阶段的通信浪费：被拒绝的拜占庭邻居仅产生$O(k)$的草图成本，而非$O(d)$的完整模型成本。因此通信节省与拜占庭拒绝率成比例：在良性条件下仅产生可忽略的额外开销，而当50-70%的邻居被拒绝时，总节省可达50-70%。我们证明了在强凸和非凸场景下的收敛性，证实了计数草图的距离保持性质使得基于草图的滤波与全精度滤波的有效阈值偏差不超过$(1+O(ε))$因子，该差距可任意缩小。在三个非独立同分布联邦基准测试、五种网络拓扑和四种攻击类型上的实验表明，SketchGuard在实现高达82%计算量缩减的同时，保持了与最先进方法相当的鲁棒性（平均TER偏差$\leq$0.5个百分点），且在高达13,000:1的压缩比下鲁棒性仍保持稳定。