Federated Learning (FL) enables collaborative model training without exposing clients' private data, and has been widely adopted in privacy-sensitive scenarios. However, FL faces two critical security threats: curious servers that may launch inference attacks to reconstruct clients' private data, and compromised clients that can launch poisoning attacks to disrupt model aggregation. Existing solutions mitigate these attacks by combining mainstream privacy-preserving techniques with defensive aggregation strategies. However, they either incur high computation and communication overhead or perform poorly under non-independent and identically distributed (Non-IID) data settings. To tackle these challenges, we propose SRFed, an efficient Byzantine-robust and privacy-preserving FL framework for Non-IID scenarios. First, we design a decentralized efficient functional encryption (DEFE) scheme to support efficient model encryption and non-interactive decryption. DEFE also eliminates third-party reliance and defends against server-side inference attacks. Second, we develop a privacy-preserving defensive model aggregation mechanism based on DEFE. This mechanism filters poisonous models under Non-IID data by layer-wise projection and clustering-based analysis. Theoretical analysis and extensive experiments show that SRFed outperforms state-of-the-art baselines in privacy protection, Byzantine robustness, and efficiency.
翻译:联邦学习(Federated Learning, FL)支持在不暴露客户端私有数据的情况下进行协同模型训练,已在隐私敏感场景中得到广泛应用。然而,FL面临两大关键安全威胁:可能发起推理攻击以重构客户端私有数据的好奇服务器,以及能够发起投毒攻击以破坏模型聚合的受控客户端。现有解决方案通过将主流隐私保护技术与防御性聚合策略相结合来缓解这些攻击。然而,这些方案要么产生高昂的计算与通信开销,要么在非独立同分布(Non-IID)数据设置下表现不佳。为应对这些挑战,我们提出了SRFed,一种面向Non-IID场景的高效拜占庭鲁棒且隐私保护的FL框架。首先,我们设计了一种去中心化高效函数加密(DEFE)方案,以支持高效的模型加密与非交互式解密。DEFE同时消除了对第三方的依赖,并能防御服务器端推理攻击。其次,我们基于DEFE开发了一种隐私保护的防御性模型聚合机制。该机制通过分层投影和基于聚类的分析,在Non-IID数据下过滤恶意模型。理论分析与大量实验表明,SRFed在隐私保护、拜占庭鲁棒性和效率方面均优于现有先进基线方法。