Federated learning (FL) is an emerging distributed learning paradigm without sharing participating clients' private data. However, existing works show that FL is vulnerable to both Byzantine (security) attacks and data reconstruction (privacy) attacks. Almost all the existing FL defenses only address one of the two attacks. A few defenses address the two attacks, but they are not efficient and effective enough. We propose BPFL, an efficient Byzantine-robust and provably privacy-preserving FL method that addresses all the issues. Specifically, we draw on state-of-the-art Byzantine-robust FL methods and use similarity metrics to measure the robustness of each participating client in FL. The validity of clients are formulated as circuit constraints on similarity metrics and verified via a zero-knowledge proof. Moreover, the client models are masked by a shared random vector, which is generated based on homomorphic encryption. In doing so, the server receives the masked client models rather than the true ones, which are proven to be private. BPFL is also efficient due to the usage of non-interactive zero-knowledge proof. Experimental results on various datasets show that our BPFL is efficient, Byzantine-robust, and privacy-preserving.

翻译：联邦学习（FL）是一种新兴的分布式学习范式，无需共享参与客户的私有数据。然而，现有研究表明，FL 容易受到拜占庭（安全）攻击和数据重建（隐私）攻击。几乎所有现有的 FL 防御方法仅针对其中一种攻击。少数防御方法同时应对两种攻击，但其效率和有效性不足。我们提出了 BPFL，一种高效拜占庭鲁棒且可证明隐私保护的 FL 方法，解决了所有问题。具体而言，我们借鉴了最先进的拜占庭鲁棒 FL 方法，使用相似性度量来衡量 FL 中每个参与客户的鲁棒性。客户的有效性被表述为相似性度量的电路约束，并通过零知识证明进行验证。此外，客户模型通过一个基于同态加密生成的共享随机向量进行掩码。这样，服务器接收的是掩码后的客户模型而非真实模型，这些模型被证明是隐私保护的。由于使用了非交互式零知识证明，BPFL 也具有高效性。在多个数据集上的实验结果表明，我们的 BPFL 高效、拜占庭鲁棒且隐私保护。