In this paper, we propose an efficient secure aggregation scheme for federated learning that is protected against Byzantine attacks and privacy leakages. Processing individual updates to manage adversarial behavior, while preserving privacy of data against colluding nodes, requires some sort of secure secret sharing. However, communication load for secret sharing of long vectors of updates can be very high. To resolve this issue, in the proposed scheme, local updates are partitioned into smaller sub-vectors and shared using ramp secret sharing. However, this sharing method does not admit bi-linear computations, such as pairwise distance calculations, needed by outlier-detection algorithms. To overcome this issue, each user runs another round of ramp sharing, with different embedding of data in the sharing polynomial. This technique, motivated by ideas from coded computing, enables secure computation of pairwise distance. In addition, to maintain the integrity and privacy of the local update, the proposed scheme also uses a vector commitment method, in which the commitment size remains constant (i.e. does not increase with the length of the local update), while simultaneously allowing verification of the secret sharing process.

翻译：本文提出了一种高效的联邦学习安全聚合方案，能够抵御拜占庭攻击并防止隐私泄露。处理单个更新以管理恶意行为，同时保护数据隐私免遭合谋节点攻击，需要某种形式的安全秘密共享。然而，对长向量更新进行秘密共享的通信开销非常高。为解决此问题，该方案将局部更新划分为更小的子向量，并采用斜坡秘密共享进行分发。但这种共享方法不支持离群点检测算法所需的双线性计算（如成对距离计算）。为克服此障碍，每个用户以不同的数据嵌入方式在共享多项式中执行另一轮斜坡共享——这一受编码计算启发的技术使成对距离的安全计算成为可能。此外，为维护局部更新的完整性和隐私性，该方案还采用了向量承诺方法，其承诺大小保持恒定（即不随局部更新长度增加），同时支持对秘密共享过程的验证。