In this paper, we propose ByzSecAgg, an efficient secure aggregation scheme for federated learning that is protected against Byzantine attacks and privacy leakages. Processing individual updates to manage adversarial behavior, while preserving privacy of data against colluding nodes, requires some sort of secure secret sharing. However, the communication load for secret sharing of long vectors of updates can be very high. ByzSecAgg solves this problem by partitioning local updates into smaller sub-vectors and sharing them using ramp secret sharing. However, this sharing method does not admit bi-linear computations, such as pairwise distance calculations, needed by outlier-detection algorithms. To overcome this issue, each user runs another round of ramp sharing, with different embedding of data in the sharing polynomial. This technique, motivated by ideas from coded computing, enables secure computation of pairwise distance. In addition, to maintain the integrity and privacy of the local update, ByzSecAgg also uses a vector commitment method, in which the commitment size remains constant (i.e. does not increase with the length of the local update), while simultaneously allowing verification of the secret sharing process. In terms of communication loads, ByzSecAgg significantly outperforms the state-of-the-art scheme, known as BREA.

翻译：本文提出ByzSecAgg——一种联邦学习中的高效安全聚合方案，能够抵御拜占庭攻击与隐私泄露。为处理恶意行为而对个体更新进行预处理，同时防止数据在合谋节点间泄漏，需要某种形式的安全秘密共享。然而，对长向量更新进行秘密共享的通信开销极高。ByzSecAgg通过将局部更新划分为更小的子向量，并采用斜坡秘密共享（ramp secret sharing）进行共享来解决该问题。但此种共享方法不支持异常检测算法所需的双线性计算（如成对距离计算）。为克服这一局限，每个用户运行另一轮斜坡共享，在共享多项式中对数据采用不同的嵌入方式。受编码计算启发，该技术能够安全计算成对距离。此外，为维护局部更新的完整性与隐私性，ByzSecAgg还使用向量承诺方法，其承诺大小保持恒定（即不随局部更新长度增长），同时允许验证秘密共享过程。在通信负载方面，ByzSecAgg显著优于现有最优方案BREA。