Federated learning (FL) allows a large number of clients to collaboratively train machine learning (ML) models by sending only their local gradients to a central server for aggregation in each training iteration, without sending their raw training data. Unfortunately, recent attacks on FL demonstrate that local gradients may leak information about local training data. In response to such attacks, Bonawitz \textit{et al.} (CCS 2017) proposed a secure aggregation protocol that allows a server to compute the sum of clients' local gradients in a secure manner. However, their secure aggregation protocol requires at least 4 rounds of communication between each client and the server in each training iteration. The number of communication rounds is closely related not only to the total communication cost but also the ML model accuracy, as the number of communication rounds affects client dropouts. In this paper, we propose FSSA, a 3-round secure aggregation protocol, that is efficient in terms of computation and communication, and resilient to client dropouts. We prove the security of FSSA in honest-but-curious setting and show that the security can be maintained even if an arbitrarily chosen subset of clients drop out at any time. We evaluate the performance of FSSA and show that its computation and communication overhead remains low even on large datasets. Furthermore, we conduct an experimental comparison between FSSA and Bonawitz \textit{et al.}'s protocol. The comparison results show that, in addition to reducing the number of communication rounds, FSSA achieves a significant improvement in computational efficiency.

翻译：联邦学习（FL）允许大量客户端通过仅向中央服务器发送本地梯度进行每轮训练迭代的聚合，从而协作训练机器学习（ML）模型，无需传输原始训练数据。然而，近期针对FL的攻击表明，本地梯度可能泄露本地训练数据的信息。为应对此类攻击，Bonawitz等人（CCS 2017）提出了一种安全聚合协议，使服务器能够以安全方式计算客户端本地梯度的总和。但该协议在每次训练迭代中，每个客户端与服务器之间至少需要4轮通信交互。通信轮次不仅直接影响总通信开销，还因影响客户端退出率而关联到ML模型精度。本文提出FSSA——一种3轮安全聚合协议，在计算和通信方面均具有高效性，且能抵御客户端退出。我们在诚实但好奇（honest-but-curious）设定下证明了FSSA的安全性，并表明即使任意选定的客户端子集随时退出，该安全性依然可维持。我们评估了FSSA的性能，表明即使在大规模数据集上，其计算和通信开销仍保持较低水平。此外，我们进行了FSSA与Bonawitz等人协议的实验对比。对比结果表明，除减少通信轮次外，FSSA在计算效率方面也取得了显著提升。