Federated Learning (FL) permits different parties to collaboratively train a global model without disclosing their respective local labels. A crucial step of FL, that of aggregating local models to produce the global one, shares many similarities with public decision-making, and elections in particular. In that context, a major weakness of FL, namely its vulnerability to poisoning attacks, can be interpreted as a consequence of the one person one vote (henceforth 1p1v) principle underpinning most contemporary aggregation rules. In this paper, we propose FedQV, a novel aggregation algorithm built upon the quadratic voting scheme, recently proposed as a better alternative to 1p1v-based elections. Our theoretical analysis establishes that FedQV is a truthful mechanism in which bidding according to one's true valuation is a dominant strategy that achieves a convergence rate that matches those of state-of-the-art methods. Furthermore, our empirical analysis using multiple real-world datasets validates the superior performance of FedQV against poisoning attacks. It also shows that combining FedQV with unequal voting ``budgets'' according to a reputation score increases its performance benefits even further. Finally, we show that FedQV can be easily combined with Byzantine-robust privacy-preserving mechanisms to enhance its robustness against both poisoning and privacy attacks.

翻译：联邦学习（FL）允许多方在不泄露各自本地标签的情况下协作训练全局模型。FL的关键步骤——聚合本地模型以生成全局模型——与公共决策（尤其是选举）具有诸多相似性。在此背景下，FL的主要弱点（即易受投毒攻击）可解释为当前多数聚合规则所依赖的“一人一票”（以下简称1p1v）原则的固有缺陷。本文提出FedQV——一种基于二次投票方案的新型聚合算法，该方案近期被提出作为1p1v选举的改进替代。理论分析表明，FedQV是一种诚实机制，其中按真实估值投标可形成占优策略，且其收敛速率与现有最优方法相当。基于多个真实数据集的实证分析验证了FedQV在抵御投毒攻击方面的优越性能，同时发现根据声誉分数为不同用户配置非均衡投票“预算”可进一步提升其性能优势。最后，我们证明FedQV可与拜占庭鲁棒的隐私保护机制简单结合，以增强其对投毒攻击和隐私攻击的双重鲁棒性。