Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and (ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands or even millions of (mobile) participants. In this paper, we unite both research directions by introducing ScionFL, the first secure aggregation framework for FL that operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients. Our framework leverages (novel) multi-party computation (MPC) techniques and supports multiple linear (1-bit) quantization schemes, including ones that utilize the randomized Hadamard transform and Kashin's representation. Our theoretical results are supported by extensive evaluations. We show that with no overhead for clients and moderate overhead on the server side compared to transferring and processing quantized updates in plaintext, we obtain comparable accuracy for standard FL benchmarks. Additionally, we demonstrate the robustness of our framework against state-of-the-art poisoning attacks.

翻译：安全聚合常用于联邦学习（FL）以缓解中央聚合器查看所有明文参数更新所带来的隐私问题。然而，现有大多数安全聚合方案忽视了两个关键的、正交的研究方向：其一为大幅减少客户端-服务器通信量，其二为减轻恶意客户端的影响。然而，这两个附加属性对于支持包含数千乃至数百万（移动）参与者的跨设备联邦学习至关重要。本文通过引入ScionFL——首个在量化输入上高效运行且同时具备抗恶意客户端鲁棒性的联邦学习安全聚合框架——将上述两个研究方向统一起来。该框架利用（新型）多方计算（MPC）技术，支持多种线性（1比特）量化方案，包括采用随机哈达玛变换和Kashin表示的方法。我们的理论结果得到了广泛评估的支持。研究表明，与明文传输和处理量化更新相比，在客户端无额外开销且服务器端负担适中的前提下，我们能在标准联邦学习基准上获得可比的准确率。此外，我们验证了该框架针对最先进投毒攻击的鲁棒性。