As a distributed machine learning paradigm, federated learning (FL) conveys a sense of privacy to contributing participants because training data never leaves their devices. However, gradient updates and the aggregated model still reveal sensitive information. In this work, we propose HyFL, a new framework that combines private training and inference with secure aggregation and hierarchical FL to provide end-to-end protection and facilitate large-scale global deployments. Additionally, we show that HyFL strictly limits the attack surface for malicious participants: they are restricted to data-poisoning attacks and cannot significantly reduce accuracy.

翻译：作为一种分布式机器学习范式，联邦学习因训练数据无需离开参与设备而为其贡献者带来隐私保障。然而，梯度更新与聚合模型仍会泄露敏感信息。本文提出HyFL——一种结合私有训练与推理、安全聚合及分层联邦学习的新型框架，以提供端到端保护并促进大规模全球部署。此外，我们证明HyFL能严格限制恶意参与者的攻击面：其攻击手段仅限于数据投毒，且无法显著降低模型精度。