Decentralized Federated Learning enables privacy-preserving collaborative training without centralized servers but remains vulnerable to Byzantine attacks. Existing defenses require exchanging high-dimensional model vectors with all neighbors each round, creating prohibitive costs at scale. We propose SketchGuard, which decouples Byzantine filtering from aggregation via sketch-based screening. SketchGuard compresses $d$-dimensional models to $k$-dimensional sketches ($k \ll d$) using Count Sketch, then fetches full models only from accepted neighbors, reducing communication complexity from $O(d|N_i|)$ to $O(k|N_i| + d|S_i|)$, where $|N_i|$ is the neighbor count and $|S_i| \le |N_i|$ is the accepted count. We prove convergence in strongly convex and non-convex settings, showing that approximation errors introduce only a $(1+O(ε))$ factor in the effective threshold. Experiments demonstrate SketchGuard maintains state-of-the-art robustness (mean TER deviation $\leq$0.5 percentage points) while reducing computation by up to 82% and communication by 50-70%.
翻译:去中心化联邦学习能够在无需中心服务器的前提下实现隐私保护的协同训练,但其仍易受拜占庭攻击。现有防御方案要求每轮与所有邻居交换高维模型向量,导致大规模应用时成本过高。本文提出SketchGuard,其通过基于草图的筛选机制将拜占庭过滤与聚合过程解耦。SketchGuard使用Count Sketch将$d$维模型压缩为$k$维草图($k \ll d$),随后仅从被接受的邻居处获取完整模型,从而将通信复杂度从$O(d|N_i|)$降低至$O(k|N_i| + d|S_i|)$,其中$|N_i|$为邻居总数,$|S_i| \le |N_i|$为被接受节点数。我们在强凸与非凸设定下证明了算法的收敛性,表明近似误差仅会在有效阈值中引入$(1+O(ε))$倍因子。实验表明,SketchGuard在保持先进鲁棒性(平均TER偏差≤0.5个百分点)的同时,将计算量降低最高达82%,通信开销减少50-70%。