Federated Learning (FL) enables heterogeneous clients to collaboratively train a shared model without centralizing their raw data, offering an inherent level of privacy. However, gradients and model updates can still leak sensitive information, while malicious servers may mount adversarial attacks such as Byzantine manipulation. These vulnerabilities highlight the need to address differential privacy (DP) and Byzantine robustness within a unified framework. Existing approaches, however, often rely on unrealistic assumptions such as bounded gradients, require auxiliary server-side datasets, or fail to provide convergence guarantees. We address these limitations by proposing Byz-Clip21-SGD2M, a new algorithm that integrates robust aggregation with double momentum and carefully designed clipping. We prove high-probability convergence guarantees under standard $L$-smoothness and $σ$-sub-Gaussian gradient noise assumptions, thereby relaxing conditions that dominate prior work. Our analysis recovers state-of-the-art convergence rates in the absence of adversaries and improves utility guarantees under Byzantine and DP settings. Empirical evaluations on CNN and MLP models trained on MNIST further validate the effectiveness of our approach.

翻译：联邦学习使得异构客户端能够在不集中原始数据的情况下协同训练共享模型，从而提供了一定程度的隐私保护。然而，梯度和模型更新仍可能泄露敏感信息，同时恶意服务器可能发起拜占庭操纵等对抗性攻击。这些漏洞凸显了在统一框架下处理差分隐私和拜占庭鲁棒性的必要性。然而，现有方法通常依赖于有界梯度等不切实际的假设，需要辅助服务端数据集，或无法提供收敛性保证。为解决这些局限性，我们提出了Byz-Clip21-SGD2M算法，该算法将鲁棒聚合与双重动量及精心设计的裁剪相结合。我们在标准$L$-光滑和$σ$-次高斯梯度噪声假设下证明了高概率收敛性保证，从而放宽了先前工作中主导的条件。我们的分析在无对手情况下恢复了最优收敛速率，并在拜占庭和差分隐私设置下改进了效用保证。在MNIST数据集上训练的CNN和MLP模型上的实证评估进一步验证了我们方法的有效性。