BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning

BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning

Federated Learning (FL) has emerged as a powerful technology designed for collaborative training between multiple clients and a server while maintaining data privacy of clients. To enhance the privacy in FL, Differentially Private Federated Learning (DPFL) has gradually become one of the most effect...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Frontiers of Computer Science 2024-10, Vol.18 (5), p.185810, Article 185810
Hauptverfasser: GAO, Xinwen, FU, Shaojing, LIU, Lin, LUO, Yuchuan
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Byzantine fault-tolerance
Clients
Computer Science
differential private
Federated learning
Privacy
Research Article
Threat models
verifiable aggregation
Workflow
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 5
container_start_page 185810
container_title Frontiers of Computer Science
container_volume 18
creator GAO, Xinwen
FU, Shaojing
LIU, Lin
LUO, Yuchuan
description Federated Learning (FL) has emerged as a powerful technology designed for collaborative training between multiple clients and a server while maintaining data privacy of clients. To enhance the privacy in FL, Differentially Private Federated Learning (DPFL) has gradually become one of the most effective approaches. As DPFL operates in the distributed settings, there exist potential malicious adversaries who manipulate some clients and the aggregation server to produce malicious parameters and disturb the learning model. However, existing aggregation protocols for DPFL concern either the existence of some corrupted clients (Byzantines) or the corrupted server. Such protocols are limited to eliminate the effects of corrupted clients and server when both are in existence simultaneously due to the complicated threat model. In this paper, we elaborate such adversarial threat model and propose BVDFed. To our best knowledge, it is the first Byzantine-resilient and Verifiable aggregation for Differentially private FEDerated learning. In specific, we propose Differentially Private Federated Averaging algorithm (DPFA) as our primary workflow of BVDFed, which is more lightweight and easily portable than traditional DPFL algorithm. We then introduce Loss Score to indicate the trustworthiness of disguised gradients in DPFL. Based on Loss Score, we propose an aggregation rule DPLoss to eliminate faulty gradients from Byzantine clients during server aggregation while preserving the privacy of clients’ data. Additionally, we design a secure verification scheme DPVeri that are compatible with DPFA and DPLoss to support the honest clients in verifying the integrity of received aggregated results. And DPVeri also provides resistance to collusion attacks with no more than t participants for our aggregation. Theoretical analysis and experimental results demonstrate our aggregation to be feasible and effective in practice.
doi_str_mv 10.1007/s11704-023-3142-5
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2918722654</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2918722654</sourcerecordid><originalsourceid>FETCH-LOGICAL-c365t-b939d58e9b23b401b040142f10cc6121b76bc5bf580f83655618d86e3417e2e93</originalsourceid><addsrcrecordid>eNp9kE1PwzAMhiMEEtPYD-AWiXMhcZt-cGODAdIkLsA1Shuny1TSkXSTxq8nUxHcuNg-vI9tPYRccnbNGStuAucFyxIGaZLyDBJxQibAKpEApPnp7wzlOZmFsGGMAQMhACZEz9_vl6hv6fzwpdxgHSYeg-0suoEqp-kevTVW1R1S1bYeWzXY3lHTe6qtMehj0KquO9Ctt3s1IDWo0cdB0w6Vd9a1F-TMqC7g7KdPydvy4XXxlKxeHp8Xd6ukSXMxJHWVVlqUWNWQ1hnjNYslA8NZ0-QceF3kdSNqI0pmykiInJe6zDHNeIGAVTolV-Pere8_dxgGuel33sWTEipeFgC5yGKKj6nG9yF4NDJ-_qH8QXImjz7l6FNGn_LoU4rIwMiEmHUt-r_N_0HlCK1tu46i9DaqDdL4PipD_x_6DRWRidg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2918722654</pqid></control><display><type>article</type><title>BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning</title><source>SpringerLink Journals</source><creator>GAO, Xinwen ; FU, Shaojing ; LIU, Lin ; LUO, Yuchuan</creator><creatorcontrib>GAO, Xinwen ; FU, Shaojing ; LIU, Lin ; LUO, Yuchuan</creatorcontrib><description>Federated Learning (FL) has emerged as a powerful technology designed for collaborative training between multiple clients and a server while maintaining data privacy of clients. To enhance the privacy in FL, Differentially Private Federated Learning (DPFL) has gradually become one of the most effective approaches. As DPFL operates in the distributed settings, there exist potential malicious adversaries who manipulate some clients and the aggregation server to produce malicious parameters and disturb the learning model. However, existing aggregation protocols for DPFL concern either the existence of some corrupted clients (Byzantines) or the corrupted server. Such protocols are limited to eliminate the effects of corrupted clients and server when both are in existence simultaneously due to the complicated threat model. In this paper, we elaborate such adversarial threat model and propose BVDFed. To our best knowledge, it is the first Byzantine-resilient and Verifiable aggregation for Differentially private FEDerated learning. In specific, we propose Differentially Private Federated Averaging algorithm (DPFA) as our primary workflow of BVDFed, which is more lightweight and easily portable than traditional DPFL algorithm. We then introduce Loss Score to indicate the trustworthiness of disguised gradients in DPFL. Based on Loss Score, we propose an aggregation rule DPLoss to eliminate faulty gradients from Byzantine clients during server aggregation while preserving the privacy of clients’ data. Additionally, we design a secure verification scheme DPVeri that are compatible with DPFA and DPLoss to support the honest clients in verifying the integrity of received aggregated results. And DPVeri also provides resistance to collusion attacks with no more than t participants for our aggregation. Theoretical analysis and experimental results demonstrate our aggregation to be feasible and effective in practice.</description><identifier>ISSN: 2095-2228</identifier><identifier>EISSN: 2095-2236</identifier><identifier>DOI: 10.1007/s11704-023-3142-5</identifier><language>eng</language><publisher>Beijing: Higher Education Press</publisher><subject>Algorithms ; Byzantine fault-tolerance ; Clients ; Computer Science ; differential private ; Federated learning ; Privacy ; Research Article ; Threat models ; verifiable aggregation ; Workflow</subject><ispartof>Frontiers of Computer Science, 2024-10, Vol.18 (5), p.185810, Article 185810</ispartof><rights>Copyright reserved, 2024, Higher Education Press</rights><rights>Higher Education Press 2024</rights><rights>Higher Education Press 2024.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c365t-b939d58e9b23b401b040142f10cc6121b76bc5bf580f83655618d86e3417e2e93</citedby><cites>FETCH-LOGICAL-c365t-b939d58e9b23b401b040142f10cc6121b76bc5bf580f83655618d86e3417e2e93</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11704-023-3142-5$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11704-023-3142-5$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,41488,42557,51319</link.rule.ids></links><search><creatorcontrib>GAO, Xinwen</creatorcontrib><creatorcontrib>FU, Shaojing</creatorcontrib><creatorcontrib>LIU, Lin</creatorcontrib><creatorcontrib>LUO, Yuchuan</creatorcontrib><title>BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning</title><title>Frontiers of Computer Science</title><addtitle>Front. Comput. Sci</addtitle><description>Federated Learning (FL) has emerged as a powerful technology designed for collaborative training between multiple clients and a server while maintaining data privacy of clients. To enhance the privacy in FL, Differentially Private Federated Learning (DPFL) has gradually become one of the most effective approaches. As DPFL operates in the distributed settings, there exist potential malicious adversaries who manipulate some clients and the aggregation server to produce malicious parameters and disturb the learning model. However, existing aggregation protocols for DPFL concern either the existence of some corrupted clients (Byzantines) or the corrupted server. Such protocols are limited to eliminate the effects of corrupted clients and server when both are in existence simultaneously due to the complicated threat model. In this paper, we elaborate such adversarial threat model and propose BVDFed. To our best knowledge, it is the first Byzantine-resilient and Verifiable aggregation for Differentially private FEDerated learning. In specific, we propose Differentially Private Federated Averaging algorithm (DPFA) as our primary workflow of BVDFed, which is more lightweight and easily portable than traditional DPFL algorithm. We then introduce Loss Score to indicate the trustworthiness of disguised gradients in DPFL. Based on Loss Score, we propose an aggregation rule DPLoss to eliminate faulty gradients from Byzantine clients during server aggregation while preserving the privacy of clients’ data. Additionally, we design a secure verification scheme DPVeri that are compatible with DPFA and DPLoss to support the honest clients in verifying the integrity of received aggregated results. And DPVeri also provides resistance to collusion attacks with no more than t participants for our aggregation. Theoretical analysis and experimental results demonstrate our aggregation to be feasible and effective in practice.</description><subject>Algorithms</subject><subject>Byzantine fault-tolerance</subject><subject>Clients</subject><subject>Computer Science</subject><subject>differential private</subject><subject>Federated learning</subject><subject>Privacy</subject><subject>Research Article</subject><subject>Threat models</subject><subject>verifiable aggregation</subject><subject>Workflow</subject><issn>2095-2228</issn><issn>2095-2236</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNp9kE1PwzAMhiMEEtPYD-AWiXMhcZt-cGODAdIkLsA1Shuny1TSkXSTxq8nUxHcuNg-vI9tPYRccnbNGStuAucFyxIGaZLyDBJxQibAKpEApPnp7wzlOZmFsGGMAQMhACZEz9_vl6hv6fzwpdxgHSYeg-0suoEqp-kevTVW1R1S1bYeWzXY3lHTe6qtMehj0KquO9Ctt3s1IDWo0cdB0w6Vd9a1F-TMqC7g7KdPydvy4XXxlKxeHp8Xd6ukSXMxJHWVVlqUWNWQ1hnjNYslA8NZ0-QceF3kdSNqI0pmykiInJe6zDHNeIGAVTolV-Pere8_dxgGuel33sWTEipeFgC5yGKKj6nG9yF4NDJ-_qH8QXImjz7l6FNGn_LoU4rIwMiEmHUt-r_N_0HlCK1tu46i9DaqDdL4PipD_x_6DRWRidg</recordid><startdate>20241001</startdate><enddate>20241001</enddate><creator>GAO, Xinwen</creator><creator>FU, Shaojing</creator><creator>LIU, Lin</creator><creator>LUO, Yuchuan</creator><general>Higher Education Press</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope></search><sort><creationdate>20241001</creationdate><title>BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning</title><author>GAO, Xinwen ; FU, Shaojing ; LIU, Lin ; LUO, Yuchuan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c365t-b939d58e9b23b401b040142f10cc6121b76bc5bf580f83655618d86e3417e2e93</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Algorithms</topic><topic>Byzantine fault-tolerance</topic><topic>Clients</topic><topic>Computer Science</topic><topic>differential private</topic><topic>Federated learning</topic><topic>Privacy</topic><topic>Research Article</topic><topic>Threat models</topic><topic>verifiable aggregation</topic><topic>Workflow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>GAO, Xinwen</creatorcontrib><creatorcontrib>FU, Shaojing</creatorcontrib><creatorcontrib>LIU, Lin</creatorcontrib><creatorcontrib>LUO, Yuchuan</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><jtitle>Frontiers of Computer Science</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>GAO, Xinwen</au><au>FU, Shaojing</au><au>LIU, Lin</au><au>LUO, Yuchuan</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning</atitle><jtitle>Frontiers of Computer Science</jtitle><stitle>Front. Comput. Sci</stitle><date>2024-10-01</date><risdate>2024</risdate><volume>18</volume><issue>5</issue><spage>185810</spage><pages>185810-</pages><artnum>185810</artnum><issn>2095-2228</issn><eissn>2095-2236</eissn><abstract>Federated Learning (FL) has emerged as a powerful technology designed for collaborative training between multiple clients and a server while maintaining data privacy of clients. To enhance the privacy in FL, Differentially Private Federated Learning (DPFL) has gradually become one of the most effective approaches. As DPFL operates in the distributed settings, there exist potential malicious adversaries who manipulate some clients and the aggregation server to produce malicious parameters and disturb the learning model. However, existing aggregation protocols for DPFL concern either the existence of some corrupted clients (Byzantines) or the corrupted server. Such protocols are limited to eliminate the effects of corrupted clients and server when both are in existence simultaneously due to the complicated threat model. In this paper, we elaborate such adversarial threat model and propose BVDFed. To our best knowledge, it is the first Byzantine-resilient and Verifiable aggregation for Differentially private FEDerated learning. In specific, we propose Differentially Private Federated Averaging algorithm (DPFA) as our primary workflow of BVDFed, which is more lightweight and easily portable than traditional DPFL algorithm. We then introduce Loss Score to indicate the trustworthiness of disguised gradients in DPFL. Based on Loss Score, we propose an aggregation rule DPLoss to eliminate faulty gradients from Byzantine clients during server aggregation while preserving the privacy of clients’ data. Additionally, we design a secure verification scheme DPVeri that are compatible with DPFA and DPLoss to support the honest clients in verifying the integrity of received aggregated results. And DPVeri also provides resistance to collusion attacks with no more than t participants for our aggregation. Theoretical analysis and experimental results demonstrate our aggregation to be feasible and effective in practice.</abstract><cop>Beijing</cop><pub>Higher Education Press</pub><doi>10.1007/s11704-023-3142-5</doi></addata></record>
fulltext fulltext
identifier ISSN: 2095-2228
ispartof Frontiers of Computer Science, 2024-10, Vol.18 (5), p.185810, Article 185810
issn 2095-2228
2095-2236
language eng
recordid cdi_proquest_journals_2918722654
source SpringerLink Journals
subjects Algorithms
Byzantine fault-tolerance
Clients
Computer Science
differential private
Federated learning
Privacy
Research Article
Threat models
verifiable aggregation
Workflow
title BVDFed: Byzantine-resilient and verifiable aggregation for differentially private federated learning
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T08%3A11%3A18IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=BVDFed:%20Byzantine-resilient%20and%20verifiable%20aggregation%20for%20differentially%20private%20federated%20learning&rft.jtitle=Frontiers%20of%20Computer%20Science&rft.au=GAO,%20Xinwen&rft.date=2024-10-01&rft.volume=18&rft.issue=5&rft.spage=185810&rft.pages=185810-&rft.artnum=185810&rft.issn=2095-2228&rft.eissn=2095-2236&rft_id=info:doi/10.1007/s11704-023-3142-5&rft_dat=%3Cproquest_cross%3E2918722654%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2918722654&rft_id=info:pmid/&rfr_iscdi=true