| Federated learning facilitates the collaborative training of a global model among distributed clients without sharing their training data.Recently,researchers have shown that the uploaded models can be used to recover the privacy information of clients.Secure aggregation,a new security primitive for federated learning,aims to protect the confidentiality of both local models and training data.Existing secure aggregation solutions,however,fail to defend against Byzantine failures which are common in distributed computing systems.It is challenging to realize efficient and secure aggregation schemes while mitigating Byzantine faults simultaneously.In this work,we propose a new secure and efficient aggregation framework,SEAR,for Byzantine-robust federated learning.Implementing the robust aggregation algorithms in a trusted execution environment,Intel SGX,SEAR protects the privacy of clients' models while enabling Byzantine resilience.We modify the remote attestation protocol of SGX to support federated learning applications.Considering current Intel SGX's architecture(i.e.,limited trusted memory),we propose two data storage modes for implementing aggregation algorithms efficiently in SGX.Choosing appropriate storage mode to implement aggregation algorithms brings significant efficiency improvements.To balance the efficiency and performance of aggregation,we propose a sampling-based method to detect the Byzantine failures efficiently without degrading the performance of the global model.We implement and evaluate SEAR in a LAN environment,and the experiment results show that SEAR is computationally efficient and robust to Byzantine adversaries. |
PDF Full Text Request