Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ScionFL: Efficient and Robust Secure Quantized Aggregation

Yaniv Ben-Itzhak, Helen Möllering, Benny Pinkas, Thomas Schneider, Ajith Suresh, Oleksandr Tkachenko, Shay Vargaftik, Christian Weinert, Hossein Yalame, Avishay Yanai

TL;DR

ScionFL tackles the core challenge of privacy-preserving federated learning at scale by enabling secure aggregation on quantized updates using outsourced multi-party computation across a distributed server set, thereby maintaining client-side efficiency. It supports linear $1$-bit quantization schemes, leveraging preprocessing methods like randomized Hadamard transforms and Kashin's representation, and introduces SepAgg-based approximations to cut inter-server communication while preserving an unbiased aggregation. A key contribution is ScionFL-Aura, a defense against untargeted poisoning that combines $L_2$-norm scaling with cosine-distance filtering and secure Top-K to suppress malicious updates, all compatible with the MPC framework. Empirical results show negligible accuracy loss compared to plaintext quantized FL and substantial communication savings, establishing a practical path to large-scale, secure, and robust cross-device FL with millions of participants.

Abstract

Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and (ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands or even millions of (mobile) participants. In this paper, we unite both research directions by introducing ScionFL, the first secure aggregation framework for FL that operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients. Our framework leverages (novel) multi-party computation (MPC) techniques and supports multiple linear (1-bit) quantization schemes, including ones that utilize the randomized Hadamard transform and Kashin's representation. Our theoretical results are supported by extensive evaluations. We show that with no overhead for clients and moderate overhead for the server compared to transferring and processing quantized updates in plaintext, we obtain comparable accuracy for standard FL benchmarks. Moreover, we demonstrate the robustness of our framework against state-of-the-art poisoning attacks.

ScionFL: Efficient and Robust Secure Quantized Aggregation

TL;DR

ScionFL tackles the core challenge of privacy-preserving federated learning at scale by enabling secure aggregation on quantized updates using outsourced multi-party computation across a distributed server set, thereby maintaining client-side efficiency. It supports linear -bit quantization schemes, leveraging preprocessing methods like randomized Hadamard transforms and Kashin's representation, and introduces SepAgg-based approximations to cut inter-server communication while preserving an unbiased aggregation. A key contribution is ScionFL-Aura, a defense against untargeted poisoning that combines -norm scaling with cosine-distance filtering and secure Top-K to suppress malicious updates, all compatible with the MPC framework. Empirical results show negligible accuracy loss compared to plaintext quantized FL and substantial communication savings, establishing a practical path to large-scale, secure, and robust cross-device FL with millions of participants.

Abstract

Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and (ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands or even millions of (mobile) participants. In this paper, we unite both research directions by introducing ScionFL, the first secure aggregation framework for FL that operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients. Our framework leverages (novel) multi-party computation (MPC) techniques and supports multiple linear (1-bit) quantization schemes, including ones that utilize the randomized Hadamard transform and Kashin's representation. Our theoretical results are supported by extensive evaluations. We show that with no overhead for clients and moderate overhead for the server compared to transferring and processing quantized updates in plaintext, we obtain comparable accuracy for standard FL benchmarks. Moreover, we demonstrate the robustness of our framework against state-of-the-art poisoning attacks.
Paper Structure (34 sections, 3 theorems, 25 equations, 18 figures, 8 tables, 4 algorithms)

This paper contains 34 sections, 3 theorems, 25 equations, 18 figures, 8 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. Our Contributions
  3. Related Work
  4. Problem Statement
  5. Aggregation for Federated Learning
  6. Stochastic Quantization
  7. MPC for Secure Aggregation
  8. Secure Quantized Aggregation
  9. Our Framework: ScionFL
  10. MPC-based Aggregation
  11. Approximate Bit Conversion in MPC
  12. Secure Bit Aggregation with Global Scales
  13. Accuracy Evaluation
  14. Detailed Communication Costs
  15. Performance Evaluation
  16. ...and 19 more sections

Key Result

Lemma 3.0

Given a bit $\mathsf{b} = \oplus_{i=1}^{\mathsf{q}} \mathsf{b}_i$ and $b= \mathsf{term_s} + \mathsf{term_m} + \mathsf{term_p}$ with we have $\mathds{E}[\mathsf{term_s} \mid \mathsf{b}] = \mathsf{q}/2$, $\mathds{E}[\mathsf{term_m} \mid \mathsf{b}] = (\mathsf{q}\hbox{-}1)\ \mathrm{mod}\ 2 - \mathsf{q}/2$, and $\mathds{E}[\mathsf{term_p} \mid \mathsf{b}] = \mathsf{b} - (\mathsf{q}\hbox{-}1) \ \mathr

Figures (18)

  • Figure 1: Secure aggregation in FL for $\mathsf{n}$ clients using outsourced MPC; $\langle w_i^{t+1} \rangle$ denotes the secret-shares of gradient $w_i^{t+1}$ that client $C_i$ has in round $t + 1$; $G^t$ is the model of the previous round and $\eta_\mathsf{S}$ the server-side learning rate.
  • Figure 2: Ideal functionality for semi-honest secure quantized aggregation for linear stochastic binary quantization.
  • Figure 3: Secure aggregation -- Approach 1.
  • Figure 4: Secure aggregation -- Approach 2.
  • Figure 5: Secure aggregation -- Approach 3 (SepAgg ARXIV:BAT20).
  • ...and 13 more figures

Theorems & Definitions (7)

  • Lemma 3.0: Expected Values
  • Claim 3.1
  • proof
  • Lemma B.0: Expected Values
  • proof
  • Lemma C.0: Expected Values
  • proof