TY - JOUR
T1 - DualGuard
T2 - Obfuscated Federated Learning with Two-Party Secure Robust Aggregation
AU - Pan, Hao
AU - Bao, Haiyong
AU - Guan, Menghong
AU - Li, Zhiqiang
AU - Huang, Cheng
AU - Dai, Hong-Ning
N1 - This work was supported in part by the National Natural Science Foundation of China under Grant 62072404; in part by the Shanghai Natural Science Foundation under Grant 23ZR1417700.
Publisher Copyright:
© 2025 IEEE.
PY - 2025/1/23
Y1 - 2025/1/23
N2 - Federated Learning (FL) is a promising privacy-preserving distributed machine learning paradigm. However, data privacy leakage and Byzantine clients are common challenges in the FL aggregation phase. While extensive research has been conducted to explore defenses for these risks independently, there is a notable lack of scholarly work on integrated defense strategies to address both challenges simultaneously. To bridge this gap, we propose a novel Two-Party Secure Robust Aggregation (TPSRA) framework. The critical insight of TPSRA is to couple client-side gradient obfuscation with server-side secure two-party computation to achieve robust and private FL aggregation. Specifically, clients obfuscate and split local gradients using matrix theory, while servers utilize a novel secure multi-party computation protocol based on mutually orthogonal matrices to preserve the privacy of local gradients. Additionally, TPSRA designs and integrates state-of-the-art robust aggregation algorithms into compatible sub-protocols, enabling efficient parallel computation. This establishes a highly efficient and versatile secure robust aggregation framework for FL. Experiments demonstrate that our TPSRA framework not only effectively resists gradient leakage attacks and detects malicious gradients, but also exhibits superior computational and communication efficiency. We also prove theoretically that TPSRA is secure under the semi-honest adversary model.
AB - Federated Learning (FL) is a promising privacy-preserving distributed machine learning paradigm. However, data privacy leakage and Byzantine clients are common challenges in the FL aggregation phase. While extensive research has been conducted to explore defenses for these risks independently, there is a notable lack of scholarly work on integrated defense strategies to address both challenges simultaneously. To bridge this gap, we propose a novel Two-Party Secure Robust Aggregation (TPSRA) framework. The critical insight of TPSRA is to couple client-side gradient obfuscation with server-side secure two-party computation to achieve robust and private FL aggregation. Specifically, clients obfuscate and split local gradients using matrix theory, while servers utilize a novel secure multi-party computation protocol based on mutually orthogonal matrices to preserve the privacy of local gradients. Additionally, TPSRA designs and integrates state-of-the-art robust aggregation algorithms into compatible sub-protocols, enabling efficient parallel computation. This establishes a highly efficient and versatile secure robust aggregation framework for FL. Experiments demonstrate that our TPSRA framework not only effectively resists gradient leakage attacks and detects malicious gradients, but also exhibits superior computational and communication efficiency. We also prove theoretically that TPSRA is secure under the semi-honest adversary model.
KW - Byzantine Robustness
KW - Federated Learning
KW - Privacy Preservation
KW - Twoparty Secure Computing
UR - https://ieeexplore.ieee.org/document/10851355/
U2 - 10.1109/JIOT.2025.3533087
DO - 10.1109/JIOT.2025.3533087
M3 - Journal article
SN - 2372-2541
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
ER -