A Flexible and Scalable Malicious Secure Aggregation Protocol for Federated Learning

Secure aggregation becomes a major solution to providing privacy for federated learning. Secure aggregation for mobile devices typically relies on Shamir secret sharing (SSS) to achieve dropout robustness, but limits the system's corruption and dropout tolerance. Although Prio+, a state-of-the-art method utilizing two non-colluding servers, avoids such limitations, its effectiveness is only against honest-but-curious servers. Thus, this paper presents a novel secure aggregation protocol in the malicious model. The proposed protocol uses a non-colluding server and initiator to achieve almost full (up to $n-2$ ) corruption and dropout tolerance, and exploits our discrete-logarithm (DL) extractable and equivocable commitment scheme to achieve malicious security. The proposed protocol's security is proven in two models: malicious users colluding with the server and malicious users colluding with the initiator. Finally, a prototype of the developed protocol is implemented, with the experimental results demonstrating that our protocol is efficient and suitable for both cross-device and cross-silo federated learning scenarios. Compared with the sum protocol of Prio+, the proposed protocol achieves malicious security with affordable additional overhead, i.e., 4.8 to 6.1 times more computation cost and 2.8 to 2.9 times more communication cost for a single user.