Efficiently Achieving Privacy Preservation and Poisoning Attack Resistance in Federated Learning

Federated learning enables clients to train models locally and provide local updates to the server instead of raw dataset, thereby preserving data privacy to some extent. However, adversaries can still pry users' privacy by inferring updates, and compromise the integrity of the global model through poisoning attack. Therefore, many related works have integrated poisoning attack detection method with secure computation to address both issues. Nevertheless, they still encounter two major challenges: 1) the efficiency is too low to be applied in practice; and 2) the privacy is still at risk of being leaked, e.g., the distance of two local updates for detecting poisoning attack could be exposed to the server. Aiming at the challenges, in this paper, we propose an Efficient Privacy-preserving and Poisoning attack Resistant scheme for Federated Learning, named EPPRFL, which preserves the privacy for local updates and some intermediate information used to detect poisoning attack. In particular, we design an efficient poisoning attack detection method based on Euclidean distance filtering & clipping technique, named F&C. Then, considering the privacy preservation of the F&C method, we efficiently customize secure comparison, secure median, secure distance computation and secure clipping protocols based on additive secret sharing. Experimental results and theoretical analysis show that compared with existing schemes, EPPRFL can better resist poisoning attack and has lower computational and communication overheads on the client side.