Secure and Robust Federated Learning
Machine learning algorithms continue to achieve remarkable success in a wide range of applications. These advancements are possible, in part, due to the availability of large domain-specific datasets, for training machine learning models. Hence, there are expanding efforts to collect more representative data to train models for new applications. This raises serious concerns regarding the privacy and security of the collected data. The privacy ramifications of massive data collection in the machine learning landscape have led both industry and academia to work on alternative privacy preserving technologies for machine learning. Federated Learning is one such promising machine learning technology that advocates for a new decentralized learning paradigm that decouples data from model training, thus allowing users to retain data sovereignty. However, the large-scale and decentralized nature of federated learning opens it to a new set of privacy and integrity challenges. This work’s main objective is to develop a rigorous and formal understanding of the risks and privacy issues associated with federated and collaborative learning and subsequently develop adequate tools and methods to manage and alleviate them.
• RoFL Attestable Robustness for Secure Federated Learning : To ensure the confidentiality of the client updates, Federated Learning systems employ secure aggregation; clients encrypt their gradient updates, and only the aggregated model is revealed to the server. Achieving this level of data protection, however, presents new challenges to the robustness of Federated Learning, i.e., the ability to tolerate failures and attacks. For instance, a malicious client can now easily exert influence on the model behavior without being detected. As Federated Learning is being deployed in a range of sensitive applications, its robustness is growing in importance. RoFL, is a new secure Federated Learning system that provides practical and effective robustness guarantees. RoFL augments Federated Learning’s secure aggregation protocol with zero-knowledge proofs to enable input checks on the encrypted updates. RoFL allows expressing a variety of properties and constraints on model updates using non-interactive zero-knowledge proofs.