Perfect Privacy for Discriminator-Based Byzantine-Resilient Federated Learning

--Federated learning (FL) shows great promise in large-scale machine learning but introduces new privacy and security challenges. We propose ByITFL and LoByITFL, two novel FL schemes that enhance resilience against Byzantine users while keeping the users' data private from eavesdroppers. T o ensure privacy and Byzantine resilience, our schemes build on having a small representative dataset available to the federator and crafting a discriminator function allowing the mitigation of corrupt users' contributions. ByITFL employs Lagrange coded computing and re-randomization, making it the first Byzantine-resilient FL scheme with perfect Information-Theoretic (IT) privacy, though at the cost of a significant communication overhead. LoByITFL, on the other hand, achieves Byzantine resilience and IT privacy at a significantly reduced communication cost, but requires a Trusted Third Party, used only in a one-time initialization phase before training. We provide theoretical guarantees on privacy and Byzantine resilience, along with convergence guarantees and experimental results validating our findings. Federated learning (FL) [3] emerged as a promising paradigm enabling a central server (federator) to train neural networks on distributed private data stored at a large number of users. The training follows an iterative structure. Per iteration, the federator sends the current global model to the users, who compute local model updates based on their local data and return these updates. The federator aggregates the users' local model updates using a certain aggregation rule and uses this aggregate to update the global model. The process is repeated until the model achieves the desired performance.