PARSIFAL: Private and Robust Sign Federated Learning

Federated learning (FL) is a popular collaborative training paradigm in which data owners offer gradients instead of private data to model owners for model training to protect data privacy. However, it faces security threats from two sides: dishonest model owners may extract sensitive information about private data from gradients; meanwhile, adversaries may pretend to be data owners and poison the model by sending malicious gradients. We propose a novel FL protocol, PARSIFAL, to address privacy leakage and model poisoning threats. A poisoning detection module is designed based on a novel sketch structure. This module efficiently detects potential malicious gradients that are dissimilar to the majority of benign gradients. PARSIFAL also contains a robust aggregation module based on sign gradients to mitigate the influence of poisoning gradients on aggregation results. Meanwhile, all processes of our PARSIFAL are protected by privacy protocols, mainly based on secret sharing, to guarantee that malicious detection and aggregation processes will not leak sensitive information. Experimental results show that PARSIFAL improves poisoning defense performance by up to 28% compared with recent baselines.