WhiteCloak: How to Hold Anonymous Malicious Clients Accountable in Secure Aggregation?

With the advancement of artificial intelligence and the increasing digitalization of various sectors, the scale of personal data collection and analysis continues to grow, leading to heightened demands for privacy protection of personal data and identity. However, existing secure aggregation methods, such as ACORN (USENIX 2023), while ensuring the privacy and compliance of input data, fail to meet the requirements for client anonymity. Simply applying anonymous credentials allows previously identified malicious clients (e.g., those using non-compliant data) to re-enter aggregation rounds by updating their credentials, thus evading accountability. To address this issue, we propose WhiteCloak, the first secure aggregation solution that ensures accountability under client anonymity. WhiteCloak requires each client $i$ to participate in round $tau$ using an anonymous credential $tilde{i}_{tau}$. Before participation, each client must submit a zero-knowledge proof verifying that they have not been blacklisted, preventing malicious clients from evading accountability by changing their credentials. WhiteCloak can be seamlessly integrated into existing frameworks. In federated learning experiments on the SHAKESPEARE dataset, WhiteCloak adds only 1.77s of additional processing time and 35.68KB of communication overhead, accounting for 0.34% and 0.1% of ACORN's total overhead, respectively.