Abstract:Federated learning (FL) enables multiple participants to train a global machine learning model without sharing their private training data. Peer-to-peer (P2P) FL advances existing centralized FL paradigms by eliminating the server that aggregates local models from participants and then updates the global model. However, P2P FL is vulnerable to (i) honest-but-curious participants whose objective is to infer private training data of other participants, and (ii) Byzantine participants who can transmit arbitrarily manipulated local models to corrupt the learning process. P2P FL schemes that simultaneously guarantee Byzantine resilience and preserve privacy have been less studied. In this paper, we develop Brave, a protocol that ensures Byzantine Resilience And privacy-preserving property for P2P FL in the presence of both types of adversaries. We show that Brave preserves privacy by establishing that any honest-but-curious adversary cannot infer other participants' private data by observing their models. We further prove that Brave is Byzantine-resilient, which guarantees that all benign participants converge to an identical model that deviates from a global model trained without Byzantine adversaries by a bounded distance. We evaluate Brave against three state-of-the-art adversaries on a P2P FL for image classification tasks on benchmark datasets CIFAR10 and MNIST. Our results show that the global model learned with Brave in the presence of adversaries achieves comparable classification accuracy to a global model trained in the absence of any adversary.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is to simultaneously achieve Byzantine resilience and privacy preservation in Peer - to - Peer Federated Learning (P2P FL). Specifically, the paper points out that current P2P FL schemes have deficiencies when facing two main types of adversaries - Honest - but - Curious Participants and Byzantine Participants. Honest - but - Curious Participants may try to infer the private training data of other participants, while Byzantine Participants can disrupt the learning process by sending arbitrarily manipulated local models. Therefore, the paper proposes a new protocol - Brave - aiming to solve the following problems: 1. **Privacy Preservation**: Ensure that any Honest - but - Curious adversary cannot infer private data by observing other participants' models. 2. **Byzantine Resilience**: Ensure that all benign participants can converge to the same model whose deviation from the global model trained without Byzantine adversaries is within a certain range. To achieve these goals, the paper defines three key properties: - **Information - Theoretic Privacy**: Ensure that no information about participants' local models is leaked during the training process. - **ε - Convergence**: Ensure that the distance between the global model in the presence of Byzantine participants and the global model without Byzantine participants does not exceed ε. - **Agreement**: Ensure that the global models of all benign participants are the same in each iteration. The paper achieves the above goals by designing a multi - stage protocol - Brave, which specifically includes four stages: 1. **Commitment**: Each participant generates a commitment to its local model and broadcasts it to all other participants. 2. **Privacy - Preserving Comparison**: Participants conduct privacy - preserving comparisons to determine the relative order of local models. 3. **Sorting & Trimming**: Sort local models according to the comparison results and remove the largest and smallest f values to exclude the influence of Byzantine participants. 4. **Aggregation & Verification**: Aggregate models using multi - party computation (MPC) techniques and verify the consistency between the aggregated model and the commitment. Through these designs, the paper proves that Brave can effectively protect privacy and maintain model accuracy in the presence of Byzantine and Honest - but - Curious participants. Experimental results show that Brave's performance on multiple benchmark datasets is comparable to that of the global model without adversaries, thus verifying its effectiveness and robustness.

Brave: Byzantine-Resilient and Privacy-Preserving Peer-to-Peer Federated Learning

Decentralized Iot Data Sharing: A Blockchain-Based Federated Learning Approach with Joint Optimizations for Efficiency and Privacy

Efficient Byzantine-Robust and Provably Privacy-Preserving Federated Learning

Secure and Efficient Decentralized Federated Learning with Data Representation Protection

PPT: A Privacy-Preserving Global Model Training Protocol for Federated Learning in P2P Networks

Training Encrypted Models with Privacy-preserved Data on Blockchain

Efficient, Private and Robust Federated Learning

BlockDFL: A Blockchain-based Fully Decentralized Peer-to-Peer Federated Learning Framework

Byzantine-Robust Federated Learning with Variance Reduction and Differential Privacy

Lightweight Byzantine-Robust and Privacy-Preserving Federated Learning.

A Four-Pronged Defense Against Byzantine Attacks in Federated Learning

Byzantine Fault-Tolerant Federated Learning Based on Trustworthy Data and Historical Information

DP-BREM: Differentially-Private and Byzantine-Robust Federated Learning with Client Momentum

BSR-FL: an Efficient Byzantine-Robust Privacy-Preserving Federated Learning Framework

PPBFL: A Privacy Protected Blockchain-based Federated Learning Model

Lancelot: Towards Efficient and Privacy-Preserving Byzantine-Robust Federated Learning within Fully Homomorphic Encryption

Backdoor Attacks in Peer-to-Peer Federated Learning

PBFL: Privacy-Preserving and Byzantine-Robust Federated Learning Empowered Industry 4.0

Byzantine detection for federated learning under highly non-IID data and majority corruptions

FL-APB: Balancing Privacy Protection and Performance Optimization for Adversarial Training in Federated Learning

Practical Differentially Private and Byzantine-resilient Federated Learning