HDFL: Private and Robust Federated Learning using Hyperdimensional Computing

Machine learning (ML) has seen widespread adoption across different domains and is used to make critical decisions. However, with profuse and diverse data available, collaboration is indispensable for ML. The traditional centralized ML for collaboration is susceptible to data theft and inference attacks. Federated learning (FL) promises secure collaborative machine learning by moving the model to the data. However, FL faces the challenge of data and model poisoning attacks. This is because FL provides autonomy to the participants. Many Byzantine-robust aggregation schemes exist to identify such poisoned model updates from participants. But, these schemes require raw access to the local model updates, which exposes them to inference attacks. Thus, the existing FL is still insecure to be adopted. This paper proposes the very first generic FL framework, which is both resistant to inference attacks and robust to poisoning attacks. The proposed framework uses hyperdimensional computing (HDC) coupled with FL, called HDFL. HDFL is compatible with different (ML) model architectures and existing Byzantine-robust defenses. HDFL restricts drop in accuracy to 1-2%. HDFL does not add any additional communication overheads and incurs negligible computational time in encoding and decoding raw local model updates. Empirical evaluation demonstrates the effectiveness of HDFL. HDFL performs secure aggregation and achieves no-attack accuracy, even in the presence of 40% attackers, in just 1.2s per iteration.