Byzantine-Robust Privacy-Preserving Federated Learning Based on DT-PKC

Federated Learning (FL) offers a solution that enables multiple clients to jointly train machine learning models while maintaining data privacy by only uploading model information instead of local data. However, some studies show that attackers can infer users' row data and member information from the model gradients. Researchers have proposed a number of FL schemes for privacy protection, among which the typical method uses homomorphic encryption to update the model gradients directly on ciphertext. In this scenario, all clients often share identical private keys, which can pave the way for encrypted model data interception and subsequent information theft by unauthorized users. More seriously, these methods only consider the issue of privacy disclosure, ignoring the problem of Byzantine attacks in FL. Addressing both privacy breaches and Byzantine attacks remains a challenge. In this paper, we aim to address the aforementioned problems by proposing a homomorphic encryption-based Byzantine robust learning framework termed Secure-Krum Federated Learning (SKFL). The SKFL uses random noise additive mask to combine the revised Distributed Double-Trap Public Key Cryptosystem (DT-PKC) and the improved Krum algorithm for the first time, which can protect user privacy and resist Byzantine attacks. The results of our experiments on diverse real-world datasets, demonstrate the efficacy of SKFL in protecting client privacy in a federated learning environment, while resisting poisoning attacks when no more than 50% Byzantine clients are present.