Cross the Chasm: Scalable Privacy-Preserving Federated Learning against Poisoning Attack

Privacy protection and defense against poisoning attack and are two critical problems hindering the proliferation of federated learning (FL). However, they are two inherently contrary issues. For constructing a privacy-preserving FL, solutions tend to transform the original information (e.g., gradient information) to be indistinguishable. Nevertheless, to defend against poisoning attacks is required to identify the abnormal information via the distinguishability. Therefore, it is really a challenge to handle these two issues simultaneously under a unified framework. In this paper, we build a bridge between them, proposing a scalable privacy-preserving federated learning (SPPFL) against poisoning attacks. To be specific, based on the the technology of secure multi-party computation (MPC), we construct a secure framework to protect users' privacy during the training process, while punishing poisoners via the method of distance evaluation. Besides, we implement extensive experiments to illustrate the performance of our scheme.