DualGuard: Obfuscated Federated Learning With Two-Party Secure Robust Aggregation

Federated learning (FL) is a promising privacy-preserving distributed machine learning paradigm. However, data privacy leakage and Byzantine clients are common challenges in the FL aggregation phase. While extensive research has been conducted to explore defenses for these risks independently, there is a notable lack of scholarly work on integrated defense strategies to address both challenges simultaneously. To bridge this gap, we propose a novel two-party secure robust aggregation (TPSRA) framework. The critical insight of TPSRA is to couple client-side gradient obfuscation with server-side secure two-party computation to achieve robust and private FL aggregation. Specifically, clients obfuscate and split local gradients using matrix theory, while servers utilize a novel secure multiparty computation protocol based on mutually orthogonal matrices to preserve the privacy of local gradients. Additionally, TPSRA designs and integrates state-of-the-art robust aggregation algorithms into compatible subprotocols, enabling efficient parallel computation. This establishes a highly efficient and versatile secure robust aggregation framework for FL. Experiments demonstrate that our TPSRA framework not only effectively resists gradient leakage attacks and detects malicious gradients, but also exhibits superior computational and communication efficiency. We also prove theoretically that TPSRA is secure under the semi-honest adversary model.