AlphaFL: Secure Aggregation with Malicious2 Security for Federated Learning against Dishonest Majority
Authors: Yufan Jiang (KASTEL Security Research Labs), Maryam Zarezadeh (Barkhausen Institut), Tianxiang Dai (Lancaster University Leipzig), Stefan Köpsell (Barkhausen Institut)
Volume: 2025
Issue: 4
Pages: 348–368
DOI: https://doi.org/10.56553/popets-2025-0134
Abstract: Federated learning (FL) proposes to train a global machine learning model across distributed datasets. However, the aggregation protocol as the core component in FL is vulnerable to well-studied attacks, such as inference attacks, poisoning attacks [71] and malicious participants who try to deviate from the protocol [24]. Therefore, it is crucial to achieve both malicious security and poisoning resilience from cryptographic and FL perspectives, respectively. Prior works either achieve incomplete malicious security [76], address issues by using expensive cryptographic tools [22, 59] or assume the availability of a clean dataset on the server side [32]. In this work, we propose AlphaFL, a two-server secure aggregation protocol achieving both malicious security in the universal composability (UC) framework [19] and poisoning resilience in FL (thus malicious2) against a dishonest majority. We design maliciously secure multi-party computation (MPC) protocols [24, 26, 48] and introduce an efficient input commitment protocol tolerating server-client collusion (dishonest majority). We also propose an efficient input commitment protocol for the non-collusion case (honest majority), which triples the efficiency in time and quadruples that in communication, compared to the state-of-the-art solution in MP-SPDZ [46]. To achieve poisoning resilience, we carry out 𝐿∞ and 𝐿2-Norm checks with a dynamic L_2-Norm bound by introducing a novel silent select protocol, which improves the runtime by at least two times compared to the classic select protocol. Combining these, AlphaFL achieves malicious2 security at a cost of 25% − 79% more runtime overhead than the state-of-the-art semi-malicious counterpart Elsa [76], with even less communication cost.
Keywords: Federated Learning, Secure Aggregation, Multi-Party Computation, Poisoning Resilience
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
