What question did this study set out to answer?

The aim is to develop PBSFL, a framework that addresses security issues in summoned federated learning while maintaining high model accuracy.

May 27, 2026Open Access

PBSFL: Privacy-Preserving and Byzantine-Resilient for Summoning Federated Learning

Key Points

The aim is to develop PBSFL, a framework that addresses security issues in summoned federated learning while maintaining high model accuracy.
Developed a linear attack-resistant homomorphic hashing scheme integrated with a two-stage reversible watermarking mechanism.
Designed an implicit authentication aggregation strategy using encrypted gradients for identifying and suppressing poisoned models.
Conducted theoretical analyses under the Universal Composability framework and experiments on MNIST, CIFAR-10, and FEMNIST datasets.
PBSFL maintained over 98% accuracy on MNIST and over 91% on FEMNIST with 50% malicious clients.
Reduced decryption overhead by 22.1% through CRT optimization.
Achieved a bit error rate of 0.5 in detecting server-side tampering attacks.

Abstract

With the expansion of large-scale model applications, a typical division-of-labor federated learning (FL) training paradigm has emerged. This scenario is defined as Summoned Federated Learning (SFL), in which a single task initiator mobilizes cloud computing providers and distributed data holders to conduct collaborative model training. However, SFL faces critical security challenges. First, local models uploaded by users are susceptible to inference attacks, leading to the leakage of sensitive user information. Second, Byzantine attacks, including user-side poisoning attacks and server-side aggregation tampering, directly impair the usability and quality of the aggregated global model. Existing defenses either sacrifice model accuracy via differential privacy, incur exponential communication overhead via secure multi-party computation, remain vulnerable to stealthy poisoning, or lack verifiability against malicious server behaviors. To address these issues, this paper proposes PBSFL, a privacy-preserving and Byzantine-resilient federated learning framework. We construct a linear attack-resistant homomorphic hashing (LAHH) scheme integrated with a two-stage reversible watermarking mechanism, which ensures aggregation verifiability and enables post-hoc traceability of malicious updates. We further design an implicit authentication aggregation strategy that computes L2 norms and cosine similarities directly on encrypted gradients using homomorphic encryption and masking, identifies poisoned models via deviation detection, and suppresses their impact through a tanh-transformed dynamic weight allocation mechanism, all without exposing plaintext models or requiring a trusted third party. Theoretical analyses under the Universal Composability (UC) framework and extensive experiments on MNIST, CIFAR-10, and FEMNIST demonstrate that PBSFL maintains over 98% accuracy on MNIST and over 91% accuracy on FEMNIST even with 50% malicious clients, reduces decryption overhead by 22.1% via CRT optimization, and detects any server-side tampering attack with a bit error rate of 0.5. These results confirm that PBSFL effectively mitigates the security-performance trade-off in SFL, outperforming state-of-the-art frameworks on accuracy, efficiency, and verifiability simultaneously.

Mark Helpful

Bookmark

Relay

View Full Paper