Armadillo: Robust Secure Aggregation for Federated Learning with Input Validation

Abstract

Secure aggregation protocols allow a server to compute the sum of inputs from a set of clients without learning anything beyond the sum (and what the sum implies). This paper introduces Armadillo, a single-server secure aggregation system for federated learning with input validation and robustness (guaranteed output delivery). Specifically, Armadillo allows the server to check if the input vectors satisfy some pre-defined constraints (e.g., the vectors have $L_2, L_\infty$ norms bounded by a constant), and ensures the server can always obtain the sum of valid inputs. Armadillo significantly improves the round complexity of ACORN-robust, a recent work by Bell et al. (USENIX Security '23) with similar security properties, from logarithmic rounds (to the number of clients) to constant rounds; concretely, when running one aggregation on 1K clients with corruption rate 10%, ACORN-robust requires at least 10 rounds while Armadillo has 3 rounds.