EARVP: Efficient Aggregation for Federated Learning With Robustness, Verifiability, and Privacy

In federated learning, malicious attackers may control clients and servers to perform gradient poisoning, forge aggregation results, and infer individual gradient privacy, posing serious security threats. However, existing research has not effectively addressed these three security requirements under a strong threat model. To tackle this issue, we propose an Efficient Aggregation for Federated Learning with Robustness, Verifiability, and Privacy (EARVP): (1) The Privacy-Preserving Two-Party Kernel Principal Component Analysis (PPTKPCA) combined with the DP-Tolerant Two-Party Density Clustering (DPTTDC) achieves strong robustness; (2) The Distributed Trust Aggregation Integrity Verification (DTAIV) ensures strong verifiability even in the presence of collusion; (3) The Gradient-Lossless Enhancement of Client-Level Differential Privacy (GLECLDP) ensures that the lossless gradient generation stage satisfies malicious privacy security and that gradient updates meet (ϵ, δ)-DP during the defense stage; (4) The entire process employs lightweight protocols to achieve efficiency. Theoretical analysis proves that EARVP ensures semi-honest privacy security, malicious privacy security, and aggregation verifiability. Experimental results further demonstrate the robustness and efficiency of the system. Compared to state-of-the-art algorithms, EARVP improves test accuracy by 14.51%, detection accuracy by 13.37%, reduces poisoning success rate by 1.89%, lowers defense overhead by 13.78% compared to homomorphic encryption schemes, and reduces verification costs by a large magnitude.