{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T18:12:15Z","timestamp":1764785535771,"version":"3.44.0"},"reference-count":65,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T00:00:00Z","timestamp":1733788800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union?s Horizon Europe Research and Innovation Program TANGO","award":["101070052"],"award-info":[{"award-number":["101070052"]}]},{"name":"European Union?s Horizon Europe Research and Innovation Program REWIRE","award":["101070627"],"award-info":[{"award-number":["101070627"]}]},{"name":"European Union?s Horizon Europe Research and Innovation Program TENSOR","award":["101073920"],"award-info":[{"award-number":["101073920"]}]},{"name":"European Union?s Horizon Europe Research and Innovation Program MLSysOps","award":["101092912"],"award-info":[{"award-number":["101092912"]}]},{"name":"the Ministry of Economic Affairs and Digital Transformation and the European UnionNextGenerationEU\/PRTR MLEDGE","award":["REGAGE22e00052829516"],"award-info":[{"award-number":["REGAGE22e00052829516"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Meas. Anal. Comput. Syst."],"published-print":{"date-parts":[[2024,12,10]]},"abstract":"<jats:p>Byzantine-robust Federated Learning (FL) aims to counter malicious clients and train an accurate global model while maintaining an extremely low attack success rate. Most existing systems, however, are only robust when most of the clients are honest. FLTrust (NDSS '21) and Zeno++ (ICML '20) do not make such an honest majority assumption but can only be applied to scenarios where the server is provided with an auxiliary dataset used to filter malicious updates. FLAME (USENIX '22) and EIFFeL (CCS '22) maintain the semi-honest majority assumption to guarantee robustness and the confidentiality of updates. It is therefore currently impossible to ensure Byzantine robustness and confidentiality of updates without assuming a semi-honest majority. To tackle this problem, we propose a novel Byzantine-robust and privacy-preserving FL system, called MUDGUARD, to capture malicious minority and majority for server and client sides, respectively. Our experimental results demonstrate that the accuracy of MUDGUARD is practically close to the FL baseline using FedAvg without attacks (approximate 0.8% gap on average). Meanwhile, the attack success rate is around 0%-5% even under an adaptive attack tailored to MUDGUARD. We further optimize our design by using binary secret sharing and polynomial transformation leading to communication overhead and runtime decreases of 67%-89.17% and 66.05%-68.75%, respectively.<\/jats:p>","DOI":"10.1145\/3700422","type":"journal-article","created":{"date-parts":[[2024,12,13]],"date-time":"2024-12-13T12:12:12Z","timestamp":1734091932000},"page":"1-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["MUDGUARD: Taming Malicious Majorities in Federated Learning using Privacy-preserving Byzantine-robust Clustering"],"prefix":"10.1145","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8495-3631","authenticated-orcid":false,"given":"Rui","family":"Wang","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7625-7932","authenticated-orcid":false,"given":"Xingkai","family":"Wang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-1214-1879","authenticated-orcid":false,"given":"Huanhuan","family":"Chen","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9143-3984","authenticated-orcid":false,"given":"J\u00e9r\u00e9mie","family":"Decouchant","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7509-4337","authenticated-orcid":false,"given":"Stjepan","family":"Picek","sequence":"additional","affiliation":[{"name":"Radboud University, Nijmegen, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7361-106X","authenticated-orcid":false,"given":"Nikolaos","family":"Laoutaris","sequence":"additional","affiliation":[{"name":"IMDEA Networks Institute, Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0262-7678","authenticated-orcid":false,"given":"Kaitai","family":"Liang","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2024,12,13]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Martin Abadi Andy Chu Ian Goodfellow H Brendan McMahan Ilya Mironov Kunal Talwar and Li Zhang. 2016. Deep learning with differential privacy. In CCS. 308--318.","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Toshinori Araki Assi Barak Jun Furukawa Marcel Keller Yehuda Lindell Kazuma Ohara and Hikaru Tsuchida. 2018. Generalizing the SPDZ Compiler For Other Protocols. In CCS.","DOI":"10.1145\/3243734.3243854"},{"key":"e_1_2_1_3_1","unstructured":"Eugene Bagdasaryan Andreas Veit Yiqing Hua Deborah Estrin and Vitaly Shmatikov. 2020. How to backdoor federated learning. In AISTATS. 2938--2948."},{"key":"e_1_2_1_4_1","unstructured":"Gilad Baruch Moran Baruch and Yoav Goldberg. 2019. A Little Is Enough: Circumventing Defenses For Distributed Learning. In NIPS."},{"key":"e_1_2_1_5_1","volume-title":"Viet Tung Hoang, and Phillip Rogaway","author":"Bellare Mihir","year":"2012","unstructured":"Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. 2012. Foundations of garbled circuits. In CCS. 784--796."},{"key":"e_1_2_1_6_1","unstructured":"Jeremy Bernstein Yu-Xiang Wang Kamyar Azizzadenesheli and Animashree Anandkumar. 2018. signSGD: Compressed optimisation for non-convex problems. In ICML. 560--569."},{"key":"e_1_2_1_7_1","series-title":"SIAM review","volume-title":"Barycentric lagrange interpolation","author":"Berrut Jean-Paul","year":"2004","unstructured":"Jean-Paul Berrut and Lloyd N Trefethen. 2004. Barycentric lagrange interpolation. SIAM review (2004), 501--517."},{"key":"e_1_2_1_8_1","unstructured":"Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. In ICML. 1467--1474."},{"key":"e_1_2_1_9_1","volume-title":"Rachid Guerraoui, and Julien Stainer.","author":"Blanchard Peva","year":"2017","unstructured":"Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In NIPS. 118--128."},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Keith Bonawitz Vladimir Ivanov Ben Kreuter Antonio Marcedone H Brendan McMahan Sarvar Patel Daniel Ramage Aaron Segal and Karn Seth. 2017. Practical secure aggregation for privacy-preserving machine learning. In CCS. 1175--1191.","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"L\u00e9on Bottou. 2010. Large-scale machine learning with stochastic gradient descent. In COMPSTAT. 177--186.","DOI":"10.1007\/978-3-7908-2604-3_16"},{"key":"e_1_2_1_12_1","volume-title":"Peter Wu, Tian Li, Jakub Konevcn\u1ef3, H Brendan McMahan, Virginia Smith, and Ameet Talwalkar.","author":"Caldas Sebastian","year":"2018","unstructured":"Sebastian Caldas, Sai Meher Karthik Duddu, Peter Wu, Tian Li, Jakub Konevcn\u1ef3, H Brendan McMahan, Virginia Smith, and Ameet Talwalkar. 2018. Leaf: A benchmark for federated settings. arXiv preprint arXiv:1812.01097 (2018)."},{"key":"e_1_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Ricardo JGB Campello Davoud Moulavi and J\u00f6rg Sander. 2013. Density-based clustering based on hierarchical density estimates. In PAKDD. 160--172.","DOI":"10.1007\/978-3-642-37456-2_14"},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Ran Canetti. 2001. Universally composable security: A new paradigm for cryptographic protocols. In FOCS. 136--145.","DOI":"10.1109\/SFCS.2001.959888"},{"key":"e_1_2_1_15_1","unstructured":"Xiaoyu Cao Minghong Fang Jia Liu and Neil Zhenqiang Gong. 2021. FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping. In NDSS."},{"key":"e_1_2_1_16_1","unstructured":"Anders Dalskov Daniel Escudero and Marcel Keller. 2021. Fantastic Four:Honest-Majority Four-Party Secure Computation With Malicious Security. In USENIX Security. 2183--2200."},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Ivan Damg\u00e5rd Marcel Keller Enrique Larraia Valerio Pastro Peter Scholl and Nigel P Smart. 2013. Practical covertly secure MPC for dishonest majority--or: breaking the SPDZ limits. In ESORICS. 1--18.","DOI":"10.1007\/978-3-642-40203-6_1"},{"key":"e_1_2_1_18_1","volume-title":"Nigel Smart, and Sarah Zakarias","author":"Damg\u00e5rd Ivan","year":"2012","unstructured":"Ivan Damg\u00e5rd, Valerio Pastro, Nigel Smart, and Sarah Zakarias. 2012. Multiparty Computation from Somewhat Homomorphic Encryption. In CRYPTO."},{"key":"e_1_2_1_19_1","volume-title":"Bradford J Wood, Chien-Sung Tsai, et al.","author":"Dayan Ittai","year":"2021","unstructured":"Ittai Dayan, Holger R Roth, Aoxiao Zhong, Ahmed Harouni, Amilcare Gentili, Anas Z Abidin, Andrew Liu, Anthony Beardsworth Costa, Bradford J Wood, Chien-Sung Tsai, et al. 2021. Federated learning for predicting clinical outcomes in patients with COVID-19. Nature medicine (2021), 1735--1743."},{"key":"e_1_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Cynthia Dwork. 2008. Differential privacy: A survey of results. In TAMC. 1--19.","DOI":"10.1007\/978-3-540-79228-4_1"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39568-7_2"},{"key":"e_1_2_1_22_1","unstructured":"Martin Ester Hans-Peter Kriegel J\u00f6rg Sander Xiaowei Xu et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise.. In kdd. 226--231."},{"key":"e_1_2_1_23_1","unstructured":"Minghong Fang Xiaoyu Cao Jinyuan Jia and Neil Gong. 2020. Local Model Poisoning Attacks to $$Byzantine-Robust$$ Federated Learning. In USENIX Security. 1605--1622."},{"key":"e_1_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Dario Fiore Rosario Gennaro and Valerio Pastro. 2014. Efficiently verifiable computation on encrypted data. In CCS. 844--855.","DOI":"10.1145\/2660267.2660366"},{"key":"e_1_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Jun Furukawa Yehuda Lindell Ariel Nof and Or Weinstein. 2017. High-throughput secure three-party computation for malicious adversaries and an honest majority. In EUROCRYPT. 225--255.","DOI":"10.1007\/978-3-319-56614-6_8"},{"key":"e_1_2_1_26_1","unstructured":"Jonas Geiping Hartmut Bauermeister Hannah Dr\u00f6ge and Michael Moeller. 2020. Inverting Gradients - How easy is it to break privacy in federated learning?. In NIPS. 16937--16947."},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Craig Gentry. 2009. A fully homomorphic encryption scheme.","DOI":"10.1145\/1536414.1536440"},{"key":"e_1_2_1_28_1","unstructured":"Avishek Ghosh Jichan Chung Dong Yin and Kannan Ramchandran. 2020. An Efficient Framework for Clustered Federated Learning. In NIPS. 19586--19597."},{"key":"e_1_2_1_29_1","unstructured":"Jenny Hamer Mehryar Mohri and Ananda Theertha Suresh. 2020. FedBoost: A Communication-Efficient Algorithm for Federated Learning. In ICML. 3973--3983."},{"key":"e_1_2_1_30_1","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In CVPR."},{"key":"e_1_2_1_31_1","volume-title":"Advances in Neural Information Processing Systems","volume":"36","author":"Huang Tiansheng","year":"2024","unstructured":"Tiansheng Huang, Sihao Hu, Ka-Ho Chow, Fatih Ilhan, Selim Tekin, and Ling Liu. 2024. Lockdown: backdoor defense for federated learning with isolated subspace training. Advances in Neural Information Processing Systems, Vol. 36 (2024)."},{"key":"e_1_2_1_32_1","unstructured":"Zhongzhan Huang Wenqi Shao Xinjiang Wang Liang Lin and Ping Luo. 2021. Rethinking the Pruning Criteria for Convolutional Neural Network. In Advances in Neural Information Processing Systems. 16305--16318."},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Marcel Keller. 2020. MP-SPDZ: A versatile framework for multi-party computation. In CCS. 1575--1590.","DOI":"10.1145\/3372297.3417872"},{"key":"e_1_2_1_34_1","volume-title":"Adam: A Method for Stochastic Optimization. In ICLR.","author":"Kingma Diederik P","year":"2015","unstructured":"Diederik P Kingma and Jimmy Ba. 2015. Adam: A Method for Stochastic Optimization. In ICLR."},{"key":"e_1_2_1_35_1","unstructured":"Alex Krizhevsky Geoffrey Hinton et al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"volume-title":"BayBFed: Bayesian Backdoor Defense for Federated Learning. In IEEE Symposium on Security and Privacy (SP).","author":"Kumari K.","key":"e_1_2_1_36_1","unstructured":"K. Kumari, P. Rieger, H. Fereidooni, M. Jadliwala, and A. Sadeghi. 2023. BayBFed: Bayesian Backdoor Defense for Federated Learning. In IEEE Symposium on Security and Privacy (SP)."},{"key":"e_1_2_1_37_1","volume-title":"Backpropagation applied to handwritten zip code recognition. Neural computation","author":"LeCun Yann","year":"1989","unstructured":"Yann LeCun, Bernhard Boser, John S Denker, Donnie Henderson, Richard E Howard, Wayne Hubbard, and Lawrence D Jackel. 1989. Backpropagation applied to handwritten zip code recognition. Neural computation (1989), 541--551."},{"key":"e_1_2_1_38_1","unstructured":"Yann LeCun and Corinna Cortes. 2010. MNIST handwritten digit database. (2010). http:\/\/yann.lecun.com\/exdb\/mnist\/"},{"key":"e_1_2_1_39_1","volume-title":"Muse: Secure inference resilient to malicious clients. In USENIX Security. 2201--2218.","author":"Lehmkuhl Ryan","year":"2021","unstructured":"Ryan Lehmkuhl, Pratyush Mishra, Akshayaram Srinivasan, and Raluca Ada Popa. 2021. Muse: Secure inference resilient to malicious clients. In USENIX Security. 2201--2218."},{"key":"e_1_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Yehuda Lindell and Ariel Nof. 2017. A framework for constructing fast MPC over arithmetic circuits with malicious adversaries and an honest-majority. In CCS. 259--276.","DOI":"10.1145\/3133956.3133999"},{"key":"e_1_2_1_41_1","unstructured":"Yuchen Liu Chen Chen Lingjuan Lyu Fangzhao Wu Sai Wu and Gang Chen. 2023. Byzantine-robust learning on heterogeneous data via gradient splitting. In ICML. 21404--21425."},{"key":"e_1_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Xinjian Luo Yuncheng Wu Xiaokui Xiao and Beng Chin Ooi. 2021. Feature inference attack on model predictions in vertical federated learning. In ICDE. 181--192.","DOI":"10.1109\/ICDE51399.2021.00023"},{"key":"e_1_2_1_43_1","unstructured":"Brendan McMahan Eider Moore Daniel Ramage Seth Hampson and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In AISTATS. 1273--1282."},{"key":"e_1_2_1_44_1","unstructured":"El Mahdi El Mhamdi Rachid Guerraoui and S\u00e9bastien Rouault. 2018. The hidden vulnerability of distributed learning in byzantium. In ICML. 3521--3530."},{"key":"e_1_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Payman Mohassel and Peter Rindal. 2018. ABY3: A mixed protocol framework for machine learning. In CCS. 35--52.","DOI":"10.1145\/3243734.3243760"},{"volume-title":"SecureML: A System for Scalable Privacy-Preserving Machine Learning","author":"Mohassel Payman","key":"e_1_2_1_46_1","unstructured":"Payman Mohassel and Yupeng Zhang. 2017. SecureML: A System for Scalable Privacy-Preserving Machine Learning. In IEEE S&P. 19--38."},{"volume-title":"Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning","author":"Nasr Milad","key":"e_1_2_1_47_1","unstructured":"Milad Nasr, Reza Shokri, and Amir Houmansadr. 2019. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In IEEE S&P. 739--753."},{"key":"e_1_2_1_48_1","volume-title":"Improving Deep Learning with Differential Privacy using Gradient Encoding and Denoising. arxiv","author":"Nasr Milad","year":"2007","unstructured":"Milad Nasr, Reza Shokri, and Amir houmansadr. 2020. Improving Deep Learning with Differential Privacy using Gradient Encoding and Denoising. arxiv: 2007.11524 [cs.LG]"},{"key":"e_1_2_1_49_1","volume-title":"FLAME: Taming Backdoors in Federated Learning. In USENIX Security.","author":"Nguyen Thien Duc","year":"2022","unstructured":"Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen M\u00f6llering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, Farinaz Koushanfar, Ahmad-Reza Sadeghi, and Thomas Schneider. 2022. FLAME: Taming Backdoors in Federated Learning. In USENIX Security."},{"key":"e_1_2_1_50_1","doi-asserted-by":"crossref","unstructured":"Pascal Paillier. 1999. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT. 223--238.","DOI":"10.1007\/3-540-48910-X_16"},{"key":"e_1_2_1_51_1","volume-title":"Pytorch: An imperative style, high-performance deep learning library. NIPS","author":"Paszke Adam","year":"2019","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, et al. 2019. Pytorch: An imperative style, high-performance deep learning library. NIPS (2019), 8026--8037."},{"key":"e_1_2_1_52_1","unstructured":"Michael O Rabin. 2005. How To Exchange Secrets with Oblivious Transfer. IACR Cryptol. ePrint Arch. (2005)."},{"key":"e_1_2_1_53_1","unstructured":"M Sadegh Riazi Mohammad Samragh Hao Chen Kim Laine Kristin Lauter and Farinaz Koushanfar. 2019. $$XONN$$: Xnor-based oblivious deep neural network inference. In USENIX Security. 1501--1518."},{"key":"e_1_2_1_54_1","doi-asserted-by":"crossref","unstructured":"Dragos Rotaru and Tim Wood. 2019. MArBled Circuits: Mixing Arithmetic and Boolean Circuits with Active Security.","DOI":"10.1007\/978-3-030-35423-7_12"},{"key":"e_1_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Amrita Roy Chowdhury Chuan Guo Somesh Jha and Laurens van der Maaten. 2022. EIFFeL: Ensuring Integrity for Federated Learning. In CCS. 2535--2549.","DOI":"10.1145\/3548606.3560611"},{"key":"e_1_2_1_56_1","volume-title":"How to share a secret. Commun. ACM","author":"Shamir Adi","year":"1979","unstructured":"Adi Shamir. 1979. How to share a secret. Commun. ACM (1979), 612--613."},{"key":"e_1_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Stacey Truex Nathalie Baracaldo Ali Anwar Thomas Steinke Heiko Ludwig Rui Zhang and Yi Zhou. 2019. A hybrid approach to privacy-preserving federated learning. In AISec. 1--11.","DOI":"10.1145\/3338501.3357370"},{"key":"e_1_2_1_58_1","volume-title":"Attention is all you need. Advances in Neural Information Processing Systems","author":"Vaswani A","year":"2017","unstructured":"A Vaswani. 2017. Attention is all you need. Advances in Neural Information Processing Systems (2017)."},{"key":"e_1_2_1_59_1","unstructured":"Hongyi Wang Kartik Sreenivasan Shashank Rajput Harit Vishwakarma Saurabh Agarwal Jy-yong Sohn Kangwook Lee and Dimitris Papailiopoulos. 2020. Attack of the Tails: Yes You Really Can Backdoor Federated Learning. In NIPS. 15 pages."},{"volume-title":"The value of collaboration in convex machine learning with differential privacy","author":"Wu Nan","key":"e_1_2_1_60_1","unstructured":"Nan Wu, Farhad Farokhi, David Smith, and Mohamed Ali Kaafar. 2020. The value of collaboration in convex machine learning with differential privacy. In IEEE S&P. 304--317."},{"key":"e_1_2_1_61_1","volume-title":"Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747","author":"Xiao Han","year":"2017","unstructured":"Han Xiao, Kashif Rasul, and Roland Vollgraf. 2017. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017)."},{"key":"e_1_2_1_62_1","volume-title":"DBA: Distributed Backdoor Attacks against Federated Learning. In ICLR.","author":"Xie Chulin","year":"2020","unstructured":"Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2020. DBA: Distributed Backdoor Attacks against Federated Learning. In ICLR."},{"key":"e_1_2_1_63_1","volume-title":"Zeno: Robust fully asynchronous SGD. In ICML. 10495--10503.","author":"Xie Cong","year":"2020","unstructured":"Cong Xie, Sanmi Koyejo, and Indranil Gupta. 2020. Zeno: Robust fully asynchronous SGD. In ICML. 10495--10503."},{"key":"e_1_2_1_64_1","unstructured":"Dong Yin Yudong Chen Ramchandran Kannan and Peter Bartlett. 2018. Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates. In ICML. 5650--5659."},{"key":"e_1_2_1_65_1","volume-title":"Deep leakage from gradients. NIPS","author":"Zhu Ligeng","year":"2019","unstructured":"Ligeng Zhu, Zhijian Liu, and Song Han. 2019. Deep leakage from gradients. NIPS (2019)."}],"container-title":["Proceedings of the ACM on Measurement and Analysis of Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3700422","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3700422","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T00:14:47Z","timestamp":1755908087000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3700422"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,10]]},"references-count":65,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,12,10]]}},"alternative-id":["10.1145\/3700422"],"URL":"https:\/\/doi.org\/10.1145\/3700422","relation":{},"ISSN":["2476-1249"],"issn-type":[{"type":"electronic","value":"2476-1249"}],"subject":[],"published":{"date-parts":[[2024,12,10]]},"assertion":[{"value":"2024-12-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}