Chapter Summary

Key Points

1.
Bonawitz's secure aggregation provides no Byzantine defense. A single malicious user can arbitrarily corrupt the aggregate by uploading a poisoned gradient; the mask cancellation hides the corruption from detection. Real FL deployments face Byzantine threats (model poisoning, Sybil attacks, adversarial institutions) that require active protocol-level defenses.
2.
ByzSecAgg (CommIT contribution) combines privacy and Byzantine resilience at $O(n\\log n + Bd)$ communication. The protocol composes three primitives: ramp secret sharing (Chapter 3) for efficient private shares + Byzantine error correction; Lagrange Coded Computing (Chapter 8) for distance computation on shares; vector commitments for integrity against share manipulation. This is the third CommIT contribution of Part III.
3.
Coded distance computation is the key mechanism. Pairwise distances $d_{ij} = \\|\\mathbf{g}_i - \\mathbf{g}_j\\|^2$ are computed on shares via LCC for quadratic functions. The server applies Krum-style outlier detection on the resulting distance matrix without ever learning individual gradients. Information-theoretic privacy is preserved throughout.
4.
The feasibility constraint is $B \\leq (n - T - 1)/3$ . This tri-way bound reflects the Byzantine + privacy
- reconstruction structure: the ramp threshold $t_2 = T + 2B + 1$ needs enough honest survivors to decode. Within this region, ByzSecAgg matches the information-theoretic lower bound up to logarithmic factors.
5.
The three-generation Byzantine-FL arc closes. First generation: Krum / Bulyan / Trimmed Mean (robust aggregators without privacy). Second generation: naive compositions with privacy loss or quadratic overhead. Third generation: ByzSecAgg achieves both with near-optimal communication. Future work: remove the $\\log n$ factor, handle adaptive Byzantines, combine with differential privacy.

Looking Ahead

Chapter 12 carries the fourth and final CommIT contribution of Part III: CCESA, the Communication-Efficient Secure Aggregation protocol. Where Chapter 10's Bonawitz protocol paid $O(n^2)$ communication overhead for $O(n)$ users, CCESA reduces it to $O(n\\sqrt{n/\\log n})$ via a sparse random graph of pairwise masks. The construction operates in the passive threat model of Chapter 10 (not the Byzantine model of Chapter 11); the two chapters together span the privacy-preserving FL landscape. Chapter 12 closes Part III; Chapter 13 opens Part IV on Private Information Retrieval.

Analysis and Comparisons Exercises