Abstract
Federated learning enables decentralized model training without sharing rawdata, preserving data privacy. However, its vulnerability towards criticalsecurity threats, such as gradient inversion and model poisoning by maliciousclients, remain unresolved. Existing solutions often address these issuesseparately, sacrificing either system robustness or model accuracy. This workintroduces Tazza, a secure and efficient federated learning framework thatsimultaneously addresses both challenges. By leveraging the permutationequivariance and invariance properties of neural networks via weight shufflingand shuffled model validation, Tazza enhances resilience against diversepoisoning attacks, while ensuring data confidentiality and high model accuracy.Comprehensive evaluations on various datasets and embedded platforms show thatTazza achieves robust defense with up to 6.7x improved computational efficiencycompared to alternative schemes, without compromising performance.