Lotto: Secure Participant Selection for Federated Learning with Malicious Server

Federated Learning (FL) is a promising approach for collaborative model training over edge devices under the orchestration of a central server, and its data privacy relies on an honest majority among participants to tolerate possible attacks. However, in practice, an adversarial server is free to select clients to form a dishonest majority, undermining the security of common privacy-preserving approaches applied in FL, including secure aggregation and distributed differential privacy. Despite being a fundamental problem, this issue has been largely unaddressed so far. This paper proposes Lotto to consolidate FL data privacy with secure participant selection. To correctly conduct random selection without trusting the server, Lotto decentralizes the process to the population, where each client itself determines whether to participate with verifiable randomness. To support informed selection which may be misled by the adversary, Lotto approximates existing algorithms by reducing them to random selection preceded by client pool refinement. Our analysis and evaluation show that Lotto preserves the time-to-accuracy performance achieved by insecure selection methods, while effectively limiting the portion of participants an adversary could control. This sustains the security of existing privacy defenses installed in the rest of the FL workflow.