RankFL: Robustness and Privacy-Preserving Federated Learning Scheme Against Poisoning Attacks

Distinguishing between benign and poisoned gradients hidden behind cryptographic masks is a critical challenge in privacy-preserving federated learning (FL). Existing robust aggregation defenses suffer from two primary limitations: (1) susceptibility to manipulation, where adversaries induce deviations from standard protocols to bypass statistics-based defenses (e.g., mean or median), and (2) limited detection granularity, where the reliance on coarse statistics under encryption fails to identify subtle or coordinated poisoning behaviors. To address these issues, we propose RankFL, a poison-robust and privacy-preserving FL scheme that leverages order sorting over ciphertext gradients. RankFL utilizes an efficient Paillier-based two-party comparison protocol to construct a joint order tree, facilitating quartile-driven filtering of malicious updates without compromising individual gradient privacy. Furthermore, we introduce RankFL-Extend, which incorporates zero-knowledge proof-of-knowledge and bidirectional verification to secure the ranking process against active adversaries. We provide a rigorous theoretical analysis to establish the scheme's privacy, indistinguishability, and convergence guarantees. Extensive experiments across diverse datasets and attack scenarios demonstrate that the proposed scheme achieves a 3\% accuracy improvement over state-of-the-art defenses under poisoning attacks.