SignFlip

Sign-flip gradient attack.

Reference:

Cong Xie, Sanmi Koyejo, and Indranil Gupta. “Fall of Empires: Breaking Byzantine-tolerant SGD by Tailored Attacks.” In Proceedings of the 22nd International Conference on Artificial Intelligence and Statistics (AISTATS 2019).

class attacks.sign_flip.SignFlipAttack[source]

Bases: Attack

Sign-flip attack.

Generates Byzantine gradients by flipping the sign of the coordinate-wise honest mean and optionally scaling the result. Every Byzantine worker sends the same vector, pointing in the opposite direction of the honest update, which makes this one of the simplest yet effective baselines for evaluating Byzantine-resilient aggregators.

classmethod generate(honest_gradients: Sequence[Tensor] | Tensor, /, out: Tensor | None = None, *, f: int, scale: float = 1.0, **specialized: Any) Tensor[source]

Generate Byzantine gradients.

Parameters:
  • honest_gradients – Sequence of \(h\) gradient vectors, one per honest worker, each of shape \((d,)\).

  • out – Optional pre-allocated tensor of shape \((f, d)\) to write the result into and return.

  • f – Number of Byzantine gradients to generate.

  • scale – Non-negative scale applied to the sign-flipped honest mean.

  • **specialized – Additional keyword arguments.

Returns:
  • Byzantine gradients of shape `` (f, d)

  • mean is repeated ``f`` times.

Raises:
  • ValueError – If scale or \(f\) is negative, or there are no honest gradients to average.

  • TypeError – If the honest gradients do not use a floating-point dtype.

See also

For a statistic-based attack, see A Little Is Enough.