Byzantine-Robust Federated Learning (e.g., Krum) vs FedAvg

FedAvg (Federated Averaging) excels at efficient convergence in trusted environments because it aggregates client model updates via a simple weighted average. This minimizes communication overhead and computational cost, leading to faster training rounds. For example, in benchmark studies with IID (Independent and Identically Distributed) data and honest participants, FedAvg achieves target accuracy with up to 30-50% fewer communication rounds compared to more complex robust aggregators, making it the default choice for collaborative research or internal corporate training where client integrity is assumed.

Byzantine-Robust algorithms like Krum take a different approach by explicitly defending against malicious clients that may submit poisoned updates. Krum's strategy involves selecting the single client update that is most similar to its neighbors, effectively filtering out statistical outliers. This results in a trade-off of higher computational cost per round and potentially slower convergence in exchange for proven resilience; Krum can tolerate up to a known fraction of Byzantine clients (e.g., f out of n) without compromising the global model's integrity, a critical requirement for open or adversarial cross-silo settings.

The key trade-off: If your priority is maximizing training speed and efficiency in a controlled, vetted network (e.g., internal departmental collaboration), choose FedAvg. If you prioritize security and model integrity in potentially untrusted or regulated multi-party environments (e.g., cross-company healthcare research under HIPAA where data provenance is uncertain), choose a Byzantine-robust aggregator like Krum. For a deeper understanding of aggregation strategies, explore our guide on Secure Aggregation (SecAgg) vs Differential Privacy (DP) for Federated Learning and the analysis of FedProx vs FedAvg for Heterogeneous Clients.

FedAvg excels at efficient convergence and high model utility in trusted, homogeneous environments because it simply averages client updates. For example, in benchmark studies with IID data and honest clients, FedAvg achieves ~95% of centralized training accuracy with significantly lower computational overhead per round compared to robust methods. Its simplicity makes it the default choice for cross-device FL on millions of benign mobile devices or within a single organization's secure silos.

Byzantine-Robust algorithms like Krum take a different approach by statistically filtering or aggregating client updates to tolerate malicious actors. This strategy results in a critical trade-off: enhanced security at the cost of slower convergence and potential utility loss, especially under high attack rates. For instance, Krum may discard up to 50% of client updates per round in a severe attack scenario, which protects the global model but can increase the rounds-to-convergence by 20-30% compared to FedAvg in a clean setting.

The key trade-off is between trust assumptions and resilience. If your priority is maximizing model accuracy and training speed in a controlled, low-risk environment (e.g., internal data collaboration), choose FedAvg. It is the foundation of most production FL systems. If you prioritize security and must operate in an adversarial, cross-silo setting with untrusted participants (e.g., multi-competitor consortia), choose a Byzantine-Robust algorithm like Krum or Median. For a deeper understanding of the underlying privacy mechanisms that complement these approaches, see our analysis of Secure Aggregation (SecAgg) vs Differential Privacy (DP) for Federated Learning. Furthermore, the choice of framework significantly impacts your ability to implement these algorithms; compare production-ready options in FedML vs Flower (Flwr).