Federated learning systems that jointly preserve Byzantine robustness and
privacy have remained an open problem. Robust aggregation, the standard defense
for Byzantine attacks, generally requires server access to individual updates
or nonlinear computation — thus is incompatible with privacy-preserving
methods such as secure aggregation via multiparty computation. To this end, we
propose SHARE (Secure Hierarchical Robust Aggregation), a distributed learning
framework designed to cryptographically preserve client update privacy and
robustness to Byzantine adversaries simultaneously. The key idea is to
incorporate secure averaging among randomly clustered clients before filtering
malicious updates through robust aggregation. Experiments show that SHARE has
similar robustness guarantees as existing techniques while enhancing privacy.

