EvoWeight: Sponge Poisoning of FPGA-Based DNN Accelerators in Differential Private Secure Federated Learning

Differential Private Secure Federated Learning (DPSecure FL) ensures secure, privacy-preserving collaborative training by transmitting encrypted updates instead of raw data, addressing data-sharing constraints in critical real-time applications. Integrating FPGAs into DP-Secure FL benefits from their parallelism, low power consumption, and reconfigurability to overcome edge device resource limitations while improving efficiency, scalability, and adaptability in privacysensitive, resource-constrained environments. This integration enhances latency, scalability, reduced energy consumption, and computational efficiency while reducing cloud dependency and optimizing training processes. These combined benefits make FPGA-enabled DP-Secure FL an ideal solution for privacysensitive and resource-constrained environments, enabling robust scalability and adaptability for real-time applications, delivering robust privacy and security, and effectively protecting against external data leaks. This study reveals a significant vulnerability in FPGA-based DP-Secure FL, where the privacy-preserving setup hinders the detection of internal threats, such as freerider attacks. These attacks enable malicious users to exploit the system by contributing crafted gradients, such as through sponge poisoning, to increase the power consumption of honest users without impacting model accuracy. By introducing “innovative EvoWeight techniques”, we show how the power consumption of DNN-FPGA accelerators can be increased by up to 17.41 %. In addition to power consumption, the EvoWeight attack negatively affects other performance metrics, causing a 2.31 % rise in inference time, a 4.99 % increase in runtime, and a 4.75 % reduction in throughput. The study also highlights that when the fine-tuning is enabled on both the server and user ends in DP-Secure FL, the power consumption consistently increases in nearly all global rounds, with the maximum power consumption reaching 15.4 %. This increase in power consumption results in higher temperatures, leading to potential denial of service, system crashes, and a reduction in device lifetime.