机器学习 | 联邦学习 | VPS | 摄影 | 日常

[Federated Learning] Krum Algorithm: In-depth Analysis and Code Implementation

Revision: There are explanations of principles in the algorithm principle and unclear descriptions (2023/4/4).

In this article, we will delve into a important algorithm in the field of federated learning - the Krum algorithm. This article will introduce the basic concepts of federated learning, the principles of the Krum algorithm, its applications in practical scenarios, as well as its advantages and limitations.

Original paper: Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent

Introduction to Federated Learning#

Federated Learning is a distributed machine learning method that allows multiple participants to jointly train a shared machine learning model while protecting data privacy. Compared to traditional centralized learning, federated learning has the advantage of allowing data to be stored and computed locally, reducing the burden on data centers and protecting user privacy. If you want to learn more about federated learning, you can check out my article.

[Federated Learning] Summary of Federated Learning Concepts and Common Algorithms | Aggregation Algorithm | Defense Algorithm | Attack Algorithm - Royc30ne

Introduction to Krum Algorithm#

The Krum algorithm is a robust aggregation method in federated learning, used to prevent malicious attackers from manipulating local model weights to influence the global model. The algorithm was first proposed by Blanchard et al. in 2017 and has strong robustness, making it resistant to Byzantine attacks.

Principles of the Krum Algorithm#

The core idea of the Krum algorithm is to perform a special sorting and selection of the local model weights of participants after each round of training. Specifically, the Krum algorithm follows these steps:

  1. Calculate the distance between model weights: For each pair of participants i and j, calculate the Euclidean distance between their local model weight vectors.
  2. Calculate the sum of distances for each participant: There are a total of n participants, for each participant i, assuming there are f attackers, calculate the sum of distances between the participant and the nearest n-f-1 participants' model weights.
  3. Select the model with the minimum sum of distances: Among all participants, find the model with the minimum sum of distances as the aggregated model.

Through this method, the Krum algorithm is able to establish a "consensus" among participants, filtering out abnormal model weights that may be subject to malicious attacks, thereby protecting the robustness of the global model.

Simple Implementation of Krum#

To help you better understand the Krum algorithm, we will provide a simple Python code implementation. Assuming we have obtained local model weights from multiple participants. Here are the implementation steps of the Krum algorithm:

import numpy as np

def euclidean_distance(x, y):
    return np.linalg.norm(x - y)

def krum(weights, n_attackers):
    num_clients = len(weights)
    dist_matrix = np.zeros((num_clients, num_clients))

    # Calculate the distance between weights
    for i in range(num_clients):
        for j in range(i + 1, num_clients):
            dist = euclidean_distance(weights[i], weights[j])
            dist_matrix[i, j] = dist
            dist_matrix[j, i] = dist

    # Calculate the sum of distances for each participant and select the model with the minimum sum of distances
    min_sum_dist = float('inf')
    selected_index = -1
    for i in range(num_clients):
        sorted_indices = np.argsort(dist_matrix[i])
        sum_dist = np.sum(dist_matrix[i, sorted_indices[1:(num_clients - n_attackers)]])
        if sum_dist < min_sum_dist:
            min_sum_dist = sum_dist
            selected_index = i

    return weights[selected_index]

# Example: Local model weights from 5 participants
local_weights = [
    np.array([1.0, 2.0, 3.0]),
    np.array([1.1, 2.1, 3.1]),
    np.array([0.9, 1.9, 2.9]),
    np.array([5.0, 6.0, 7.0]),
    np.array([5.1, 6.1, 7.1])

n_attackers = 1
aggregated_weight = krum(local_weights, n_attackers)
print("Aggregated weight:", aggregated_weight)

In this example, we have local model weights from 5 participants. We assume there is 1 Byzantine attacker. We use the Krum algorithm to find the best aggregated weight.

Please note that this implementation is for demonstration purposes only and may not be suitable for actual production environments. In practical applications, you may need to consider issues such as communication, synchronization, and other parallel computing aspects.

Applications of the Krum Algorithm#

The Krum algorithm is suitable for the following scenarios:

  • Federated learning scenarios that require protecting user privacy: For example, in fields such as healthcare and finance, data privacy and security are crucial.
  • Federated learning scenarios facing the risk of Byzantine attacks: For example, in distributed systems such as IoT (Internet of Things) devices and autonomous vehicles, transmission errors or tampered model weights may exist due to unstable communication, device failures, or malicious attacks.

Advantages and Limitations of the Krum Algorithm#


  • Robustness: The Krum algorithm can withstand a certain number of Byzantine attackers, ensuring the robustness of the global model.
  • Wide applicability: The Krum algorithm can be applied to various types of federated learning scenarios, including horizontal federated learning, vertical federated learning, etc.


  • High computational complexity: The Krum algorithm requires calculating the distance between each pair of participants, with a computational complexity of O(n^2), where n is the number of participants. In cases with a large number of participants, the computational burden may be heavy.
  • Large communication overhead: The Krum algorithm requires transmitting model weights and distance information among participants, which may result in significant communication overhead. In environments with limited network bandwidth or unstable communication, it may affect the efficiency of federated learning.


The Krum algorithm is an important robust aggregation method in federated learning, capable of resisting Byzantine attacks and protecting the robustness of the global model. Despite its limitations in computational complexity and communication overhead, it has great potential in protecting data privacy and ensuring model security. With the growing demand for distributed machine learning and privacy protection, the Krum algorithm and related research will play an important role in the future.

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.