As machine learning (ML) continues to advance, the scale and complexity of learning tasks have grown dramatically, particularly with the rise of large-scale models in domains such as natural language processing and generative AI. To meet the computational demands of modern ML workloads, federated learning (FL) has emerged as a key paradigm, enabling multiple machines or workers to collaboratively train models without centralizing their private data. In FL, each worker trains on local data and periodically transmits model updates, such as gradients, to a coordinating server, which aggregates these updates to refine a global model.

However, the distributed nature of FL introduces two critical and often orthogonal challenges: privacy and robustness. On the one hand, the exchange of updates between workers and a coordinating server raises serious privacy concerns, as gradients can be exploited by a curious server to reveal sensitive information about the workers' training data. On the other hand, the system remains vulnerable to adversarial behavior from compromised or faulty workers sending incorrect updates. This thesis provides a systematic study of the interplay between privacy and robustness in FL.

We begin with differential privacy (DP), a rigorous privacy primitive offering information-theoretic guarantees against computationally unbounded adversaries. Our first contribution suggests that satisfying DP with robustness in FL may introduce a prohibitive dependence on model dimensionality, which can lead to degraded utility or impractical computational requirements. Empirical results on benchmark tasks confirm that even relatively small models may suffer noticeable utility degradation unless worker-side resources are scaled accordingly, e.g., through increased batch sizes. These findings suggest that the practicality of DP-based robust FL may be limited in modern high-dimensional learning scenarios.

Motivated by these limitations, we explore an alternative approach that relaxes the privacy threat model while preserving strong confidentiality guarantees. We propose a protocol based on homomorphic encryption (HE), which assumes a computationally bounded adversary (e.g., the curious server) and supports computation over encrypted data. We design and implement SABLE, the first FL protocol to leverage HE for robust aggregation of encrypted gradients. While SABLE incurs computational overhead, particularly during the server-side homomorphic robust aggregation step, our experiments show that it can match the accuracy of non-private baselines on standard ML tasks while simultaneously offering both privacy and robustness. These results position HE as a compelling alternative to DP, particularly in scenarios where preserving utility is critical.

Finally, we revisit the role of gradient clipping, a common preprocessing step in both DP and HE frameworks, and uncover its underestimated potential for improving robustness, even in settings where privacy is not the primary concern. We identify the limitations of static clipping methods and introduce ARC, a theoretically robust adaptive clipping scheme. We prove that ARC preserves the robustness guarantees of aggregation methods and enhances convergence under favorable model initialization. Experiments show that ARC significantly boosts empirical performance, particularly in adversarial and heterogeneous settings.