Federated learning (FL) faces dual threats from gradient leakage and Byzantine attacks, yet existing defenses struggle to simultaneously ensure privacy, robustness, and efficiency. To address this, we propose an efficient defense framework integrating homomorphic encryption (HE) with geometry-preserving dimensionality compression. Specifically, we apply the Johnson–Lindenstrauss transform to perform gradient compression directly in the ciphertext domain, and leverage a two-server architecture with distributed key management to execute Byzantine-resilient aggregation over encrypted gradients. This design reduces cryptographic computation complexity to *O(kn)*, significantly lowering overhead. Experiments demonstrate that, under 40% malicious clients, our method achieves model accuracy comparable to non-private FL baselines—marking the first work to unify strong privacy guarantees (via HE), high robustness against Byzantine adversaries, and computational efficiency in a single FL framework.

Federated Learning (FL) allows collaborative model training across distributed clients without sharing raw data, thus preserving privacy. However, the system remains vulnerable to privacy leakage from gradient updates and Byzantine attacks from malicious clients. Existing solutions face a critical trade-off among privacy preservation, Byzantine robustness, and computational efficiency. We propose a novel scheme that effectively balances these competing objectives by integrating homomorphic encryption with dimension compression based on the Johnson-Lindenstrauss transformation. Our approach employs a dual-server architecture that enables secure Byzantine defense in the ciphertext domain while dramatically reducing computational overhead through gradient compression. The dimension compression technique preserves the geometric relationships necessary for Byzantine defence while reducing computation complexity from $O(dn)$ to $O(kn)$ cryptographic operations, where $k ll d$. Extensive experiments across diverse datasets demonstrate that our approach maintains model accuracy comparable to non-private FL while effectively defending against Byzantine clients comprising up to $40%$ of the network.