1: \begin{abstract}

2: \Ac{fl} is an emerging paradigm that allows a central server to train machine learning models using remote users' data.  Despite its growing popularity, \ac{fl} faces challenges in preserving the privacy of local datasets, its sensitivity to poisoning attacks by malicious users, and its communication overhead. The latter is additionally considerably dominant in large-scale networks. These limitations are often individually mitigated by \ac{ldp} mechanisms, robust aggregation, compression, and user selection techniques, which typically come at the cost of accuracy. 

3: In this work, we present {\em \ac{cpa}}, that allows massive deployments to simultaneously communicate at extremely low bit rates while achieving privacy, anonymity, and resilience to malicious users. \ac{cpa} randomizes a codebook for compressing the data into a few bits using nested lattice quantizers, while ensuring anonymity and robustness, with a subsequent perturbation to hold \ac{ldp}. The proposed \ac{cpa} is proven to result in \ac{fl} convergence in the same asymptotic rate as \ac{fl} without privacy, compression, and robustness considerations, while satisfying both anonymity and \ac{ldp} requirements. These analytical properties are empirically confirmed in a numerical study, where we demonstrate the performance gains of \ac{cpa} compared with separate mechanisms for compression and privacy for training different image classification models, as well as its robustness in mitigating the harmful effects of malicious users. 

4: \end{abstract}

5: