Since there are multiple parties in collaborative learning, malicious parties
might manipulate the learning process for their own purposes through backdoor
attacks. However, most of existing works only consider the federated learning
scenario where data are partitioned by samples. The