This paper investigates the differential impact of Byzantine attacks versus data poisoning attacks on the generalization performance of distributed/federated learning models. Method: Leveraging uniform algorithmic stability analysis, robust aggregation modeling, and error decomposition, we derive tight generalization bounds for both attack types under a unified theoretical framework. Contribution/Results: We establish, for the first time, that data poisoning degrades stability to Θ(f/(n−f)), whereas Byzantine attacks induce a strictly worse degradation of O(√(f/(n−2f))), revealing their inherently stronger destructive capacity. The generalization gap widens significantly as the number f of malicious clients approaches n/2. Crucially, this disparity is shown not to stem from suboptimal attack strategies but from fundamental differences in the underlying threat models—Byzantine adversaries possess full control over model updates, while data poisoners only manipulate local training data. These results provide a rigorous theoretical foundation for designing robust aggregation mechanisms and inform the principled selection of defense strategies against distinct adversarial threats in federated learning.

Robust distributed learning algorithms aim to maintain good performance in distributed and federated settings, even in the presence of misbehaving workers. Two primary threat models have been studied: Byzantine attacks, where misbehaving workers can send arbitrarily corrupted updates, and data poisoning attacks, where misbehavior is limited to manipulation of local training data. While prior work has shown comparable optimization error under both threat models, a fundamental question remains open: How do these threat models impact generalization? Empirical evidence suggests a gap between the two threat models, yet it remains unclear whether it is fundamental or merely an artifact of suboptimal attacks. In this work, we present the first theoretical investigation into this problem, formally showing that Byzantine attacks are intrinsically more harmful to generalization than data poisoning. Specifically, we prove that: (i) under data poisoning, the uniform algorithmic stability of a robust distributed learning algorithm, with optimal optimization error, degrades by an additive factor of $varTheta ( frac{f}{n-f} )$, with $f$ the number of misbehaving workers out of $n$; and (ii) In contrast, under Byzantine attacks, the degradation is in $mathcal{O} ig( sqrt{ frac{f}{n-2f}} ig)$.This difference in stability leads to a generalization error gap that is especially significant as $f$ approaches its maximum value $frac{n}{2}$.