Private Federated Learning Without a Trusted Server: Optimal Algorithms
for Convex Losses
- URL: http://arxiv.org/abs/2106.09779v8
- Date: Wed, 14 Jun 2023 22:36:30 GMT
- Title: Private Federated Learning Without a Trusted Server: Optimal Algorithms
for Convex Losses
- Authors: Andrew Lowy and Meisam Razaviyayn
- Abstract summary: Inter-Silo Record-Level Differential Privacy (ISRL-DP)
Inter-Silo Record-Level Differential Privacy (ISRL-DP)
- Score: 9.416757363901295
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: This paper studies federated learning (FL)--especially cross-silo FL--with
data from people who do not trust the server or other silos. In this setting,
each silo (e.g. hospital) has data from different people (e.g. patients) and
must maintain the privacy of each person's data (e.g. medical record), even if
the server or other silos act as adversarial eavesdroppers. This requirement
motivates the study of Inter-Silo Record-Level Differential Privacy (ISRL-DP),
which requires silo i's communications to satisfy record/item-level
differential privacy (DP). ISRL-DP ensures that the data of each person (e.g.
patient) in silo i (e.g. hospital i) cannot be leaked. ISRL-DP is different
from well-studied privacy notions. Central and user-level DP assume that people
trust the server/other silos. On the other end of the spectrum, local DP
assumes that people do not trust anyone at all (even their own silo). Sitting
between central and local DP, ISRL-DP makes the realistic assumption (in
cross-silo FL) that people trust their own silo, but not the server or other
silos. In this work, we provide tight (up to logarithms) upper and lower bounds
for ISRL-DP FL with convex/strongly convex loss functions and homogeneous
(i.i.d.) silo data. Remarkably, we show that similar bounds are attainable for
smooth losses with arbitrary heterogeneous silo data distributions, via an
accelerated ISRL-DP algorithm. We also provide tight upper and lower bounds for
ISRL-DP federated empirical risk minimization, and use acceleration to attain
the optimal bounds in fewer rounds of communication than the state-of-the-art.
Finally, with a secure "shuffler" to anonymize silo messages (but without a
trusted server), our algorithm attains the optimal central DP rates under more
practical trust assumptions. Numerical experiments show favorable
privacy-accuracy tradeoffs for our algorithm in classification and regression
tasks.
Related papers
- Differential Privacy on Trust Graphs [54.55190841518906]
We study differential privacy (DP) in a multi-party setting where each party only trusts a (known) subset of the other parties with its data.
We give a DP algorithm for aggregation with a much better privacy-utility trade-off than in the well-studied local model of DP.
arXiv Detail & Related papers (2024-10-15T20:31:04Z) - Secure Stateful Aggregation: A Practical Protocol with Applications in Differentially-Private Federated Learning [36.42916779389165]
DP-FTRL based approaches have already seen widespread deployment in industry.
We introduce secure stateful aggregation: a simple append-only data structure that allows for the private storage of aggregate values.
We observe that secure stateful aggregation suffices for realizing DP-FTRL-based private federated learning.
arXiv Detail & Related papers (2024-10-15T07:45:18Z) - Private Heterogeneous Federated Learning Without a Trusted Server Revisited: Error-Optimal and Communication-Efficient Algorithms for Convex Losses [12.620782629498812]
Inter-Silo Record-Level Differential Privacy (ISRL-DP) prevents each silo's data from being leaked.
We provide novel ISRL-DP FL algorithms that achieve the optimal excess risk bounds in the presence of heterogeneous silo data.
arXiv Detail & Related papers (2024-07-12T21:20:44Z) - ALI-DPFL: Differentially Private Federated Learning with Adaptive Local Iterations [26.310416723272184]
Federated Learning (FL) is a distributed machine learning technique that allows model training among multiple devices or organizations by sharing training parameters instead of raw data.
adversaries can still infer individual information through inference attacks on these training parameters. Differential Privacy (DP) has been widely used in FL to prevent such attacks.
We consider differentially private federated learning in a resource-constrained scenario, where both privacy budget and communication rounds are constrained.
arXiv Detail & Related papers (2023-08-21T04:09:59Z) - Balancing Privacy and Performance for Private Federated Learning
Algorithms [4.681076651230371]
Federated learning (FL) is a distributed machine learning framework where multiple clients collaborate to train a model without exposing their private data.
FL algorithms frequently employ a differential privacy mechanism that introduces noise into each client's model updates before sharing.
We show that an optimal balance exists between the number of local steps and communication rounds, one that maximizes the convergence performance within a given privacy budget.
arXiv Detail & Related papers (2023-04-11T10:42:11Z) - FedLAP-DP: Federated Learning by Sharing Differentially Private Loss Approximations [53.268801169075836]
We propose FedLAP-DP, a novel privacy-preserving approach for federated learning.
A formal privacy analysis demonstrates that FedLAP-DP incurs the same privacy costs as typical gradient-sharing schemes.
Our approach presents a faster convergence speed compared to typical gradient-sharing methods.
arXiv Detail & Related papers (2023-02-02T12:56:46Z) - Private Non-Convex Federated Learning Without a Trusted Server [7.971065005161566]
We propose novel algorithms for cross-silo learning (FL) with non-trusted loss functions and data from people who do not trust other silos.
Our algorithms attain the optimal strongly convex, homogeneous (i.i.d.) for ISRL-DP FL without assuming convexity or i.i.d. data.
Numerical experiments show that our algorithm has better accuracy than baselines for most privacy levels.
arXiv Detail & Related papers (2022-03-13T19:17:15Z) - Privacy Amplification via Shuffling for Linear Contextual Bandits [51.94904361874446]
We study the contextual linear bandit problem with differential privacy (DP)
We show that it is possible to achieve a privacy/utility trade-off between JDP and LDP by leveraging the shuffle model of privacy.
Our result shows that it is possible to obtain a tradeoff between JDP and LDP by leveraging the shuffle model while preserving local privacy.
arXiv Detail & Related papers (2021-12-11T15:23:28Z) - Differentially Private Federated Bayesian Optimization with Distributed
Exploration [48.9049546219643]
We introduce differential privacy (DP) into the training of deep neural networks through a general framework for adding DP to iterative algorithms.
We show that DP-FTS-DE achieves high utility (competitive performance) with a strong privacy guarantee.
We also use real-world experiments to show that DP-FTS-DE induces a trade-off between privacy and utility.
arXiv Detail & Related papers (2021-10-27T04:11:06Z) - Locally Differentially Private Reinforcement Learning for Linear Mixture
Markov Decision Processes [78.27542864367821]
Reinforcement learning (RL) algorithms can be used to provide personalized services, which rely on users' private and sensitive data.
To protect the users' privacy, privacy-preserving RL algorithms are in demand.
We propose a novel $(varepsilon, delta)$-LDP algorithm for learning a class of Markov decision processes (MDPs) dubbed linear mixture MDPs.
arXiv Detail & Related papers (2021-10-19T17:44:09Z) - User-Level Privacy-Preserving Federated Learning: Analysis and
Performance Optimization [77.43075255745389]
Federated learning (FL) is capable of preserving private data from mobile terminals (MTs) while training the data into useful models.
From a viewpoint of information theory, it is still possible for a curious server to infer private information from the shared models uploaded by MTs.
We propose a user-level differential privacy (UDP) algorithm by adding artificial noise to the shared models before uploading them to servers.
arXiv Detail & Related papers (2020-02-29T10:13:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.