Renyi Differential Privacy of the Subsampled Shuffle Model in
Distributed Learning
- URL: http://arxiv.org/abs/2107.08763v1
- Date: Mon, 19 Jul 2021 11:43:24 GMT
- Title: Renyi Differential Privacy of the Subsampled Shuffle Model in
Distributed Learning
- Authors: Antonious M. Girgis, Deepesh Data, Suhas Diggavi
- Abstract summary: We study privacy in a distributed learning framework, where clients collaboratively build a learning model iteratively through interactions with a server from whom we need privacy.
Motivated by optimization and the federated learning (FL) paradigm, we focus on the case where a small fraction of data samples are randomly sub-sampled in each round.
To obtain even stronger local privacy guarantees, we study this in the shuffle privacy model, where each client randomizes its response using a local differentially private (LDP) mechanism.
- Score: 7.197592390105457
- License: http://creativecommons.org/publicdomain/zero/1.0/
- Abstract: We study privacy in a distributed learning framework, where clients
collaboratively build a learning model iteratively through interactions with a
server from whom we need privacy. Motivated by stochastic optimization and the
federated learning (FL) paradigm, we focus on the case where a small fraction
of data samples are randomly sub-sampled in each round to participate in the
learning process, which also enables privacy amplification. To obtain even
stronger local privacy guarantees, we study this in the shuffle privacy model,
where each client randomizes its response using a local differentially private
(LDP) mechanism and the server only receives a random permutation (shuffle) of
the clients' responses without their association to each client. The principal
result of this paper is a privacy-optimization performance trade-off for
discrete randomization mechanisms in this sub-sampled shuffle privacy model.
This is enabled through a new theoretical technique to analyze the Renyi
Differential Privacy (RDP) of the sub-sampled shuffle model. We numerically
demonstrate that, for important regimes, with composition our bound yields
significant improvement in privacy guarantee over the state-of-the-art
approximate Differential Privacy (DP) guarantee (with strong composition) for
sub-sampled shuffled models. We also demonstrate numerically significant
improvement in privacy-learning performance operating point using real data
sets.
Related papers
- Federated Face Forgery Detection Learning with Personalized Representation [63.90408023506508]
Deep generator technology can produce high-quality fake videos that are indistinguishable, posing a serious social threat.
Traditional forgery detection methods directly centralized training on data.
The paper proposes a novel federated face forgery detection learning with personalized representation.
arXiv Detail & Related papers (2024-06-17T02:20:30Z) - Share Your Representation Only: Guaranteed Improvement of the
Privacy-Utility Tradeoff in Federated Learning [47.042811490685324]
Mitigating the risk of this information leakage, using state of the art differentially private algorithms, also does not come for free.
In this paper, we consider a representation learning objective that various parties collaboratively refine on a federated model, with differential privacy guarantees.
We observe a significant performance improvement over the prior work under the same small privacy budget.
arXiv Detail & Related papers (2023-09-11T14:46:55Z) - FedSampling: A Better Sampling Strategy for Federated Learning [81.85411484302952]
Federated learning (FL) is an important technique for learning models from decentralized data in a privacy-preserving way.
Existing FL methods usually uniformly sample clients for local model learning in each round.
We propose a novel data uniform sampling strategy for federated learning (FedSampling)
arXiv Detail & Related papers (2023-06-25T13:38:51Z) - Randomized Quantization is All You Need for Differential Privacy in
Federated Learning [1.9785872350085876]
We consider an approach to federated learning that combines quantization and differential privacy.
We develop a new algorithm called the textbfRandomized textbfQuantization textbfMechanism (RQM)
We empirically study the performance of our algorithm and demonstrate that compared to previous work it yields improved privacy-accuracy trade-offs.
arXiv Detail & Related papers (2023-06-20T21:54:13Z) - Stronger Privacy Amplification by Shuffling for R\'enyi and Approximate
Differential Privacy [43.33288245778629]
A key result in this model is that randomly shuffling locally randomized data amplifies differential privacy guarantees.
Such amplification implies substantially stronger privacy guarantees for systems in which data is contributed anonymously.
In this work, we improve the state of the art privacy amplification by shuffling results both theoretically and numerically.
arXiv Detail & Related papers (2022-08-09T08:13:48Z) - Smooth Anonymity for Sparse Graphs [69.1048938123063]
differential privacy has emerged as the gold standard of privacy, however, when it comes to sharing sparse datasets.
In this work, we consider a variation of $k$-anonymity, which we call smooth-$k$-anonymity, and design simple large-scale algorithms that efficiently provide smooth-$k$-anonymity.
arXiv Detail & Related papers (2022-07-13T17:09:25Z) - Personalization Improves Privacy-Accuracy Tradeoffs in Federated
Optimization [57.98426940386627]
We show that coordinating local learning with private centralized learning yields a generically useful and improved tradeoff between accuracy and privacy.
We illustrate our theoretical results with experiments on synthetic and real-world datasets.
arXiv Detail & Related papers (2022-02-10T20:44:44Z) - Uniformity Testing in the Shuffle Model: Simpler, Better, Faster [0.0]
Uniformity testing, or testing whether independent observations are uniformly distributed, is the question in distribution testing.
In this work, we considerably simplify the analysis of the known uniformity testing algorithm in the shuffle model.
arXiv Detail & Related papers (2021-08-20T03:43:12Z) - Understanding Clipping for Federated Learning: Convergence and
Client-Level Differential Privacy [67.4471689755097]
This paper empirically demonstrates that the clipped FedAvg can perform surprisingly well even with substantial data heterogeneity.
We provide the convergence analysis of a differential private (DP) FedAvg algorithm and highlight the relationship between clipping bias and the distribution of the clients' updates.
arXiv Detail & Related papers (2021-06-25T14:47:19Z) - On the Renyi Differential Privacy of the Shuffle Model [25.052851351062845]
In the shuffle model, each of the $n$ clients randomizes its response using a local differentially private (LDP) mechanism and the untrusted server only receives a random permutation (shuffle) of the client responses without association to each client.
The principal result in this paper is the first non-trivial guarantee for general discrete local randomization mechanisms in the shuffled privacy model.
arXiv Detail & Related papers (2021-05-11T16:34:09Z) - Privacy Amplification via Random Check-Ins [38.72327434015975]
Differentially Private Gradient Descent (DP-SGD) forms a fundamental building block in many applications for learning over sensitive data.
In this paper, we focus on conducting iterative methods like DP-SGD in the setting of federated learning (FL) wherein the data is distributed among many devices (clients)
Our main contribution is the emphrandom check-in distributed protocol, which crucially relies only on randomized participation decisions made locally and independently by each client.
arXiv Detail & Related papers (2020-07-13T18:14:09Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.