The Fundamental Price of Secure Aggregation in Differentially Private
Federated Learning
- URL: http://arxiv.org/abs/2203.03761v1
- Date: Mon, 7 Mar 2022 22:56:09 GMT
- Title: The Fundamental Price of Secure Aggregation in Differentially Private
Federated Learning
- Authors: Wei-Ning Chen, Christopher A. Choquette-Choo, Peter Kairouz, Ananda
Theertha Suresh
- Abstract summary: We characterize the fundamental communication cost required to obtain the best accuracy under $varepsilon$ central DP.
Our results show that $tildeOleft( min(n2varepsilon2, d) right)$ bits per client are both sufficient and necessary.
This provides a significant improvement relative to state-of-the-art SecAgg distributed DP schemes.
- Score: 34.630300910399036
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: We consider the problem of training a $d$ dimensional model with distributed
differential privacy (DP) where secure aggregation (SecAgg) is used to ensure
that the server only sees the noisy sum of $n$ model updates in every training
round. Taking into account the constraints imposed by SecAgg, we characterize
the fundamental communication cost required to obtain the best accuracy
achievable under $\varepsilon$ central DP (i.e. under a fully trusted server
and no communication constraints). Our results show that $\tilde{O}\left(
\min(n^2\varepsilon^2, d) \right)$ bits per client are both sufficient and
necessary, and this fundamental limit can be achieved by a linear scheme based
on sparse random projections. This provides a significant improvement relative
to state-of-the-art SecAgg distributed DP schemes which use
$\tilde{O}(d\log(d/\varepsilon^2))$ bits per client.
Empirically, we evaluate our proposed scheme on real-world federated learning
tasks. We find that our theoretical analysis is well matched in practice. In
particular, we show that we can reduce the communication cost significantly to
under $1.2$ bits per parameter in realistic privacy settings without decreasing
test-time performance. Our work hence theoretically and empirically specifies
the fundamental price of using SecAgg.
Related papers
- PrivSGP-VR: Differentially Private Variance-Reduced Stochastic Gradient Push with Tight Utility Bounds [9.47030623916154]
We propose a differentially private decentralized learning method (termed PrivSGPVR) which employs gradient push with variance reduction and guarantees privacy for each node.
Our theoretical analysis shows that, under DP noise with constant variance, PrivGPS-VR achieves a sub-linear convergence rate of $mathcalO (1/sqrtnK)$.
arXiv Detail & Related papers (2024-05-04T11:22:53Z) - Online non-parametric likelihood-ratio estimation by Pearson-divergence
functional minimization [55.98760097296213]
We introduce a new framework for online non-parametric LRE (OLRE) for the setting where pairs of iid observations $(x_t sim p, x'_t sim q)$ are observed over time.
We provide theoretical guarantees for the performance of the OLRE method along with empirical validation in synthetic experiments.
arXiv Detail & Related papers (2023-11-03T13:20:11Z) - Privacy Amplification via Compression: Achieving the Optimal
Privacy-Accuracy-Communication Trade-off in Distributed Mean Estimation [20.909302074826666]
Privacy and communication constraints are two major bottlenecks in federated learning (FL) and analytics (FA)
We show that in order to achieve the optimal error under $(varepsilon, delta)$-DP, it is sufficient for each client to send $Thetaleft( n minleft(varepsilon, varepsilon2right)$ bits for FL and $Thetaleft(logleft(minleft(varepsilon, varepsilon2right)$)$ bits for FA
arXiv Detail & Related papers (2023-04-04T05:37:17Z) - Differentially Private Image Classification from Features [53.75086935617644]
Leveraging transfer learning has been shown to be an effective strategy for training large models with Differential Privacy.
Recent works have found that privately training just the last layer of a pre-trained model provides the best utility with DP.
arXiv Detail & Related papers (2022-11-24T04:04:20Z) - Differentially Private Deep Learning with ModelMix [14.445182641912014]
We propose a generic optimization framework, called em ModelMix, which performs random aggregation of intermediate model states.
It strengthens the composite privacy analysis utilizing the entropy of the training trajectory.
We present a formal study on the effect of gradient clipping in Differentially Private Gradient Descent.
arXiv Detail & Related papers (2022-10-07T22:59:00Z) - TAN Without a Burn: Scaling Laws of DP-SGD [70.7364032297978]
Differentially Private methods for training Deep Neural Networks (DNNs) have progressed recently.
We decouple privacy analysis and experimental behavior of noisy training to explore the trade-off with minimal computational requirements.
We apply the proposed method on CIFAR-10 and ImageNet and, in particular, strongly improve the state-of-the-art on ImageNet with a +9 points gain in top-1 accuracy.
arXiv Detail & Related papers (2022-10-07T08:44:35Z) - Normalized/Clipped SGD with Perturbation for Differentially Private
Non-Convex Optimization [94.06564567766475]
DP-SGD and DP-NSGD mitigate the risk of large models memorizing sensitive training data.
We show that these two algorithms achieve similar best accuracy while DP-NSGD is comparatively easier to tune than DP-SGD.
arXiv Detail & Related papers (2022-06-27T03:45:02Z) - Linear Speedup in Personalized Collaborative Learning [69.45124829480106]
Personalization in federated learning can improve the accuracy of a model for a user by trading off the model's bias.
We formalize the personalized collaborative learning problem as optimization of a user's objective.
We explore conditions under which we can optimally trade-off their bias for a reduction in variance.
arXiv Detail & Related papers (2021-11-10T22:12:52Z) - Distributed Sparse Feature Selection in Communication-Restricted
Networks [6.9257380648471765]
We propose and theoretically analyze a new distributed scheme for sparse linear regression and feature selection.
In order to infer the causal dimensions from the whole dataset, we propose a simple, yet effective method for information sharing in the network.
arXiv Detail & Related papers (2021-11-02T05:02:24Z) - Boosting Certified $\ell_\infty$ Robustness with EMA Method and Ensemble
Model [0.0]
We introduce the EMA method to improve the training process of a $ell_infty$-norm neural network.
Considering the randomness of the training algorithm, we propose an ensemble method based on trained base models with the $1$-Lipschitz property.
We give the theoretical analysis of the ensemble method based on the $1$-Lipschitz property on the certified robustness, which ensures the effectiveness and stability of the algorithm.
arXiv Detail & Related papers (2021-07-01T06:01:12Z) - Learning with User-Level Privacy [61.62978104304273]
We analyze algorithms to solve a range of learning tasks under user-level differential privacy constraints.
Rather than guaranteeing only the privacy of individual samples, user-level DP protects a user's entire contribution.
We derive an algorithm that privately answers a sequence of $K$ adaptively chosen queries with privacy cost proportional to $tau$, and apply it to solve the learning tasks we consider.
arXiv Detail & Related papers (2021-02-23T18:25:13Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.