Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
110 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Subject Granular Differential Privacy in Federated Learning (2206.03617v2)

Published 7 Jun 2022 in cs.LG and cs.CR

Abstract: This paper considers subject level privacy in the FL setting, where a subject is an individual whose private information is embodied by several data items either confined within a single federation user or distributed across multiple federation users. We propose two new algorithms that enforce subject level DP at each federation user locally. Our first algorithm, called LocalGroupDP, is a straightforward application of group differential privacy in the popular DP-SGD algorithm. Our second algorithm is based on a novel idea of hierarchical gradient averaging (HiGradAvgDP) for subjects participating in a training mini-batch. We also show that user level Local Differential Privacy (LDP) naturally guarantees subject level DP. We observe the problem of horizontal composition of subject level privacy loss in FL - subject level privacy loss incurred at individual users composes across the federation. We formally prove the subject level DP guarantee for our algorithms, and also show their effect on model utility loss. Our empirical evaluation on FEMNIST and Shakespeare datasets shows that LocalGroupDP delivers the best performance among our algorithms. However, its model utility lags behind that of models trained using a DP-SGD based algorithm that provides a weaker item level privacy guarantee. Privacy loss amplification due to subject sampling fractions and horizontal composition remain key challenges for model utility.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (34)
  1. Deep Learning with Differential Privacy. Pages 308–318 of: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.
  2. Private Empirical Risk Minimization: Efficient Algorithms and Tight Error Bounds. Pages 464–473 of: 55th IEEE Annual Symposium on Foundations of Computer Science. IEEE Computer Society.
  3. Private Stochastic Convex Optimization with Optimal Rates. CoRR, abs/1908.09970.
  4. Towards Federated Learning at Scale: System Design. CoRR, abs/1902.01046.
  5. Stability and Generalization. Journal of Machine Learning Research, 2, 499–526.
  6. LEAF: A Benchmark for Federated Settings. CoRR, abs/1812.01097.
  7. Differentially Private Empirical Risk Minimization. The Journal of Machine Learning Research, 12(July), 1069–1109.
  8. Differential Privacy Team, Apple. 2017. Learning with Privacy at Scale. Machine Learning, Journal, 1(8), 1–25.
  9. Gaussian Differential Privacy. CoRR, abs/1905.02383.
  10. Local Privacy and Statistical Minimax Rates. CoRR, abs/1302.3203.
  11. The Algorithmic Foundations of Differential Privacy. Foundations and Trends in Theoretical Computer Science, 9(3–4), 211–407.
  12. Calibrating Noise to Sensitivity in Private Data Analysis. Pages 265–284 of: Proceedings of the Third Conference on Theory of Cryptography. TCC’06.
  13. Boosting and Differential Privacy. Pages 51–60 of: 51th Annual IEEE Symposium on Foundations of Computer Science, FOCS.
  14. Towards Practical Differentially Private Convex Optimization. Pages 299–316 of: 2019 IEEE Symposium on Security and Privacy. IEEE.
  15. Auditing Differentially Private Machine Learning: How Private is Private SGD? In: Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020.
  16. Advances and Open Problems in Federated Learning. CoRR, abs/1912.04977.
  17. What Can We Learn Privately? CoRR, abs/0803.0924.
  18. Private Convex Optimization for Empirical Risk Minimization with Applications to High-dimensional Regression. Pages 25.1–25.40 of: The 25th Annual Conference on Learning Theory, vol. 23.
  19. Federated Optimization: Distributed Optimization Beyond the Datacenter. CoRR, abs/1511.03575.
  20. Learning with User-Level Privacy. CoRR, abs/2102.11845.
  21. Learning discrete distributions: user vs item-level privacy. CoRR, abs/2007.13660.
  22. Learning Differentially Private Recurrent Language Models. In: 6th International Conference on Learning Representations, ICLR 2018.
  23. McSherry, Frank. 2009. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. Pages 19–30 of: Proceedings of the ACM SIGMOD International Conference on Management of Data.
  24. Mironov, Ilya. 2017. Renyi Differential Privacy. CoRR, abs/1702.07476.
  25. Understanding machine learning: From theory to algorithms. Cambridge University Press.
  26. Stochastic gradient descent with differentially private updates. Pages 245–248 of: IEEE Global Conference on Signal and Information Processing.
  27. Nearly Optimal Private LASSO. Pages 3025–3033 of: Annual Conference on Neural Information Processing Systems.
  28. Differentially Private Feature Selection via Stability Arguments, and the Robustness of the Lasso. Pages 819–850 of: COLT 2013 - The 26th Annual Conference on Learning Theory, vol. 30.
  29. LDP-Fed: Federated Learning with Local Differential Privacy. Pages 61–66 of: Proceedings of the 3rd International Workshop on Edge Systems, Analytics and Networking, EdgeSys@EuroSys 2020, Heraklion, Greece, April 27, 2020. ACM.
  30. Vadhan, Salil P. 2017. The Complexity of Differential Privacy. Pages 347–450 of: Tutorials on the Foundations of Cryptography. Springer International Publishing.
  31. Differentially Private Empirical Risk Minimization Revisited: Faster and More General. CoRR, abs/1802.05251.
  32. A Field Guide to Federated Optimization.
  33. Subsampled Renyi Differential Privacy and Analytical Moments Accountant. Pages 1226–1235 of: The 22nd International Conference on Artificial Intelligence and Statistics. Proceedings of Machine Learning Research, vol. 89.
  34. Warner, Stanley L. 1965. Randomized response: A survey tech-nique for eliminating evasive answer bias. Journal ofthe American Statistical Association, 60(309), 63–69.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Virendra J. Marathe (10 papers)
  2. Pallika Kanani (5 papers)
  3. Daniel W. Peterson (2 papers)
  4. Guy Steele Jr (1 paper)
Citations (8)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now