Papers
Topics
Authors
Recent
Search
2000 character limit reached

ULDP-FL: Federated Learning with Across Silo User-Level Differential Privacy

Published 23 Aug 2023 in cs.LG and cs.CR | (2308.12210v3)

Abstract: Differentially Private Federated Learning (DP-FL) has garnered attention as a collaborative machine learning approach that ensures formal privacy. Most DP-FL approaches ensure DP at the record-level within each silo for cross-silo FL. However, a single user's data may extend across multiple silos, and the desired user-level DP guarantee for such a setting remains unknown. In this study, we present Uldp-FL, a novel FL framework designed to guarantee user-level DP in cross-silo FL where a single user's data may belong to multiple silos. Our proposed algorithm directly ensures user-level DP through per-user weighted clipping, departing from group-privacy approaches. We provide a theoretical analysis of the algorithm's privacy and utility. Additionally, we enhance the utility of the proposed algorithm with an enhanced weighting strategy based on user record distribution and design a novel private protocol that ensures no additional information is revealed to the silos and the server. Experiments on real-world datasets show substantial improvements in our methods in privacy-utility trade-offs under user-level DP compared to baseline methods. To the best of our knowledge, our work is the first FL framework that effectively provides user-level DP in the general cross-silo FL setting.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (51)
  1. [n.d.]. Python Paillier. https://github.com/data61/python-paillier.
  2. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 308–318.
  3. The skellam mechanism for differentially private federated learning. Advances in Neural Information Processing Systems 34 (2021), 5052–5064.
  4. Andreea B. Alexandru and George J. Pappas. 2022. Private Weighted Sum Aggregation. IEEE Transactions on Control of Network Systems 9, 1 (2022), 219–230. https://doi.org/10.1109/TCNS.2021.3094788
  5. Bounding user contributions: A bias-variance trade-off in differential privacy. In International Conference on Machine Learning. PMLR, 263–271.
  6. Hypothesis testing interpretations and renyi differential privacy. In International Conference on Artificial Intelligence and Statistics. PMLR, 2496–2506.
  7. Secure single-server aggregation with (poly) logarithmic overhead. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1253–1269.
  8. Practical secure aggregation for privacy-preserving machine learning. In proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1175–1191.
  9. Capacity Bounded Differential Privacy. Curran Associates Inc., Red Hook, NY, USA.
  10. Distributed differential privacy via shuffling. In Advances in Cryptology–EUROCRYPT 2019: 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19–23, 2019, Proceedings, Part I 38. Springer, 375–403.
  11. Efficient and secure comparison for on-line auctions. In Information Security and Privacy: 12th Australasian Conference, ACISP 2007, Townsville, Australia, July 2-4, 2007. Proceedings 12. Springer, 416–430.
  12. Cynthia Dwork. 2006. Differential privacy. In Proceedings of the 33rd international conference on Automata, Languages and Programming-Volume Part II. Springer-Verlag, 1–12.
  13. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science 9, 3–4 (2014), 211–407.
  14. Smoothly bounding user contributions in differential privacy. Advances in Neural Information Processing Systems 33 (2020), 13999–14010.
  15. Encode, shuffle, analyze privacy revisited: Formalizations and empirical evaluation. arXiv preprint arXiv:2001.03618 (2020).
  16. Differentially private federated learning: A client level perspective. NIPS 2017 Workshop: Machine Learning on the Phone and other Consumer Devices (2017).
  17. Shuffled model of differential privacy in federated learning. In International Conference on Artificial Intelligence and Statistics. PMLR, 2521–2529.
  18. Michelle Goddard. 2017. The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research 59, 6 (2017), 703–705.
  19. Kaggle. 2018. Credit Card Fraud Detection dataset. https://www.kaggle.com/datasets/mlg-ulb/creditcardfraud. Accessed: 2023-08-03.
  20. The distributed discrete gaussian mechanism for federated learning with secure aggregation. In International Conference on Machine Learning. PMLR, 5201–5212.
  21. Gautam Kamath. 2020. CS 860 : Algorithms for Private Data Analysis Fall 2020 Lecture 5 — Approximate Differential Privacy. http://www.gautamkamath.com/CS860notes/lec5.pdf. [Online; accessed 23-June-2023].
  22. Preventing manipulation attack in local differential privacy using verifiable randomization mechanism. In Data and Applications Security and Privacy XXXV: 35th Annual IFIP WG 11.3 Conference, DBSec 2021, Calgary, Canada, July 19–20, 2021, Proceedings 35. Springer, 43–60.
  23. Olive: Oblivious Federated Learning on Trusted Execution Environment against the Risk of Sparsification. Proc. VLDB Endow. 16, 10 (aug 2023), 2404–2417. https://doi.org/10.14778/3603581.3603583
  24. Learning with user-level privacy. Advances in Neural Information Processing Systems 34 (2021), 12466–12479.
  25. Network shuffling: Privacy amplification via random walks. In Proceedings of the 2022 International Conference on Management of Data. 773–787.
  26. On privacy and personalization in cross-silo federated learning. Advances in Neural Information Processing Systems 35 (2022), 5925–5940.
  27. Learning discrete distributions: user vs item-level privacy. Advances in Neural Information Processing Systems 33 (2020), 20965–20976.
  28. Private non-convex federated learning without a trusted server. In International Conference on Artificial Intelligence and Statistics. PMLR, 5749–5786.
  29. Andrew Lowy and Meisam Razaviyayn. 2023. Private Federated Learning Without a Trusted Server: Optimal Algorithms for Convex Losses. In The Eleventh International Conference on Learning Representations. https://openreview.net/forum?id=TVY6GoURrw
  30. A general approach to adding differential privacy to iterative training procedures. arXiv preprint arXiv:1812.06210 (2018).
  31. Federated learning of deep networks using model averaging. arXiv preprint arXiv:1602.05629 (2016).
  32. Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963 (2017).
  33. Frank D McSherry. 2009. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of data. 19–30.
  34. Ilya Mironov. 2017. Rényi differential privacy. In 2017 IEEE 30th computer security foundations symposium (CSF). IEEE, 263–275.
  35. R\\\backslash\’enyi differential privacy of the sampled gaussian mechanism. arXiv preprint arXiv:1908.10530 (2019).
  36. PPFL: privacy-preserving federated learning with trusted execution environments. In Proceedings of the 19th annual international conference on mobile systems, applications, and services. 94–108.
  37. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In 2019 IEEE symposium on security and privacy (SP). IEEE, 739–753.
  38. FLamby: Datasets and Benchmarks for Cross-Silo Federated Learning in Realistic Healthcare Settings. In Advances in Neural Information Processing Systems, S. Koyejo, S. Mohamed, A. Agarwal, D. Belgrave, K. Cho, and A. Oh (Eds.), Vol. 35. Curran Associates, Inc., 5315–5334.
  39. Pascal Paillier. 1999. Public-key cryptosystems based on composite degree residuosity classes. In International conference on the theory and applications of cryptographic techniques. Springer, 223–238.
  40. Federated Evaluation and Tuning for On-Device Personalization: System Design & Applications. arXiv preprint arXiv:2102.08503 (2021).
  41. Federated learning for emoji prediction in a mobile keyboard. arXiv preprint arXiv:1906.04329 (2019).
  42. Adaptive Federated Optimization. https://openreview.net/forum?id=LkFG3lB13U5
  43. Securing secure aggregation: Mitigating multi-round privacy leakage in federated learning. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 37. 9864–9873.
  44. From Bounded to Unbounded: Privacy Amplification via Shuffling with Dummies. In 2023 IEEE 36th Computer Security Foundations Symposium (CSF). IEEE, 457–472.
  45. Privacy-preserving record linkage for big data: Current approaches and research challenges. Handbook of big data technologies (2017), 851–895.
  46. Subsampled rényi differential privacy and analytical moments accountant. In The 22nd International Conference on Artificial Intelligence and Statistics. PMLR, 1226–1235.
  47. Differentially private SQL with bounded user contribution. Proceedings on privacy enhancing technologies 2020, 2 (2020), 230–250.
  48. Achieving Linear Speedup with Partial Worker Participation in Non-IID Federated Learning. Proceedings of ICLR (2021).
  49. FPGA-based hardware accelerator of homomorphic encryption for efficient federated learning. arXiv preprint arXiv:2007.10560 (2020).
  50. Understanding clipping for federated learning: Convergence and client-level differential privacy. In International Conference on Machine Learning, ICML 2022.
  51. idlg: Improved deep leakage from gradients. arXiv preprint arXiv:2001.02610 (2020).
Citations (2)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up