We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.LG

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Machine Learning

Title: Private Federated Learning Without a Trusted Server: Optimal Algorithms for Convex Losses

Abstract: This paper studies federated learning (FL) -- especially cross-silo FL -- with data from people who do not trust the server or other silos. In this setting, each silo (e.g. hospital) has data from different people (e.g. patients) and must maintain the privacy of each person's data (e.g. medical record), even if the server or other silos act as adversarial eavesdroppers. This requirement motivates the study of Inter-Silo Record-Level Differential Privacy (ISRL-DP), which requires silo $i$'s communications to satisfy record-level differential privacy (DP). ISRL-DP ensures that the data of each person in silo~$i$ cannot be leaked. ISRL-DP is different from well-studied privacy notions. Central and user-level DP assume that people trust the server/other silos. On the other end of the spectrum, local DP assumes that people do not trust anyone at all (even their own silo). Sitting between central and local DP, ISRL-DP makes the realistic assumption (in cross-silo FL) that people trust their own silo, but not the server or other silos. In this work, we provide tight (up to logarithms) upper and lower bounds for ISRL-DP FL with convex/strongly convex loss functions and homogeneous (i.i.d.) silo data. Remarkably, we show that similar bounds are attainable for smooth losses with arbitrary heterogeneous silo data distributions, via an accelerated ISRL-DP algorithm. We also provide tight upper and lower bounds for ISRL-DP federated empirical risk minimization, and use acceleration to attain the optimal bounds in fewer rounds of communication than the state-of-the-art. Finally, with a secure "shuffler" to anonymize silo messages (but without a trusted server), our algorithm attains the optimal central DP rates under more practical trust assumptions. Numerical experiments show favorable privacy-accuracy tradeoffs for our algorithm in classification and regression tasks.
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Optimization and Control (math.OC); Machine Learning (stat.ML)
Cite as: arXiv:2106.09779 [cs.LG]
  (or arXiv:2106.09779v6 [cs.LG] for this version)

Submission history

From: Andrew Lowy [view email]
[v1] Thu, 17 Jun 2021 19:41:23 GMT (1967kb,D)
[v2] Tue, 12 Oct 2021 04:13:56 GMT (118kb,D)
[v3] Tue, 2 Nov 2021 01:34:07 GMT (117kb,D)
[v4] Mon, 8 Nov 2021 20:28:34 GMT (118kb,D)
[v5] Fri, 6 May 2022 21:06:44 GMT (650kb,D)
[v6] Sat, 29 Oct 2022 05:33:44 GMT (1980kb,D)

Link back to: arXiv, form interface, contact.