Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Theoretical Analysis of Privacy Leakage in Trustworthy Federated Learning: A Perspective from Linear Algebra and Optimization Theory (2407.16735v1)

Published 23 Jul 2024 in cs.CR, cs.AI, cs.LG, and stat.ML

Abstract: Federated learning has emerged as a promising paradigm for collaborative model training while preserving data privacy. However, recent studies have shown that it is vulnerable to various privacy attacks, such as data reconstruction attacks. In this paper, we provide a theoretical analysis of privacy leakage in federated learning from two perspectives: linear algebra and optimization theory. From the linear algebra perspective, we prove that when the Jacobian matrix of the batch data is not full rank, there exist different batches of data that produce the same model update, thereby ensuring a level of privacy. We derive a sufficient condition on the batch size to prevent data reconstruction attacks. From the optimization theory perspective, we establish an upper bound on the privacy leakage in terms of the batch size, the distortion extent, and several other factors. Our analysis provides insights into the relationship between privacy leakage and various aspects of federated learning, offering a theoretical foundation for designing privacy-preserving federated learning algorithms.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (37)
  1. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, NY, USA, 308–318.
  2. Optimal gradient compression for distributed and federated learning. arXiv preprint arXiv:2010.03246 (2020).
  3. Federated learning for healthcare: Systematic review and architecture proposal. ACM Transactions on Intelligent Systems and Technology (TIST) 13, 4 (2022), 1–23.
  4. Practical secure aggregation for federated learning on user-held data. arXiv preprint arXiv:1611.04482 (2016).
  5. Adaptive subgradient methods for online learning and stochastic optimization. Journal of machine learning research 12, 7 (2011).
  6. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. Springer, 265–284.
  7. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1322–1333.
  8. Inverting Gradients–How easy is it to break privacy in federated learning? arXiv preprint arXiv:2003.14053 (2020).
  9. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 (2017).
  10. Shuffled model of federated learning: Privacy, accuracy and communication trade-offs. IEEE journal on selected areas in information theory 2, 1 (2021), 464–478.
  11. Federated learning with compression: Unified analysis and sharp guarantees. In International Conference on Artificial Intelligence and Statistics. PMLR, 2350–2358.
  12. Adaptive gradient sparsification for efficient federated learning: An online learning approach. In 2020 IEEE 40th international conference on distributed computing systems (ICDCS). IEEE, 300–310.
  13. Federated learning for mobile keyboard prediction. arXiv preprint arXiv:1811.03604 (2018).
  14. Reinforcement Learning as a Catalyst for Robust and Fair Federated Learning: Deciphering the Dynamics of Client Contributions. arXiv preprint arXiv:2402.05541 (2024).
  15. Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).
  16. Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine 37, 3 (2020), 50–60.
  17. Federated learning for open banking. In Federated learning: privacy and incentive. Springer, 240–254.
  18. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273–1282.
  19. Exploiting unintended feature leakage in collaborative learning. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 691–706.
  20. Optimizing the communication-accuracy trade-off in federated learning with rate-distortion theory. arXiv preprint arXiv:2201.02664 (2022).
  21. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In 2019 IEEE symposium on security and privacy (SP). IEEE, 739–753.
  22. Halsey Lawrence Royden and Patrick Fitzpatrick. 1968. Real analysis. Vol. 2. Macmillan New York.
  23. Tackling the objective inconsistency problem in heterogeneous federated optimization. Advances in neural information processing systems 33 (2020), 7611–7623.
  24. Beyond inferring class representatives: User-level privacy leakage from federated learning. In IEEE INFOCOM 2019-IEEE Conference on Computer Communications. IEEE, 2512–2520.
  25. The value of collaboration in convex machine learning with differential privacy. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 304–317.
  26. Federated machine learning: Concept and applications. ACM Transactions on Intelligent Systems and Technology (TIST) 10, 2 (2019), 1–19.
  27. See through Gradients: Image Batch Recovery via GradInversion. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 16337–16346.
  28. Towards Achieving Near-optimal Utility for Privacy-Preserving Federated Learning via Data Generation and Parameter Distortion. arXiv preprint arXiv:2305.04288 (2023).
  29. A Game-theoretic Framework for Federated Learning. arXiv preprint arXiv:2304.05836 (2023).
  30. Deciphering the Interplay between Local Differential Privacy, Average Bayesian Privacy, and Maximum Bayesian Privacy. arXiv preprint arXiv:2403.16591 (2024).
  31. No free lunch theorem for security and utility in federated learning. arXiv preprint arXiv:2203.05816 (2022).
  32. Probably approximately correct federated learning. arXiv preprint arXiv:2304.04641 (2023).
  33. Trading Off Privacy, Utility, and Efficiency in Federated Learning. ACM Transactions on Intelligent Systems and Technology 14, 6 (2023), 1–32.
  34. A Meta-learning Framework for Tuning Parameters of Protection Mechanisms in Trustworthy Federated Learning. ACM Transactions on Intelligent Systems and Technology (2023).
  35. Theoretically Principled Federated Learning for Balancing Privacy and Utility. arXiv preprint arXiv:2305.15148 (2023).
  36. A Unified Learn-to-Distort-Data Framework for Privacy-Utility Trade-off in Trustworthy Federated Learning. arXiv preprint arXiv:2407.04751 (2024).
  37. Deep leakage from gradients. Advances in Neural Information Processing Systems 32 (2019).

Summary

We haven't generated a summary for this paper yet.

X Twitter Logo Streamline Icon: https://streamlinehq.com