A Hybrid Approach to Privacy-Preserving Federated Learning

TL;DR

This paper introduces a scalable hybrid federated learning system combining differential privacy and secure multiparty computation to enhance privacy protection without sacrificing model accuracy, validated across multiple algorithms.

Contribution

We propose a novel hybrid approach that integrates differential privacy with secure multiparty computation to improve privacy and scalability in federated learning.

Findings

Outperforms existing solutions in privacy protection and accuracy

Scalable to many parties with minimal noise growth

Effective across multiple machine learning algorithms

Abstract

Federated learning facilitates the collaborative training of models without the sharing of raw data. However, recent attacks demonstrate that simply maintaining data locality during training processes does not provide sufficient privacy guarantees. Rather, we need a federated learning system capable of preventing inference over both the messages exchanged during training and the final trained model while ensuring the resulting model also has acceptable predictive accuracy. Existing federated learning approaches either use secure multiparty computation (SMC) which is vulnerable to inference or differential privacy which can lead to low accuracy given a large number of parties with relatively small amounts of data each. In this paper, we present an alternative approach that utilizes both differential privacy and SMC to balance these trade-offs. Combining differential privacy with secure multiparty computation enables us to reduce the growth of noise injection as the number of parties increases without sacrificing privacy while maintaining a pre-defined rate of trust. Our system is therefore a scalable approach that protects against inference threats and produces models with high accuracy. Additionally, our system can be used to train a variety of machine learning models, which we validate with experimental results on 3 different machine learning algorithms. Our experiments demonstrate that our approach out-performs state of the art solutions.