Encoded Gradients Aggregation against Gradient Leakage in Federated Learning

TL;DR

This paper introduces Encoded Gradient Aggregation (EGA), a privacy-preserving framework for federated learning that encodes gradients with noise to prevent leakage while maintaining efficiency and compatibility with existing algorithms.

Contribution

EGA offers a novel encoding and decoding scheme with noise injection to protect gradients, reducing computation and communication costs compared to encryption-based methods.

Findings

EGA effectively defends against gradient leakage in federated learning.

EGA maintains model performance with optimized noise levels.

Experimental results demonstrate EGA's efficiency and privacy benefits.

Abstract

Federated learning enables isolated clients to train a shared model collaboratively by aggregating the locally-computed gradient updates. However, privacy information could be leaked from uploaded gradients and be exposed to malicious attackers or an honest-but-curious server. Although the additive homomorphic encryption technique guarantees the security of this process, it brings unacceptable computation and communication burdens to FL participants. To mitigate this cost of secure aggregation and maintain the learning performance, we propose a new framework called Encoded Gradient Aggregation (\emph{EGA}). In detail, EGA first encodes local gradient updates into an encoded domain with injected noises in each client before the aggregation in the server. Then, the encoded gradients aggregation results can be recovered for the global model update via a decoding function. This scheme could prevent the raw gradients of a single client from exposing on the internet and keep them unknown to the server. EGA could provide optimization and communication benefits under different noise levels and defend against gradient leakage. We further provide a theoretical analysis of the approximation error and its impacts on federated optimization. Moreover, EGA is compatible with the most federated optimization algorithms. We conduct intensive experiments to evaluate EGA in real-world federated settings, and the results have demonstrated its efficacy.