FedPerm: Private and Robust Federated Learning by Parameter Permutation

TL;DR

FedPerm introduces a novel federated learning approach that combines parameter permutation and cryptographic techniques to enhance data privacy and robustness against poisoning attacks, while maintaining model utility.

Contribution

The paper proposes FedPerm, a new FL algorithm that integrates parameter permutation and PIR-based cryptography to simultaneously improve privacy and defend against adversarial model updates.

Findings

FedPerm outperforms existing DP solutions in privacy and robustness.

Parameter permutation effectively amplifies data privacy.

Hyperparameters allow balancing computation overhead and model utility.

Abstract

Federated Learning (FL) is a distributed learning paradigm that enables mutually untrusting clients to collaboratively train a common machine learning model. Client data privacy is paramount in FL. At the same time, the model must be protected from poisoning attacks from adversarial clients. Existing solutions address these two problems in isolation. We present FedPerm, a new FL algorithm that addresses both these problems by combining a novel intra-model parameter shuffling technique that amplifies data privacy, with Private Information Retrieval (PIR) based techniques that permit cryptographic aggregation of clients' model updates. The combination of these techniques further helps the federation server constrain parameter updates from clients so as to curtail effects of model poisoning attacks by adversarial clients. We further present FedPerm's unique hyperparameters that can be used effectively to trade off computation overheads with model utility. Our empirical evaluation on the MNIST dataset demonstrates FedPerm's effectiveness over existing Differential Privacy (DP) enforcement solutions in FL.