Confidential Federated Computations

TL;DR

This paper presents a new architecture for federated computations that combines trusted execution environments and open-source tools to enhance privacy, security, and verifiability beyond existing methods like differential privacy and secure multiparty computation.

Contribution

It introduces a novel system architecture leveraging TEEs and open-source components to improve privacy guarantees and robustness in federated learning systems.

Findings

Enhanced confidentiality of server-side computations.

Externally verifiable privacy properties.

Improved robustness against malicious actors.

Abstract

Federated Learning and Analytics (FLA) have seen widespread adoption by technology platforms for processing sensitive on-device data. However, basic FLA systems have privacy limitations: they do not necessarily require anonymization mechanisms like differential privacy (DP), and provide limited protections against a potentially malicious service provider. Adding DP to a basic FLA system currently requires either adding excessive noise to each device's updates, or assuming an honest service provider that correctly implements the mechanism and only uses the privatized outputs. Secure multiparty computation (SMPC) -based oblivious aggregations can limit the service provider's access to individual user updates and improve DP tradeoffs, but the tradeoffs are still suboptimal, and they suffer from scalability challenges and susceptibility to Sybil attacks. This paper introduces a novel system architecture that leverages trusted execution environments (TEEs) and open-sourcing to both ensure confidentiality of server-side computations and provide externally verifiable privacy properties, bolstering the robustness and trustworthiness of private federated computations.