Enhancing Security Using Random Binary Weights in Privacy-Preserving Federated Learning

TL;DR

This paper introduces a new federated learning approach that uses random binary weights to enhance security against data inference attacks without sacrificing model accuracy.

Contribution

It proposes a novel method employing binary random weights in federated learning to improve privacy protection while maintaining model performance.

Findings

Effective resistance to APRIL attack demonstrated

Model performance comparable to standard federated learning

Enhanced privacy protection without accuracy loss

Abstract

In this paper, we propose a novel method for enhancing security in privacy-preserving federated learning using the Vision Transformer. In federated learning, learning is performed by collecting updated information without collecting raw data from each client. However, the problem is that this raw data may be inferred from the updated information. Conventional data-guessing countermeasures (security enhancement methods) for addressing this issue have a trade-off relationship between privacy protection strength and learning efficiency, and they generally degrade model performance. In this paper, we propose a novel method of federated learning that does not degrade model performance and that is robust against data-guessing attacks on updated information. In the proposed method, each client independently prepares a sequence of binary (0 or 1) random numbers, multiplies it by the updated information, and sends it to a server for model learning. In experiments, the effectiveness of the proposed method is confirmed in terms of model performance and resistance to the APRIL (Attention PRIvacy Leakage) restoration attack.