Privacy-Preserving Federated Learning via Homomorphic Adversarial Networks
Wenhan Dong, Chao Lin, Xinlei He, Shengmin Xu, Xinyi Huang
TL;DR
This paper introduces Homomorphic Adversarial Networks (HANs), a neural network-based protocol for privacy-preserving federated learning that maintains high accuracy and significantly improves encryption efficiency.
Contribution
The paper presents the first neural network-based protocol for PPFL using HANs and an Aggregatable Hybrid Encryption scheme, addressing key sharing and collaboration issues.
Findings
HANs are robust against privacy attacks.
Negligible accuracy loss (up to 1.35%) compared to non-private FL.
HANs increase encryption speed by 6,075 times over traditional schemes.
Abstract
Privacy-preserving federated learning (PPFL) aims to train a global model for multiple clients while maintaining their data privacy. However, current PPFL protocols exhibit one or more of the following insufficiencies: considerable degradation in accuracy, the requirement for sharing keys, and cooperation during the key generation or decryption processes. As a mitigation, we develop the first protocol that utilizes neural networks to implement PPFL, as well as incorporating an Aggregatable Hybrid Encryption scheme tailored to the needs of PPFL. We name these networks as Homomorphic Adversarial Networks (HANs) which demonstrate that neural networks are capable of performing tasks similar to multi-key homomorphic encryption (MK-HE) while solving the problems of key distribution and collaborative decryption. Our experiments show that HANs are robust against privacy attacks. Compared with…
Peer Reviews
Decision·Submitted to ICLR 2025
1. The article provides a wealth of formal definitions. 2. A novel concept has been proposed.
1. It is difficult to quickly determine the details of the design AHE scheme, as the related definitions and statements are overly redundant. 2. The experimental analysis provided seems insufficient.
Using neural network methods to implement MK-HE is a very interesting direction. The use of hybrid encryption can fully leverage the advantages of both symmetric and asymmetric encryption.
1. There is a lack of understanding of related work. Methods based on secret sharing inherently have strong resistance to collusion attacks, as demonstrated in works such as (Bell J, Gascón A, Lepoint T, et al. {ACORN}: input validation for secure aggregation[C]//32nd USENIX Security Symposium (USENIX Security 23). 2023: 4805-4822. Bonawitz K, Ivanov V, Kreuter B, et al. Practical secure aggregation for privacy-preserving machine learning[C]//Proceedings of the 2017 ACM SIGSAC Conference on Comp
- **Originality**: The paper introduces an innovative privacy-preserving federated learning method that combines homomorphic encryption with neural networks, enhancing the security and usability of the model. - **Effectiveness**: The research demonstrates the effectiveness of enhancing data privacy through adversarial training, increasing the model's robustness against complex attack scenarios. - **Clarity**: The article provides a detailed description of the transformation from the original mod
- **Accuracy**: Since the model is involved in the encryption and decryption process, it cannot guarantee that the parameters obtained by the decryptor are completely correct, only ensuring accuracy within a certain error rate, which is inconsistent with traditional homomorphic encryption standards. - **Insufficient Proof**: Despite the model's difficulty to be breached due to its black-box nature, there is a lack of rigorous formal proof to support its security claims. - **Incomplete Documentat
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Stochastic Gradient Optimization Techniques · Cryptography and Data Security
MethodsSPEED: Separable Pyramidal Pooling EncodEr-Decoder for Real-Time Monocular Depth Estimation on Low-Resource Settings