PAPAYA Federated Analytics Stack: Engineering Privacy, Scalability and Practicality

TL;DR

This paper presents PAPAYA, a federated analytics system that combines privacy, scalability, and practicality by leveraging trusted execution environments and optimized on-device computation to enable large-scale, privacy-preserving data analysis across devices.

Contribution

The paper introduces a novel federated analytics system that overcomes accuracy, flexibility, and scalability limitations of prior systems using TEEs and resource optimization.

Findings

Achieves high privacy standards with minimal data transmission.

Supports large-scale federated data processing across many devices.

Demonstrates improved accuracy and scalability over existing FA systems.

Abstract

Cross-device Federated Analytics (FA) is a distributed computation paradigm designed to answer analytics queries about and derive insights from data held locally on users' devices. On-device computations combined with other privacy and security measures ensure that only minimal data is transmitted off-device, achieving a high standard of data protection. Despite FA's broad relevance, the applicability of existing FA systems is limited by compromised accuracy; lack of flexibility for data analytics; and an inability to scale effectively. In this paper, we describe our approach to combine privacy, scalability, and practicality to build and deploy a system that overcomes these limitations. Our FA system leverages trusted execution environments (TEEs) and optimizes the use of on-device computing resources to facilitate federated data processing across large fleets of devices, while ensuring robust, defensible, and verifiable privacy safeguards. We focus on federated analytics (statistics and monitoring), in contrast to systems for federated learning (ML workloads), and we flag the key differences.