ModShift: Model Privacy via Designed Shifts
Nomaan A. Kherani, Urbashi Mitra
TL;DR
This paper introduces ModShift, a privacy-preserving method in federated learning that uses designed shifts to hinder eavesdroppers from accurately estimating model updates, while maintaining model accuracy and efficiency.
Contribution
The paper proposes a novel shift-based privacy mechanism for federated learning that enhances privacy against eavesdroppers without significant bandwidth overhead.
Findings
Achieves higher model shift compared to noise injection methods.
Maintains model accuracy while improving privacy.
Requires less bandwidth secret channel.
Abstract
In this paper, shifts are introduced to preserve model privacy against an eavesdropper in federated learning. Model learning is treated as a parameter estimation problem. This perspective allows us to derive the Fisher Information matrix of the model updates from the shifted updates and drive them to singularity, thus posing a hard estimation problem for Eve. The shifts are securely shared with the central server to maintain model accuracy at the server and participating devices. A convergence test is proposed to detect if model updates have been tampered with and we show that our scheme passes this test. Numerical results show that our scheme achieves a higher model shift when compared to a noise injection scheme while requiring a lesser bandwidth secret channel.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.