Deciphering the Interplay between Attack and Protection Complexity in Privacy-Preserving Federated Learning

TL;DR

This paper develops a theoretical framework to analyze the complex trade-offs between attack and protection efforts in privacy-preserving federated learning, providing bounds and insights for enhancing system security.

Contribution

It introduces formal definitions and tight bounds for attack and protection complexities, advancing understanding of privacy-utility-security trade-offs in federated learning.

Findings

Protection complexity scales with model size and privacy budget.

Attack complexity depends on privacy leakage and gradient distortion.

The framework quantifies fundamental privacy-utility-security trade-offs.

Abstract

Federated learning (FL) offers a promising paradigm for collaborative model training while preserving data privacy. However, its susceptibility to gradient inversion attacks poses a significant challenge, necessitating robust privacy protection mechanisms. This paper introduces a novel theoretical framework to decipher the intricate interplay between attack and protection complexities in privacy-preserving FL. We formally define "Attack Complexity" as the minimum computational and data resources an adversary requires to reconstruct private data below a given error threshold, and "Protection Complexity" as the expected distortion introduced by privacy mechanisms. Leveraging Maximum Bayesian Privacy (MBP), we derive tight theoretical bounds for protection complexity, demonstrating its scaling with model dimensionality and privacy budget. Furthermore, we establish comprehensive bounds for attack complexity, revealing its dependence on privacy leakage, gradient distortion, model dimension, and the chosen privacy level. Our findings quantitatively illuminate the fundamental trade-offs between privacy guarantees, system utility, and the effort required for both attacking and defending. This framework provides critical insights for designing more secure and efficient federated learning systems.