The popularity of federated learning comes from the possibility of better scalability and the ability for participants to keep control of their data, improving data security and sovereignty. Unfortunately, sharing model updates also creates a new privacy attack surface. In this work, we characterize the privacy guarantees of decentralized learning with random walk algorithms, where a model is updated by traveling from one node to another along the edges of a communication graph. Using a recent variant of differential privacy tailored to the study of decentralized algorithms, namely Pairwise Network Differential Privacy, we derive closed-form expressions for the privacy loss between each pair of nodes where the impact of the communication topology is captured by graph theoretic quantities. Our results further reveal that random walk algorithms tends to yield better privacy guarantees than gossip algorithms for nodes close from each other. We supplement our theoretical results with empirical evaluation on synthetic and real-world graphs and datasets.

翻译：联邦学习的流行源于其更好的可扩展性以及参与者能够保持对其数据的控制，从而提升数据安全性和主权性。然而，共享模型更新也带来了新的隐私攻击面。本文刻画了采用随机游走算法的分散式学习的隐私保证，其中模型通过沿通信图的边从一个节点移动至另一节点进行更新。利用一种近期针对分散式算法设计的差分隐私变体——即成对网络差分隐私，我们推导出每对节点间隐私损失的闭式表达式，其中通信拓扑的影响由图论量捕捉。我们的结果进一步揭示，对于距离较近的节点，随机游走算法往往比八卦算法提供更好的隐私保证。我们通过合成图和真实图及数据集上的实证评估补充了理论结果。