In this work, we carry out the first, in-depth, privacy analysis of Decentralized Learning -- a collaborative machine learning framework aimed at addressing the main limitations of federated learning. We introduce a suite of novel attacks for both passive and active decentralized adversaries. We demonstrate that, contrary to what is claimed by decentralized learning proposers, decentralized learning does not offer any security advantage over federated learning. Rather, it increases the attack surface enabling any user in the system to perform privacy attacks such as gradient inversion, and even gain full control over honest users' local model. We also show that, given the state of the art in protections, privacy-preserving configurations of decentralized learning require fully connected networks, losing any practical advantage over the federated setup and therefore completely defeating the objective of the decentralized approach.

翻译：本文首次深入分析了去中心化学习的隐私安全性——这是一种旨在解决联邦学习主要局限性的协作式机器学习框架。我们针对被动与主动去中心化攻击者提出了一系列新颖攻击手段。研究表明，与去中心化学习倡导者的宣称相反，去中心化学习并未提供任何超越联邦学习的安全优势。相反，它扩大了攻击面，使系统中任何用户都能实施梯度反演等隐私攻击，甚至完全控制诚实用户的本地模型。我们还证明，在当前防护技术条件下，能够保护隐私的去中心化学习配置需要全连接网络，从而丧失任何相对于联邦设置的实际优势，因此完全违背了去中心化方法的设计初衷。