Secure aggregation is a critical component in federated learning (FL), which enables the server to learn the aggregate model of the users without observing their local models. Conventionally, secure aggregation algorithms focus only on ensuring the privacy of individual users in a single training round. We contend that such designs can lead to significant privacy leakages over multiple training rounds, due to partial user selection/participation at each round of FL. In fact, we show that the conventional random user selection strategies in FL lead to leaking users' individual models within number of rounds that is linear in the number of users. To address this challenge, we introduce a secure aggregation framework, Multi-RoundSecAgg, with multi-round privacy guarantees. In particular, we introduce a new metric to quantify the privacy guarantees of FL over multiple training rounds, and develop a structured user selection strategy that guarantees the long-term privacy of each user (over any number of training rounds). Our framework also carefully accounts for the fairness and the average number of participating users at each round. Our experiments on MNIST and CIFAR-10 datasets in the IID and the non-IID settings demonstrate the performance improvement over the baselines, both in terms of privacy protection and test accuracy.

翻译：安全聚合是联邦学习中的关键组件，它使服务器能够在不观察用户本地模型的情况下学习用户的聚合模型。传统上，安全聚合算法仅关注在单轮训练中保护个体用户的隐私。但我们认为，由于联邦学习每轮存在部分用户被选中或参与的情况，这种设计在多个训练轮次中可能导致严重的隐私泄露。事实上，我们证明联邦学习中的传统随机用户选择策略会导致用户个体模型在轮次数量与用户数量呈线性关系时泄露。为解决这一挑战，我们提出了一个具有多轮隐私保障的安全聚合框架——Multi-RoundSecAgg。具体而言，我们引入了一种新的度量标准来量化联邦学习在多轮训练中的隐私保障，并开发了一种结构化的用户选择策略，该策略可确保每个用户的长期隐私（无论训练轮次数量）。我们的框架还仔细考虑了公平性以及每轮参与用户的平均数量。在IID和非IID设置下对MNIST和CIFAR-10数据集进行的实验表明，该方法在隐私保护与测试准确率方面均优于基线。