Federated learning (FL) enables collaborative model training through model parameter exchanges instead of raw data. To avoid potential inference attacks from exchanged parameters, differential privacy (DP) offers rigorous guarantee against various attacks. However, conventional methods of ensuring DP by adding local noise alone often result in low training accuracy. Combining secure multi-party computation (SMPC) with DP, while improving the accuracy, incurs high communication and computation overheads and straggler vulnerability, in either client-to-server or client-to-client links. In this paper, we propose LightDP-FL, a novel lightweight scheme that ensures provable DP against untrusted peers and server, while maintaining straggler-resilience, low overheads and high training accuracy. Our approach incorporates both individual and pairwise noise into each client's parameter, which can be implemented with minimal overheads. Given the uncertain straggler and colluder sets, we utilize the upper bound on the numbers of stragglers and colluders to prove sufficient noise variance conditions to ensure DP in the worst case. Moreover, we optimize the expected convergence bound to ensure accuracy performance by flexibly controlling the noise variances. Using the CIFAR-10 dataset, our experimental results demonstrate that LightDP-FL achieves faster convergence and stronger straggler resilience of our scheme compared to baseline methods of the same DP level.
翻译:联邦学习(FL)通过交换模型参数而非原始数据实现协同模型训练。为避免交换参数可能引发的推断攻击,差分隐私(DP)提供了针对各类攻击的严格保障。然而,传统仅通过添加局部噪声来确保DP的方法通常导致训练精度低下。将安全多方计算(SMPC)与DP结合虽能提升精度,却会在客户端-服务器或客户端-客户端链路上产生高通信与计算开销,并存在慢节点脆弱性问题。本文提出LightDP-FL——一种新型轻量级方案,在保持慢节点鲁棒性、低开销与高训练精度的同时,确保针对不可信对等节点和服务器的可证明DP。我们的方法将个体噪声与成对噪声同时融入各客户端参数,能以最小开销实现。针对不确定的慢节点与共谋者集合,我们利用慢节点和共谋者数量的上界,证明了在最坏情况下确保DP的充分噪声方差条件。此外,通过灵活控制噪声方差,我们优化了期望收敛界以保证精度性能。基于CIFAR-10数据集的实验结果表明,在相同DP级别下,LightDP-FL相比基线方法实现了更快的收敛速度与更强的慢节点鲁棒性。