Federated learning enables multiple participants to collaboratively train a model without aggregating the training data. Although the training data are kept within each participant and the local gradients can be securely synthesized, recent studies have shown that such privacy protection is insufficient. The global model parameters that have to be shared for optimization are susceptible to leak information about training data. In this work, we propose Confined Gradient Descent (CGD) that enhances privacy of federated learning by eliminating the sharing of global model parameters. CGD exploits the fact that a gradient descent optimization can start with a set of discrete points and converges to another set at the neighborhood of the global minimum of the objective function. It lets the participants independently train on their local data, and securely share the sum of local gradients to benefit each other. We formally demonstrate CGD's privacy enhancement over traditional FL. We prove that less information is exposed in CGD compared to that of traditional FL. CGD also guarantees desired model accuracy. We theoretically establish a convergence rate for CGD. We prove that the loss of the proprietary models learned for each participant against a model learned by aggregated training data is bounded. Extensive experimental results on two real-world datasets demonstrate the performance of CGD is comparable with the centralized learning, with marginal differences on validation loss (mostly within 0.05) and accuracy (mostly within 1%).

翻译：联邦学习使多个参与者能够在不汇总培训数据的情况下合作培训模式。虽然培训数据保存在每位参与者内部,当地梯度可以安全地合成,但最近的研究表明,这种隐私保护是不够的。为了优化而共享的全球模型参数很容易泄露培训数据的信息。我们在此工作中提议,封闭式渐离层(CGD)通过消除共享全球模型参数来增加联盟学习的隐私。CGD利用了一个事实,即梯度下降优化可以从一组离散点开始,并汇集到全球最低目标功能附近的另一组。它让参与者独立地培训自己的本地数据,并安全地分享本地梯度的总和,以相互受益。我们正式展示CGD对传统FL的隐私增强。我们证明,与传统的FL. CGD还保证了理想的模型准确性。我们理论上为CGD确定了一种趋同率。我们证明,每个参与者学习的专有型模型相对于通过汇总培训数据获得的模型的损失,其地方梯度总和最接近的CRBY数据,其总体实验结果与最接近的CRBD的精确性。