Decentralized Federated Learning (FL) has attracted significant attention due to its enhanced robustness and scalability compared to its centralized counterpart. It pivots on peer-to-peer communication rather than depending on a central server for model aggregation. While prior research has delved into various factors of decentralized FL such as aggregation methods and privacy-preserving techniques, one crucial aspect affecting privacy is relatively unexplored: the underlying graph topology. In this paper, we fill the gap by deriving a stringent privacy bound for decentralized FL under the condition that the accuracy is not compromised, highlighting the pivotal role of graph topology. Specifically, we demonstrate that the minimum privacy loss at each model aggregation step is dependent on the size of what we term as 'honest components', the maximally connected subgraphs once all untrustworthy participants are excluded from the networks, which is closely tied to network robustness. Our analysis suggests that attack-resilient networks will provide a superior privacy guarantee. We further validate this by studying both Poisson and power law networks, showing that the latter, being less robust against attacks, indeed reveals more privacy. In addition to a theoretical analysis, we consolidate our findings by examining two distinct privacy attacks: membership inference and gradient inversion.

翻译：解耦联邦学习（Decentralized Federated Learning, FL）因其相较于集中式联邦学习具有更强的鲁棒性和可扩展性而备受关注。其核心在于基于点对点通信，而非依赖中央服务器进行模型聚合。尽管已有研究深入探讨了解耦联邦学习的多种因素，如聚合方法和隐私保护技术，但影响隐私的一个关键方面——底层图拓扑——却相对未被探索。本文填补了这一空白，在保证模型精度不受影响的前提下，推导出解耦联邦学习严格的隐私边界，揭示了图拓扑的关键作用。具体而言，我们证明，在每次模型聚合步骤中，最小隐私损失取决于我们称之为“诚实组件”的大小——即从网络中排除所有不可信参与者后形成的最大连通子图，这与网络鲁棒性密切相关。我们的分析表明，具备抗攻击能力的网络能够提供更优的隐私保障。通过对泊松网络和幂律网络的研究，我们进一步验证了这一点，发现后者因抗攻击能力较弱，确实会暴露更多隐私。除理论分析外，我们还通过考察两种典型的隐私攻击——成员推断和梯度反演——来巩固上述发现。