Skellam mixture mechanism-Reference-Cited by-同舟云学术

Skellam mixture mechanism

Published:2022-07 Issue:11 Volume:15 Page:2348-2360
ISSN:2150-8097
Container-title:Proceedings of the VLDB Endowment
language:en
Short-container-title:Proc. VLDB Endow.

Author:

Bao Ergute¹,Zhu Yizheng¹,Xiao Xiaokui¹,Yang Yin²,Ooi Beng Chin¹,Tan Benjamin Hong Meng³,Aung Khin Mi Mi³

Affiliation:

1. National University of Singapore

2. Hamad Bin Khalifa University

3. A*STAR, Singapore

Abstract

Deep neural networks have strong capabilities of memorizing the underlying training data, which can be a serious privacy concern. An effective solution to this problem is to train models with differential privacy ( DP ), which provides rigorous privacy guarantees by injecting random noise to the gradients. This paper focuses on the scenario where sensitive data are distributed among multiple participants, who jointly train a model through federated learning , using both secure multiparty computation ( MPC ) to ensure the confidentiality of each gradient update, and differential privacy to avoid data leakage in the resulting model. A major challenge in this setting is that common mechanisms for enforcing DP in deep learning, which inject real-valued noise , are fundamentally incompatible with MPC, which exchanges finite-field integers among the participants. Consequently, most existing DP mechanisms require rather high noise levels, leading to poor model utility. Motivated by this, we propose Skellam mixture mechanism (SMM), a novel approach to enforcing DP on models built via federated learning. Compared to existing methods, SMM eliminates the assumption that the input gradients must be integer-valued, and, thus, reduces the amount of noise injected to preserve DP. The theoretical analysis of SMM is highly non-trivial, especially considering (i) the complicated math of DP deep learning in general and (ii) the fact that the mixture of two Skellam distributions is rather complex. Extensive experiments on various practical settings demonstrate that SMM consistently and significantly outperforms existing solutions in terms of the utility of the resulting model.

Publisher

Association for Computing Machinery (ACM)

Subject

General Earth and Planetary Sciences,Water Science and Technology,Geography, Planning and Development

Link

https://dl.acm.org/doi/pdf/10.14778/3551793.3551798

Reference53 articles.

1. Martín Abadi Paul Barham Jianmin Chen Zhifeng Chen Andy Davis Jeffrey Dean Matthieu Devin Sanjay Ghemawat Geoffrey Irving Michael Isard Manjunath Kudlur Josh Levenberg Rajat Monga Sherry Moore Derek G. Murray Benoit Steiner Paul Tucker Vijay Vasudevan Pete Warden Martin Wicke Yuan Yu and Xiaoqiang Zheng. 2016. TensorFlow: A System for Large-Scale Machine Learning. In OSDI. 265--283. Martín Abadi Paul Barham Jianmin Chen Zhifeng Chen Andy Davis Jeffrey Dean Matthieu Devin Sanjay Ghemawat Geoffrey Irving Michael Isard Manjunath Kudlur Josh Levenberg Rajat Monga Sherry Moore Derek G. Murray Benoit Steiner Paul Tucker Vijay Vasudevan Pete Warden Martin Wicke Yuan Yu and Xiaoqiang Zheng. 2016. TensorFlow: A System for Large-Scale Machine Learning. In OSDI. 265--283.

2. Martín Abadi Andy Chu Ian J. Goodfellow H. Brendan McMahan Ilya Mironov Kunal Talwar and Li Zhang. 2016. Deep Learning with Differential Privacy. In CCS. 308--318. Martín Abadi Andy Chu Ian J. Goodfellow H. Brendan McMahan Ilya Mironov Kunal Talwar and Li Zhang. 2016. Deep Learning with Differential Privacy. In CCS. 308--318.

3. Naman Agarwal Peter Kairouz and Ziyu Liu. 2021. The Skellam Mechanism for Differentially Private Federated Learning. In NeurIPS. 5052--5064. Naman Agarwal Peter Kairouz and Ziyu Liu. 2021. The Skellam Mechanism for Differentially Private Federated Learning. In NeurIPS. 5052--5064.

4. Naman Agarwal , Ananda Theertha Suresh , Felix Yu, Sanjiv Kumar, and H. Brendan McMahan. 2018 . CpSGD: Communication- Efficient and Differentially-Private Distributed SGD. In NeurIPS. 7575--7586. Naman Agarwal, Ananda Theertha Suresh, Felix Yu, Sanjiv Kumar, and H. Brendan McMahan. 2018. CpSGD: Communication-Efficient and Differentially-Private Distributed SGD. In NeurIPS. 7575--7586.

5. Prabhanjan Ananth , Arka Rai Choudhuri , Aarushi Goel, and Abhishek Jain. 2018 . Round-Optimal Secure Multiparty Computation with Honest Majority. In CRYPTO. 395--424. Prabhanjan Ananth, Arka Rai Choudhuri, Aarushi Goel, and Abhishek Jain. 2018. Round-Optimal Secure Multiparty Computation with Honest Majority. In CRYPTO. 395--424.

Cited by 10 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Survey for Federated Learning Evaluations: Goals and Measures;IEEE Transactions on Knowledge and Data Engineering;2024-10

2. On Data Distribution Leakage in Cross-Silo Federated Learning;IEEE Transactions on Knowledge and Data Engineering;2024-07

3. Secure and Verifiable Data Collaboration with Low-Cost Zero-Knowledge Proofs;Proceedings of the VLDB Endowment;2024-05

4. Differentially Private Federated Learning via Alternating Direction Method of Multipliers;2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS);2023-12-17

5. DProvDB: Differentially Private Query Processing with Multi-Analyst Provenance;Proceedings of the ACM on Management of Data;2023-12-08