Differential Privacy and Byzantine Resilience in SGD

Guerraoui, Rachid; Gupta, Nirupam; Pinot, Rafaël; Rouault, Sébastien; Stephan, John

doi:10.1145/3465084.3467919

Cited by 17 publications

(5 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This generalization is critical to quantifying the interplay between DP and BR. Importantly, while Guerraoui et al [18] only give elementary analysis explaining the difficulty of the problem, we show that a careful analysis can help combine DP and BR.…”

Section: A Related Workmentioning

confidence: 71%

“…However, previous approaches do not apply to our setting for two main reasons; (1) they do not address the privacy of the dataset against an honest-but-curious server, and (2) their underlying notion of robustness are either weaker than or orthogonal to BR. Furthermore, recent works on the combination of privacy and BR in distributed learning either study a weaker privacy model than DP or provide only elementary analyses [9,18,19,29]. We refer the interested reader to Appendix A for an in depth discussion of prior works.…”

Section: Closely Related Prior Workmentioning

confidence: 99%

“…Recently, Guerraoui et al [18] studied the problem of satisfying both DP and BR in a single-server distributed SGD framework. While they demonstrate the computational hardness of this problem in practice, we go beyond by showing an inherent incompatibility between the supporting theory of (α, f )-BR and the Gaussian mechanism from DP.…”

Section: A Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Combining Differential Privacy and Byzantine Resilience in Distributed SGD

Guerraoui¹,

Gupta²,

Pinot³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Privacy and Byzantine resilience (BR) are two crucial requirements of modern-day distributed machine learning. The two concepts have been extensively studied individually but the question of how to combine them effectively remains unanswered. This paper contributes to addressing this question by studying the extent to which the distributed SGD algorithm, in the standard parameter-server architecture, can learn an accurate model despite (a) a fraction of the workers being malicious (Byzantine), and (b) the other fraction, whilst being honest, providing noisy information to the server to ensure differential privacy (DP). We first observe that the integration of standard practices in DP and BR is not straightforward. In fact, we show that many existing results on the convergence of distributed SGD under Byzantine faults, especially those relying on (α, f )-Byzantine resilience, are rendered invalid when honest workers enforce DP. To circumvent this shortcoming, we revisit the theory of (α, f )-BR to obtain an approximate convergence guarantee. Our analysis provides key insights on how to improve this guarantee through hyperparameter optimization. Essentially, our theoretical and empirical results show that (1) an imprudent combination of standard approaches to DP and BR might be fruitless, but (2) by carefully re-tuning the learning algorithm, we can obtain reasonable learning accuracy while simultaneously guaranteeing DP and BR.

show abstract

Section: A Related Workmentioning

confidence: 71%

Section: Closely Related Prior Workmentioning

confidence: 99%

See 1 more Smart Citation

Combining Differential Privacy and Byzantine Resilience in Distributed SGD

Guerraoui¹,

Gupta²,

Pinot³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…GeoMed [32] updates FL model by selecting gradient based on the geographic median to realize gradient aggregation. Bulyan [33] first implements the Krum-based aggregation and then updates the global model by averaging the gradient closest to the median value. Meanwhile, based on the cosine similarity between the parties' historical gradients, FoolsGold [31] sets the weights of parties to ward off sybils attacks in FL.…”

Section: Byzantine-robust Federated Learningmentioning

confidence: 99%

Privacy-Preserving Byzantine-Resilient Swarm Learning for E-healthcare

Zhu,

Lai

2024

Preprint

View full text Add to dashboard Cite

Automatic medical diagnosis service based on deep learning has been entered in e-healthcare, bringing great convenience to human life. However, due to privacy regulations, insufficient data sharing among medical centers has led to many severe challenges for automated medical diagnostic services including diagnostic accuracy. To solve the problems, swarm learning, a blockchain-based Federated learning (BCFL), has been proposed. Although avoiding single point of failure attacks and offering incentive mechanism, SL still faces privacy breaches and poisoning attacks. In the paper, we propose a new privacy-preserving byzantine-resilient swarm learning (PBSL) that is resistant to poisoning attacks while protecting data privacy. Specifically, we adopt threshold holomorphic encryption to protect data privacy and provide secure aggregation. And the cosine similarity is used to judge the malicious gradient uploaded by malicious medical centers. Through security analysis, PBSL is able to defend against a variety of known security attacks. Finally, PBSL is implemented by uniting deep learning with the blockchain-based smart contract platform.Experiments based on different datasets show that PBSL algorithm is feasible and efficient.

show abstract

“…Only a handful of works addressed the interplay between DP and robustness in distributed ML. It was conjectured that ensuring both these requirements is impractical, in the sense that it would require the batch size to grow with the model dimension [34]. However, the underlying analysis relied upon the criterion of (α, f )-Byzantine resilience [12], which has been recently shown to be a restrictive sufficient condition [42].…”

Section: Prior Workmentioning

confidence: 99%

Distributed Learning with Curious and Adversarial Machines

Allouah¹,

Guerraoui²,

Gupta³

et al. 2023

Preprint

View full text Add to dashboard Cite

The ubiquity of distributed machine learning (ML) in sensitive public domain applications calls for algorithms that protect data privacy, while being robust to faults and adversarial behaviors. Although privacy and robustness have been extensively studied independently in distributed ML, their synthesis remains poorly understood. We present the first tight analysis of the error incurred by any algorithm ensuring robustness against a fraction of adversarial machines, as well as differential privacy (DP) for honest machines' data against any other curious entity. Our analysis exhibits a fundamental trade-off between privacy, robustness, and utility. Surprisingly, we show that the cost of this trade-off is marginal compared to that of the classical privacy-utility trade-off. To prove our lower bound, we consider the case of mean estimation, subject to distributed DP and robustness constraints, and devise reductions to centralized estimation of one-way marginals. We prove our matching upper bound by presenting a new distributed ML algorithm using a high-dimensional robust aggregation rule. The latter amortizes the dependence on the dimension in the error (caused by adversarial workers and DP), while being agnostic to the statistical properties of the data.

show abstract

Differential Privacy and Byzantine Resilience in SGD

Cited by 17 publications

References 34 publications

Combining Differential Privacy and Byzantine Resilience in Distributed SGD

Combining Differential Privacy and Byzantine Resilience in Distributed SGD

Privacy-Preserving Byzantine-Resilient Swarm Learning for E-healthcare

Distributed Learning with Curious and Adversarial Machines

Contact Info

Product

Resources

About