Protecting Data from all Parties: Combining FHE and DP in Federated Learning

Sébert, Arnaud Grivet; Sirdey, Renaud; Stan, Oana; Gouy-Pailler, Cédric

doi:10.48550/arxiv.2205.04330

Cited by 2 publications

(5 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By leveraging the strengths of each technique, it becomes possible to mitigate their respective drawbacks and achieve enhanced privacy protection. HE can amplify the privacy offered by DP to protect the updates from all the parties, as in Sébert et al [74]. While HE protects the intermediate updates from the server, DP also ensures the final model remains secure, preventing adversaries from performing model inversion attacks.…”

Section: Discussion and Learned Lessonsmentioning

confidence: 99%

“…However, this amalgamation is far from straightforward, necessitating a careful equilibrium between computational complexity, model precision, and privacy considerations. As suggested in the work of Sébert et al [74], combining these two techniques has the potential to safeguard raw data across all participants in the FL process, thereby showcasing a direction for future exploration.…”

Section: Discussionmentioning

confidence: 99%

“…Sébert et al in 2022 [74] published a work named "protecting data from all parties" that combines DP and HE in federated learning. In their work, each client applies successive transformations to achieve DP (clipping, noising, and quantization) then encrypt the data using HE before sending them to the server.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Exploring Homomorphic Encryption and Differential Privacy Techniques towards Secure Federated Learning Paradigm

Aziz,

Banerjee,

Bouzefrane

et al. 2023

Future Internet

View full text Add to dashboard Cite

The trend of the next generation of the internet has already been scrutinized by top analytics enterprises. According to Gartner investigations, it is predicted that, by 2024, 75% of the global population will have their personal data covered under privacy regulations. This alarming statistic necessitates the orchestration of several security components to address the enormous challenges posed by federated and distributed learning environments. Federated learning (FL) is a promising technique that allows multiple parties to collaboratively train a model without sharing their data. However, even though FL is seen as a privacy-preserving distributed machine learning method, recent works have demonstrated that FL is vulnerable to some privacy attacks. Homomorphic encryption (HE) and differential privacy (DP) are two promising techniques that can be used to address these privacy concerns. HE allows secure computations on encrypted data, while DP provides strong privacy guarantees by adding noise to the data. This paper first presents consistent attacks on privacy in federated learning and then provides an overview of HE and DP techniques for secure federated learning in next-generation internet applications. It discusses the strengths and weaknesses of these techniques in different settings as described in the literature, with a particular focus on the trade-off between privacy and convergence, as well as the computation overheads involved. The objective of this paper is to analyze the challenges associated with each technique and identify potential opportunities and solutions for designing a more robust, privacy-preserving federated learning framework.

show abstract

Section: Discussion and Learned Lessonsmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Exploring Homomorphic Encryption and Differential Privacy Techniques towards Secure Federated Learning Paradigm

Aziz,

Banerjee,

Bouzefrane

et al. 2023

Future Internet

View full text Add to dashboard Cite

show abstract

“…One technique is differential privacy [14], which adds appropriate noise to shared parameters according to the desired privacy level. For example, [15] added Laplace noise to the gradients and selectively shared the perturbed gradients, [16], [17] presented a client-sided differential privacy federated learning scheme to hide clients' model contributions during training. To protect local models, the added noise to each local model must be big enough, resulting in the aggregate noise corresponding to the aggregate model being too large, which would completely destroy the utility of this model.…”

Section: Related Workmentioning

confidence: 99%

“…No collusion among the server and clients participating in the federated learning protocol was assumed as the keys (sk, pk) necessary for the homomorphic encryption and the signatures are generated by one of the clients and shared among all clients. In the work [17], to deal with the problem of collusion in [29], adding Gaussian noise to the local models before homomorphically encryption was proposed. However, the standard variation of the additive Gaussian noise must be small to not destroy the genuine local models, resulting in the fact that the adding noise protection is not able to provide a high level of differential privacy (ε is not small, i.e., less than 1).…”

Section: Related Workmentioning

confidence: 99%

An Efficient Privacy-Enhancing Cross-Silo Federated Learning and Applications for False Data Injection Attack Detection in Smart Grids

Tran

Yin

et al. 2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Federated Learning is a prominent machine learning paradigm which helps tackle data privacy issues by allowing clients to store their raw data locally and transfer only their local model parameters to an aggregator server to collaboratively train a shared global model. However, federated learning is vulnerable to inference attacks from dishonest aggregators who can infer information about clients' training data from their model parameters. To deal with this issue, most of the proposed schemes in literature either require a non-colluded server setting, a trusted third-party to compute master secret keys or a secure multiparty computation protocol which is still inefficient over multiple iterations of computing an aggregation model. In this work, we propose an efficient cross-silo federated learning scheme with strong privacy preservation. By designing a double-layer encryption scheme which has no requirement to compute discrete logarithm, utilizing secret sharing only at the establishment phase and in the iterations when parties rejoin, and accelerating the computation performance via parallel computing, we achieve an efficient privacy-preserving federated learning protocol, which also allows clients to dropout and rejoin during the training process. The proposed scheme is demonstrated theoretically and empirically to provide provable privacy against an honest-but-curious aggregator server and simultaneously achieve desirable model utilities. The scheme is applied to false data injection attack detection (FDIA) in smart grids. This is a more secure cross-silo FDIA federated learning resilient to the local private data inference attacks than the existing works.

show abstract

Protecting Data from all Parties: Combining FHE and DP in Federated Learning

Cited by 2 publications

References 24 publications

Exploring Homomorphic Encryption and Differential Privacy Techniques towards Secure Federated Learning Paradigm

Exploring Homomorphic Encryption and Differential Privacy Techniques towards Secure Federated Learning Paradigm

An Efficient Privacy-Enhancing Cross-Silo Federated Learning and Applications for False Data Injection Attack Detection in Smart Grids

Contact Info

Product

Resources

About