Computing the noisy sum of real-valued vectors is an important primitive in differentially private learning and statistics. In private federated learning applications, these vectors are held by client devices, leading to a distributed summation problem. Standard Secure Multiparty Computation (SMC) protocols for this problem are susceptible to poisoning attacks, where a client may have a large influence on the sum, without being detected. In this work, we propose a poisoning-robust private summation protocol in the multiple-server setting, recently studied in PRIO. We present a protocol for vector summation that verifies that the Euclidean norm of each contribution is approximately bounded. We show that by relaxing the security constraint in SMC to a differential privacy like guarantee, one can improve over PRIO in terms of communication requirements as well as the client-side computation. Unlike SMC algorithms that inevitably cast integers to elements of a large finite field, our algorithms work over integers/reals, which may allow for additional efficiencies.
翻译:计算实际价值矢量的杂音总和是私人差别化学习和统计的一个重要原始数据。 在私人联合学习应用程序中,这些矢量由客户设备控制,导致分布式比较问题。 标准安全多方计算(SMC)协议容易中毒袭击, 客户在未经检测的情况下可能对数量产生很大影响。 在这项工作中, 我们提议在多个服务器设置中使用一种中毒- 紫外线私人比较协议, 最近在PRIO中研究过。 我们提出了一个矢量比较协议, 以证实每个贡献的 Euclide 规范几乎是受约束的。 我们显示, 通过放松SMC 中的安全限制以区别隐私( 如保证 ), 在通信要求和客户方计算上可以超越 PRIO 。 与 SMC 算法不同, 我们的算法必然会给大有限域的元素带来整数, 我们的算法工作超过整数/真实性, 从而可以增加效率 。
相关内容
微信扫码咨询专知VIP会员