Federated learning enables isolated clients to train a shared model collaboratively by aggregating the locally-computed gradient updates. However, privacy information could be leaked from uploaded gradients and be exposed to malicious attackers or an honest-but-curious server. Although the additive homomorphic encryption technique guarantees the security of this process, it brings unacceptable computation and communication burdens to FL participants. To mitigate this cost of secure aggregation and maintain the learning performance, we propose a new framework called Encoded Gradient Aggregation (\emph{EGA}). In detail, EGA first encodes local gradient updates into an encoded domain with injected noises in each client before the aggregation in the server. Then, the encoded gradients aggregation results can be recovered for the global model update via a decoding function. This scheme could prevent the raw gradients of a single client from exposing on the internet and keep them unknown to the server. EGA could provide optimization and communication benefits under different noise levels and defend against gradient leakage. We further provide a theoretical analysis of the approximation error and its impacts on federated optimization. Moreover, EGA is compatible with the most federated optimization algorithms. We conduct intensive experiments to evaluate EGA in real-world federated settings, and the results have demonstrated its efficacy.
翻译:联邦学习使孤立的客户能够通过将本地计算梯度更新汇总起来,共同培训一个共享模型。然而,隐私信息可能会从上传梯度中泄漏出来,并暴露于恶意攻击者或诚实但充满怀疑的服务器。虽然添加的同质加密技术保证了这一过程的安全性,但它给FL参与者带来了不可接受的计算和通信负担。为了降低安全聚合的成本并保持学习绩效,我们提议一个新的框架,名为“编码渐进聚合”(emph{EGA}) 。详细而言,EGA首先将本地梯度更新编码成编码域,在服务器汇总前每个客户都注入噪音。然后,编码梯度汇总结果可以通过解码功能为全球模型更新回收。这个办法可以防止单个客户在互联网上曝光的原始梯度,并让它们不为服务器所知。EGA可以在不同的噪音水平下提供优化和通信效益的好处,并保护梯度泄漏。我们进一步从理论角度分析近似错误及其对联邦化优化的影响。此外,EGAGA在最密集的EGA级测试中演示了EGA。</s>