Vertical Federated Learning (VFL) enables collaborative model training across feature-partitioned devices, yet its reliance on device-server information exchange introduces significant communication overhead and privacy risks. Downlink communication from the server to devices in VFL exposes gradient-related signals of the global loss that can be leveraged in inference attacks. Existing privacy-preserving VFL approaches that inject differential privacy (DP) noise on the downlink have the natural repercussion of degraded gradient quality, slowed convergence, and excessive communication rounds. In this work, we propose DPZV, a communication-efficient and differentially private ZO-VFL framework with tunable privacy guarantees. Based on zeroth-order (ZO) optimization, DPZV injects calibrated scalar-valued DP noise on the downlink, significantly reducing variance amplification while providing equivalent protection against targeted inference attacks. Through rigorous theoretical analysis, we establish convergence guarantees comparable to first-order DP-SGD, despite relying solely on ZO estimators, and prove that DPZV satisfies $(ε, δ)$-DP. Extensive experiments demonstrate that DPZV consistently achieves a superior privacy-utility tradeoff and requires fewer communication rounds than existing DP-VFL baselines under strict privacy constraints ($ε\leq 10$).
翻译:垂直联邦学习(VFL)支持在特征划分的设备间进行协同模型训练,但其对设备与服务器间信息交换的依赖引入了显著的通信开销和隐私风险。VFL中从服务器到设备的下行链路通信会暴露全局损失的梯度相关信号,这些信号可被用于推断攻击。现有的隐私保护VFL方法在下行链路注入差分隐私(DP)噪声,其自然后果是梯度质量下降、收敛速度减慢以及通信轮次过多。本文提出DPZV,一种具有可调隐私保证的通信高效且差分隐私的零阶VFL框架。基于零阶(ZO)优化,DPZV在下行链路注入经校准的标量值DP噪声,在显著降低方差放大的同时,提供针对目标推断攻击的等效保护。通过严格的理论分析,我们建立了与一阶DP-SGD相当的收敛保证(尽管仅依赖ZO估计器),并证明DPZV满足$(ε, δ)$-DP。大量实验表明,在严格的隐私约束下($ε\leq 10$),DPZV始终能实现更优的隐私-效用权衡,且比现有DP-VFL基线方法需要更少的通信轮次。
相关内容
微信扫码咨询专知VIP会员