Learning from data owned by several parties, as in federated learning, raises challenges regarding the privacy guarantees provided to participants and the correctness of the computation in the presence of malicious parties. We tackle these challenges in the context of distributed averaging, an essential building block of federated learning algorithms. Our first contribution is a scalable protocol in which participants exchange correlated Gaussian noise along the edges of a network graph, complemented by independent noise added by each party. We analyze the differential privacy guarantees of our protocol and the impact of the graph topology under colluding malicious parties, showing that we can nearly match the utility of the trusted curator model even when each honest party communicates with only a logarithmic number of other parties chosen at random. This is in contrast with protocols in the local model of privacy (with lower utility) or based on secure aggregation (where all pairs of users need to exchange messages). Our second contribution enables users to prove the correctness of their computations without compromising the efficiency and privacy guarantees of the protocol. Our verification protocol relies on standard cryptographic primitives like commitment schemes and zero knowledge proofs.
翻译:从若干当事方拥有的数据中学习,如联谊学习,在向参与者提供的隐私保障和恶意各方在场的情况下计算正确性方面提出了挑战。我们是在平均分布的背景下应对这些挑战的,这是联合学习算法的一个基本组成部分。我们的第一个贡献是可扩展的协议,参与者在网络图边缘上交换高斯语相关噪音,由各方添加的独立噪音加以补充。我们分析了协议的不同隐私保障,以及在恶意各方串通下图形表层学的影响,表明即使每个诚实的政党仅与随机选择的其他政党的对数进行对数通信,我们也几乎可以匹配可信赖的馆长模型的效用。这与当地隐私模式中的协议(使用率较低)或基于安全汇总(所有用户都需要交换信息)的协议不同。我们的第二个贡献使用户能够证明其计算正确性,而不损害协议的效率和隐私保障。我们的核查协议依赖于标准的加密原始程序,如承诺计划和零知识证明。