We introduce a deep learning framework able to deal with strong privacy constraints. Based on collaborative learning, differential privacy and homomorphic encryption, the proposed approach advances state-of-the-art of private deep learning against a wider range of threats, in particular the honest-but-curious server assumption. We address threats from both the aggregation server, the global model and potentially colluding data holders. Building upon distributed differential privacy and a homomorphic argmax operator, our method is specifically designed to maintain low communication loads and efficiency. The proposed method is supported by carefully crafted theoretical results. We provide differential privacy guarantees from the point of view of any entity having access to the final model, including colluding data holders, as a function of the ratio of data holders who kept their noise secret. This makes our method practical to real-life scenarios where data holders do not trust any third party to process their datasets nor the other data holders. Crucially the computational burden of the approach is maintained reasonable, and, to the best of our knowledge, our framework is the first one to be efficient enough to investigate deep learning applications while addressing such a large scope of threats. To assess the practical usability of our framework, experiments have been carried out on image datasets in a classification context. We present numerical results that show that the learning procedure is both accurate and private.
翻译:我们引入了能够应对强烈隐私限制的深层次学习框架。基于合作学习、差异隐私和同质加密,拟议方法推进了私人深层学习的先进水平,以应对更广泛的威胁,特别是诚实但令人怀疑的服务器假设。我们处理来自聚合服务器、全球模型和潜在串通数据持有者的威胁。我们的方法建立在分布式的有差异的隐私和一个有差异的拉力操作者的基础上,专门设计了保持低通信负荷和效率的方法。拟议方法得到了精心设计的理论结果的支持。我们从任何实体进入最终模型的角度提供了差异隐私保障,包括串通数据持有者,这是数据持有者保守其噪音秘密的比例的函数。这使得我们的方法对现实生活情景具有实用性,即数据持有者不信任任何第三方处理其数据集或其他数据持有者。非常关键的是,该方法的计算负担得到了合理的维持,而且根据我们的知识,我们的框架是第一个足够高效地调查深层学习应用程序,同时处理如此庞大的保密数据持有者。我们所了解的虚拟图像的学习过程是真实性。我们所了解的数字化框架。