The Distributed Discrete Gaussian Mechanism for Federated Learning with Secure Aggregation
This addresses privacy concerns in federated learning for users with sensitive data, though it appears incremental by building on existing secure aggregation and differential privacy techniques.
The paper tackles the problem of training models on private distributed data by developing a federated learning system with secure aggregation and discrete Gaussian noise, achieving accuracy comparable to central differential privacy with less than 16 bits of precision per value.
We consider training models on private data that are distributed across user devices. To ensure privacy, we add on-device noise and use secure aggregation so that only the noisy sum is revealed to the server. We present a comprehensive end-to-end system, which appropriately discretizes the data and adds discrete Gaussian noise before performing secure aggregation. We provide a novel privacy analysis for sums of discrete Gaussians and carefully analyze the effects of data quantization and modular summation arithmetic. Our theoretical guarantees highlight the complex tension between communication, privacy, and accuracy. Our extensive experimental results demonstrate that our solution is essentially able to match the accuracy to central differential privacy with less than 16 bits of precision per value.