Differential Secrecy for Distributed Data and Applications to Robust Differentially Secure Vector Summation
This addresses the need for secure and efficient data aggregation in distributed settings like federated learning, though it is incremental by building on existing multiple-server frameworks.
The paper tackles the problem of robust and private vector summation in federated learning, where standard secure multiparty computation is vulnerable to poisoning attacks, by proposing a protocol that verifies contribution bounds and relaxes security to a differential privacy-like guarantee, achieving improvements in communication and client-side computation over prior work like PRIO.
Computing the noisy sum of real-valued vectors is an important primitive in differentially private learning and statistics. In private federated learning applications, these vectors are held by client devices, leading to a distributed summation problem. Standard Secure Multiparty Computation (SMC) protocols for this problem are susceptible to poisoning attacks, where a client may have a large influence on the sum, without being detected. In this work, we propose a poisoning-robust private summation protocol in the multiple-server setting, recently studied in PRIO. We present a protocol for vector summation that verifies that the Euclidean norm of each contribution is approximately bounded. We show that by relaxing the security constraint in SMC to a differential privacy like guarantee, one can improve over PRIO in terms of communication requirements as well as the client-side computation. Unlike SMC algorithms that inevitably cast integers to elements of a large finite field, our algorithms work over integers/reals, which may allow for additional efficiencies.