FedPerm: Private and Robust Federated Learning by Parameter Permutation
This work addresses privacy and security issues for mutually untrusting clients in federated learning, though it appears incremental as it builds on existing techniques.
FedPerm tackles the dual challenges of data privacy and model poisoning in federated learning by introducing a parameter shuffling technique combined with Private Information Retrieval, achieving improved effectiveness over existing differential privacy solutions on the MNIST dataset.
Federated Learning (FL) is a distributed learning paradigm that enables mutually untrusting clients to collaboratively train a common machine learning model. Client data privacy is paramount in FL. At the same time, the model must be protected from poisoning attacks from adversarial clients. Existing solutions address these two problems in isolation. We present FedPerm, a new FL algorithm that addresses both these problems by combining a novel intra-model parameter shuffling technique that amplifies data privacy, with Private Information Retrieval (PIR) based techniques that permit cryptographic aggregation of clients' model updates. The combination of these techniques further helps the federation server constrain parameter updates from clients so as to curtail effects of model poisoning attacks by adversarial clients. We further present FedPerm's unique hyperparameters that can be used effectively to trade off computation overheads with model utility. Our empirical evaluation on the MNIST dataset demonstrates FedPerm's effectiveness over existing Differential Privacy (DP) enforcement solutions in FL.