Noiseless Privacy-Preserving Decentralized Learning
This addresses privacy risks for users in decentralized learning systems, offering a novel defense that enhances security without sacrificing utility, though it is an incremental improvement over existing methods.
The paper tackles the problem of privacy leakage in decentralized learning, where shared models can reveal training data, by introducing Shatter, a method that uses virtual nodes to disseminate model chunks, which renders three standard privacy attacks infeasible with 16 virtual nodes per node and improves model utility compared to standard decentralized learning.
Decentralized learning (DL) enables collaborative learning without a server and without training data leaving the users' devices. However, the models shared in DL can still be used to infer training data. Conventional defenses such as differential privacy and secure aggregation fall short in effectively safeguarding user privacy in DL, either sacrificing model utility or efficiency. We introduce Shatter, a novel DL approach in which nodes create virtual nodes (VNs) to disseminate chunks of their full model on their behalf. This enhances privacy by (i) preventing attackers from collecting full models from other nodes, and (ii) hiding the identity of the original node that produced a given model chunk. We theoretically prove the convergence of Shatter and provide a formal analysis demonstrating how Shatter reduces the efficacy of attacks compared to when exchanging full models between nodes. We evaluate the convergence and attack resilience of Shatter with existing DL algorithms, with heterogeneous datasets, and against three standard privacy attacks. Our evaluation shows that Shatter not only renders these privacy attacks infeasible when each node operates 16 VNs but also exhibits a positive impact on model utility compared to standard DL. In summary, Shatter enhances the privacy of DL while maintaining the utility and efficiency of the model.