ModShift: Model Privacy via Designed Shifts
It addresses privacy risks for participants in federated learning systems, though it appears incremental as it builds on existing methods like noise injection.
The paper tackles model privacy in federated learning by introducing designed shifts to protect against eavesdroppers, achieving a higher model shift and requiring less bandwidth compared to noise injection schemes.
In this paper, shifts are introduced to preserve model privacy against an eavesdropper in federated learning. Model learning is treated as a parameter estimation problem. This perspective allows us to derive the Fisher Information matrix of the model updates from the shifted updates and drive them to singularity, thus posing a hard estimation problem for Eve. The shifts are securely shared with the central server to maintain model accuracy at the server and participating devices. A convergence test is proposed to detect if model updates have been tampered with and we show that our scheme passes this test. Numerical results show that our scheme achieves a higher model shift when compared to a noise injection scheme while requiring a lesser bandwidth secret channel.