Deciphering the Interplay between Attack and Protection Complexity in Privacy-Preserving Federated Learning
This work addresses privacy vulnerabilities in federated learning systems, offering insights for designing more secure and efficient collaborative training, though it is incremental as it builds on existing privacy mechanisms.
The paper tackles the susceptibility of federated learning to gradient inversion attacks by introducing a theoretical framework to analyze the interplay between attack and protection complexities, deriving tight bounds for both and revealing trade-offs between privacy, utility, and effort.
Federated learning (FL) offers a promising paradigm for collaborative model training while preserving data privacy. However, its susceptibility to gradient inversion attacks poses a significant challenge, necessitating robust privacy protection mechanisms. This paper introduces a novel theoretical framework to decipher the intricate interplay between attack and protection complexities in privacy-preserving FL. We formally define "Attack Complexity" as the minimum computational and data resources an adversary requires to reconstruct private data below a given error threshold, and "Protection Complexity" as the expected distortion introduced by privacy mechanisms. Leveraging Maximum Bayesian Privacy (MBP), we derive tight theoretical bounds for protection complexity, demonstrating its scaling with model dimensionality and privacy budget. Furthermore, we establish comprehensive bounds for attack complexity, revealing its dependence on privacy leakage, gradient distortion, model dimension, and the chosen privacy level. Our findings quantitatively illuminate the fundamental trade-offs between privacy guarantees, system utility, and the effort required for both attacking and defending. This framework provides critical insights for designing more secure and efficient federated learning systems.