bigdaronlee163
commented
2 years ago I have a question. Why CDP instead of LDP? Isn't this where noise is added before sending weights to the server?
Closed bigdaronlee163 closed 2 years ago
bigdaronlee163
commented
2 years ago I have a question. Why CDP instead of LDP? Isn't this where noise is added before sending weights to the server?
Yangfan-Jiang
commented
2 years ago Hi, I'm not sure what you mean by LDP/CDP in the FL setting. In this repository, we mainly focus on record-level DP, which, by definition, aims to hide the information of whether a data record (membership) participants in the model training.
Here we consider record-level DP for all FL parties and add DP noise before sending the model to the server to prevent a malicious server from conducting membership inference attack to FL parties.
A much stronger privacy guarantee can be provided by client-level DP [1], [2], which can hide the information of whether a certain party participant in the FL training.
[1] Robin C Geyer, Tassilo Klein, and Moin Nabi. 2017. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 (2017) [2] H Brendan McMahan, Daniel Ramage, Kunal Talwar, and Li Zhang. 2018. Learning Differentially Private Recurrent Language Models. In International Conference on Learning Representations
bigdaronlee163
commented
2 years ago I recently got the mathematical definition of differential privacy, but why do we need max_norm * sigma_g and max_norm when making Gaussian noise?
Yangfan-Jiang
commented
2 years ago Please refer to the following papers https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf https://arxiv.org/pdf/1607.00133.pdf
Hi, the code implementation is based on FedAvg algorithm [1] and moments accountant [2].
This repository is not a reproduction of any paper.
[1] McMahan, Brendan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. Communication-Efficient Learning of Deep Networks from Decentralized Data. In Proc. Artificial Intelligence and Statistics (AISTATS), 2017.
[2] Abadi, Martin, et al. Deep learning with differential privacy. Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 2016.