Paper 2024/671
Exploiting Internal Randomness for Privacy in Vertical Federated Learning
Abstract
Vertical Federated Learning (VFL) is becoming a standard collaborative learning paradigm with various practical applications. Randomness is essential to enhancing privacy in VFL, but introducing too much external randomness often leads to an intolerable performance loss. Instead, as it was demonstrated for other federated learning settings, leveraging internal randomness —as provided by variational autoencoders (VAEs) —can be beneficial. However, the resulting privacy has never been quantified so far nor has the approach been investigated for VFL. We therefore propose a novel differential privacy estimate, denoted as distance-based empirical local differential privacy (dELDP). It allows to empirically bound DP parameters of concrete components, quantifying the internal randomness with appropriate distance and sensitivity metrics. We apply dELDP to investigate the DP of VAEs and observe values up to ε ≈ 6.4 and δ = 2−32. Moreover, to link the dELDP parameters to the privacy of full VAE-including VFL systems in practice, we conduct comprehensive experiments on the robustness against state-of-the-art privacy attacks. The results illustrate that the VAE system is effective against feature reconstruction attacks and outperforms other privacy-enhancing methods for VFL, especially when the adversary holds 75% of features in label inference attack.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint.
- Keywords
- privacyVFLdistance-based empirical DPVAE
- Contact author(s)
-
yulian sun @ edu ruhr-uni-bochum de
liduan @ mail upb de
ricardo mendes1 @ huawei com
derui zhu @ tum de
yue1 xia @ tum de
yong li1 @ huawei com
asja fischer @ rub com - History
- 2024-05-03: approved
- 2024-05-02: received
- See all versions
- Short URL
- https://ia.cr/2024/671
- License
-
CC BY-NC
BibTeX
@misc{cryptoeprint:2024/671, author = {Yulian Sun and Li Duan and Ricardo Mendes and Derui Zhu and Yue Xia and Yong Li and Asja Fischer}, title = {Exploiting Internal Randomness for Privacy in Vertical Federated Learning}, howpublished = {Cryptology ePrint Archive, Paper 2024/671}, year = {2024}, note = {\url{https://eprint.iacr.org/2024/671}}, url = {https://eprint.iacr.org/2024/671} }