Paper 2024/671

Exploiting Internal Randomness for Privacy in Vertical Federated Learning

Yulian Sun, Ruhr University Bochum
Li Duan, Paderborn University
Ricardo Mendes, Huawei Technologies Düsseldorf
Derui Zhu, Technical University Munich
Yue Xia, Technical University Munich
Yong Li, Huawei Technologies Düsseldorf
Asja Fischer, Ruhr University Bochum
Abstract

Vertical Federated Learning (VFL) is becoming a standard collaborative learning paradigm with various practical applications. Randomness is essential to enhancing privacy in VFL, but introducing too much external randomness often leads to an intolerable performance loss. Instead, as it was demonstrated for other federated learning settings, leveraging internal randomness —as provided by variational autoencoders (VAEs) —can be beneficial. However, the resulting privacy has never been quantified so far, nor has the approach been investigated for VFL. We therefore propose a novel differential privacy (DP) estimate, denoted as distance-based empirical local differential privacy (dELDP). It allows us to empirically bound DP parameters of models or model components, quantifying the internal randomness with appropriate distance and sensitivity metrics. We apply dELDP to investigate the DP of VAEs and observe values up to ε ≈ 6.4 and δ = 2−32. Based on this, to link the dELDP parameters to the privacy of VAE-including VFL systems in practice, we conduct comprehensive experiments on the robustness against state-of-the-art privacy attacks. The results illustrate that the VAE system is robust against feature reconstruction attacks and outperforms other privacy-enhancing methods for VFL, especially when the adversary holds 75% of the features during label inference attacks.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
privacyVFLdistance-based empirical DPVAE
Contact author(s)
yulian sun @ edu ruhr-uni-bochum de
liduan @ mail upb de
ricardo mendes1 @ huawei com
derui zhu @ tum de
yue1 xia @ tum de
yong li1 @ huawei com
asja fischer @ rub de
History
2024-07-01: revised
2024-05-02: received
See all versions
Short URL
https://ia.cr/2024/671
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX

@misc{cryptoeprint:2024/671,
      author = {Yulian Sun and Li Duan and Ricardo Mendes and Derui Zhu and Yue Xia and Yong Li and Asja Fischer},
      title = {Exploiting Internal Randomness for Privacy in Vertical Federated Learning},
      howpublished = {Cryptology ePrint Archive, Paper 2024/671},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/671}},
      url = {https://eprint.iacr.org/2024/671}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.