Privacy-Preserving Federated Learning via Homomorphic Adversarial Networks

Wenhan Dong; Chao Lin; Xinlei He; Xinyi Huang; Shengmin Xu

Privacy-Preserving Federated Learning via Homomorphic Adversarial Networks

Wenhan Dong, Chao Lin, Xinlei He, Xinyi Huang, Shengmin Xu

27 Sept 2024 (modified: 05 Feb 2025)Submitted to ICLR 2025EveryoneRevisionsBibTeXCC BY 4.0

Keywords: Federated Learning, Privacy Protection, Homomorphic Encryption, Homomorphic Adversarial Networks

TL;DR: Homomorphic Adversarial Networks, a neural network approach for privacy-preserving federated learning, emulate multi-key homomorphic encryption without key distribution or collaborative decryption, significantly enhancing efficiency.

Abstract: Privacy-preserving federated learning (PPFL) aims to train a global model for multiple clients while maintaining their data privacy. However, current PPFL protocols exhibit one or more of the following insufficiencies: considerable degradation in accuracy, the requirement for sharing keys, and cooperation during the key generation or decryption processes. As a mitigation, we develop the first protocol that utilizes neural networks to preserve privacy in federated learning, as well as incorporating an Aggregatable Hybrid Encryption scheme tailored to the needs of the PPFL. We name these networks as Homomorphic Adversarial Networks (HANs) which demonstrate that neural networks are capable of performing tasks similar to multi-key homomorphic encryption (MK-HE) while solving the problems of key distribution and collaborative decryption. Our experiments show that HANs are robust against privacy attacks. Compared with non-private federated learning, experiments conducted on multiple datasets demonstrate that HANs exhibit a negligible accuracy loss (at most 1.35\%). Compared to traditional MK-HE schemes, HANs increase encryption aggregation speed by 6,075 times while incurring a 29.2-fold increase in communication overhead.

Primary Area: alignment, fairness, safety, privacy, and societal considerations

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2025/AuthorGuide.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors’ identity.

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 10037

Loading