Practical Secure Aggregation for Federated Learning on User-Held Data
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth
TL;DR
The paper tackles private aggregation of high‑dimensional Federated Learning updates in the presence of unreliable mobile clients, proposing a sequence of Secure Aggregation protocols that progressively enhance robustness and efficiency. It starts with a simple one-time-pad masking scheme and evolves through secret-sharing, double-masking, and efficient secret exchange to tolerate up to 1/3 dropouts while controlling communication overhead via Diffie-Hellman–based key agreement and PRG expansion. The key contributions are practical protocol refinements that preserve privacy under several threat models (T1–T3), quantify communication costs, and demonstrate near‑constant expansion factors for large vectors, enabling scalable, privacy-preserving FL on mobile devices. This work significantly advances usable secure aggregation by balancing privacy, reliability, and efficiency in server-mediated, unauthenticated networks, with explicit guidance for deployment and threat-model considerations.
Abstract
Secure Aggregation protocols allow a collection of mutually distrust parties, each holding a private value, to collaboratively compute the sum of those values without revealing the values themselves. We consider training a deep neural network in the Federated Learning model, using distributed stochastic gradient descent across user-held training data on mobile devices, wherein Secure Aggregation protects each user's model gradient. We design a novel, communication-efficient Secure Aggregation protocol for high-dimensional data that tolerates up to 1/3 users failing to complete the protocol. For 16-bit input values, our protocol offers 1.73x communication expansion for $2^{10}$ users and $2^{20}$-dimensional vectors, and 1.98x expansion for $2^{14}$ users and $2^{24}$ dimensional vectors.