Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy-preserving quantum federated learning via gradient hiding

Changhao Li, Niraj Kumar, Zhixin Song, Shouvanik Chakrabarti, Marco Pistoia

TL;DR

This work addresses privacy in federated learning by exploiting quantum communication to hide client gradients from the central server. It introduces two gradient-hidden protocols: Protocol I uses private inner-product estimation with a blind quantum bipartite correlator (BQBC) to perform weighted gradient aggregation at a cost of $\tilde{O}(md/\epsilon)$, and Protocol II employs incremental learning with phase-accumulated sums via GHZ entanglement or secure multiparty summation, with costs of $\mathcal{O}(md/\epsilon^2)$ or $\mathcal{O}(md/\epsilon\log(m/\epsilon))$ depending on the scheme. The paper contrasts these quantum approaches with classical secret-sharing baselines whose costs scale as $\mathcal{O}((m+m^2)d)$ and discusses privacy enhancements such as redundant encoding and integration with decoy-state quantum key distribution. The results indicate that quantum gradient hiding can achieve information-theoretic privacy while achieving favorable communication efficiency, and the authors highlight pathways to extending these ideas to secure distributed quantum computing tasks in practice.

Abstract

Distributed quantum computing, particularly distributed quantum machine learning, has gained substantial prominence for its capacity to harness the collective power of distributed quantum resources, transcending the limitations of individual quantum nodes. Meanwhile, the critical concern of privacy within distributed computing protocols remains a significant challenge, particularly in standard classical federated learning (FL) scenarios where data of participating clients is susceptible to leakage via gradient inversion attacks by the server. This paper presents innovative quantum protocols with quantum communication designed to address the FL problem, strengthen privacy measures, and optimize communication efficiency. In contrast to previous works that leverage expressive variational quantum circuits or differential privacy techniques, we consider gradient information concealment using quantum states and propose two distinct FL protocols, one based on private inner-product estimation and the other on incremental learning. These protocols offer substantial advancements in privacy preservation with low communication resources, forging a path toward efficient quantum communication-assisted FL protocols and contributing to the development of secure distributed quantum machine learning, thus addressing critical privacy concerns in the quantum computing era.

Privacy-preserving quantum federated learning via gradient hiding

TL;DR

This work addresses privacy in federated learning by exploiting quantum communication to hide client gradients from the central server. It introduces two gradient-hidden protocols: Protocol I uses private inner-product estimation with a blind quantum bipartite correlator (BQBC) to perform weighted gradient aggregation at a cost of , and Protocol II employs incremental learning with phase-accumulated sums via GHZ entanglement or secure multiparty summation, with costs of or depending on the scheme. The paper contrasts these quantum approaches with classical secret-sharing baselines whose costs scale as and discusses privacy enhancements such as redundant encoding and integration with decoy-state quantum key distribution. The results indicate that quantum gradient hiding can achieve information-theoretic privacy while achieving favorable communication efficiency, and the authors highlight pathways to extending these ideas to secure distributed quantum computing tasks in practice.

Abstract

Distributed quantum computing, particularly distributed quantum machine learning, has gained substantial prominence for its capacity to harness the collective power of distributed quantum resources, transcending the limitations of individual quantum nodes. Meanwhile, the critical concern of privacy within distributed computing protocols remains a significant challenge, particularly in standard classical federated learning (FL) scenarios where data of participating clients is susceptible to leakage via gradient inversion attacks by the server. This paper presents innovative quantum protocols with quantum communication designed to address the FL problem, strengthen privacy measures, and optimize communication efficiency. In contrast to previous works that leverage expressive variational quantum circuits or differential privacy techniques, we consider gradient information concealment using quantum states and propose two distinct FL protocols, one based on private inner-product estimation and the other on incremental learning. These protocols offer substantial advancements in privacy preservation with low communication resources, forging a path toward efficient quantum communication-assisted FL protocols and contributing to the development of secure distributed quantum machine learning, thus addressing critical privacy concerns in the quantum computing era.
Paper Structure (15 sections, 1 theorem, 37 equations, 2 figures, 1 table)

This paper contains 15 sections, 1 theorem, 37 equations, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Problem Statement
  3. Federated Learning setup
  4. Data leakage in classical FL
  5. Protocol I: secure inner product estimation
  6. Baseline: Classical secret sharing assisted inner-product estimation
  7. Model aggregation with blind quantum bipartite correlator algorithm
  8. Redundant encoding
  9. Protocol 2: Incremental learning
  10. Secure aggregation based on global entanglement
  11. Secure multiparty gradient summation
  12. Discussions
  13. Conclusion
  14. Gradient-inversion attack in federated learning
  15. Protection mechanisms in classical federated learning

Key Result

Theorem 1

In the BQBC-based QFL protocol, given a fixed estimation error $\epsilon$, there exists a redundant encoding method with a redundant parameter $r$, such that the probability that server learns client's information decrease polynomially in $r$, which the communication complexity increases only poly-l

Figures (2)

  • Figure 1: Diagram of QFL protocols based on secure inner product estimation. a. CSS-assisted QFL protocol. The clients jointly prepare a state in which the amplitudes encode the masked gradients and then send it to the server. The gradient masking is achieved via classical secret sharing. b. BQBC-based QFL protocol. We consider a central server with $m$ clients and there are quantum channels among them. During each round of communication, each client encodes their local gradient information in specific phases of the received state and then send back to the server.
  • Figure 2: Diagram of QFL protocols that are similar as incremental learning. a. Secure gradient aggregation based on global entanglement among clients. We consider GHZ states that are distributed by the server or trusted client. After each client encodes its local gradient information, the server performs measurement on the phase of the state. b. Quantum federated learning with secure multiparty gradient summation. The ancillary $h$ qubits (in purple) are sent to the rest $(m-1)$ clients by the first client for gradient summation, after which the first client sends the other $h$-qubit state (in orange) to the server.

Theorems & Definitions (2)

  • Theorem 1: Efficient redundant encoding
  • proof