On the Optimal Source Key Size of Secure Gradient Coding
Yang Zhou, Wenbo Huang, Kai Wan, Robert Caiming Qiu
TL;DR
This work addresses securing gradient coding by minimizing the required source-key size $ ext{eta}$ while preserving the known optimal communication cost ${N_r}/{m}$ under linear encoding. It introduces a new information-theoretic converse bound on $ ext{eta}$ for a fixed data assignment and presents a family of data-assignment based schemes characterized by a recursive function $h(N,M)$ that achieves $ ext{eta}=h(N,M)/m-1$. The schemes outperform the traditional cyclic data assignment in many regimes and, in several parameter settings, meet the converse bound, including extreme cases where $M$ divides $N$. Overall, the results reduce secret-key requirements for secure gradient coding, enabling more practical privacy-preserving distributed gradient computations with straggler resilience.
Abstract
With gradient coding, a user node can efficiently aggregate gradients from server nodes processing local datasets, achieving low communication costs and maintaining resilience against straggling servers. This paper considers a secure gradient coding problem, where a user aims to compute the sum of the gradients from $K$ datasets with the assistance of $N$ distributed servers. The user should recover the sum of gradients by receiving transmissions from any $N_r$ servers, and each dataset is assigned to $N - N_r + m$ servers. The security constraint guarantees that even if the user receives transmissions from all servers, it cannot obtain any additional information about the datasets beyond the sum of gradients. It has been shown in the literature that this security constraint does not increase the optimal communication cost of the gradient coding problem, provided enough source keys are shared among the servers. However, the minimum required source key size that ensures security while maintaining this optimal communication cost has only been studied for the special case $m = 1$. In this paper, we focus on the more general case $m \geq 1$ and aim to determine the minimum required source key size for this purpose. We propose a new information-theoretic converse bound on the source key size, as well as a new achievable scheme with carefully designed data assignments. Our scheme outperforms the existing optimal scheme based on the widely used cyclic data assignment and coincides with the converse bound under certain system parameters.
