Federated One-Shot Learning with Data Privacy and Objective-Hiding
Maximilian Egger, Rüdiger Urbanke, Rawad Bitar
TL;DR
This work addresses federated learning under dual privacy constraints: protecting clients' private data and concealing the federator's training objective. It introduces a novel end-to-end one-shot protocol that unifies secure aggregation, secret sharing-based MPC, and a graph-based private information retrieval scheme to achieve objective-hiding with information-theoretic privacy. The scheme comprises three stages—task assignment, sharing, and query/reconstruction—leveraging a public unlabeled dataset and additively separable objectives, with explicit rates for the sharing ($R_{ ext{share}}$) and PIR ($R_{ ext{PIR}}$) stages and privacy guarantees against colluding parties. A key contribution is a tailored graph-based PIR scheme designed for arbitrary task incidence, enabling efficient retrieval of aggregated client labels while ensuring data privacy and federator objective privacy; extensions to protect the federator from leaking client results and comparisons to existing PIR frameworks are also provided. The approach enables non-linear function computations via federated knowledge distillation, offering a practical, information-theoretic privacy-preserving pathway for federated one-shot learning in settings with heterogeneous client data and diverse objectives.
Abstract
Privacy in federated learning is crucial, encompassing two key aspects: safeguarding the privacy of clients' data and maintaining the privacy of the federator's objective from the clients. While the first aspect has been extensively studied, the second has received much less attention. We present a novel approach that addresses both concerns simultaneously, drawing inspiration from techniques in knowledge distillation and private information retrieval to provide strong information-theoretic privacy guarantees. Traditional private function computation methods could be used here; however, they are typically limited to linear or polynomial functions. To overcome these constraints, our approach unfolds in three stages. In stage 0, clients perform the necessary computations locally. In stage 1, these results are shared among the clients, and in stage 2, the federator retrieves its desired objective without compromising the privacy of the clients' data. The crux of the method is a carefully designed protocol that combines secret-sharing-based multi-party computation and a graph-based private information retrieval scheme. We show that our method outperforms existing tools from the literature when properly adapted to this setting.
