Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Balancing Privacy-Quality-Efficiency in Federated Learning through Round-Based Interleaving of Protection Techniques

Yenan Wang, Carla Fabiana Chiasserini, Elad Michael Schiller

TL;DR

Alt-FL is proposed, a privacy-preserving FL framework that combines DP, HE, and synthetic data via a novel round-based interleaving strategy that achieves the most balanced trade-offs at high privacy protection levels, while DP-based methods are preferable at intermediate privacy requirements.

Abstract

In federated learning (FL), balancing privacy protection, learning quality, and efficiency remains a challenge. Privacy protection mechanisms, such as Differential Privacy (DP), degrade learning quality, or, as in the case of Homomorphic Encryption (HE), incur substantial system overhead. To address this, we propose Alt-FL, a privacy-preserving FL framework that combines DP, HE, and synthetic data via a novel round-based interleaving strategy. Alt-FL introduces three new methods, Privacy Interleaving (PI), Synthetic Interleaving with DP (SI/DP), and Synthetic Interleaving with HE (SI/HE), that enable flexible quality-efficiency trade-offs while providing privacy protection. We systematically evaluate Alt-FL against representative reconstruction attacks, including Deep Leakage from Gradients, Inverting Gradients, When the Curious Abandon Honesty, and Robbing the Fed, using a LeNet-5 model on CIFAR-10 and Fashion-MNIST. To enable fair comparison between DP- and HE-based defenses, we introduce a new attacker-centric framework that compares empirical attack success rates across the three proposed interleaving methods. Our results show that, for the studied attacker model and dataset, PI achieves the most balanced trade-offs at high privacy protection levels, while DP-based methods are preferable at intermediate privacy requirements. We also discuss how such results can be the basis for selecting privacy-preserving FL methods under varying privacy and resource constraints.

Balancing Privacy-Quality-Efficiency in Federated Learning through Round-Based Interleaving of Protection Techniques

TL;DR

Alt-FL is proposed, a privacy-preserving FL framework that combines DP, HE, and synthetic data via a novel round-based interleaving strategy that achieves the most balanced trade-offs at high privacy protection levels, while DP-based methods are preferable at intermediate privacy requirements.

Abstract

In federated learning (FL), balancing privacy protection, learning quality, and efficiency remains a challenge. Privacy protection mechanisms, such as Differential Privacy (DP), degrade learning quality, or, as in the case of Homomorphic Encryption (HE), incur substantial system overhead. To address this, we propose Alt-FL, a privacy-preserving FL framework that combines DP, HE, and synthetic data via a novel round-based interleaving strategy. Alt-FL introduces three new methods, Privacy Interleaving (PI), Synthetic Interleaving with DP (SI/DP), and Synthetic Interleaving with HE (SI/HE), that enable flexible quality-efficiency trade-offs while providing privacy protection. We systematically evaluate Alt-FL against representative reconstruction attacks, including Deep Leakage from Gradients, Inverting Gradients, When the Curious Abandon Honesty, and Robbing the Fed, using a LeNet-5 model on CIFAR-10 and Fashion-MNIST. To enable fair comparison between DP- and HE-based defenses, we introduce a new attacker-centric framework that compares empirical attack success rates across the three proposed interleaving methods. Our results show that, for the studied attacker model and dataset, PI achieves the most balanced trade-offs at high privacy protection levels, while DP-based methods are preferable at intermediate privacy requirements. We also discuss how such results can be the basis for selecting privacy-preserving FL methods under varying privacy and resource constraints.
Paper Structure (22 sections, 1 equation, 11 figures, 9 tables, 3 algorithms)

This paper contains 22 sections, 1 equation, 11 figures, 9 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Open Issues and Proposed Solution
  3. Our Contribution
  4. Related Work and Motivation
  5. Preliminaries
  6. Alternating Federated Learning (Alt-FL)
  7. Overview
  8. Synthetic Interleaving with DP
  9. Synthetic Interleaving with HE
  10. Privacy Interleaving
  11. Privacy Protection Levels
  12. Correlating Noise Multipliers to DP Budgets
  13. Experimental Settings
  14. Privacy Preservation
  15. System Costs vs. Learning Quality
  16. ...and 7 more sections

Figures (11)

  • Figure 1: Overview of the proposed Alt-FL schemes (left) vs. the baseline Mixed Protections (right).
  • Figure 2: Comparison of ciphertext size (left), encryption time (middle), and combined decryption and aggregation time (right) across HE, MIFE, and DMCFE schemes. (a) linear-scale x-axis. (b) logarithmic-scale x-axis.
  • Figure 3: Attack success rates (ASR) on model protected by DP (varying noise) and/or S-HE (varying encryption ratio) for each studied attack. Success rates are rounded to the nearest percent, and 0% success rates are omitted for clarity.
  • Figure 4: Average cumulative privacy budget $\varepsilon$ at convergence as a function of the noise multiplier $\sigma$.
  • Figure 5: All methods and configurations with a success rate of 0.5% or lower are shown. The legend on the right lists the corresponding methods and levels of non-IIDness. Each symbol appears once for every configuration whose success rate does not exceed 0.5%.
  • ...and 6 more figures