Private Federated Learning (Talk)

With the expanding collection of data, organisations are becoming more and more aware of the potential gain of combining their data. Analytic and predictive tasks, such as classification, perform more accurately if more features or more data records are available, which is why data providers have an interest in joining their datasets and learning from the obtained database. However, this rising interest for federated learning also comes with an increasing concern about security and privacy, both from the consumers whose data is used, and from the data providers who are liable for protecting it. Securely learning a classifier over joint datasets is a first milestone for private multi-party machine learning, and though some literature exists on that topic, systems providing a better security-utility trade-off and more theoretical guarantees are still needed. An ongoing issue is how to deal with the loss gradients, which often need to be revealed in the clear during training. We show that this constitutes an information leak, and present an alternative optimisation strategy that provides additional security guarantees while limiting the decrease in performance of the obtained classifier. Combining an encryption-based and a noise-based approach, the proposed method enables several parties to jointly train a binary classifier over vertically partitioned datasets while keeping their data private.