Saved in:
Bibliographic Details
Main Authors: Sawada, Hiroto, Imaizumi, Shoko, Kiya, Hitoshi
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2409.19988
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912051311411200
author Sawada, Hiroto
Imaizumi, Shoko
Kiya, Hitoshi
author_facet Sawada, Hiroto
Imaizumi, Shoko
Kiya, Hitoshi
contents In this paper, we propose a novel method for enhancing security in privacy-preserving federated learning using the Vision Transformer. In federated learning, learning is performed by collecting updated information without collecting raw data from each client. However, the problem is that this raw data may be inferred from the updated information. Conventional data-guessing countermeasures (security enhancement methods) for addressing this issue have a trade-off relationship between privacy protection strength and learning efficiency, and they generally degrade model performance. In this paper, we propose a novel method of federated learning that does not degrade model performance and that is robust against data-guessing attacks on updated information. In the proposed method, each client independently prepares a sequence of binary (0 or 1) random numbers, multiplies it by the updated information, and sends it to a server for model learning. In experiments, the effectiveness of the proposed method is confirmed in terms of model performance and resistance to the APRIL (Attention PRIvacy Leakage) restoration attack.
format Preprint
id arxiv_https___arxiv_org_abs_2409_19988
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Enhancing Security Using Random Binary Weights in Privacy-Preserving Federated Learning
Sawada, Hiroto
Imaizumi, Shoko
Kiya, Hitoshi
Cryptography and Security
In this paper, we propose a novel method for enhancing security in privacy-preserving federated learning using the Vision Transformer. In federated learning, learning is performed by collecting updated information without collecting raw data from each client. However, the problem is that this raw data may be inferred from the updated information. Conventional data-guessing countermeasures (security enhancement methods) for addressing this issue have a trade-off relationship between privacy protection strength and learning efficiency, and they generally degrade model performance. In this paper, we propose a novel method of federated learning that does not degrade model performance and that is robust against data-guessing attacks on updated information. In the proposed method, each client independently prepares a sequence of binary (0 or 1) random numbers, multiplies it by the updated information, and sends it to a server for model learning. In experiments, the effectiveness of the proposed method is confirmed in terms of model performance and resistance to the APRIL (Attention PRIvacy Leakage) restoration attack.
title Enhancing Security Using Random Binary Weights in Privacy-Preserving Federated Learning
topic Cryptography and Security
url https://arxiv.org/abs/2409.19988