PPFL: Privacy-Preserving Techniques in Federated Learning
Keywords:
Federated Learning, Privacy Preservation, Differential Privacy, Homomorphic Encryption, Multi-Party Computation, Trusted Execution EnvironmentsAbstract
Federated Learning is a distributed machine learning paradigm designed to preserve user privacy on decentralized devices without transferring raw data to a central server. Protecting data privacy in FL involves determining permissible operations and how they can be executed. This review provides an in-depth exploration of privacy threat models within FL, distinguishing between scenarios where the central server is either trusted or untrusted, and identifying appropriate defensive tools and technologies for these settings. The review covers secure computational techniques, including MPC, HE, and TEEs, as well as privacy-preserving mechanisms such as DP, LDP, and DDP models. It also examines hybrid approaches that combine multiple privacy models to enhance efficiency and robustness. The effectiveness of these methods is analysed across different scenarios involving both honest and potentially malicious servers and users. The findings reveal that while privacy-preserving methods mitigate risks, challenges persist in trade off privacy, communication efficiency, and model accuracy. This review highlights open research directions and serves as a comprehensive reference for researchers and practitioners seeking to implement robust privacy measures in federated learning systems.
Downloads
References
K. Jahani, B. Moshiri, and B. Hossein Khalaj, "A survey on data distribution challenges and solutions in vertical and horizontal federated learning," Journal of Artificial Intelligence, Applications and Innovations, vol. 1, no. 2, pp. 55–71, 2024, doi: 10.61838/jaiai.1.2.5.
A. Bittau et al., "Prochlo: Strong privacy for analytics in the crowd," in Proceedings of the 26th Symposium on Operating Systems Principles, 2017: ACM, pp. 441–459, doi: 10.1145/3132747.3132769.
E. Batista, M. A. Moncusi, P. López-Aguilar, A. Martínez-Ballesté, and A. Solanas, "Sensors for context-aware smart healthcare: A security perspective," Sensors, vol. 21, no. 20, p. 6886, 2021, doi: 10.3390/s21206886.
A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik, "A minimalist approach to remote attestation," in Design, Automation, and Test in Europe (DATE), 2014, pp. 1–6.
S. Saha, A. Hota, and A. K. Chattopadhyay, "A multifaceted survey on privacy preservation of federated learning: Progress, challenges, and opportunities," Artificial Intelligence Review, vol. 57, p. 184, 2024, doi: 10.1007/s10462-024-10766-7.
C. Dwork, F. McSherry, K. Nissim, and A. D. Smith, "Calibrating noise to sensitivity in private data analysis," in Theory of Cryptography Conference, 2006: Springer, pp. 265–284, doi: 10.1007/11681878_14.
C. Dwork and A. Roth, "The algorithmic foundations of differential privacy," Foundations and Trends in Theoretical Computer Science, vol. 9, no. 3-4, pp. 211–407, 2014.
S. P. Kasiviswanathan, H. K. Lee, K. Nissim, S. Raskhodnikova, and A. D. Smith, "What can we learn privately?," SIAM Journal on Computing, vol. 40, no. 3, pp. 793–826, 2011.
B. Ding, J. Kulkarni, and S. Yekhanin, "Collecting telemetry data privately," in Advances in Neural Information Processing Systems 30, 2017.
A. Cheu, A. Smith, J. Ullman, D. Zeber, and M. Zhilyaev, "Distributed differential privacy via shuffling," in Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2019: Springer, pp. 375–403.
B. Avent, A. Korolova, D. Zeber, T. Hovden, and B. Livshits, "BLENDER: Enabling local search with a hybrid differential privacy model," in 26th USENIX Security Symposium, 2017: USENIX Association, pp. 747–764.
C. Wang, J. Liang, M. Huang, B. Bai, K. Bai, and H. Li, "Hybrid differentially private federated learning on vertically partitioned data," in "arXiv," 2020.
V. Rastogi and S. Nath, "Differentially private aggregation of distributed time-series with transformation and encryption," in Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data, 2010: ACM, pp. 735–746, doi: 10.1145/1807167.1807247.
R. H. Humza Ikram, Muaz Ali, Zartash Afzal Uzmi, "VaulTor: Putting the TEE in Tor," 2024, doi: https://doi.org/10.48550/arXiv.2412.16064.
V. Costan and S. Devadas, "Intel SGX explained," in "IACR Cryptology ePrint Archive," 2016, vol. 2016. [Online]. Available: https://ia.cr/2016/086
V. Costan, I. Lebedev, and S. Devadas, "Sanctum: Minimal hardware extensions for strong software isolation," in 25th USENIX Security Symposium, 2016: USENIX Association, pp. 857–874.
F. Tramer and D. Boneh, "Slalom: Fast, verifiable and private execution of neural networks in trusted hardware," in "arXiv," 2019. [Online]. Available: https://arxiv.org/abs/1806.03287
P. Subramanyan, R. Sinha, I. Lebedev, S. Devadas, and S. A. Seshia, "A formal foundation for secure remote execution of enclaves," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017: ACM, pp. 2435–2450, doi: 10.1145/3133956.3134098.
Y. Zhang, Z. Wang, J. Cao, R. Hou, and D. Meng, "ShuffleFL: Gradient-preserving federated learning using trusted execution environment," in Proceedings of the 18th ACM International Conference on Computing Frontiers, 2021: ACM, pp. 161–168, doi: 10.1145/3457388.3458665.
J. Zhang, X. Cheng, W. Wang, L. Yang, J. Hu, and K. Chen, "FLASH: Towards a high-performance hardware acceleration architecture for cross-silo federated learning," in 20th USENIX Symposium on Networked Systems Design and Implementation, 2023, pp. 1057–1079.
A. Mondal, Y. More, R. H. Rooparaghunath, and D. Gupta, "Poster: Flatee: Federated learning across trusted execution environments," in 2021 IEEE European Symposium on Security and Privacy, 2021: IEEE, pp. 707–709.
Z. Wang, X. Li, Y. Chen, and J. Liu, "PipeFL: Hardware/software co-design of an FPGA accelerator for federated learning," IEEE Access, vol. 10, pp. 98649–98661, 2022.
X. Cheng, W. Lu, X. Huang, S. Hu, and K. Chen, "HAFLO: GPU-based acceleration for federated logistic regression," in "arXiv," 2021. [Online]. Available: https://arxiv.org/abs/2107.13797
WeBank and Intel, "Accelerating secure computing for federated learning," Intel Spotlight Story, 2024.
R. Fang, S. Jiang, H. W. Chen, W. Ding, and M. S. Chen, "Dual triangular QR decomposition with global acceleration and partially Q-rotation skipping," in Proceedings of the ICFPT, 2022, pp. 1–4.
C. Zhang, P. Li, G. Sun, Y. Guan, B. Xiao, and J. Cong, "Optimizing FPGA-based accelerator design for deep convolutional neural networks," in Proceedings of the ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, 2015, pp. 161–170.
M. S. Riazi, K. Laine, B. Pelton, and W. Dai, "HEAX: An architecture for computing on encrypted data," in Proceedings of the 25th International Conference on Architectural Support for Programming Languages and Operating Systems, 2019, pp. 1295–1309.
B. Che, Wang, Zixiao, Chen, Ying, Guo, Liang, Liu, Yuan, Tian, Yuan, Zhao, Jizhuang, "UniFL: Accelerating Federated Learning Using Heterogeneous Hardware Under a Unified Framework," IEEE Access, PP. 1-1. 10.1109/ACCESS.2023.334752, 2024.
Z. Yang, S. Hu, and K. Chen, "FPGA-based hardware accelerator of homomorphic encryption for efficient federated learning," in "arXiv," 2020. [Online]. Available: https://arxiv.org/abs/2007.10560
J. Zhang, X. Cheng, L. Yang, J. Hu, X. Liu, and K. Chen, "SoK: Fully homomorphic encryption accelerators," in "arXiv," 2022. [Online]. Available: https://arxiv.org/abs/2212.01713
W. Jung, S. Kim, J. H. Ahn, J. H. Cheon, and Y. Lee, "Over 100× faster bootstrapping in fully homomorphic encryption through memory-centric optimization with GPUs," IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 4, pp. 114–148, 2021.
M. Kim, Y. Song, S. Wang, Y. Xia, and X. Jiang, "Secure logistic regression based on homomorphic encryption: Design and evaluation," JMIR Medical Informatics, vol. 6, no. 2, p. e8805, 2018.
S. Y. Shen, H. Yang, Y. Liu, Z. Liu, and Y. Zhao, "CARM: CUDA-accelerated RNS multiplication in word-wise homomorphic encryption schemes for Internet of Things," IEEE Transactions on Computers, vol. 72, no. 7, pp. 1999–2010, 2023.
Z. Zhao, N. Ling, N. Guan, and G. Xing, "Aaron: Compile-time kernel adaptation for multi-DNN inference acceleration on edge GPUs," in Proceedings of the 20th ACM Conference on Embedded Networked Sensor Systems, 2022, pp. 802–803.
F. Boemer, S. Kim, G. Seifu, F. D. M. de Souza, and V. Gopal, "Intel HEXL: Accelerating homomorphic encryption with Intel AVX-512 IFMA52," in Proceedings of the 9th Workshop on Encrypted Computing and Applied Homomorphic Cryptography, 2021, pp. 57–62.
C. Gentry, "Fully homomorphic encryption using ideal lattices," in Proceedings of the 41st Annual ACM Symposium on Theory of Computing, 2009, pp. 169–178.
A. Kwon, D. Lazar, S. Devadas, and B. Ford, "Riffle," Proceedings on Privacy Enhancing Technologies, vol. 2016, no. 2, pp. 115–134, 2016.
M. a. K. Ion, Ben and Nergiz, Ahmet Erhan and Patel, Sarvar and Saxena, Shobhit and Seth, Karn and Raykova, Mariana and Shanahan, David and Yung, Moti, "On Deploying Secure Computing: Private Intersection-Sum-with-Cardinality," 2020 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 370–389, 2020, doi: 10.1109/EuroSP48549.2020.00031.
S. Sathya, P. Vepakomma, R. Raskar, and R. Ramachandra, "A review of homomorphic encryption libraries for secure computation," in "arXiv," 2018. [Online]. Available: https://arxiv.org/abs/1812.02428
E. Kushilevitz and R. Ostrovsky, "Replication is not needed: Single database, computationally-private information retrieval," in Proceedings of the 38th Annual IEEE Symposium on Foundations of Computer Science, 1997, pp. 364–373.
L. Reyzin, A. D. Smith, and S. Yakoubov, "Turning HATE into LOVE: Homomorphic ad hoc threshold encryption for scalable MPC," in "IACR Cryptology ePrint Archive," 2018, vol. 2018.
E. Roth, D. Noble, B. H. Falk, and A. Haeberlen, "Honeycrisp: Large-scale differentially private aggregation without a trusted core," in Proceedings of the ACM Symposium on Operating Systems Principles, 2019, pp. 196–210.
L. Lyu, H. Yu, and Q. Yang, "Threats to federated learning: A survey," in "arXiv," 2020. [Online]. Available: https://arxiv.org/abs/2003.02133
a. M. S. D. Janis Adamek, "Privacy-preserving gradient-based fair federated learning," arXiv:2407.13881v1, 2024.
Y. Liu, Z. Ma, Z. Yan, Z. Wang, X. Liu, and J. Ma, "Privacy-preserving federated k-means for proactive caching in next-generation cellular networks," Information Sciences, vol. 521, pp. 14–31, 2020.
G. Xu, H. Li, S. Liu, K. Yang, and X. Lin, "Verifynet: Secure and verifiable federated learning," IEEE Transactions on Information Forensics and Security, vol. 15, pp. 911–926, 2020.
D. Gao, Y. Liu, A. Huang, C. Ju, H. Yu, and Q. Yang, "Privacy-preserving heterogeneous federated transfer learning," in 2019 IEEE International Conference on Big Data, 2019: IEEE, pp. 2552–2559.
A. Shamir, "How to share a secret," Association for Computing Machinery, vol. 22, 11, pp. 612–613, 1979, doi: https://doi.org/10.1145/359168.359176.
Y. Wu, S. Cai, X. Xiao, G. Chen, and B. C. Ooi, "Privacy-preserving vertical federated learning for tree-based models," Proceedings of the VLDB Endowment, vol. 13, no. 12, pp. 2090–2103, 2020.
J. So, B. Guler, and S. A. Avestimehr, "Turbo-aggregate: Breaking the quadratic aggregation barrier in secure federated learning," in "arXiv," 2020. [Online]. Available: https://arxiv.org/abs/2002.04156
T. H. H. Chan, Shi, E., Song, D. , "Privacy-Preserving Stream Aggregation with Fault Tolerance," Springer, vol. 7397, Keromytis, A.D. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, 2012, doi: https://doi.org/10.1007/978-3-642-32946-3_15.
A. Lapets, N. Volgushev, A. Bestavros, F. Jansen, and M. Varia, "Secure MPC for analytics as a web application," in IEEE Secure Development Conference, 2016, pp. 73–74.
X. Yang et al., "An accuracy-lossless perturbation method for defending privacy attacks in federated learning," in "arXiv," 2021. [Online]. Available: https://arxiv.org/abs/2107.04511
P. Kumar, G. P. Gupta, and R. Tripathi, "PEFL: Deep privacy-encoding-based federated learning framework for smart agriculture," IEEE Micro, vol. 42, no. 1, pp. 33–40, 2022.
J. Liao, Z. Chen, and E. G. Larsson, "Over-the-air federated learning with privacy protection via correlated additive perturbations," in 2022 58th Annual Allerton Conference on Communication, Control, and Computing, 2022: IEEE, pp. 1–8.
X. Yang and S. Ji, "Learning with multiplicative perturbations," in 2020 25th International Conference on Pattern Recognition, 2021: IEEE, pp. 1321–1328.
M. A. P. Chamikara, P. Bertok, I. Khalil, D. Liu, and S. Camtepe, "Privacy-preserving distributed machine learning with federated learning," Computer Communications, vol. 171, pp. 112–125, 2021.
T. Liu, X. Hu, H. Xu, T. Shu, and D. N. Nguyen, "High-accuracy low-cost privacy-preserving federated learning in IoT systems via adaptive perturbation," Journal of Information Security and Applications, vol. 70, p. 103309, 2022.
P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, and M. Bennis, "Advances and open problems in federated learning," Foundations and Trends in Machine Learning, vol. 14, no. 1-2, pp. 1–210, 2021. [Online]. Available: https://arxiv.org/abs/1912.04977.
A. Singh, P. Vepakomma, O. Gupta, and R. Raskar, "Detailed comparison of communication efficiency of split learning and federated learning," in "arXiv," 2019. [Online]. Available: https://arxiv.org/abs/1909.09145
I. Ceballos et al., "SplitNN-driven vertical partitioning," in "arXiv," 2020. [Online]. Available: https://arxiv.org/abs/2008.04137
V. Sharma, P. Vepakomma, T. Swedish, K. Chang, J. Kalpathy-Cramer, and R. Raskar, "ExpertMatcher: Automating ML model selection for clients using hidden representations," in "arXiv," 2019. [Online]. Available: https://arxiv.org/abs/1910.03731
P. Vepakomma, O. Singh, A. Gupta, and R. Raskar, "NoPeek: Information leakage reduction to share activations in distributed deep learning," in "arXiv," 2020. [Online]. Available: https://arxiv.org/abs/2008.09161
H. B. McMahan and D. Ramage, "Federated learning: Collaborative machine learning without centralized training data," in Google AI Blog, ed, 2017.
A. Koloskova, T. Lin, S. U. Stich, and M. Jaggi, "Decentralized deep learning with arbitrary communication compression," in International Conference on Learning Representations, 2020.
L. G. a. Y. L. a. H. L. a. L. T. a. Z. Wang, "A review of privacy-preserving research on federated graph neural networks," Neurocomputing, vol. 600, p. 128166, 2024, doi: https://doi.org/10.1016/j.neucom.2024.128166.
T. Xie, J. Zhang, Y. Zhang, C. Papamanthou, and D. Song, "Libra: Succinct zero-knowledge proofs with optimal prover computation," in Proceedings of the 39th Annual International Cryptology Conference (CRYPTO), 2019, pp. 733–764.
T. H. Rafi, F. A. Noor, T. Hussain, and D. K. Chae, "Fairness and privacy-preserving in federated learning: A survey," in "arXiv," 2023. [Online]. Available: https://arxiv.org/abs/2306.08402
N. Carlini, F. Tramer, E. Wallace, M. Jagielski, and A. Herbert-Voss, "Extracting training data from large language models," in "arXiv," 2020. [Online]. Available: https://arxiv.org/abs/2012.07805
S. Yeom, I. Giacomelli, M. Fredrikson, and S. Jha, "Privacy risk in machine learning: Analyzing the connection to overfitting," in 2018 IEEE 31st Computer Security Foundations Symposium (CSF), 2018: IEEE, pp. 268–282.
V. Feldman, I. Mironov, K. Talwar, and A. Thakurta, "Privacy amplification by iteration," in 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS), 2018: IEEE, pp. 521–532.
D. Kifer and A. Machanavajjhala, "Pufferfish: A framework for mathematical privacy definitions," ACM Transactions on Database Systems, vol. 39, no. 1, pp. 3:1–3:36, 2014, doi: 10.1145/251468.
S. Augenstein, H. B. McMahan, D. Ramage, S. Ramaswamy, and P. Kairouz, "Generative models for effective ML on private, decentralized datasets," in "arXiv," 2019. [Online]. Available: https://arxiv.org/abs/1911.06679
Downloads
Published
Submitted
Revised
Accepted
Issue
Section
License
Copyright (c) 2025 Khalil Jahani; Behzad Moshiri, Babak Hossein Khalaj (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
