-
Samplable Anonymous Aggregation for Private Federated Data Analysis
Authors:
Kunal Talwar,
Shan Wang,
Audra McMillan,
Vojta **a,
Vitaly Feldman,
Bailey Basile,
Aine Cahill,
Yi Sheng Chan,
Mike Chatzidakis,
Junye Chen,
Oliver Chick,
Mona Chitnis,
Suman Ganta,
Yusuf Goren,
Filip Granqvist,
Kristine Guo,
Frederic Jacobs,
Omid Javidbakht,
Albert Liu,
Richard Low,
Dan Mascenik,
Steve Myers,
David Park,
Wonhee Park,
Gianni Parsa
, et al. (11 additional authors not shown)
Abstract:
We revisit the problem of designing scalable protocols for private statistics and private federated learning when each device holds its private data. Our first contribution is to propose a simple primitive that allows for efficient implementation of several commonly used algorithms, and allows for privacy accounting that is close to that in the central setting without requiring the strong trust as…
▽ More
We revisit the problem of designing scalable protocols for private statistics and private federated learning when each device holds its private data. Our first contribution is to propose a simple primitive that allows for efficient implementation of several commonly used algorithms, and allows for privacy accounting that is close to that in the central setting without requiring the strong trust assumptions it entails. Second, we propose a system architecture that implements this primitive and perform a security analysis of the proposed system.
△ Less
Submitted 27 July, 2023;
originally announced July 2023.
-
Differentially Private Heavy Hitter Detection using Federated Analytics
Authors:
Karan Chadha,
Junye Chen,
John Duchi,
Vitaly Feldman,
Hanieh Hashemi,
Omid Javidbakht,
Audra McMillan,
Kunal Talwar
Abstract:
In this work, we study practical heuristics to improve the performance of prefix-tree based algorithms for differentially private heavy hitter detection. Our model assumes each user has multiple data points and the goal is to learn as many of the most frequent data points as possible across all users' data with aggregate and local differential privacy. We propose an adaptive hyperparameter tuning…
▽ More
In this work, we study practical heuristics to improve the performance of prefix-tree based algorithms for differentially private heavy hitter detection. Our model assumes each user has multiple data points and the goal is to learn as many of the most frequent data points as possible across all users' data with aggregate and local differential privacy. We propose an adaptive hyperparameter tuning algorithm that improves the performance of the algorithm while satisfying computational, communication and privacy constraints. We explore the impact of different data-selection schemes as well as the impact of introducing deny lists during multiple runs of the algorithm. We test these improvements using extensive experimentation on the Reddit dataset~\cite{caldas2018leaf} on the task of learning the most frequent words.
△ Less
Submitted 21 July, 2023;
originally announced July 2023.
-
Private Federated Statistics in an Interactive Setting
Authors:
Audra McMillan,
Omid Javidbakht,
Kunal Talwar,
Elliot Briggs,
Mike Chatzidakis,
Junye Chen,
John Duchi,
Vitaly Feldman,
Yusuf Goren,
Michael Hesse,
Vojta **a,
Anil Katti,
Albert Liu,
Cheney Lyford,
Joey Meyer,
Alex Palmer,
David Park,
Wonhee Park,
Gianni Parsa,
Paul Pelzl,
Rehan Rishi,
Congzheng Song,
Shan Wang,
Shundong Zhou
Abstract:
Privately learning statistics of events on devices can enable improved user experience. Differentially private algorithms for such problems can benefit significantly from interactivity. We argue that an aggregation protocol can enable an interactive private federated statistics system where user's devices maintain control of the privacy assurance. We describe the architecture of such a system, and…
▽ More
Privately learning statistics of events on devices can enable improved user experience. Differentially private algorithms for such problems can benefit significantly from interactivity. We argue that an aggregation protocol can enable an interactive private federated statistics system where user's devices maintain control of the privacy assurance. We describe the architecture of such a system, and analyze its security properties.
△ Less
Submitted 18 November, 2022;
originally announced November 2022.
-
Private Adaptive Gradient Methods for Convex Optimization
Authors:
Hilal Asi,
John Duchi,
Alireza Fallah,
Omid Javidbakht,
Kunal Talwar
Abstract:
We study adaptive methods for differentially private convex optimization, proposing and analyzing differentially private variants of a Stochastic Gradient Descent (SGD) algorithm with adaptive stepsizes, as well as the AdaGrad algorithm. We provide upper bounds on the regret of both algorithms and show that the bounds are (worst-case) optimal. As a consequence of our development, we show that our…
▽ More
We study adaptive methods for differentially private convex optimization, proposing and analyzing differentially private variants of a Stochastic Gradient Descent (SGD) algorithm with adaptive stepsizes, as well as the AdaGrad algorithm. We provide upper bounds on the regret of both algorithms and show that the bounds are (worst-case) optimal. As a consequence of our development, we show that our private versions of AdaGrad outperform adaptive SGD, which in turn outperforms traditional SGD in scenarios with non-isotropic gradients where (non-private) Adagrad provably outperforms SGD. The major challenge is that the isotropic noise typically added for privacy dominates the signal in gradient geometry for high-dimensional problems; approaches to this that effectively optimize over lower-dimensional subspaces simply ignore the actual problems that varying gradient geometries introduce. In contrast, we study non-isotropic clip** and noise addition, develo** a principled theoretical approach; the consequent procedures also enjoy significantly stronger empirical performance than prior approaches.
△ Less
Submitted 25 June, 2021;
originally announced June 2021.
-
Federated Evaluation and Tuning for On-Device Personalization: System Design & Applications
Authors:
Matthias Paulik,
Matt Seigel,
Henry Mason,
Dominic Telaar,
Joris Kluivers,
Rogier van Dalen,
Chi Wai Lau,
Luke Carlson,
Filip Granqvist,
Chris Vandevelde,
Sudeep Agarwal,
Julien Freudiger,
Andrew Byde,
Abhishek Bhowmick,
Gaurav Kapoor,
Si Beaumont,
Áine Cahill,
Dominic Hughes,
Omid Javidbakht,
Fei Dong,
Rehan Rishi,
Stanley Hung
Abstract:
We describe the design of our federated task processing system. Originally, the system was created to support two specific federated tasks: evaluation and tuning of on-device ML systems, primarily for the purpose of personalizing these systems. In recent years, support for an additional federated task has been added: federated learning (FL) of deep neural networks. To our knowledge, only one other…
▽ More
We describe the design of our federated task processing system. Originally, the system was created to support two specific federated tasks: evaluation and tuning of on-device ML systems, primarily for the purpose of personalizing these systems. In recent years, support for an additional federated task has been added: federated learning (FL) of deep neural networks. To our knowledge, only one other system has been described in literature that supports FL at scale. We include comparisons to that system to help discuss design decisions and attached trade-offs. Finally, we describe two specific large scale personalization use cases in detail to showcase the applicability of federated tuning to on-device personalization and to highlight application specific solutions.
△ Less
Submitted 16 February, 2021;
originally announced February 2021.
-
Element Level Differential Privacy: The Right Granularity of Privacy
Authors:
Hilal Asi,
John Duchi,
Omid Javidbakht
Abstract:
Differential Privacy (DP) provides strong guarantees on the risk of compromising a user's data in statistical learning applications, though these strong protections make learning challenging and may be too stringent for some use cases. To address this, we propose element level differential privacy, which extends differential privacy to provide protection against leaking information about any parti…
▽ More
Differential Privacy (DP) provides strong guarantees on the risk of compromising a user's data in statistical learning applications, though these strong protections make learning challenging and may be too stringent for some use cases. To address this, we propose element level differential privacy, which extends differential privacy to provide protection against leaking information about any particular "element" a user has, allowing better utility and more robust results than classical DP. By carefully choosing these "elements," it is possible to provide privacy protections at a desired granularity. We provide definitions, associated privacy guarantees, and analysis to identify the tradeoffs with the new definition; we also develop several private estimation and learning methodologies, providing careful examples for item frequency and M-estimation (empirical risk minimization) with concomitant privacy and utility analysis. We complement our theoretical and methodological advances with several real-world applications, estimating histograms and fitting several large-scale prediction models, including deep networks.
△ Less
Submitted 5 December, 2019;
originally announced December 2019.