关键词: 联邦学习, 隐私保护, 差分隐私, 同态加密, 安全多方计算

Abstract: The performance of machine learning algorithm improves with the increase of data scale. However, people’s personal privacy may be leaked when collecting a large scale of multi-source user data and executing machine learning algorithm on them. With the grown attention of individuals and governments to personal information, the data sources of centralized machine learning are limited with objective conditions. In recent years, federated learning technology has become a new way to solve the privacy problem in machine learning. The federated learning architecture does not need to train large scale data in a data center, it only needs participants to train local models on local data, and periodically upload parameters to the server to update the global model. Federated learning has the nature of privacy protection. It only needs to train the model on the nodes where the data are stored in a decentralized way and pass the parameters of the model to the server. The server is unable to obtain the original data, and the privacy of personal data is effectively protected. Today, data privacy and security issues have attracted much attention. Federated learning has the advantages of avoiding data leakage and central data attack. In addition, traditional machine learning model cannot directly deal with heterogeneous data. Using federated learning technology, machine learning model on global data can be established without sharing data, which not only protects data privacy, but also solves data heterogeneity problem. However, the privacy protection mechanism provided by federated learning architecture is insufficient, which is easy to cause the privacy disclosure of the training data. At present, strengthening the privacy protection mechanism in federated learning architecture has become a new research hotspot. Based on the problem of privacy disclosure in federated learning, this paper discusses the attack model and privacy information disclosure in federated learning. This paper focuses on privacy protection technologies in federated learning: privacy protection mechanism based on secure multi-party computing, privacy protection technology based on differential privacy, and privacy protection technology based on BlockChain. Finally, this paper discusses the key issues of privacy protection in enhanced federated learning, focusing on the problems of model convergence and performance, personalized privacy requirement, etc.

Key words: Federated learning, privacy preserving, differential privacy, homomorphic encryption, secure multiparty computation