Matrix Sketching for Secure Collaborative Machine Learning

Collaborative learning allows participants to jointly train a model without data sharing. To update the model parameters, the central server broadcasts model parameters to the clients, and the clients send updating directions such as gradients to the server. While data do not leave a client device, the communicated gradients and parameters will leak a client's privacy. Prior work proposed attacks that infer client's privacy from gradients and parameters. They also showed that simple defenses such as dropout and differential privacy do not help much. We propose a practical defense which we call Double Blind Collaborative Learning (DBCL). The high-level idea is to apply random matrix sketching to the parameters (aka weights) and re-generate random sketching after each iteration. DBCL prevents malicious clients from conducting gradient-based privacy inference which are the most effective attacks. DBCL works because from the attacker's perspective, sketching is effectively random noise that outweighs the signal. Notably, DBCL does not increase the computation and communication cost much and does not hurt test accuracy at all.