分布式隐私的回归方案已在各个领域开发和扩展，在这些领域中，多方协作和私人运行优化算法，例如梯度下降，以学习一组最佳参数。但是，传统的基于梯度的方法无法解决包含具有L1正则化的客观功能的问题，例如LASSO回归。在本文中，我们介绍了一个名为FCD的新分布式方案联合坐标下降，旨在在多方场景下安全地解决此问题。具体而言，通过安全的聚合和添加的扰动，我们的方案确保：（1）没有向其他方泄漏本地信息，并且（2）全局模型参数不会暴露于云服务器。最终，各方可以消除附加的扰动，以得出具有高性能的全球模型。我们表明，FCD方案填补了多方安全坐标下降方法的空白，并且适用于一般线性回归，包括线性，脊和拉索回归。理论安全分析和实验结果表明，可以有效，有效地执行FCD，并以低MAE度量作为在现实世界UCI数据集的三种线性回归的任务下作为集中方法提供的低MAE度量。

Today's AI still faces two major challenges. One is that in most industries, data exists in the form of isolated islands. The other is the strengthening of data privacy and security. We propose a possible solution to these challenges: secure federated learning. Beyond the federated learning framework first proposed by Google in 2016, we introduce a comprehensive secure federated learning framework, which includes horizontal federated learning, vertical federated learning and federated transfer learning. We provide definitions, architectures and applications for the federated learning framework, and provide a comprehensive survey of existing works on this subject. In addition, we propose building data networks among organizations based on federated mechanisms as an effective solution to allow knowledge to be shared without compromising user privacy.

安全的基于多方计算的机器学习（称为MPL）已成为利用来自具有隐私保护的多个政党的数据的重要技术。尽管MPL为计算过程提供了严格的安全保证，但MPL训练的模型仍然容易受到仅依赖于访问模型的攻击。差异隐私可以帮助防御此类攻击。但是，差异隐私和安全多方计算协议的巨大沟通开销带来的准确性损失使得平衡隐私，效率和准确性之间的三通权衡是高度挑战的。在本文中，我们有动力通过提出一种解决方案（称为PEA（私有，高效，准确））来解决上述问题，该解决方案由安全的DPSGD协议和两种优化方法组成。首先，我们提出了一个安全的DPSGD协议，以在基于秘密共享的MPL框架中强制执行DPSGD。其次，为了减少因差异隐私噪声和MPL的巨大通信开销而导致的准确性损失，我们提出了MPL训练过程的两种优化方法：（1）与数据无关的功能提取方法，旨在简化受过训练的模型结构体; （2）基于本地数据的全局模型初始化方法，旨在加快模型训练的收敛性。我们在两个开源MPL框架中实施PEA：TF-Conteded和Queqiao。各种数据集的实验结果证明了PEA的效率和有效性。例如。当$ {\ epsilon} $ = 2时，我们可以在LAN设置下的7分钟内训练CIFAR-10的差异私有分类模型，其精度为88％。这一结果大大优于来自CryptGPU的一个SOTA MPL框架：在CIFAR-10上训练非私有性深神经网络模型的成本超过16小时，其精度相同。

科学合作受益于分布式来源的协作学习，但在数据敏感时仍然难以实现。近年来，已经广泛研究了隐私保护技术，以分析不同机构的分布数据，同时保护敏感信息。大多数现有的隐私保存技术旨在抵抗半冬季对手，并需要进行密集的计算来执行数据分析。对于可能偏离安全协议的恶意对手的存在，安全的协作学习非常困难。另一个挑战是通过隐私保护保持较高的计算效率。在本文中，矩阵加密应用于加密数据，以使安全方案反对恶意对手，包括选择的明文攻击，已知的明文攻击和勾结攻击。加密方案还实现了当地的差异隐私。此外，研究了交叉验证以防止过度拟合，而无需额外的沟通成本。现实世界数据集的经验实验表明，与现有针对恶意对手和半honest模型的现有技术相比，所提出的方案在计算上是有效的。

联邦学习一直是一个热门的研究主题，使不同组织的机器学习模型的协作培训在隐私限制下。随着研究人员试图支持更多具有不同隐私方法的机器学习模型，需要开发系统和基础设施，以便于开发各种联合学习算法。类似于Pytorch和Tensorflow等深度学习系统，可以增强深度学习的发展，联邦学习系统（FLSS）是等效的，并且面临各个方面的面临挑战，如有效性，效率和隐私。在本调查中，我们对联合学习系统进行了全面的审查。为实现流畅的流动和引导未来的研究，我们介绍了联合学习系统的定义并分析了系统组件。此外，我们根据六种不同方面提供联合学习系统的全面分类，包括数据分布，机器学习模型，隐私机制，通信架构，联合集市和联合的动机。分类可以帮助设计联合学习系统，如我们的案例研究所示。通过系统地总结现有联合学习系统，我们展示了设计因素，案例研究和未来的研究机会。

物联网设备正在迅速扩展并产生大量数据。越来越需要探索从这些设备收集的数据。协作学习为物联网设置提供了战略解决方案，但也引起了公众对数据隐私的关注。近年来，根据安全的多方计算和差异隐私开发了大量隐私技术。协作学习的主要挑战是平衡披露风险和数据实用性，同时保持高计算效率。在本文中，我们提出了使用矩阵加密方法保存逻辑回归模型的隐私。安全方案对所选的明文攻击，已知的明文攻击和勾结攻击具有弹性，该攻击可能会损害协作学习中的任何机构。加密的模型估计值被解密以提供真正的模型结果，没有准确性降解。实施验证阶段以检查机构之间的不诚实行为。实验评估证明了拟议方案的快速收敛速率和高效率。

深度学习在许多应用中取得了巨大成功。然而，其在实践中的部署已经受到两个问题的困扰：由于通常在地理上分布的大量数据传输，必须集中聚合的数据的隐私。解决这两个问题都是具有挑战性的，并且大多数现有工程无法提供有效的解决方案。在本文中，我们开发FEDPC，是隐私保存和沟通效率的联邦深度学习框架。该框架允许在多个私有数据集中学习模型，同时不显示培训数据的任何信息，即使是中间数据。该框架还可以最大限度地减少更新模型的数据量。我们正式证明培训FEDPC及其隐私保留财产时学习模型的融合。我们对大量实验进行了广泛的实验，以评估FEDPC的性能，以近似到上限的性能（培训集中时）和通信开销。结果表明，当数据分配到10个计算节点时，FEDPC在8.5 \％$ 8.5 \％$ 8.5 \％$ 8.5 \％$ 8.5 \％$ 8.5 \％$ 8.5 \％。与现有工程相比，FEDPC还将通信开销降低至42.20±20美元。

Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns.In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to non-linear functions such as sigmoid and softmax that are superior to prior work. We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

随着基于位置的越来越多的社交网络，隐私保存位置预测已成为帮助用户发现新的兴趣点（POI）的主要任务。传统系统考虑一种需要传输和收集用户私有数据的集中方法。在这项工作中，我们展示了FedPoirec，隐私保留了联合学习方法的隐私，增强了用户社交界的功能，以获得最高$ N $ POI建议。首先，FedPoirec框架建立在本地数据永远不会离开所有者设备的原则上，而本地更新盲目地由参数服务器汇总。其次，本地推荐人通过允许用户交换学习参数来获得个性化，从而实现朋友之间的知识传输。为此，我们提出了一种隐私保留协议，用于通过利用CKKS完全同态加密方案的特性来集成用户朋友在联合计算之后的偏好。为了评估FEDPOIREC，我们使用两个推荐模型将我们的方法应用于五个现实世界数据集。广泛的实验表明，FEDPOIREC以集中方法实现了相当的推荐质量，而社会集成协议会突出用户侧的低计算和通信开销。

Federated learning is a collaborative method that aims to preserve data privacy while creating AI models. Current approaches to federated learning tend to rely heavily on secure aggregation protocols to preserve data privacy. However, to some degree, such protocols assume that the entity orchestrating the federated learning process (i.e., the server) is not fully malicious or dishonest. We investigate vulnerabilities to secure aggregation that could arise if the server is fully malicious and attempts to obtain access to private, potentially sensitive data. Furthermore, we provide a method to further defend against such a malicious server, and demonstrate effectiveness against known attacks that reconstruct data in a federated learning setting.

Federated learning has recently been applied to recommendation systems to protect user privacy. In federated learning settings, recommendation systems can train recommendation models only collecting the intermediate parameters instead of the real user data, which greatly enhances the user privacy. Beside, federated recommendation systems enable to collaborate with other data platforms to improve recommended model performance while meeting the regulation and privacy constraints. However, federated recommendation systems faces many new challenges such as privacy, security, heterogeneity and communication costs. While significant research has been conducted in these areas, gaps in the surveying literature still exist. In this survey, we-(1) summarize some common privacy mechanisms used in federated recommendation systems and discuss the advantages and limitations of each mechanism; (2) review some robust aggregation strategies and several novel attacks against security; (3) summarize some approaches to address heterogeneity and communication costs problems; (4)introduce some open source platforms that can be used to build federated recommendation systems; (5) present some prospective research directions in the future. This survey can guide researchers and practitioners understand the research progress in these areas.

Federated learning facilitates the collaborative training of models without the sharing of raw data. However, recent attacks demonstrate that simply maintaining data locality during training processes does not provide sufficient privacy guarantees. Rather, we need a federated learning system capable of preventing inference over both the messages exchanged during training and the final trained model while ensuring the resulting model also has acceptable predictive accuracy. Existing federated learning approaches either use secure multiparty computation (SMC) which is vulnerable to inference or differential privacy which can lead to low accuracy given a large number of parties with relatively small amounts of data each. In this paper, we present an alternative approach that utilizes both differential privacy and SMC to balance these trade-offs. Combining differential privacy with secure multiparty computation enables us to reduce the growth of noise injection as the number of parties increases without sacrificing privacy while maintaining a pre-defined rate of trust. Our system is therefore a scalable approach that protects against inference threats and produces models with high accuracy. Additionally, our system can be used to train a variety of machine learning models, which we validate with experimental results on 3 different machine learning algorithms. Our experiments demonstrate that our approach out-performs state of the art solutions. CCS CONCEPTS• Security and privacy → Privacy-preserving protocols; Trust frameworks; • Computing methodologies → Learning settings.

Differentially private federated learning (DP-FL) has received increasing attention to mitigate the privacy risk in federated learning. Although different schemes for DP-FL have been proposed, there is still a utility gap. Employing central Differential Privacy in FL (CDP-FL) can provide a good balance between the privacy and model utility, but requires a trusted server. Using Local Differential Privacy for FL (LDP-FL) does not require a trusted server, but suffers from lousy privacy-utility trade-off. Recently proposed shuffle DP based FL has the potential to bridge the gap between CDP-FL and LDP-FL without a trusted server; however, there is still a utility gap when the number of model parameters is large. In this work, we propose OLIVE, a system that combines the merits from CDP-FL and LDP-FL by leveraging Trusted Execution Environment (TEE). Our main technical contributions are the analysis and countermeasures against the vulnerability of TEE in OLIVE. Firstly, we theoretically analyze the memory access pattern leakage of OLIVE and find that there is a risk for sparsified gradients, which is common in FL. Secondly, we design an inference attack to understand how the memory access pattern could be linked to the training data. Thirdly, we propose oblivious yet efficient algorithms to prevent the memory access pattern leakage in OLIVE. Our experiments on real-world data demonstrate that OLIVE is efficient even when training a model with hundreds of thousands of parameters and effective against side-channel attacks on TEE.

Federated Learning (FL) has emerged as a promising distributed learning paradigm with an added advantage of data privacy. With the growing interest in having collaboration among data owners, FL has gained significant attention of organizations. The idea of FL is to enable collaborating participants train machine learning (ML) models on decentralized data without breaching privacy. In simpler words, federated learning is the approach of ``bringing the model to the data, instead of bringing the data to the mode''. Federated learning, when applied to data which is partitioned vertically across participants, is able to build a complete ML model by combining local models trained only using the data with distinct features at the local sites. This architecture of FL is referred to as vertical federated learning (VFL), which differs from the conventional FL on horizontally partitioned data. As VFL is different from conventional FL, it comes with its own issues and challenges. In this paper, we present a structured literature review discussing the state-of-the-art approaches in VFL. Additionally, the literature review highlights the existing solutions to challenges in VFL and provides potential research directions in this domain.

由于对隐私保护的关注不断增加，因此如何在不同数据源上建立机器学习（ML）模型具有安全保证，这越来越受欢迎。垂直联合学习（VFL）描述了这种情况，其中ML模型建立在不同参与方的私人数据上，该数据与同一集合相同的实例中拥有不相交的功能，这适合许多现实世界中的协作任务。但是，我们发现VFL现有的解决方案要么支持有限的输入功能，要么在联合执行过程中遭受潜在数据泄漏的损失。为此，本文旨在研究VFL方案中ML模式的功能和安全性。具体来说，我们介绍了BlindFL，这是VFL训练和推理的新型框架。首先，为了解决VFL模型的功能，我们建议联合源层团结不同各方的数据。联合源层可以有效地支持各种特征，包括密集，稀疏，数值和分类特征。其次，我们在联合执行期间仔细分析了安全性，并正式化了隐私要求。基于分析，我们设计了安全，准确的算法协议，并进一步证明了在理想真实的仿真范式下的安全保证。广泛的实验表明，BlindFL支持各种数据集和模型，同时获得强大的隐私保证。

In recent years, mobile devices are equipped with increasingly advanced sensing and computing capabilities. Coupled with advancements in Deep Learning (DL), this opens up countless possibilities for meaningful applications, e.g., for medical purposes and in vehicular networks. Traditional cloudbased Machine Learning (ML) approaches require the data to be centralized in a cloud server or data center. However, this results in critical issues related to unacceptable latency and communication inefficiency. To this end, Mobile Edge Computing (MEC) has been proposed to bring intelligence closer to the edge, where data is produced. However, conventional enabling technologies for ML at mobile edge networks still require personal data to be shared with external parties, e.g., edge servers. Recently, in light of increasingly stringent data privacy legislations and growing privacy concerns, the concept of Federated Learning (FL) has been introduced. In FL, end devices use their local data to train an ML model required by the server. The end devices then send the model updates rather than raw data to the server for aggregation. FL can serve as an enabling technology in mobile edge networks since it enables the collaborative training of an ML model and also enables DL for mobile edge network optimization. However, in a large-scale and complex mobile edge network, heterogeneous devices with varying constraints are involved. This raises challenges of communication costs, resource allocation, and privacy and security in the implementation of FL at scale. In this survey, we begin with an introduction to the background and fundamentals of FL. Then, we highlight the aforementioned challenges of FL implementation and review existing solutions. Furthermore, we present the applications of FL for mobile edge network optimization. Finally, we discuss the important challenges and future research directions in FL.

随着智能传感器的部署和通信技术的进步，大数据分析在智能电网域中大大流行，告知利益相关者最好的电力利用策略。但是，这些电源相关数据被不同的各方存储和拥有。例如，功耗数据存储在跨城市的众多变压器站中;移动公司持有的人口的流动性数据，这是耗电量重要指标。直接数据分享可能会妥协党的福利，个人隐私甚至国家安全。灵感来自谷歌AI的联邦学习计划，我们向智能电网提出了联合学习框架，这使得能够协作学习功耗模式而不会泄漏各个电力迹线。当数据分散在样本空间中时，采用横向联合学习;另一方面，垂直联合学习是为散射在特征空间中的数据的情况而设计的。案例研究表明，通过适当的加密方案，如Paillier加密，从提出的框架构建的机器学习模型是无损，隐私保留和有效的。最后，讨论了智能电网其他方面的联合学习的有希望的未来，包括电动车辆，分布式发电/消费和集成能量系统。

在联邦学习方案中，多方共同从其各自的数据中学习模型，有两个相互矛盾的目标是选择适当的算法。一方面，必须在存在\ textit {semi-honest}合作伙伴的情况下尽可能保持私人和敏感的培训数据，而另一方面，必须在不同方之间交换一定数量的信息学习实用程序。这样的挑战要求采用隐私的联合学习解决方案，该解决方案最大程度地提高了学习模型的效用，并维护参与各方的私人数据的可证明的隐私保证。本文说明了一个一般框架，即a）从统一信息理论的角度来制定隐私损失和效用损失之间的权衡，而b）在包括随机化，包括随机性，包括随机的机制，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，包括随机性，，使用稀疏性和同态加密。结果表明，一般而言\ textit {没有免费的午餐来进行隐私 - 私人权衡取舍}，并且必须用一定程度的降级效用进行保存隐私。本文中说明的定量分析可以作为实用联合学习算法设计的指导。

联邦机器学习利用边缘计算来开发网络用户数据的模型，但联合学习的隐私仍然是一个重大挑战。已经提出了使用差异隐私的技术来解决这一点，但是带来了自己的挑战 - 许多人需要一个值得信赖的第三方，或者增加了太多的噪音来生产有用的模型。使用多方计算的\ EMPH {SERVE聚合}的最新进步消除了对第三方的需求，但是在计算上尤其在规模上昂贵。我们提出了一种新的联合学习协议，利用了一种基于与错误学习的技术的新颖差异私有的恶意安全聚合协议。我们的协议优于当前最先进的技术，并且经验结果表明它缩放到大量方面，具有任何差别私有联合学习方案的最佳精度。

如今，信息技术的发展正在迅速增长。在大数据时代，个人信息的隐私更加明显。主要的挑战是找到一种方法来确保在发布和分析数据时不会披露敏感的个人信息。在信任的第三方数据策展人的假设上建立了集中式差异隐私。但是，这个假设在现实中并不总是正确的。作为一种新的隐私保护模型，当地的差异隐私具有相对强大的隐私保证。尽管联邦学习相对是一种用于分布式学习的隐私方法，但它仍然引入了各种隐私问题。为了避免隐私威胁并降低沟通成本，我们建议将联合学习和当地差异隐私与动量梯度下降整合在一起，以提高机器学习模型的性能。