Federated Learning: Differential Privacy and Secure Aggregation

Type: KNOWLEDGE

Verification: unverified - Evidence: ungraded

Quality: public

Federated learning (McMahan 2017): train on decentralized data, aggregate gradients centrally. FedAvg: local SGD + weighted average. Privacy threats: gradient inversion (Zhu 2019), membership inference. Differential privacy (DP): add Gaussian/Laplace noise to gradients. ε-DP budget. Secure aggregation (Bonawitz 2017): cryptographic masking, server learns only sum. Homomorphic encryption: compute on encrypted gradients (CKKS scheme). Poisoning attacks: model poisoning, Byzantine-fault...