Advances and Open Problems in Federated Learning

Federated learning (FL) is a machine learning setting where many clients (e.g. mobile devices or whole organizations) collaboratively train a model under the orchestration of a central server (e.g. service provider), while keeping the training data decentralized. FL embodies the principles of focused data collection and minimization, and can mitigate many of the systemic privacy risks and costs resulting from traditional, centralized machine learning and data science approaches. Motivated by the explosive growth in FL research, this paper discusses recent advances and presents an extensive collection of open problems and challenges.

Richard Nock | Zaïd Harchaoui | David Evans | Ramesh Raskar | Mikhail Khodak | Dawn Xiaodong Song | Tara Javidi | Ben Hutchinson | Marco Gruteser | Oluwasanmi Koyejo | Ayfer Özgür | Graham Cormode | Farinaz Koushanfar | Martin Jaggi | Han Yu | Zheng Xu | Tancrède Lepoint | Praneeth Vepakomma | Badih Ghazi | Rasmus Pagh | Mehdi Bennis | Arjun Nitin Bhagoji | Jianyu Wang | Phillip B. Gibbons | Salim El Rouayheb | Sebastian U. Stich | Aleksandra Korolova | Ananda Theertha Suresh | Adrià Gascón | Jakub Konecný | H. Brendan McMahan | Peter Kairouz | Yang Liu | Qiang Yang | Gauri Joshi | Daniel Ramage | Zhouyuan Huo | Justin Hsu | Chaoyang He | Felix X. Yu | Rachel Cummings | Josh Gardner | Aurélien Bellet | Keith Bonawitz | Florian Tramèr | Prateek Mittal | Mehryar Mohri | Rafael G. L. D'Oliveira | Li Xiong | Zachary B. Charles | Ziteng Sun | Sen Zhao | Lie He | Brendan Avent | Zachary Charles | Zachary Garrett | Mariana Raykova | Hang Qi | Weikang Song | Florian Tramèr | M. Mohri | A. Suresh | Martin Jaggi | D. Song | H. B. McMahan | Jakub Konecný | Gauri Joshi | Justin Hsu | Z. Harchaoui | D. Ramage | Lie He | Aurélien Bellet | R. Raskar | P. Kairouz | Brendan Avent | M. Bennis | A. Bhagoji | Keith Bonawitz | Graham Cormode | Rachel Cummings | S. Rouayheb | David Evans | Josh Gardner | Zachary Garrett | Adrià Gascón | Badih Ghazi | M. Gruteser | Chaoyang He | Zhouyuan Huo | Ben Hutchinson | T. Javidi | M. Khodak | A. Korolova | F. Koushanfar | O. Koyejo | Tancrède Lepoint | Yang Liu | Prateek Mittal | R. Nock | A. Özgür | R. Pagh | Mariana Raykova | Hang Qi | Weikang Song | Ziteng Sun | Praneeth Vepakomma | Jianyu Wang | Li Xiong | Zheng Xu | Qiang Yang | Han Yu | Sen Zhao | A. Bellet | S. Stich | Daniel Ramage | Zaïd Harchaoui | Oluwasanmi Koyejo | S. E. Rouayheb | Li Xiong

[1]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[2]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[3]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[4]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[5]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[6]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[7]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[8]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[9]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[10]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[11]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[12]  R. Little Post-Stratification: A Modeler's Perspective , 1993 .

[13]  Brian D. Ripley,et al.  Statistical aspects of neural networks , 1993 .

[14]  Ron Kohavi,et al.  Automatic Parameter Selection by Minimizing Estimated Error , 1995, ICML.

[15]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[16]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[17]  Jonathan Baxter,et al.  A Model of Inductive Bias Learning , 2000, J. Artif. Intell. Res..

[18]  K. Srinathan,et al.  Efficient Asynchronous Secure Multiparty Distributed Computation , 2000, INDOCRYPT.

[19]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[20]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[21]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[22]  G. Annas HIPAA regulations - a new era of medical-record privacy? , 2003, The New England journal of medicine.

[23]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[24]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[25]  David P. Woodruff,et al.  A geometric approach to information-theoretic private information retrieval , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[26]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[27]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[28]  Stephen P. Boyd,et al.  Randomized gossip algorithms , 2006, IEEE Transactions on Information Theory.

[29]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[30]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[31]  Jaideep Vaidya,et al.  Knowledge and Information Systems , 2007 .

[32]  Maria L. Rizzo,et al.  Measuring and testing dependence by correlation of distances , 2007, 0803.4101.

[33]  Philippe Gaborit,et al.  A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol , 2007, IACR Cryptol. ePrint Arch..

[34]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[35]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[36]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[37]  Yishay Mansour,et al.  Domain Adaptation with Multiple Sources , 2008, NIPS.

[38]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[39]  Salvatore J. Stolfo,et al.  Casting out Demons: Sanitizing Training Data for Anomaly Sensors , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[40]  Koby Crammer,et al.  A theory of learning from different domains , 2010, Machine Learning.

[41]  Tim Roughgarden,et al.  Universally utility-maximizing privacy mechanisms , 2008, STOC '09.

[42]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[43]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[44]  Yishay Mansour,et al.  Domain Adaptation: Learning Bounds and Algorithms , 2009, COLT.

[45]  Neil D. Lawrence,et al.  Dataset Shift in Machine Learning , 2009 .

[46]  Omer Reingold,et al.  Computational Differential Privacy , 2009, CRYPTO.

[47]  Matthew J. Streeter,et al.  Adaptive Bound Optimization for Online Convex Optimization , 2010, COLT 2010.

[48]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[49]  Yoram Singer,et al.  Adaptive Subgradient Methods for Online Learning and Stochastic Optimization , 2011, J. Mach. Learn. Res..

[50]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[51]  Qiang Yang,et al.  A Survey on Transfer Learning , 2010, IEEE Transactions on Knowledge and Data Engineering.

[52]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[53]  Guy N. Rothblum,et al.  Boosting and Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[54]  Yoshua Bengio,et al.  Algorithms for Hyper-Parameter Optimization , 2011, NIPS.

[55]  A. Razborov Communication Complexity , 2011 .

[56]  Rainer Schnell,et al.  A Novel Error-Tolerant Anonymous Linking Code , 2011 .

[57]  Jun Sakuma,et al.  Fairness-aware Learning through Regularization Approach , 2011, 2011 IEEE 11th International Conference on Data Mining Workshops.

[58]  Joshua B. Tenenbaum,et al.  One shot learning of simple visual concepts , 2011, CogSci.

[59]  Yehuda Lindell,et al.  Secure Computation on the Web: Computing without Simultaneous Interaction , 2011, IACR Cryptol. ePrint Arch..

[60]  Andreas Haeberlen,et al.  Differential Privacy Under Fire , 2011, USENIX Security Symposium.

[61]  Dan Bogdanov,et al.  Deploying Secure Multi-Party Computation for Financial Data Analysis - (Short Paper) , 2012, Financial Cryptography.

[62]  Ian Goldberg,et al.  Revisiting the Computational Practicality of Private Information Retrieval , 2011, Financial Cryptography.

[63]  Mark A. Moraes,et al.  Parallel random numbers: As easy as 1, 2, 3 , 2011, 2011 International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[64]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[65]  Claude Castelluccia,et al.  I Have a DREAM! (DiffeRentially privatE smArt Metering) , 2011, Information Hiding.

[66]  Ohad Shamir,et al.  Better Mini-Batch Algorithms via Accelerated Gradient Methods , 2011, NIPS.

[67]  Guanghui Lan,et al.  An optimal method for stochastic composite optimization , 2011, Mathematical Programming.

[68]  Zvika Brakerski,et al.  Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP , 2012, CRYPTO.

[69]  Marc'Aurelio Ranzato,et al.  Large Scale Distributed Deep Networks , 2012, NIPS.

[70]  Ohad Shamir,et al.  Optimal Distributed Online Prediction Using Mini-Batches , 2010, J. Mach. Learn. Res..

[71]  Peter Christen,et al.  Data matching: concepts and techniques for record linkage, entity resolution, and duplicate detection / Peter Christen , 2012 .

[72]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[73]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[74]  Elaine Shi,et al.  Privacy-Preserving Stream Aggregation with Fault Tolerance , 2012, Financial Cryptography.

[75]  Karim M. El Defrawy,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[76]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[77]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[78]  Ilya Mironov,et al.  On significance of the least significant bits for differential privacy , 2012, CCS.

[79]  Francisco Herrera,et al.  A unifying view on dataset shift in classification , 2012, Pattern Recognit..

[80]  Toniann Pitassi,et al.  Fairness through awareness , 2011, ITCS '12.

[81]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[82]  Geoffrey E. Hinton,et al.  Learning to Label Aerial Images from Noisy Data , 2012, ICML.

[83]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[84]  Fabio Roli,et al.  Evasion Attacks against Machine Learning at Test Time , 2013, ECML/PKDD.

[85]  Stratis Ioannidis,et al.  Privacy-Preserving Ridge Regression on Hundreds of Millions of Records , 2013, 2013 IEEE Symposium on Security and Privacy.

[86]  Rainer Schnell,et al.  Efficient private record linkage of very large datasets , 2013 .

[87]  Nagarajan Natarajan,et al.  Learning with Noisy Labels , 2013, NIPS.

[88]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[89]  Martin J. Wainwright,et al.  Local privacy and statistical minimax rates , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[90]  Qiang Yang,et al.  Lifelong Machine Learning Systems: Beyond Learning Algorithms , 2013, AAAI Spring Symposium: Lifelong Machine Learning.

[91]  Martin J. Wainwright,et al.  Information-theoretic lower bounds for distributed statistical estimation with communication constraints , 2013, NIPS.

[92]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[93]  Qiang Tang,et al.  On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes , 2014, LATINCRYPT.

[94]  Mehryar Mohri,et al.  Domain adaptation and sample bias correction theory and algorithm for regression , 2014, Theor. Comput. Sci..

[95]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[96]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[97]  Jean-Sébastien Coron,et al.  Scale-Invariant Fully Homomorphic Encryption over the Integers , 2014, Public Key Cryptography.

[98]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[99]  Pramod Viswanath,et al.  Extremal Mechanisms for Local Differential Privacy , 2014, J. Mach. Learn. Res..

[100]  Gene Tsudik,et al.  A minimalist approach to Remote Attestation , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[101]  Ashwin Machanavajjhala,et al.  Pufferfish , 2014, ACM Trans. Database Syst..

[102]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[103]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[104]  Raef Bassily,et al.  Local, Private, Efficient Protocols for Succinct Histograms , 2015, STOC.

[105]  Jon Howell,et al.  Geppetto: Versatile Verifiable Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[106]  Prabhat,et al.  Scalable Bayesian Optimization Using Deep Neural Networks , 2015, ICML.

[107]  Xiaojin Zhu,et al.  Using Machine Teaching to Identify Optimal Training-Set Attacks on Machine Learners , 2015, AAAI.

[108]  Yoshua Bengio,et al.  BinaryConnect: Training Deep Neural Networks with binary weights during propagations , 2015, NIPS.

[109]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[110]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[111]  Yann LeCun,et al.  Deep learning with Elastic Averaging SGD , 2014, NIPS.

[112]  Aaron Roth,et al.  Privacy for the Protected (Only) , 2015, ArXiv.

[113]  Xiaojin Zhu,et al.  Machine Teaching: An Inverse Problem to Machine Learning and an Approach Toward Optimal Education , 2015, AAAI.

[114]  Zhenqi Huang,et al.  Differentially Private Distributed Optimization , 2014, ICDCN.

[115]  Mark W. Schmidt,et al.  Linear Convergence of Gradient and Proximal-Gradient Methods Under the Polyak-Łojasiewicz Condition , 2016, ECML/PKDD.

[116]  Yehuda Lindell,et al.  High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority , 2016, IACR Cryptol. ePrint Arch..

[117]  Peter Kairouz,et al.  Discrete Distribution Estimation under Local Privacy , 2016, ICML.

[118]  Amit Agarwal,et al.  CNTK: Microsoft's Open-Source Deep-Learning Toolkit , 2016, KDD.

[119]  Sachin S. Talathi,et al.  Fixed Point Quantization of Deep Convolutional Networks , 2015, ICML.

[120]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[121]  Michael Naehrig,et al.  CryptoNets: applying neural networks to encrypted data with high throughput and accuracy , 2016, ICML 2016.

[122]  Richard Nock,et al.  Fast Learning from Distributed Datasets without Entity Matching , 2016, IJCAI.

[123]  Song Han,et al.  Deep Compression: Compressing Deep Neural Network with Pruning, Trained Quantization and Huffman Coding , 2015, ICLR.

[124]  Fabian Pedregosa,et al.  Hyperparameter optimization with approximate gradient , 2016, ICML.

[125]  Ahmed M. Elgammal,et al.  Supervised Dimensionality Reduction via Distance Correlation Maximization , 2016, ArXiv.

[126]  David P. Woodruff,et al.  Communication lower bounds for statistical estimation problems via a distributed data processing inequality , 2015, STOC.

[127]  Peter Richtárik,et al.  Federated Learning: Strategies for Improving Communication Efficiency , 2016, ArXiv.

[128]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[129]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[130]  Sarvar Patel,et al.  Practical Secure Aggregation for Federated Learning on User-Held Data , 2016, ArXiv.

[131]  Nitin H. Vaidya,et al.  Fault-Tolerant Multi-Agent Optimization: Optimal Iterative Distributed Algorithms , 2016, PODC.

[132]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[133]  Azer Bestavros,et al.  Secure MPC for Analytics as a Web Application , 2016, 2016 IEEE Cybersecurity Development (SecDev).

[134]  Omid Salehi-Abari,et al.  Over-the-air Function Computation in Sensor Networks , 2016, ArXiv.

[135]  Nathan Srebro,et al.  Equality of Opportunity in Supervised Learning , 2016, NIPS.

[136]  Yehuda Lindell,et al.  High-Throughput Secure Three-Party Computation for Malicious Adversaries and an Honest Majority , 2017, IACR Cryptol. ePrint Arch..

[137]  Stéphan Clémençon,et al.  Gossip Dual Averaging for Decentralized Optimization of Pairwise Functions , 2016, ICML.

[138]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[139]  Matt J. Kusner,et al.  Counterfactual Fairness , 2017, NIPS.

[140]  Percy Liang,et al.  Understanding Black-box Predictions via Influence Functions , 2017, ICML.

[141]  Sanjiv Kumar,et al.  Multiscale Quantization for Fast Similarity Search , 2017, NIPS.

[142]  Thomas Steinke,et al.  Tight Lower Bounds for Differentially Private Selection , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[143]  Swanand Kadhe,et al.  Private information retrieval with side information: The single server case , 2017, 2017 55th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[144]  Yuval Ishai,et al.  Ligero: Lightweight Sublinear Arguments Without a Trusted Setup , 2017, Designs, Codes and Cryptography.

[145]  Quoc V. Le,et al.  Neural Optimizer Search with Reinforcement Learning , 2017, ICML.

[146]  Ameet Talwalkar,et al.  Federated Multi-Task Learning , 2017, NIPS.

[147]  Alex Graves,et al.  Decoupled Neural Interfaces using Synthetic Gradients , 2016, ICML.

[148]  Hugo Larochelle,et al.  Optimization as a Model for Few-Shot Learning , 2016, ICLR.

[149]  Richard Nock,et al.  Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption , 2017, ArXiv.

[150]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[151]  Li Xiong,et al.  A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy , 2017, IEEE Transactions on Dependable and Secure Computing.

[152]  David Lie,et al.  Glimmers: Resolving the Privacy/Trust Quagmire , 2017, HotOS.

[153]  Mariana Raykova,et al.  Privacy-Preserving Distributed Linear Regression on High-Dimensional Data , 2017, Proc. Priv. Enhancing Technol..

[154]  Wei Zhang,et al.  Can Decentralized Algorithms Outperform Centralized Algorithms? A Case Study for Decentralized Parallel Stochastic Gradient Descent , 2017, NIPS.

[155]  Jun Tang,et al.  Privacy Loss in Apple's Implementation of Differential Privacy on MacOS 10.12 , 2017, ArXiv.

[156]  Krishna P. Gummadi,et al.  Fairness Constraints: Mechanisms for Fair Classification , 2015, AISTATS.

[157]  Úlfar Erlingsson,et al.  Prochlo: Strong Privacy for Analytics in the Crowd , 2017, SOSP.

[158]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[159]  Jimeng Sun,et al.  Federated Tensor Factorization for Computational Phenotyping , 2017, KDD.

[160]  Brendan Dolan-Gavitt,et al.  BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain , 2017, ArXiv.

[161]  Janardhan Kulkarni,et al.  Collecting Telemetry Data Privately , 2017, NIPS.

[162]  Benjamin Livshits,et al.  BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model , 2017, USENIX Security Symposium.

[163]  Dan Alistarh,et al.  QSGD: Communication-Optimal Stochastic Gradient Descent, with Applications to Training Neural Networks , 2016, 1610.02132.

[164]  Pramod Viswanath,et al.  The Composition Theorem for Differential Privacy , 2013, IEEE Transactions on Information Theory.

[165]  Gregory Cohen,et al.  EMNIST: an extension of MNIST to handwritten letters , 2017, CVPR 2017.

[166]  Rachid Guerraoui,et al.  Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent , 2017, NIPS.

[167]  Moti Yung,et al.  Private Intersection-Sum Protocol with Applications to Attributing Aggregate Ad Conversions , 2017, IACR Cryptol. ePrint Arch..

[168]  Jinfeng Yi,et al.  ZOO: Zeroth Order Optimization Based Black-box Attacks to Deep Neural Networks without Training Substitute Models , 2017, AISec@CCS.

[169]  Pascal Paillier,et al.  Fast Homomorphic Evaluation of Deep Discretized Neural Networks , 2018, IACR Cryptol. ePrint Arch..

[170]  Marc Tommasi,et al.  Decentralized Collaborative Learning of Personalized Models over Networks , 2016, AISTATS.

[171]  Aleksander Madry,et al.  A Rotation and a Translation Suffice: Fooling CNNs with Simple Transformations , 2017, ArXiv.

[172]  Tassilo Klein,et al.  Differentially Private Federated Learning: A Client Level Perspective , 2017, ArXiv.

[173]  Yu Zhang,et al.  A Survey on Multi-Task Learning , 2017, IEEE Transactions on Knowledge and Data Engineering.

[174]  Srinivas Devadas,et al.  A Formal Foundation for Secure Remote Execution of Enclaves , 2017, IACR Cryptol. ePrint Arch..

[175]  Richard S. Zemel,et al.  Prototypical Networks for Few-shot Learning , 2017, NIPS.

[176]  Fan Zhang,et al.  Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[177]  Sergey Levine,et al.  Model-Agnostic Meta-Learning for Fast Adaptation of Deep Networks , 2017, ICML.

[178]  Dawn Xiaodong Song,et al.  Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning , 2017, ArXiv.

[179]  Blaise Agüera y Arcas,et al.  Communication-Efficient Learning of Deep Networks from Decentralized Data , 2016, AISTATS.

[180]  Dan Boneh,et al.  Prio: Private, Robust, and Scalable Computation of Aggregate Statistics , 2017, NSDI.

[181]  Ilya Mironov,et al.  Rényi Differential Privacy , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[182]  Percy Liang,et al.  Certified Defenses for Data Poisoning Attacks , 2017, NIPS.

[183]  Sarvar Patel,et al.  Practical Secure Aggregation for Privacy-Preserving Machine Learning , 2017, IACR Cryptol. ePrint Arch..

[184]  Ananda Theertha Suresh,et al.  Distributed Mean Estimation with Limited Communication , 2016, ICML.

[185]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[186]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[187]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[188]  Quoc V. Le,et al.  Large-Scale Evolution of Image Classifiers , 2017, ICML.

[189]  Raef Bassily,et al.  Practical Locally Private Heavy Hitters , 2017, NIPS.

[190]  Vitaly Feldman,et al.  Privacy Amplification by Iteration , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[191]  Mehdi Bennis,et al.  Communication-Efficient On-Device Machine Learning: Federated Distillation and Augmentation under Non-IID Private Data , 2018, ArXiv.

[192]  Alexei A. Efros,et al.  Dataset Distillation , 2018, ArXiv.

[193]  Wen-Chuan Lee,et al.  Trojaning Attack on Neural Networks , 2018, NDSS.

[194]  Mehryar Mohri,et al.  Algorithms and Theory for Multiple-Source Adaptation , 2018, NeurIPS.

[195]  Dan Boneh,et al.  Ensemble Adversarial Training: Attacks and Defenses , 2017, ICLR.

[196]  Percy Liang,et al.  Fairness Without Demographics in Repeated Loss Minimization , 2018, ICML.

[197]  Timnit Gebru,et al.  Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification , 2018, FAT.

[198]  Bin Gu,et al.  Training Neural Networks Using Features Replay , 2018, NeurIPS.

[199]  Matthias Bethge,et al.  Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models , 2017, ICLR.

[200]  Adam D. Smith,et al.  Turning HATE Into LOVE: Homomorphic Ad Hoc Threshold Encryption for Scalable MPC , 2018, IACR Cryptol. ePrint Arch..

[201]  Salim El Rouayheb,et al.  Staircase-PIR: Universally Robust Private Information Retrieval , 2018, 2018 IEEE Information Theory Workshop (ITW).

[202]  Walid Saad,et al.  Federated Learning for Ultra-Reliable Low-Latency V2V Communications , 2018, 2018 IEEE Global Communications Conference (GLOBECOM).

[203]  A. Barg,et al.  Optimal Schemes for Discrete Distribution Estimation Under Locally Differential Privacy , 2017, IEEE Transactions on Information Theory.

[204]  Dan Alistarh,et al.  Byzantine Stochastic Gradient Descent , 2018, NeurIPS.

[205]  Abhi Shelat,et al.  Doubly-Efficient zkSNARKs Without Trusted Setup , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[206]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[207]  Dimitris S. Papailiopoulos,et al.  DRACO: Byzantine-resilient Distributed Training via Redundant Gradients , 2018, ICML.

[208]  Ivan Beschastnikh,et al.  Mitigating Sybils in Federated Learning Poisoning , 2018, ArXiv.

[209]  Martin Jaggi,et al.  COLA: Decentralized Linear Learning , 2018, NeurIPS.

[210]  Nathan Srebro,et al.  Graph Oracle Models, Lower Bounds, and Gaps for Parallel Stochastic Optimization , 2018, NeurIPS.

[211]  Suyog Gupta,et al.  To prune, or not to prune: exploring the efficacy of pruning for model compression , 2017, ICLR.

[212]  Xiangru Lian,et al.  D2: Decentralized Training over Decentralized Data , 2018, ICML.

[213]  Wei Zhang,et al.  Asynchronous Decentralized Parallel Stochastic Gradient Descent , 2017, ICML.

[214]  Salim El Rouayheb,et al.  Lifting Private Information Retrieval from Two to any Number of Messages , 2018, 2018 IEEE International Symposium on Information Theory (ISIT).

[215]  Ramesh Raskar,et al.  Distributed learning of deep neural network over multiple agents , 2018, J. Netw. Comput. Appl..

[216]  Tie-Yan Liu,et al.  Neural Architecture Optimization , 2018, NeurIPS.

[217]  Kannan Ramchandran,et al.  Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates , 2018, ICML.

[218]  Sarvar Patel,et al.  Private Stateful Information Retrieval , 2018, CCS.

[219]  David A. Wagner,et al.  Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples , 2018, ICML.

[220]  Yajun Mei,et al.  Differentially Private Change-Point Detection , 2018, NeurIPS.

[221]  Kevin A. Lai,et al.  Differential Privacy for Growing Databases , 2018, NeurIPS.

[222]  Gaurav Kapoor,et al.  Protection Against Reconstruction and Its Applications in Private Federated Learning , 2018, ArXiv.

[223]  Jerry Li,et al.  Spectral Signatures in Backdoor Attacks , 2018, NeurIPS.

[224]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[225]  Srinath T. V. Setty,et al.  PIR with Compressed Queries and Amortized Query Processing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[226]  Frank Hutter,et al.  Multi-objective Architecture Search for CNNs , 2018, ArXiv.

[227]  Daniel Rueckert,et al.  A generic framework for privacy preserving deep learning , 2018, ArXiv.

[228]  Brendan Dolan-Gavitt,et al.  Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks , 2018, RAID.

[229]  Alicia R. Martin,et al.  Current clinical use of polygenic scores will risk exacerbating health disparities , 2018 .

[230]  Solon Barocas,et al.  Prediction-Based Decisions and Fairness: A Catalogue of Choices, Assumptions, and Definitions , 2018, 1811.07867.

[231]  Jianyu Wang,et al.  Cooperative SGD: A unified Framework for the Design and Analysis of Communication-Efficient SGD Algorithms , 2018, ArXiv.

[232]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[233]  Yoshua Bengio,et al.  Learning Anonymized Representations with Adversarial Neural Networks , 2018, ArXiv.

[234]  Rachid Guerraoui,et al.  The Hidden Vulnerability of Distributed Learning in Byzantium , 2018, ICML.

[235]  Pin-Yu Chen,et al.  Attacking the Madry Defense Model with L1-based Adversarial Examples , 2017, ICLR.

[236]  Jonathan Ullman,et al.  Tight Lower Bounds for Locally Differentially Private Selection , 2018, ArXiv.

[237]  Wei Shi,et al.  Federated learning of predictive models from federated Electronic Health Records , 2018, Int. J. Medical Informatics.

[238]  Himanshu Tyagi,et al.  Distributed Simulation and Distributed Inference , 2018, Electron. Colloquium Comput. Complex..

[239]  Sebastian Caldas,et al.  LEAF: A Benchmark for Federated Settings , 2018, ArXiv.

[240]  Sanjiv Kumar,et al.  cpSGD: Communication-efficient and differentially-private distributed SGD , 2018, NeurIPS.

[241]  Joshua Achiam,et al.  On First-Order Meta-Learning Algorithms , 2018, ArXiv.

[242]  Guy N. Rothblum,et al.  Multicalibration: Calibration for the (Computationally-Identifiable) Masses , 2018, ICML.

[243]  William J. Dally,et al.  Deep Gradient Compression: Reducing the Communication Bandwidth for Distributed Training , 2017, ICLR.

[244]  Aaron Klein,et al.  BOHB: Robust and Efficient Hyperparameter Optimization at Scale , 2018, ICML.

[245]  Rachid Guerraoui,et al.  Personalized and Private Peer-to-Peer Machine Learning , 2017, AISTATS.

[246]  Sebastian Caldas,et al.  Expanding the Reach of Federated Learning by Reducing Client Resource Requirements , 2018, ArXiv.

[247]  Moti Yung,et al.  Differentially-Private "Draw and Discard" Machine Learning , 2018, ArXiv.

[248]  Bruce R. Rosen,et al.  Distributed deep learning networks among institutions for medical imaging , 2018, J. Am. Medical Informatics Assoc..

[249]  David Nemer,et al.  "Privacy is not for me, it's for those rich women": Performative Privacy Practices on Mobile Phones by Women in South Asia , 2018, SOUPS @ USENIX Security Symposium.

[250]  Hubert Eichner,et al.  Federated Learning for Mobile Keyboard Prediction , 2018, ArXiv.

[251]  Hubert Eichner,et al.  APPLIED FEDERATED LEARNING: IMPROVING GOOGLE KEYBOARD QUERY SUGGESTIONS , 2018, ArXiv.

[252]  Ramesh Raskar,et al.  Split learning for health: Distributed deep learning without sharing raw patient data , 2018, ArXiv.

[253]  Laurel Eckhouse,et al.  Layers of Bias: A Unified Approach for Understanding Problems With Risk Assessment , 2018, Criminal Justice and Behavior.

[254]  Toniann Pitassi,et al.  Learning Adversarially Fair and Transferable Representations , 2018, ICML.

[255]  Bhavani M. Thuraisingham,et al.  Privacy Preserving Synthetic Data Release Using Deep Learning , 2018, ECML/PKDD.

[256]  Somesh Jha,et al.  Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting , 2017, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[257]  Divesh Srivastava,et al.  Marginal Release Under Local Differential Privacy , 2017, SIGMOD Conference.

[258]  Yang Liu,et al.  Secure Federated Transfer Learning , 2018, ArXiv.

[259]  Danfeng Zhang,et al.  Detecting Violations of Differential Privacy , 2018, CCS.

[260]  Ramesh Raskar,et al.  A Review of Homomorphic Encryption Libraries for Secure Computation , 2018, ArXiv.

[261]  Ravi Tandon,et al.  On the Capacity of Secure Distributed Matrix Multiplication , 2018, 2018 IEEE Global Communications Conference (GLOBECOM).

[262]  Shenghuo Zhu,et al.  Parallel Restarted SGD for Non-Convex Optimization with Faster Convergence and Less Communication , 2018, ArXiv.

[263]  H. Brendan McMahan,et al.  Learning Differentially Private Recurrent Language Models , 2017, ICLR.

[264]  Peter Richtárik,et al.  Randomized Distributed Mean Estimation: Accuracy vs. Communication , 2016, Front. Appl. Math. Stat..

[265]  Inês Almeida,et al.  DJAM: Distributed Jacobi Asynchronous Method for Learning Personal Models , 2018, IEEE Signal Processing Letters.

[266]  H. Brendan McMahan,et al.  A General Approach to Adding Differential Privacy to Iterative Training Procedures , 2018, ArXiv.

[267]  Úlfar Erlingsson,et al.  The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets , 2018, ArXiv.

[268]  Dan Boneh,et al.  SentiNet: Detecting Physical Attacks Against Deep Learning Systems , 2018, ArXiv.

[269]  Quoc V. Le,et al.  Efficient Neural Architecture Search via Parameter Sharing , 2018, ICML.

[270]  Peter Richtárik,et al.  Gradient Descent with Compressed Iterates , 2019, ArXiv.

[271]  Aleksander Madry,et al.  Exploring the Landscape of Spatial Robustness , 2017, ICML.

[272]  Badih Ghazi,et al.  On the Power of Multiple Anonymous Messages , 2019, IACR Cryptol. ePrint Arch..

[273]  Linglong Kong,et al.  Learning Privately over Distributed Features: An ADMM Sharing Approach , 2019, ArXiv.

[274]  Marcel Keller,et al.  Secure Evaluation of Quantized Neural Networks , 2019, IACR Cryptol. ePrint Arch..

[275]  Indranil Gupta,et al.  Zeno: Distributed Stochastic Gradient Descent with Suspicion-based Fault-tolerance , 2018, ICML.

[276]  Sashank J. Reddi,et al.  SCAFFOLD: Stochastic Controlled Averaging for On-Device Federated Learning , 2019, ArXiv.

[277]  Jing Ma,et al.  Privacy-Preserving Tensor Factorization for Collaborative Health Data Analysis , 2019, CIKM.

[278]  Craig Gentry,et al.  Compressible FHE with Applications to PIR , 2019, IACR Cryptol. ePrint Arch..

[279]  Salim El Rouayheb,et al.  Preserving ON-OFF Privacy for Past and Future Requests , 2019, 2019 IEEE Information Theory Workshop (ITW).

[280]  Mehryar Mohri,et al.  Agnostic Federated Learning , 2019, ICML.

[281]  Jörn-Henrik Jacobsen,et al.  Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness , 2019, ArXiv.

[282]  Swaroop Ramaswamy,et al.  Federated Learning for Emoji Prediction in a Mobile Keyboard , 2019, ArXiv.

[283]  Qiang Yang,et al.  A Communication Efficient Vertical Federated Learning Framework , 2019, ArXiv.

[284]  Yanjun Han,et al.  Learning Distributions from their Samples under Communication Constraints , 2019, ArXiv.

[285]  Yi Sun,et al.  Testing Robustness Against Unforeseen Adversaries , 2019, ArXiv.

[286]  Rong Jin,et al.  On the Linear Speedup Analysis of Communication Efficient Momentum SGD for Distributed Non-Convex Optimization , 2019, ICML.

[287]  Indranil Gupta,et al.  Practical Distributed Learning: Secure Machine Learning with Communication-Efficient Local Updates , 2019, ArXiv.

[288]  Adam Gaier,et al.  Weight Agnostic Neural Networks , 2019, NeurIPS.

[289]  Borja Balle,et al.  The Privacy Blanket of the Shuffle Model , 2019, CRYPTO.

[290]  Sergei Vassilvitskii,et al.  Bounding User Contributions: A Bias-Variance Trade-off in Differential Privacy , 2019, ICML.

[291]  Salim El Rouayheb,et al.  ON-OFF Privacy with Correlated Requests , 2019, 2019 IEEE International Symposium on Information Theory (ISIT).

[292]  Ravi Tandon,et al.  On the Upload versus Download Cost for Secure and Private Matrix Multiplication , 2019, 2019 IEEE Information Theory Workshop (ITW).

[293]  Shusen Wang,et al.  Communication-Efficient Local Decentralized SGD Methods , 2019 .

[294]  Tara Javidi,et al.  Peer-to-peer Federated Learning on Graphs , 2019, ArXiv.

[295]  Borja Balle,et al.  Improved Summation from Shuffling , 2019, ArXiv.

[296]  Jakub Konecný,et al.  Federated Learning with Autotuned Communication-Efficient Secure Aggregation , 2019, 2019 53rd Asilomar Conference on Signals, Systems, and Computers.

[297]  Vitaly Shmatikov,et al.  Exploiting Unintended Feature Leakage in Collaborative Learning , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[298]  Hubert Eichner,et al.  Federated Evaluation of On-device Personalization , 2019, ArXiv.

[299]  Frank Hutter,et al.  Efficient Multi-Objective Neural Architecture Search via Lamarckian Evolution , 2018, ICLR.

[300]  Xiang Li,et al.  Communication Efficient Decentralized Training with Multiple Local Updates , 2019, ArXiv.

[301]  Peter Kairouz,et al.  Theoretical Guarantees for Model Auditing with Finite Adversaries , 2019, ArXiv.

[302]  Vitaly Shmatikov,et al.  Differential Privacy Has Disparate Impact on Model Accuracy , 2019, NeurIPS.

[303]  Sebastian U. Stich,et al.  The Error-Feedback Framework: Better Rates for SGD with Delayed Gradients and Compressed Communication , 2019, 1909.05350.

[304]  Natalia Gimelshein,et al.  PyTorch: An Imperative Style, High-Performance Deep Learning Library , 2019, NeurIPS.

[305]  Yuval Ishai,et al.  Zero-Knowledge Proofs on Secret-Shared Data via Fully Linear PCPs , 2019, CRYPTO.

[306]  Ramesh Raskar,et al.  ExpertMatcher: Automating ML Model Selection for Clients using Hidden Representations , 2019, ArXiv.

[307]  Suman Jana,et al.  Certified Robustness to Adversarial Examples with Differential Privacy , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[308]  Liang Lin,et al.  SNAS: Stochastic Neural Architecture Search , 2018, ICLR.

[309]  Nathan Srebro,et al.  Semi-Cyclic Stochastic Gradient Descent , 2019, ICML.

[310]  Alan L. Yuille,et al.  Feature Denoising for Improving Adversarial Robustness , 2018, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[311]  Tara Javidi,et al.  Decentralized Bayesian Learning over Graphs , 2019, ArXiv.

[312]  Ben Y. Zhao,et al.  Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[313]  Dan Alistarh,et al.  Distributed Learning over Unreliable Networks , 2018, ICML.

[314]  Martin Jaggi,et al.  Decentralized Stochastic Optimization and Gossip Algorithms with Compressed Communication , 2019, ICML.

[315]  Tzu-Ming Harry Hsu,et al.  Measuring the Effects of Non-Identical Data Distribution for Federated Visual Classification , 2019, ArXiv.

[316]  Giovanni Motta,et al.  Personalization of End-to-End Speech Recognition on Mobile Devices for Named Entities , 2019, 2019 IEEE Automatic Speech Recognition and Understanding Workshop (ASRU).

[317]  H. Brendan McMahan,et al.  Differentially Private Learning with Adaptive Clipping , 2019, NeurIPS.

[318]  Prateek Mittal,et al.  Privacy Risks of Securing Machine Learning Models against Adversarial Examples , 2019, CCS.

[319]  Alok Aggarwal,et al.  Regularized Evolution for Image Classifier Architecture Search , 2018, AAAI.

[320]  Chen Yu,et al.  Decentralized Online Learning: Take Benefits from Others’ Data without Sharing Your Own to Track Global Trend , 2019, ACM Trans. Intell. Syst. Technol..

[321]  Úlfar Erlingsson,et al.  The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks , 2018, USENIX Security Symposium.

[322]  Yu-Xiang Wang,et al.  Subsampled Rényi Differential Privacy and Analytical Moments Accountant , 2018, AISTATS.

[323]  Varun Gupta,et al.  On the Compatibility of Privacy and Fairness , 2019, UMAP.

[324]  Ji Liu,et al.  DoubleSqueeze: Parallel Stochastic Gradient Descent with Double-Pass Error-Compensated Compression , 2019, ICML.

[325]  Justin Hsu,et al.  Data Poisoning against Differentially-Private Learners: Attacks and Defenses , 2019, IJCAI.

[326]  Benjamin Edwards,et al.  Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering , 2018, SafeAI@AAAI.

[327]  Andreas Haeberlen,et al.  Honeycrisp: large-scale differentially private aggregation without a trusted core , 2019, SOSP.

[328]  O. Koyejo,et al.  Local AdaAlter: Communication-Efficient Stochastic Gradient Descent with Adaptive Learning Rates , 2019, ArXiv.

[329]  Yanyao Shen,et al.  Learning with Bad Training Data via Iterative Trimmed Loss Minimization , 2018, ICML.

[330]  Dan Boneh,et al.  Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware , 2018, ICLR.

[331]  Prateek Mittal,et al.  Analyzing Federated Learning through an Adversarial Lens , 2018, ICML.

[332]  Anit Kumar Sahu,et al.  MATCHA: Speeding Up Decentralized SGD via Matching Decomposition Sampling , 2019, 2019 Sixth Indian Control Conference (ICC).

[333]  Dmitry Kovalev,et al.  Distributed Fixed Point Methods with Compressed Iterates , 2019, ArXiv.

[334]  Hubert Eichner,et al.  Towards Federated Learning at Scale: System Design , 2019, MLSys.

[335]  John M. Abowd,et al.  An Economic Analysis of Privacy Protection and Statistical Accuracy as Social Choices , 2018, American Economic Review.

[336]  J. Zico Kolter,et al.  Wasserstein Adversarial Examples via Projected Sinkhorn Iterations , 2019, ICML.

[337]  Martin Jaggi,et al.  Error Feedback Fixes SignSGD and other Gradient Compression Schemes , 2019, ICML.

[338]  Sebastian U. Stich,et al.  Local SGD Converges Fast and Communicates Little , 2018, ICLR.

[339]  G. Wainrib,et al.  Deep learning-based classification of mesothelioma improves prediction of patient outcome , 2019, Nature Medicine.

[340]  Mehdi Bennis,et al.  Wireless Network Intelligence at the Edge , 2018, Proceedings of the IEEE.

[341]  Qiang Yang,et al.  Real-World Image Datasets for Federated Learning , 2019, ArXiv.

[342]  Adam D. Smith,et al.  Distributed Differential Privacy via Shuffling , 2018, IACR Cryptol. ePrint Arch..

[343]  Marco Canini,et al.  Natural Compression for Distributed Deep Learning , 2019, MSML.

[344]  Ji Liu,et al.  Central Server Free Federated Learning over Single-sided Trust Social Networks , 2019, ArXiv.

[345]  Shengli Xie,et al.  Incentive Mechanism for Reliable Federated Learning: A Joint Optimization Approach to Combining Reputation and Contract Theory , 2019, IEEE Internet of Things Journal.

[346]  Shaojie Tang,et al.  Secure Federated Submodel Learning , 2019, ArXiv.

[347]  K. Crawford,et al.  Dirty Data, Bad Predictions: How Civil Rights Violations Impact Police Data, Predictive Policing Systems, and Justice , 2019 .

[348]  Dawn Xiaodong Song,et al.  Libra: Succinct Zero-Knowledge Proofs with Optimal Prover Computation , 2019, IACR Cryptol. ePrint Arch..

[349]  Xiyang Liu,et al.  Minimax Rates of Estimating Approximate Differential Privacy , 2019, NeurIPS 2019.

[350]  Aymeric Dieuleveut,et al.  Communication trade-offs for synchronized distributed SGD with large step size , 2019, NeurIPS 2019.

[351]  Maria-Florina Balcan,et al.  Adaptive Gradient-Based Meta-Learning Methods , 2019, NeurIPS.

[352]  Marcus Liwicki,et al.  A Comprehensive guide to Bayesian Convolutional Neural Network with Variational Inference , 2019, ArXiv.

[353]  Aryan Mokhtari,et al.  Robust and Communication-Efficient Collaborative Learning , 2019, NeurIPS.

[354]  Henry Corrigan-Gibbs,et al.  Private Information Retrieval with Sublinear Online Time , 2020, IACR Cryptol. ePrint Arch..

[355]  Ying-Chang Liang,et al.  Incentive Design for Efficient Federated Learning in Mobile Networks: A Contract Theory Approach , 2019, 2019 IEEE VTS Asia Pacific Wireless Communications Symposium (APWCS).

[356]  R. Raskar,et al.  R EDUCING LEAKAGE IN DISTRIBUTED DEEP LEARNING FOR SENSITIVE HEALTH DATA , 2019 .

[357]  Michael G. Rabbat,et al.  Stochastic Gradient Push for Distributed Deep Learning , 2018, ICML.

[358]  Martin Jaggi,et al.  PowerSGD: Practical Low-Rank Gradient Compression for Distributed Optimization , 2019, NeurIPS.

[359]  Lili Su,et al.  Distributed Statistical Machine Learning in Adversarial Settings: Byzantine Gradient Descent , 2019, PERV.

[360]  Kim Laine,et al.  HEAX: High-Performance Architecture for Computation on Homomorphically Encrypted Data in the Cloud , 2019, IACR Cryptol. ePrint Arch..

[361]  Ramesh Raskar,et al.  Detailed comparison of communication efficiency of split learning and federated learning , 2019, ArXiv.

[362]  Úlfar Erlingsson,et al.  Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity , 2018, SODA.

[363]  Aaron Roth,et al.  Differentially Private Fair Learning , 2018, ICML.

[364]  Marc Tommasi,et al.  Privacy-Preserving Adversarial Representation Learning in ASR: Reality or Illusion? , 2019, INTERSPEECH.

[365]  Matt J. Kusner,et al.  QUOTIENT: Two-Party Secure Neural Network Training and Prediction , 2019, CCS.

[366]  Saurabh Singh,et al.  Model Compression by Entropy Penalized Reparameterization , 2019, ArXiv.

[367]  Joseph Dureau,et al.  Federated Learning for Keyword Spotting , 2018, ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[368]  Yiming Yang,et al.  DARTS: Differentiable Architecture Search , 2018, ICLR.

[369]  Tianjian Chen,et al.  Federated Machine Learning: Concept and Applications , 2019 .

[370]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[371]  Moran Baruch,et al.  A Little Is Enough: Circumventing Defenses For Distributed Learning , 2019, NeurIPS.

[372]  Hongyi Wang,et al.  DETOX: A Redundancy-based Framework for Faster and More Robust Gradient Aggregation , 2019, NeurIPS.

[373]  Larry S. Davis,et al.  Adversarial Training for Free! , 2019, NeurIPS.

[374]  Farzin Haddadpour,et al.  Local SGD with Periodic Averaging: Tighter Analysis and Adaptive Synchronization , 2019, NeurIPS.

[375]  Li Zhang,et al.  Rényi Differential Privacy of the Sampled Gaussian Mechanism , 2019, ArXiv.

[376]  Cong Xie,et al.  Zeno++: robust asynchronous SGD with arbitrary number of Byzantine workers , 2019, ArXiv.

[377]  Peter Kairouz,et al.  Learning Generative Adversarial RePresentations (GAP) under Fairness and Censoring Constraints , 2019, ArXiv.

[378]  Sreeram Kannan,et al.  Improving Federated Learning Personalization via Model Agnostic Meta Learning , 2019, ArXiv.

[379]  Yanjun Han,et al.  Lower Bounds for Learning Distributions under Communication Constraints via Fisher Information , 2019 .

[380]  P. Kairouz,et al.  Censored and Fair Universal Representations using Generative Adversarial Models , 2019 .

[381]  Dan Boneh,et al.  Adversarial Training and Robustness for Multiple Perturbations , 2019, NeurIPS.

[382]  Asra Ali,et al.  Communication-Computation Trade-offs in PIR , 2019, IACR Cryptol. ePrint Arch..

[383]  Shenghuo Zhu,et al.  Parallel Restarted SGD with Faster Convergence and Less Communication: Demystifying Why Model Averaging Works for Deep Learning , 2018, AAAI.

[384]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge with No Trusted Setup , 2019, CRYPTO.

[385]  Borja Balle,et al.  Differentially Private Summation with Multi-Message Shuffling , 2019, ArXiv.

[386]  Sashank J. Reddi,et al.  AdaCliP: Adaptive Clipping for Private SGD , 2019, ArXiv.

[387]  Moti Yung,et al.  On Deploying Secure Computing Commercially: Private Intersection-Sum Protocols and their Business Applications , 2019, IACR Cryptol. ePrint Arch..

[388]  Badih Ghazi,et al.  Scalable and Differentially Private Distributed Aggregation in the Shuffled Model , 2019, ArXiv.

[389]  Jerry Li,et al.  Sever: A Robust Meta-Algorithm for Stochastic Optimization , 2018, ICML.

[390]  Peter Richtárik,et al.  First Analysis of Local GD on Heterogeneous Data , 2019, ArXiv.

[391]  Adam D. Smith,et al.  The structure of optimal private tests for simple hypotheses , 2018, STOC.

[392]  Lei Yuan,et al.  $\texttt{DeepSqueeze}$: Decentralization Meets Error-Compensated Compression , 2019 .

[393]  Ananda Theertha Suresh,et al.  Can You Really Backdoor Federated Learning? , 2019, ArXiv.

[394]  Peter Richtárik,et al.  Better Communication Complexity for Local SGD , 2019, ArXiv.

[395]  Tom Ouyang,et al.  Federated Learning Of Out-Of-Vocabulary Words , 2019, ArXiv.

[396]  Aryan Mokhtari,et al.  FedPAQ: A Communication-Efficient Federated Learning Method with Periodic Averaging and Quantization , 2019, AISTATS.

[397]  Daniel J. Beutel,et al.  Flower: A Friendly Federated Learning Research Framework , 2020, 2007.14390.

[398]  Jorn-Henrik Jacobsen,et al.  Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations , 2020, ICML.

[399]  Jinyuan Jia,et al.  Local Model Poisoning Attacks to Byzantine-Robust Federated Learning , 2019, USENIX Security Symposium.

[400]  Kartik Sreenivasan,et al.  Attack of the Tails: Yes, You Really Can Backdoor Federated Learning , 2020, NeurIPS.

[401]  H. Brendan McMahan,et al.  Generative Models for Effective ML on Private, Decentralized Datasets , 2019, ICLR.

[402]  Ananda Theertha Suresh,et al.  Shuffled Model of Federated Learning: Privacy, Communication and Accuracy Trade-offs , 2020, ArXiv.

[403]  Badih Ghazi,et al.  Private Aggregation from Fewer Anonymous Messages , 2019, EUROCRYPT.

[404]  Vitaly Shmatikov,et al.  How To Backdoor Federated Learning , 2018, AISTATS.

[405]  Don Towsley,et al.  Decentralized gradient methods: does topology matter? , 2020, AISTATS.

[406]  Ashwin Machanavajjhala,et al.  Fair decision making using privacy-protected data , 2019, FAT*.

[407]  Ramesh Raskar,et al.  FedML: A Research Library and Benchmark for Federated Machine Learning , 2020, ArXiv.

[408]  Ramesh Raskar,et al.  SplitNN-driven Vertical Partitioning , 2020, ArXiv.

[409]  Jiong Jin,et al.  Towards Fair and Privacy-Preserving Federated Deep Models , 2019, IEEE Transactions on Parallel and Distributed Systems.

[410]  Amir Salman Avestimehr,et al.  FedNAS: Federated Deep Learning via Neural Architecture Search , 2020, ArXiv.

[411]  Vitaly Shmatikov,et al.  Salvaging Federated Learning by Local Adaptation , 2020, ArXiv.

[412]  Phillip B. Gibbons,et al.  The Non-IID Data Quagmire of Decentralized Machine Learning , 2019, ICML.

[413]  Haishan Ye,et al.  MiLeNAS: Efficient Neural Architecture Search via Mixed-Level Reformulation , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[414]  R. Raskar,et al.  Privacy in Deep Learning: A Survey , 2020, ArXiv.

[415]  H. Brendan McMahan,et al.  Training Production Language Models without Memorizing User Data , 2020, ArXiv.

[416]  Klaus-Robert Müller,et al.  Robust and Communication-Efficient Federated Learning From Non-i.i.d. Data , 2019, IEEE Transactions on Neural Networks and Learning Systems.

[417]  Y. Mansour,et al.  Three Approaches for Personalization with Applications to Federated Learning , 2020, ArXiv.

[418]  Tancrède Lepoint,et al.  Secure Single-Server Aggregation with (Poly)Logarithmic Overhead , 2020, IACR Cryptol. ePrint Arch..

[419]  Jan Ramon,et al.  Distributed Differentially Private Averaging with Improved Utility and Robustness to Malicious Parties , 2020, ArXiv.

[420]  H. Brendan McMahan,et al.  Federated Heavy Hitters Discovery with Differential Privacy , 2019, AISTATS.

[421]  Badih Ghazi,et al.  Private Counting from Anonymous Messages: Near-Optimal Accuracy with Vanishing Communication Overhead , 2020, ICML.

[422]  Yang Liu,et al.  A Sustainable Incentive Scheme for Federated Learning , 2020, IEEE Intelligent Systems.

[423]  L. Golubchik,et al.  Backdoor Attacks on Federated Meta-Learning , 2020, ArXiv.

[424]  Corinna Cortes,et al.  Multiple-Source Adaptation with Domain Classifiers , 2020, ArXiv.

[425]  Anit Kumar Sahu,et al.  Federated Learning: Challenges, Methods, and Future Directions , 2019, IEEE Signal Processing Magazine.

[426]  Sashank J. Reddi,et al.  Mime: Mimicking Centralized Stochastic Algorithms in Federated Learning , 2020, ArXiv.

[427]  Qinghua Liu,et al.  Tackling the Objective Inconsistency Problem in Heterogeneous Federated Optimization , 2020, NeurIPS.

[428]  A. Bellet,et al.  Privacy Amplification by Decentralization , 2020, AISTATS.

[429]  Ohad Shamir,et al.  Is Local SGD Better than Minibatch SGD? , 2020, ICML.

[430]  Yassine Laguel,et al.  Device Heterogeneity in Federated Learning: A Superquantile Approach , 2020, ArXiv.

[431]  Martin Jaggi,et al.  Decentralized Deep Learning with Arbitrary Communication Compression , 2019, ICLR.

[432]  O. Koyejo,et al.  Zeno++: Robust Fully Asynchronous SGD , 2019, ICML.

[433]  Francisco Herrera,et al.  Federated Learning and Differential Privacy: Software tools analysis, the Sherpa.ai FL framework and methodological guidelines for preserving data privacy , 2020, Inf. Fusion.

[434]  Himanshu Tyagi,et al.  Inference Under Information Constraints I: Lower Bounds From Chi-Square Contraction , 2018, IEEE Transactions on Information Theory.

[435]  Heiko Ludwig,et al.  IBM Federated Learning: an Enterprise Framework White Paper V0.1 , 2020, ArXiv.

[436]  Amos Beimel,et al.  The power of synergy in differential privacy: Combining a small curator with local randomizers , 2019, ITC.

[437]  Nguyen H. Tran,et al.  Personalized Federated Learning with Moreau Envelopes , 2020, NeurIPS.

[438]  M. Bennis,et al.  GADMM: Fast and Communication Efficient Framework for Distributed Machine Learning , 2019, J. Mach. Learn. Res..

[439]  Tancrède Lepoint,et al.  Private Join and Compute from PIR with Default , 2020, IACR Cryptol. ePrint Arch..

[440]  Aryan Mokhtari,et al.  Personalized Federated Learning: A Meta-Learning Approach , 2020, ArXiv.

[441]  Felix X. Yu,et al.  Learning discrete distributions: user vs item-level privacy , 2020, NeurIPS.

[442]  Ayfer Özgür,et al.  Breaking the Communication-Privacy-Accuracy Trilemma , 2020, IEEE Transactions on Information Theory.

[443]  Suhas Diggavi,et al.  Qsparse-Local-SGD: Distributed SGD With Quantization, Sparsification, and Local Computations , 2019, IEEE Journal on Selected Areas in Information Theory.

[444]  Yishay Mansour,et al.  Beyond Individual and Group Fairness , 2020, ArXiv.

[445]  Aleksandra Korolova,et al.  The Power of the Hybrid Model for Mean Estimation , 2018, Proc. Priv. Enhancing Technol..

[446]  Florian Tramèr,et al.  SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems , 2018, 2020 IEEE Security and Privacy Workshops (SPW).

[447]  Tian Li,et al.  Fair Resource Allocation in Federated Learning , 2019, ICLR.

[448]  Tao Lin,et al.  Don't Use Large Mini-Batches, Use Local SGD , 2018, ICLR.

[449]  Adrià Gascón,et al.  Private Summation in the Multi-Message Shuffle Model , 2020, CCS.

[450]  Marc Tommasi,et al.  Fully Decentralized Joint Learning of Personalized Models and Collaboration Graphs , 2019, AISTATS.

[451]  Tianjian Chen,et al.  Backdoor attacks and defenses in feature-partitioned collaborative learning , 2020, ArXiv.

[452]  Borja Balle,et al.  Privacy Amplification via Random Check-Ins , 2020, NeurIPS.

[453]  Sashank J. Reddi,et al.  SCAFFOLD: Stochastic Controlled Averaging for Federated Learning , 2019, ICML.

[454]  Ananda Theertha Suresh,et al.  FedBoost: A Communication-Efficient Algorithm for Federated Learning , 2020, ICML.

[455]  Badih Ghazi,et al.  Pure Differentially Private Summation from Anonymous Messages , 2020, ITC.

[456]  Kim Laine,et al.  HEAX: An Architecture for Computing on Encrypted Data , 2019, ASPLOS.

[457]  Murali Annavaram,et al.  Group Knowledge Transfer: Federated Learning of Large CNNs at the Edge , 2020, NeurIPS.

[458]  Xiang Li,et al.  On the Convergence of FedAvg on Non-IID Data , 2019, ICLR.

[459]  Martin Jaggi,et al.  A Unified Theory of Decentralized SGD with Changing Topology and Local Updates , 2020, ICML.

[460]  Tianjian Chen,et al.  A Secure Federated Transfer Learning Framework , 2020, IEEE Intelligent Systems.

[461]  Anit Kumar Sahu,et al.  Federated Optimization in Heterogeneous Networks , 2018, MLSys.

[462]  Ramesh Raskar,et al.  NoPeek: Information leakage reduction to share activations in distributed deep learning , 2020, 2020 International Conference on Data Mining Workshops (ICDMW).

[463]  Jakub Konecný,et al.  On the Outsized Importance of Learning Rates in Local Update Methods , 2020, ArXiv.

[464]  Jose Javier Gonzalez Ortiz,et al.  What is the State of Neural Network Pruning? , 2020, MLSys.

[465]  Michael G. Rabbat,et al.  SlowMo: Improving Communication-Efficient Distributed SGD with Slow Momentum , 2019, ICLR.

[466]  Ameet S. Talwalkar,et al.  Differentially Private Meta-Learning , 2019, ICLR.

[467]  Jonathan Ullman,et al.  Auditing Differentially Private Machine Learning: How Private is Private SGD? , 2020, NeurIPS.

[468]  Huseyin A. Inan,et al.  rTop-k: A Statistical Estimation Approach to Distributed SGD , 2020, IEEE Journal on Selected Areas in Information Theory.

[469]  Yanjun Han,et al.  Geometric Lower Bounds for Distributed Parameter Estimation Under Communication Constraints , 2018, IEEE Transactions on Information Theory.

[470]  R. Raskar,et al.  DISCO: Dynamic and Invariant Sensitive Channel Obfuscation for deep neural networks , 2020, 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[471]  Badih Ghazi,et al.  On Distributed Differential Privacy and Counting Distinct Elements , 2020, ITCS.

[472]  Peter Kairouz,et al.  Practical and Private (Deep) Learning without Sampling or Shuffling , 2021, ICML.

[473]  A. Salman Avestimehr,et al.  Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning , 2020, IEEE Journal on Selected Areas in Information Theory.

[474]  Manzil Zaheer,et al.  Adaptive Federated Optimization , 2020, ICLR.

[475]  Yishay Mansour,et al.  A Theory of Multiple-Source Adaptation with Limited Target Labeled Data , 2020, AISTATS.

[476]  Dan Boneh,et al.  Differentially Private Learning Needs Better Features (or Much More Data) , 2020, ICLR.

[477]  Colin Raffel,et al.  Extracting Training Data from Large Language Models , 2020, USENIX Security Symposium.

[478]  Raj Kumar Maity,et al.  vqSGD: Vector Quantized Stochastic Gradient Descent , 2019, IEEE Transactions on Information Theory.

[479]  Parijat Dube,et al.  Slow and Stale Gradients Can Win the Race , 2018, IEEE Journal on Selected Areas in Information Theory.

[480]  Úlfar Erlingsson,et al.  Tempered Sigmoid Activations for Deep Learning with Differential Privacy , 2020, AAAI.

[481]  Thomas Steinke,et al.  The Distributed Discrete Gaussian Mechanism for Federated Learning with Secure Aggregation , 2021, ICML.

[482]  Suhas Diggavi,et al.  Data Encoding for Byzantine-Resilient Distributed Optimization , 2021, IEEE Transactions on Information Theory.

[483]  Chaouki Ben Issaid,et al.  Harnessing Wireless Channels for Scalable and Privacy-Preserving Federated Learning , 2020, IEEE Transactions on Communications.

[484]  A. Salman Avestimehr,et al.  Byzantine-Resilient Secure Federated Learning , 2020, IEEE Journal on Selected Areas in Communications.

[485]  Qiang Yang,et al.  SecureBoost: A Lossless Federated Learning Framework , 2019, IEEE Intelligent Systems.

[486]  Percy Liang,et al.  Stronger data poisoning attacks break data sanitization defenses , 2018, Machine Learning.

[487]  Zaïd Harchaoui,et al.  Robust Aggregation for Federated Learning , 2019, IEEE Transactions on Signal Processing.