Secure Aggregation is Not Private Against Membership Inference Attacks

arXiv:2403.17775v1 Announce Type: new
Abstract: Secure aggregation (SecAgg) is a commonly-used privacy-enhancing mechanism in federated learning, affording the server access only to the aggregate of model updates while safeguarding the confidentiality of individual updates. Despite widespread claims regarding SecAgg's privacy-preserving capabilities, a formal analysis of its privacy is lacking, making such presumptions unjustified. In this paper, we delve into the privacy implications of SecAgg by treating it as a local differential privacy (LDP) mechanism for each local update. We design …

abstract aggregation analysis arxiv attacks capabilities cs.cr cs.lg federated learning inference making privacy server type updates