IntraShuffler: Privacy-Preserving Framework for Heterogeneous DP Federated Learning
This paper identifies a novel Privacy Inference Attack against heterogeneous differential privacy federated learning (HDP-FL) systems, where an honest-but-curious server exploits epsilon-aware aggregation and gradient denoising to infer client data distributions and link updates across rounds. To counter this, the authors propose IntraShuffler, a middleware framework that groups clients into privacy-compatible buckets and performs parameter-level shuffling within buckets, preserving epsilon-aware aggregation while disrupting persistent gradient structure. Experiments on four datasets show IntraShuffler reduces gradient recoverability by over 60% and drops surrogate inference accuracy from 0.78 to 0.33 with minimal utility loss.
Related guides (2)
Related events (8)
RING attack exploits differential privacy to amplify backdoor success in federated learning
A new arXiv paper challenges the assumption that differential privacy (DP) inherently protects federated learning (FL) against backdoor attacks, demonstrating that DP's noise mechanism actually masks the statistical signatures that defenses rely on to detect malicious updates. The authors propose RING, an attack that exploits this masking effect by having compromised clients collaboratively craft adversarial perturbations that reconstruct a strong backdoor signal at aggregation time. Evaluated across four datasets against six state-of-the-art defenses, RING achieves a 90.3% average attack success rate under moderate privacy budgets, up to 26x better than baselines. Proposed countermeasures incur significant utility trade-offs, exposing a fundamental security gap in DP-FL deployments.
Running Privacy-Preserving Inferences on Hugging Face Endpoints
Hugging Face has published a blog post describing the integration of Fully Homomorphic Encryption (FHE) with its Inference Endpoints service, enabling privacy-preserving ML inference where data remains encrypted throughout computation. The approach allows clients to send encrypted inputs to a hosted model without the server ever seeing plaintext data. This represents a practical deployment of FHE-based ML, a technique that has historically been too slow for production use but is gaining traction with recent optimizations.
Perturbation Theory for Spherical Hellinger-Kantorovich Flows with Differential Privacy Guarantees
This paper develops a perturbation theory for Spherical Hellinger-Kantorovich (SHK) gradient flows, which couple transport and reaction dynamics and coincide with birth-death Langevin dynamics. The authors derive dimension-free bounds on log-likelihood ratios and Rényi/KL divergences when two potentials differ, quantifying how perturbations propagate over time. These results are applied to differential privacy: the likelihood-ratio control yields explicit Pure-DP guarantees for SHK-based samplers implementing the exponential mechanism, while KL bounds provide Approximate-DP certificates. A utility bound is also derived that separates intrinsic exponential-mechanism suboptimality from finite-time sampling error.
Creating Privacy Preserving AI with Substra
This Hugging Face blog post covers Substra, a federated learning framework developed by Owkin for privacy-preserving AI. The post describes how Substra enables collaborative model training across institutions without sharing raw data, targeting healthcare and biomedical use cases. It represents a practical deployment pattern for federated learning in sensitive data environments.
Predictability as a Fine-Grained Privacy Metric Complementary to Differential Privacy
A new arXiv preprint introduces 'privacy via predictability,' a framework that measures privacy leakage as the incremental gain in an attacker's ability to predict sensitive information after observing an algorithm's output, conditioned on the attacker's prior knowledge. The authors show predictability and differential privacy are generally incomparable, but that predictability implies mutual-information DP in worst-case regimes. They develop a generalized method of moments framework for asymptotic analysis and derive a predictability-calibrated output perturbation scheme for empirical risk minimization. The work positions predictability as a complementary, finer-grained alternative to DP for settings where attacker knowledge and query families can be specified.
Federated Learning using Hugging Face and Flower
This Hugging Face blog post describes how to combine the Hugging Face ecosystem with the Flower federated learning framework to train models across distributed, privacy-preserving data silos. It provides a practical walkthrough of integrating Transformers and Datasets libraries with Flower's federated training loop. The post targets practitioners looking to apply federated learning to NLP and other ML tasks without centralizing sensitive data.
Towards Encrypted Large Language Models with FHE
This Hugging Face blog post explores applying Fully Homomorphic Encryption (FHE) to Large Language Models, enabling inference on encrypted data without exposing plaintext inputs to the server. The approach aims to address privacy concerns in cloud-based LLM deployments by allowing computations to occur directly on ciphertext. The post likely covers the technical challenges of adapting transformer architectures to FHE constraints and presents early feasibility results.
FedTSV: Fairness-Aware Federated Learning via Trajectory Shapley Value
This paper introduces the Trajectory Shapley Value (TSV), a contribution metric that evaluates each federated learning client's influence on the global model's optimization trajectory using validation-based, temporally consistent utility. Building on TSV, the authors propose FedTSV, an adaptive aggregation method that converts per-round evaluations into dynamic client weights to handle heterogeneous and adversarial participation. Experiments on benchmark datasets demonstrate improved convergence speed, robustness, and equitable contribution assessment compared to fixed-weight aggregation baselines.