IBM® Federated Learning with Homomorphic Encryption
IBM Federated Learning enables you to train a machine learning model across multiple decentralized parties holding local data sets, without sharing the local data sets. Such parties can be for example within an enterprise, within a consortium of enterprises, within multiple data centers or multiple clouds, or on edge devices. This allows to build a collective machine learning model without sharing data between the parties, therefore addressing data security, privacy, and regulatory compliance requirements, as well as eliminating data movement and its associated costs.
In the federated learning training process, the parties build locally trained machine learning models and send these local models to an aggregator. The aggregator fuses the local models into an aggregated model and sends this model back to the parties to continue with the next round of training. To learn more please refer to IBM Federated Learning documentation.
IBM Federated Learning uses SSL secured connections between the parties and the aggregator for communicating the machine learning models. In this setting, the aggregator can still see the unencrypted local and aggregated models.
To further enhance the parties’ data privacy and security, in settings where the aggregator operates in an environment which is less trusted, and the parties wish to avoid revealing the local models and the aggregated models to the aggregator, we added homomorphic encryption capabilities to IBM Federated Learning.
Homomorphic encryption (HE) is a form of encryption that enables performing computations on the encrypted data without decrypting it. The results of the computations remain in encrypted form which, when decrypted, results in an output that is the same as the output produced had the computations been performed on the unencrypted data.
In federated learning, homomorphic encryption enables the parties to homomorphically encrypt their local model updates before sending them to the aggregator. The aggregator sees only the homomorphically encrypted local model updates, and therefore cannot learn anything from this information. Specifically, the aggregator is not able to reverse-engineer the local model updates to discover information on local training data. The aggregator fuses the local model updates in their encrypted form, obtaining an encrypted aggregated model. Then the aggregator sends the encrypted aggregated model to the parties, which decrypt it and continue with the next round of training.
Homomorphic encryption is a form of public key cryptography. It uses a public key for encryption and a private key for decryption.
In IBM Federated Learning with homomorphic encryption, the parties (represented by “remote training systems” in the following diagrams) share the private HE key, and the aggregator has only the public HE key. Each party encrypts its local model update using the public HE key, and sends its encrypted local model update to the aggregator. Since the aggregator does not have the private HE key, it cannot decrypt the encrypted local model updates.
The aggregator uses its public HE key to fuse the encrypted local model updates into a new encrypted aggregated model. This encrypted aggregated model is sent to the parties, which decrypt it using their private HE key, and continue the model training process.
IBM Federated Learning makes it easy to use homomorphic encryption in training experiments, by specifying simple parameters in the configurations of the aggregator and the parties. IBM Federated Learning includes a mechanism that generates and distributes automatically and securely homomorphic encryption keys among the parties participating in a training experiment.
Ready to try it? Use the following notebook to setup and run IBM Federate Learning with homomorphic encryption on IBM Cloud. A free plan is available.
To learn more please refer to IBM Federated Learning documentation in IBM Cloud Pak for Data as a Service.
A recent use case of IBM Federated Learning is published here: Retail Industry Crime Pattern Detection with IBM Confidential Computing.
