I'm also Jewish, and I have to say the last paragraph at of that blog at least is blatantly antisemitic. On the other hand, it is from 2007, so I don't think we need to destroy this guy's career over it. An apology…
You're thinking of "somewhat homomorphic encryption", which is homomorphic encryption that can support both addition/OR and multiplication/AND, but only in circuits of a limited depth. The original FHE paper did indeed…
I definitely recommend reading more about it because I’m not the best at explaining it. But differential privacy (without federated learning) is what Apple has been doing.
Do you have a specific technical criticism of the secure aggregation protocol? That’s what’s supposed to make it impossible to deduce the data from model updates. Or is your concern something else?
You’re not wrong, but it does say those privacy risks can be mitigated with differential privacy. That McMahan et al. paper (which is also Google) makes the accuracy cost seem low. https://arxiv.org/abs/1710.06963
Secure aggregation isn’t meaningless, but you’re right that it’s the wrong tool for the problem you’re talking about. The right tool is differential privacy. Differential privacy is exactly meant for this, in fact.…
Fully homomorphic encryption, in which you can do arbitrary computation on encrypted data, is still quite slow. But partially homomorphic decryption, in which you can add encrypted values together but not multiply (or…
I'm also Jewish, and I have to say the last paragraph at of that blog at least is blatantly antisemitic. On the other hand, it is from 2007, so I don't think we need to destroy this guy's career over it. An apology…
You're thinking of "somewhat homomorphic encryption", which is homomorphic encryption that can support both addition/OR and multiplication/AND, but only in circuits of a limited depth. The original FHE paper did indeed…
I definitely recommend reading more about it because I’m not the best at explaining it. But differential privacy (without federated learning) is what Apple has been doing.
Do you have a specific technical criticism of the secure aggregation protocol? That’s what’s supposed to make it impossible to deduce the data from model updates. Or is your concern something else?
You’re not wrong, but it does say those privacy risks can be mitigated with differential privacy. That McMahan et al. paper (which is also Google) makes the accuracy cost seem low. https://arxiv.org/abs/1710.06963
Secure aggregation isn’t meaningless, but you’re right that it’s the wrong tool for the problem you’re talking about. The right tool is differential privacy. Differential privacy is exactly meant for this, in fact.…
Fully homomorphic encryption, in which you can do arbitrary computation on encrypted data, is still quite slow. But partially homomorphic decryption, in which you can add encrypted values together but not multiply (or…