Mojtaba Shirinjani; Siavash Ahmadi; Taraneh Eghlidos; Mohammad Reza Aref
Abstract
Large-scale data collection is challenging in alternative centralized learning as privacy concerns or prohibitive policies may rise. As a solution, Federated Learning (FL) is proposed wherein data owners, called participants, can train a common model collaboratively while their privacy is preserved. ...
Read More
Large-scale data collection is challenging in alternative centralized learning as privacy concerns or prohibitive policies may rise. As a solution, Federated Learning (FL) is proposed wherein data owners, called participants, can train a common model collaboratively while their privacy is preserved. However, recent attacks, namely Membership Inference Attacks (MIA) or Poisoning Attacks (PA), can threaten the privacy and performance in FL systems. This paper develops an innovative Adversarial-Resilient Privacy-preserving Scheme (ARPS) for FL to cope with preceding threats using differential privacy andcryptography. Our experiments display that ARPS can establish a private model with high accuracy outperforming state-of-the-art approaches. To the best of our knowledge, this work is the only scheme providing privacy protection beyond any output models in conjunction with Byzantine resiliency without sacrificing accuracy and efficiency.
Ali Khosravi; Taraneh Eghlidos
Abstract
The main goal of Simon’s Algorithm is to find the period of periodic functions. However, if the target function does not satisfy Simon's promise completely or if the number of superposition queries of the adversary is limited, Simon's algorithm cannot compute the actual period, unambiguously. These ...
Read More
The main goal of Simon’s Algorithm is to find the period of periodic functions. However, if the target function does not satisfy Simon's promise completely or if the number of superposition queries of the adversary is limited, Simon's algorithm cannot compute the actual period, unambiguously. These problems may lead to the failure of period-finding-based (PFB) quantum attacks. We focus in this paper on relaxing Simon's algorithm so that quantum adversaries can still carry out the mentioned attacks without any assumptions on the target function. To that end, we use two different methods, which are suitable for some of PFB quantum attacks. In the first method, as a complement to Kaplan's suggestion, we show that using Simon's algorithm one can find proper partial periods of Boolean vector functions, so that the probability of their establishment, independent of the target function, is directly related to the number of the attacker's quantum queries. Next, we examine how one can use partial period instead of the actual one. The advantage of this method is twofold: It enables the attackers to perform the quantum PFB distinguishers, with smaller number of quantum queries than those of the previous relaxation method. On the other hand, it generalizes the previous forgery attacks on modes of operation for message authentication codes. In the second method, we use Grover's algorithm, as a complement to Simon's algorithm in quantum key recovery attacks. This ensures that the time complexity of the mentioned attacks is less than that of a quantum brute-force attack.