DetailED Overview

 i. Privacy. Federated learning involves training a machine learning model on data distributed across multiple devices, each with its own local data distribution. The machines usually want to keep this data private from the server and the other machines. The typical way federated learning is performed usually mitigates some privacy concerns by only exchanging model updates rather than raw data among devices. However, this process still raises significant data privacy concerns. For instance, any lack of encryption of the model updates may enable adversaries to steal personal information by directly interfering with communication. Or suppose the model updates are not securely aggregated. In that case, the sensitive data can leak through privacy attacks from malicious participants, such as membership inference attacks (Nasr et al. 2019) or model inversion attacks (Geiping et al. 2020).

Several methods are used in federated learning to preserve data privacy. One of the most commonly used techniques is differential privacy (DP), which provides statistical data privacy for individual records. Although many attempts have been made to achieve DP and its variants, such as local DP, user-level DP, joint DP, and federated DP, in FL (e.g., Kearns et al. 2014, Zheng et al. 2021), there is still a lack of systematic understanding in both theory and practice regarding the suitability of these privacy notions and their practical implications for FL. Moreover, due to the unique structure of FL, designing more powerful differentially private mechanisms tailored for FL is imperative.  

Secure multi-party computation (MPC) protocols are another technique used in federated learning to preserve data privacy (Jayaraman et al., 2018). These protocols enable participants to jointly compute a function over their private inputs using cryptographic techniques like secret sharing and oblivious transfer. However, MPC protocols rely on carefully designed computation and synchronization protocols between participants, which suffer from significant computational complexity when there are thousands of participants, such as in cross-device FL (Kairouz et al. 2021 a). Therefore, designing scalable MPC protocols in FL and combining them with new differentially private mechanisms are promising directions for future research.

In addition, other cryptographic techniques, such as homomorphic encryption (HE), can also be used in federated learning to preserve data privacy (Zhang et al. 2020). HE enables certain computations (e.g., addition and multiplication) to be performed directly on ciphertexts without decrypting them first. In FL, each device can transfer the encrypted local model updates to the server for direct aggregation, and the result is then sent back to each device for local decryption. However, HE introduces significant overhead to computation and communication in FL. Thus, developing more efficient HE for FL has received increasing attention recently.

One of the main focuses of this workshop is to bring researchers from pertinent communities together to address privacy concerns in FL. This workshop aims to cover some of the following topics regarding privacy perspective in FL: new DP notions for FL, privacy attacks and evaluations in FL, differentially private mechanisms for FL, privacy accounting for FL, scaling MPC for FL, integration between DP and MPC for FL, efficient HE for FL.

 ii. Optimization. The optimization literature plays a crucial role in federated learning because FL involves training a machine learning model across multiple devices, each with its own local data distribution. Therefore, optimization methods for FL require addressing several unique challenges over what centralized (non-distributed) methods must address.

Firstly, as mentioned before, privacy is the primary goal in FL. Therefore, optimization methods for FL aim to achieve better model accuracy while respecting privacy constraints. To achieve this, optimization techniques such as stochastic gradient descent and its variants (Kairouz et al. 2021 b) are commonly used for training the global model in FL while preserving privacy. These optimization methods for FL must be compatible with privacy-preserving methods, such as DP and MPC, or achieve similar privacy guarantees.

Secondly, federated learning involves dealing with non-I.I.D. data, which can cause significant challenges when training the global model. Optimization techniques, such as federated averaging (McMahan et al. 2017) and personalization (Fallah et al. 2020), have been developed to overcome this challenge. Therefore, understanding the role of heterogeneity in FL and developing optimization methods that can effectively leverage such heterogeneity is a crucial research area in this field. Unfortunately, despite a lot of research effort in this direction, there still isn’t a satisfactory understanding of heterogeneity assumptions that can lead to guarantees that mimic the practical advantage of local update methods (Wang et al. 2022, Patel et al. 2022). 

Additionally, communication between the server and clients is often the main bottleneck in FL when clients, such as mobile devices, have limited bandwidth and availability for connection. To address this issue, optimizing communication costs is a major focus in FL research. Several techniques, such as quantization, sparsification, and compression (Koloskova et al. 2019, Richtarik et al. 2021), have been developed to reduce the amount of data that needs to be communicated between clients during the training process. Furthermore, communication-efficient algorithms (Woodworth et al. 2020, Karimireddy et al. 2020) that can reduce communication rounds have also been widely studied in FL.

Thus, this workshop will cover the following optimization topics: (differentially or otherwise) private optimization for FL, personalization and privacy trade-offs in FL, privacy-aware compression in FL, efficient communication algorithms for centralized and decentralized settings, and new data heterogeneity measures for theoretical FL guarantees.

 iii. Mechanism Design. Incentive mechanism design is an emerging research area in federated learning, as motivating clients to actively and reliably participate in FL is crucial for successful collaboration. This research area is concerned with creating incentive-compatible mechanisms, meaning that devices have no incentive to deviate from the protocol by sending stale or low-quality updates, dropping out of the collaboration, or not participating altogether. The goal is to ensure that the resulting model is accurate and high-quality.

There is a lot of research on collaborative protocols with a one-round interaction, such as incentivizing devices to collect high quality and quantity of samples (e.g., Blum et al. 2021) from some data distribution. One class of proposed mechanisms in federated learning is a payment-based incentive mechanism (Richardson et al. 2020, Cong et al. 2020), where devices are compensated for participating in the training process. Another class of mechanisms used is reputation-based (Kang et al. 2019, Zhang et al. 2021, Shi et al. 2022), where devices are incentivized to contribute high-quality data by rewarding them with a good reputation score. The reputation score can be used to select devices to participate in future training rounds, ensuring that devices that provide high-quality data are prioritized in the training process.

But there is little research for FL where the interaction is usually repeated, and the devices can often see all the intermediate models, thus acting strategically in real time. This promising research direction is closely related to FL's privacy requirements and optimization methods. Therefore, reconciling these aspects in FL can lead to many important research questions. This workshop aims to cover one or two topics in the mechanism design for FL and/or fairness for FL. We also hope to touch on related concepts from collaborative PAC learning (Blum et al. 2017, Haghtalab et al. 2022). This could lead to new collaborations among researchers from various fields.