Skip to content

sacs-epfl/shatter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
.github/workflows
.github/workflows
 
 
artifact_scripts
artifact_scripts
 
 
decentralizepy
decentralizepy
 
 
eval
eval
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.isort.cfg
.isort.cfg
 
 
ARTIFACT-EVALUATION.md
ARTIFACT-EVALUATION.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
docker-build.sh
docker-build.sh
 
 
docker-copy-exp-1.sh
docker-copy-exp-1.sh
 
 
docker-copy-exp-2.sh
docker-copy-exp-2.sh
 
 
docker-run.sh
docker-run.sh
 
 
prerequisites.sh
prerequisites.sh
 
 
pyproject.toml
pyproject.toml
 
 
requirements_all.txt
requirements_all.txt
 
 
requirements_base.txt
requirements_base.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 
testing-script.sh
testing-script.sh
 
 

Repository files navigation

Shatter

Repository for privacy-preserving decentralized learning using Shatter.

Decentralized Learning (DL) enables collaborative learning without a server and without training data leaving the users' devices. However, the models shared in DL can still be used to infer training data. Conventional privacy defenses such as differential privacy and secure aggregation fall short in effectively safeguarding user privacy in DL, either sacrificing model utility or efficiency. We introduce SHATTER, a novel DL approach in which nodes create Virtual Nodes to disseminate chunks of their full model on their behalf. This enhances privacy by (i) preventing attackers from collecting full models from other nodes, and (ii) hiding the identity of the original node that produced a given model chunk. We theoretically prove the convergence of SHATTER and provide a formal analysis demonstrating how SHATTER reduces the efficacy of attacks compared to when exchanging full models between participating nodes. We evaluate the convergence and attack resilience of SHATTER with existing DL algorithms, with heterogeneous datasets, and against three standard privacy attacks, including gradient inversion. Our evaluation shows that SHATTER not only renders these privacy attacks infeasible when each node operates 16 VNs but also exhibits a positive impact on model utility compared to standard DL. In summary, SHATTER enhances the privacy of DL while maintaining model utility and efficiency.

Installation

Before cloning, ensure that you have Git LFS installed. If not, you can install it using the following command:

sudo apt-get update && sudo apt-get install git-lfs

To install the necessary dependencies, use the following command:

pip install -r requirements_base.txt && pip install -r requirements_all.txt

Usage

To start using Shatter, follow ARTIFACT-EVALUATION.md.

Contributing

We welcome contributions from the community! Please see the CONTRIBUTING.rst file for guidelines on how to contribute to this project.

Credits

This project is built on the following amazing tools:

  • DecentralizePy - A decentralized learning framework.
  • ROG - A framework for privacy-preserving distributed optimization.

License

This project is licensed under the MIT License. See the LICENSE file for more details.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages