Split Learning (Variants)
& Theoretical Advances Towards its Privacy
�
Praneeth Vepakomma
MIT
https://praneeth.mit.edu
How is this incentivized?
Server
Client1
Client2
Client3 ..
Federated Learning
Split Learning
Server
Client1
Client2
Client3 ..
Smasher
Smashed Data
Back Prop
Hybrids
Sequential SL
Parallel SL
SL Variants
Evolution of Split Learning
Server-Client Update Imbalance Problem
Client Model Detachment Problem
Privacy Problem
Guiding Principles
AdaSplit
Subset of clients
(UCB)
Global update frequency
Sparse updates
No comm of
server to client
gradients!
We propose Adaptive Split Learning (AdaSplit) to give trade-offs
9
Improves performance under limited resources and adapts to variable resource budgets.
Chopra et al (arxiv 2022). AdaSplit: Adaptive Trade-offs for Resource-constrained Distributed Deep Learning
Mix-up + SL + Transformers
11
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
Client1
Client2
Mixer
Server
Mixed Smashed Data
CutSmashed data
Upload
Upload
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
Smashed Patch CutMix
Common Pseudo Random Sequence
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
0 | 1 | 0 | 1 | 1 | 0 | 1 |
1 | 0 | 1 | 0 | 0 | 1 | 0 |
Pseudo Random Sequnece
| | | |
| | | |
| | | |
| | | |
0 | 1 | 0 | 1 | 1 | 0 | 1 |
| | | |
| | | |
| | | |
| | | |
CutSmashed data
Smashed data
Amplification
Renyi DP
Private Mix-up
+ SL
+ Transformers
Results
Supervised Manifold Learning Query
Activation Query Privacy
Privatizing the SMLQ
A query on a dataset can be privatized by adding controlled noise.
Privatizing the SMLQ
Client and server-side alignment
Pre-alignment
Post-alignment
Boomerang Split Learning
Front
Center
Back
Front
Center
Back
Split Learning with DenseNet
Split Learning with U-Net
Multiple medical imaging benchmarks
Label Privacy
Differentially Private Label Protection in Split Learning,
Yang, Sun, Yao, Xie, Wang (ByteDance)
Topologies
Vepakomma, Swedish, Gupta, Dubey, Raskar 2018
Post-hoc privacy
How can an informally private prediction model
be made to provide formal privacy guarantees?
�
Main Problem
Overall Pipeline
Informal Privacy
Metric DP as an antidote to single instance encoding
Semantic neighborhood privacy when restricted to
Ref 1: Impossibility result of instance encoding (Carlini et al., 2020)
Ref 2: Metric DP (Chatzikokolakis et al., et al., 2013)
Propose-Test-Release (Dwork, Lei STOC 2009)
What’s an alternative that could be estimated from reasonably sized NN’s?
Exactly Computing the Local Lipschitz Constant of ReLU Networks, Jordan & Dimakis, NeurIPS 2020
Splintering: A resource efficient scheme for distributed linear algebra
Is there a resource efficiency benefit?
What about softmax?
Home work problem!
Matrix Inverse & Multiplication:
Splintering shines
Client only performs +/-, scaling & multiplication with diagonal matrices and inverse of below k by k matrix as opposed to the original n by n matrix with k<<n.
Computational Savings
Matrix Inverse & Multiplication:
Splintering shines
Clément Canonne
Mohammad Mohammadi Amiri
Nina Miolane
Suat Evren
Abhishek Singh
Ramesh Raskar
Alex Pentland
Questions & Discussion
Thanks to all collaborators
Ayush Chopra