| Abstract | Sensitive information that cannot be shared poses a barrier to gathering large datasets for training machine learning models. Federated learning (FL) addresses this by leveraging data across multiple clients without exchanging private data; however, this requires sharing model weights with all participants during training. Model weights are valuable assets and can be reverse-engineered to leak private training data. Furthermore, even if participants in an FL network can be trusted, using the trained model on sensitive data requires exposing model weights or sharing sensitive data with the model owner. Therefore, we present FLAMED-PICAFE, a general framework for FL and private inference (PI) that preserves model and data privacy in both training and deployment phases. To our knowledge, this is the first approach to achieve this without relying on homomorphic encryption during training or imposing severe architectural restrictions. FLAMED-PICAFE utilizes an updated version of the FLAMED FL framework for training and cooperative activation functions (CAFs) to enable PI during deployment. We evaluated FLAMED-PICAFE against baseline and state-of-the-art FL approaches on synthetic datasets and a healthcare dataset from a real-world federated setting, and measured the effect of CAFs on model accuracy and compute time. Results indicate that FLAMED-PICAFE is competitive with existing FL approaches while CAFs delivered lossless or near-lossless performance. In particular, we found that federated supervised PCA improved FLAMED’s performance by up to 1.6 % on synthetic datasets and up to 7.5 % on the healthcare dataset. Meanwhile, ReLU CAFs nearly maintained full accuracy, and sigmoid CAFs caused only a 2.6 % drop in accuracy while enabling private inference on encrypted data. |
|---|
