Communication efficient privacy-preserving distributed optimization using adaptive differential quantization

Qiongxiu Li, , Richard Heusdens, , and Mads Græsbøll Christensen Q. Li and M. G. Christensen are with the Audio Analysis Lab, CREATE, Aalborg University, 9000 Aalborg, Denmark (emails: {qili,mgc}@create.aau.dk).R. Heusdens is with the Netherlands Defence Academy (NLDA), Het Nieuwe Diep 8, 1781 AC Den Helder, The Netherlands, and with the Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, Mekelweg 4, 2628 CD Delft, The Netherlands (email: r.heusdens@{mindef.nl,tudelft.nl}).

Abstract

Privacy issues and communication cost are both major concerns in distributed optimization. There is often a trade-off between them because the encryption methods required for privacy-preservation often incur expensive communication bandwidth. To address this issue, we, in this paper, propose a quantization-based approach to achieve both communication efficient and privacy-preserving solutions in the context of distributed optimization. By deploying an adaptive differential quantization scheme, we allow each node in the network to achieve its optimum solution with a low communication cost while keeping its private data unrevealed. Additionally, the proposed approach is general and can be applied in various distributed optimization methods, such as the primal-dual method of multipliers (PDMM) and the alternating direction method of multipliers (ADMM). Moveover, we consider two widely used adversary models: passive and eavesdropping. Finally, we investigate the properties of the proposed approach using different applications and demonstrate its superior performance in terms of several parameters including accuracy, privacy, and communication cost.

Index Terms:

distributed optimization, quantization, communication cost, privacy, information-theoretic, ADMM, PDMM

I Introduction

With the emergence of interconnected or networked systems, distributed optimization is widely used to process its massive amount of data. As the primary computation units in these distributed networks are often personal devices, such as mobile phones and tablets [1, 2], the underlying networked data are private in nature. Furthermore, the available computational resources are also limited by the hardware and energy consumption. As a consequence, novel distributed optimization tools are required that are able to address the privacy concern in a way that is efficient in terms of communication and computational resources.

Existing approaches mostly address the above challenges only partially. To achieve computationally lightweight solutions, noise insertion approaches, which add noise to obfuscate the private data, are widely used in the literature. These methods can be broadly classified into three classes. The first one is the class of differentially private distributed optimization approaches [3, 4, 5, 6, 7, 8, 9]. The main idea is to guarantee that the posterior guess of the private data is only slightly better than the prior guess. The downside of these algorithms is that they compromise the algorithm accuracy, i.e., they have an inherent trade-off between privacy and accuracy. Additionally, it is hard to achieve differential privacy in practice. The second class is that of secret-sharing based distributed optimization approaches [10, 11] which deploy secret sharing to prevent privacy leakage, a technique used in secure multiparty computation [12, 13]. Secret sharing works by splitting the private data into a number of so-called shares and distributes them over the nodes such that without a sufficient number of nodes cooperating the private data cannot be reconstructed. This, however, comes with additional communication costs as the distribution of shares requires extra communication. The third class is the class of subspace perturbation based distributed optimization approaches [14, 15, 16] which, by inserting noise in a subspace determined by the graph topology, alleviates the privacy-accuracy trade-off without severely increasing the communication costs.

Note that when considering the communication cost, aside from the number of times the communication channel is used, there is another critical parameter, namely the communication bandwidth or the corresponding bit-rate. The communication bandwidth is often omitted in privacy related approaches by assuming infinite precision. However, there is often a fundamental trade-off between privacy and communication cost in noise insertion type methods. The reason for this is that a higher privacy level usually requires a larger amount of noise insertion, which, in turn, increases the noise entropy and thereby the bit-rate.

I-A Paper contributions

The main contribution of this paper that we propose a new privacy-preserving distributed optimization approach to mitigate the aforementioned trade-off between privacy and communication bandwidth. To do so, we first give an information-theoretical analysis on this trade-off in noise insertion approaches. After that we propose to address this trade-off by exploiting an adaptive differential quantization scheme. To the best of our knowledge, this is the first approach which provides information theoretical privacy guarantees for distributed optimization with quantization. The proposed approach has a number of attractive properties:

•

It addresses the privacy and communication bandwidth trade-off by significantly reducing the overall communication cost compared to existing approaches including secret sharing, subspace perturbation and differential privacy based approaches.
•

The accuracy of the optimization result is not compromised by considering both privacy and quantization.
•

It is generally applicable to various distibuted optimizers such as ADMM, PDMM and related algorithms.
•

It provides privacy guarantees under two widely-considered adversary models: eavesdropping and passive adversary models.

I-B Outlines and notation

The rest of the paper is organized as follows. Section II reviews fundamentals of distributed optimization. Section III introduces important concepts about privacy and then formulate the problem to be solved. Section IV explains the reason why there is always a trade-off between privacy and communication bandwidth and Section V introduces the proposed approach to address it. Numerical results and comparisons with existing approaches are demonstrated in Section VI. Finally, the conclusion is given in Section VII.

We use the following notation throughout this paper. Lowercase letters $x$ denote scalars, lowercase boldface letters $\bm{x}$ denote vectors, uppercase boldface letters $\bm{X}$ denote matrices. $\bm{x}_{i}$ and $\bm{X}_{ij}$ denote the $i$ -th and $(i,j)$ -th entry of the vector $\bm{x}$ and the matrix $\bm{X}$ , respectively. Denote calligraphic letters $\mathcal{X}$ as sets and uppercase letters $X$ denote random variables having realizations $x$ . $H(X)$ and $h(X)$ denote the Shannon entropy and differential entropy of a random variable $X$ , respectively.

II Fundamentals

This section reviews necessary fundamentals for distributed optimization.

II-A Distributed optimization over networks

We model a distributed network as a graph $\mathcal{G}=(\mathcal{N},\mathcal{E})$ where $\mathcal{N}={\{1,2,...,n}\}$ is the set of nodes and $\mathcal{E}\subseteq\mathcal{N}\times\mathcal{N}$ is the set of edges. Moreover, let $\mathcal{N}_{i}=\{j\,|\,{(i,j)\in\mathcal{E}\}}$ denote the set of neighboring nodes and $d_{i}=|\mathcal{N}_{i}|$ denote the degree (number of neighboring nodes) of node $i$ . A standard distributed convex optimization problem with constraints over the network can be formulated as

\begin{array}[]{ll}&{\displaystyle\min_{\bm{x}_{i},\forall i\in\mathcal{N}}}{{\displaystyle\sum_{i\in\mathcal{N}}}f_{i}(\bm{x}_{i})}\\ &{\text{s.t.~{}}}\forall(i,j)\in\mathcal{E}:{\bm{B}_{i|j}\bm{x}_{i}+\bm{B}_{j|i}\bm{x}_{j}=\bm{b}_{i,j}}\end{array}

(1)

where $\bm{x}_{i}\in\mathbb{R}^{u}$ denotes the optimization variable of node $i$ , $f_{i}:\mathbb{R}^{u}\mapsto\mathbb{R}\cup\{\infty\}$ denotes the local objective function which is assumed to be convex, $\bm{B}_{i|j}$ and $\bm{B}_{j|i}$ are edge-related matrices (weights) and $\bm{b}_{i,j}\in\mathbb{R}^{u}$ denotes the constraint imposed at edge $(i,j)\in\mathcal{E}$ . For simplicity, we assume $u=1$ and $\bm{b}_{i,j}=\bm{0}$ , but the results can easily be generalized to arbitrary dimension and cases where $\bm{b}_{i,j}\neq\bm{0}$ . With this, $\bm{B}_{i|j}$ and $\bm{B}_{j|i}$ are related to entries of the incidence matrix $\bm{B}\in\mathbb{R}^{m\times n},m=|\mathcal{E}|,$ of the graph: $\bm{B}_{li}=\bm{B}_{i|j}=1$ , $\bm{B}_{lj}=\bm{B}_{j|i}=-1$ if and only if $e_{l}=(i,j)\in\mathcal{E}$ and $i<j$ ,

II-B Distributed optimizers

To solve the problem in (1) in a decentralized manner, i.e., where each node is only allowed to exchange information with its neighboring nodes, a number of distributed, iterative optimizers have been proposed, including ADMM [17] and PDMM [18, 19, 20]. It has been shown using monotone operator theory and operator splitting techniques that ADMM and PDMM are closely related [20] (see [21] for details on monotone operator theory). The updating equations at iteration $t=0,1,\ldots$ can be generally represented as

	$\displaystyle\bm{x}_{i}^{(t+1)}=\arg\min_{\bm{x}_{i}}\big{(}f_{i}(\bm{x}_{i})+\operatorname*{\textstyle\sum}_{j\in\mathcal{N}_{i}}\bm{z}_{i\|j}^{(t)}\bm{B}_{i\|j}\bm{x}_{i}+\frac{cd_{i}}{2}\bm{x}_{i}^{2}\big{)}$
	$\displaystyle\forall j\in\mathcal{N}_{i}:\bm{z}_{j\|i}^{(t+1)}=\theta\bm{z}_{j\|i}^{(t)}+(1-\theta)({\bm{z}}_{i\|j}^{(t)}+2c\bm{B}_{j\|i}\bm{x}_{i}^{(t+1)}),$

where $c$ is a constant for controlling the convergence rate. Each edge $e_{l}=(i,j)\in\mathcal{E}$ is associated to two auxiliary variables $\bm{z}=\bm{z}_{i|j}$ and $\bm{z}_{l+m}=\bm{z}_{j|i}$ . Stacking all auxiliary variables together we have $\bm{z}\in\mathbb{R}^{2m}$ . $\theta\in[0,1)$ is a constant for controlling the averaging of the nonexpansive operators. For example, $\theta=0$ results in Peaceman-Rachford splitting (PDMM) and $\theta=1/2$ results in Douglas-Rachford splitting (ADMM). For simplicity, we will use $\theta=0$ , i.e., PDMM, as an example to explain the main idea but the conclusions hold for all $\theta\in[0,1)$ .

III Problem definition

In this section we first introduce important concepts regarding privacy-preservation and then define the problem to be solved and its evaluation metrics.

III-A Privacy concern

In distributed optimization, sensitive personal information is often embedded in each node’s local objective function $f_{i}(\bm{x}_{i})$ . The main reason is that the local objective function contains node-specific data as input and such data are often private in nature. As an example, consider a smart grid application. Assume each household/node in the network has its own power consumption data $\bm{s}_{i}$ and the goal is to compute the global average of these power consumption data, i.e., $n^{-1}\sum_{i\in\mathcal{N}}\bm{s}_{i}$ . In this context the local objective function is given by $f_{i}(\bm{x}_{i})=\frac{1}{2}\|\bm{x}_{i}-\bm{s}_{i}\|^{2}_{2}$ and the overall problem setup can be formulated as follows:

\begin{array}[]{ll}{\displaystyle\min_{\bm{x}_{i}}}&{{\displaystyle\sum_{i\in\mathcal{N}}\frac{1}{2}\|\bm{x}_{i}-\bm{s}_{i}\|^{2}_{2}}}\\ {\text{ s.t. }}&{\bm{x}_{i}=\bm{x}_{j},{\forall}(i,j)\in\mathcal{E}}.\end{array}

(2)

Note that the power consumption data $\bm{s}_{i}$ , contained in the local objective function $f_{i}(\bm{x}_{i})$ , of each household should be protected from being revealed to others, because it can reveal information regarding the householders such as their activities and even their health conditions like whether they are disabled or not [22]. Hence, information regarding the local objective function $f_{i}(\bm{x}_{i})$ is considered to be sensitive and should be protected from being revealed in the process of solving the optimization problem.

III-B Adversary model

To analyze the privacy, we must specify an adversary model. The purpose of such a model is to quantify the system robustness in dealing with different security attacks. In this paper, we consider two types of adversary models: the passive and the eavesdropping model. The passive (also called semi-honest or honest-but-curious) adversary model is a classical model considered in distributed networks [23]. It works by colluding a number of nodes, referred to as corrupted nodes. The corrupted nodes are assumed to follow the algorithm instructions (called the protocol) but will share information together. We call an edge in the graph corrupted as long as there is one corrupted node at its ends. All messages transmitted along such an edge will be known to the corrupted nodes, thus also to the passive adversary. See Fig.1 for a toy example. Hence, the passive adversary will collect all information from the corrupted nodes to infer private data of the other non-colluding nodes (referred to as honest nodes).

The eavesdropping adversary is assumed to attack the system by listening to the messages transmitted along the communication channels, i.e., edges. This model receives little attention as it can be addressed by assuming all communication channels are securely encrypted such that the transmitted messages cannot be eavesdropped, e.g., secret sharing based approaches [24, 11, 10]. However, this assumption is particularly expensive to realize in distributed optimization applications, as a large number of iterations is often required.

We assume that the considered two adversaries can cooperate, i.e., they share information together with the aim of inferring the private data of the honest nodes.

Refer to caption — Figure 1: Passive adversary

III-C Main requirements and related metrics

Putting things together, we now state the main requirements that communication efficient privacy-preserving distributed optimization should satisfy and introduce the related metrics.

1.

Output correctness: Each node $i$ should obtain the optimal solution to (1), denoted by $\bm{x}_{i}^{*}$ , at the end of the algorithm. A typical way to quantify the output correctness is to adopt certain distance metrics to calculate the difference between the estimated output $\bm{x}^{(t)}$ and the optimum output $\bm{x}^{*}$ . In this paper we use the overall mean square error (MSE) to quantify it, i.e., $\left\|\bm{x}^{(t)}-\bm{x}^{*}\right\|^{2}$ .
2.

Communication cost: After the algorithm execution, the cost of all communications should be as low as possible. The communication cost is given by $T(2m)l$ , where $T$ is the total number of iterations, $2m$ is the total amount of messages transmitted at each iteration ( $d_{i}$ per node) and $l$ is the number of bits needed to represent each message.
3.

Individual privacy: Each node’s private information, embedded in $f_{i}(\bm{x}_{i})$ , should be protected under both eavesdropping and passive adversaries throughout the algorithm. As we are focusing on noise insertion approaches, we will focus on information-theoretical metrics to describe the privacy. In the context of distributed processing, two commonly used metrics are the so-called $\epsilon$ -differential privacy and mutual information [25]. In this paper we choose mutual information as the individual privacy metric. The main reasons are as follows. (1) Mutual information has been proven effective in the context of privacy-preserving distributed processing [26], and has been applied in various applications [27, 28, 29, 30, 31, 32]. (2) It is closely related to $\epsilon$ -differential privacy (see [33] for more details), and is easier to realize in practice [34, 35, 36]. (3) $\epsilon$ -differential privacy does not work if the private data is correlated [37].

IV Trade-off in noise insertion approaches

In this section, we aim to show that there is typically a trade-off between privacy and communication bandwidth in noise insertion approaches. To do so we will first explain a simple noise insertion scheme and then introduce how to compute the communication bandwidth, i.e., bit-rate, after applying quantization. Finally, we give an example to demonstrate this trade-off.

IV-A Additive noise insertion

Assume a scenario that a number of people, each having his/her own private data, would like to participate in a project which takes the private data of all these participants as input. Let $s$ denote the private data held by you and you are reluctant to share your private data to others due to privacy concerns. The idea of noise insertion is to insert certain noise, denoted by $r$ , to obfuscate the private data and then share the obfuscated data, denoted by $s_{r}$ , to others. One of the most simple yet widely-used way of noise insertion is to directly add the noise to the private data for protecting it from being revealed to others, referred to as additive noise insertion, and defined as

\displaystyle s_{r}=s+r.

(3)

Intuitively, a higher privacy level will be achieved if the obfuscated data $s_{r}$ is less correlated with the private data $s$ . We have the following result.

Proposition 1.

(Privacy guarantee for additive noise insertion) Let $R$ and $S$ be continuous random variables with variance $\sigma^{2}_{R},\sigma^{2}_{S}<\infty$ , denoting the inserted noise and private data, respectively, and assume that $R$ and $S$ are statistically independent. Let $S_{r}=S+R$ . Given an arbitrarily small $\delta>0$ , there exists $\beta>0$ such that for $\sigma^{2}_{R}\geq\beta$

\displaystyle I(S;S_{r})\leq\delta.

(4)

In the case that the noise $R$ is Gaussian distributed, we have

\displaystyle\beta=\frac{\sigma^{2}_{S}}{2^{2\delta}-1}.

(5)

Proof.

See [26, Proposition $1$ ]. ∎

Hence, the more noise is inserted, the higher privacy level can be obtained. However, we remark that more noise will inevitably increase the noise entropy and thus requires a higher bit-rate (i.e., communication bandwidth). In what follows we will explain this in more detail.

IV-B Quantization and bit-rate

The main idea of quantization is to establish a mapping of the input data to a countable set of reproduction values, which is referred to as a codebook. More specifically, a quantizer divides the input domain into so-called quantization cells (Voronoi regions) where all elements within a cell are represented by a unique reproduction or code value. Let $l$ denote the number of bits to represent the reproduction values, $2^{l}$ in total. Although there exists many different quantization schemes, we will introduce a simple yet effective one, namely uniform quantization. In this quantizer, all quantization cells have the same size, except for the cells at the boundary of the domain in the case of fixed bit-rate quantization. For example, a one-dimensional 2-bit uniform mid-rise quantizer with cell-width $\Delta$ will divide the input range into four regions, each represented by a unique code value. That is, the quantization cells are given by $(-\infty,-\Delta],(-\Delta,0],(0,\Delta],(\Delta,\infty)$ and respresented by $-\frac{3\Delta}{2},-\frac{\Delta}{2},\frac{\Delta}{2}$ , and $\frac{3\Delta}{2}$ , respectively.

Using a finite number of bits to quantize a continuous random variable will always produce an error, or distortion. Intuitively, the fewer bits are used, the more distortion will occur. To have an idea on how many bits are required for transmitting a message, we can determine its entropy since this gives a lower bound on the number of bits needed to represent the data. With a uniform quantizer, the entropy of a quantized continuous random variable $X$ at sufficiently high rate can be approximated as [38]:

\displaystyle H(\hat{X})\approx h(X)-\frac{1}{2}\log\left(12D_{\Delta_{x}}\right),

(6)

where $\hat{X}$ is the discrete random variable after quantizing $X$ , $\Delta_{x}$ denotes the quantization cell width and $D_{\Delta_{x}}=\frac{\Delta_{x}^{2}}{12}$ is the quantization noise variance. Here, $H(\hat{X})$ is the Shannon entropy of $\hat{X}$ , and $h(X)$ is the differential entropy of $X$ , assuming it exists. Since the differential entropy of a random variable with fixed variance $\sigma^{2}$ is upper bounded by

\displaystyle h(X)\leq\frac{1}{2}\log\left(2\pi e\sigma^{2}\right),

(7)

we have

\displaystyle H(\hat{X})\leq\frac{1}{2}\log\left(\frac{2\pi e\sigma_{X}^{2}}{\Delta_{x}^{2}}\right).

(8)

IV-C Trade-off between privacy and bits

Assume the inserted noise $R$ is Gaussian distributed and the desired privacy level $\delta$ is given. The entropy of the obfuscated data $S_{r}$ is then given by

$\displaystyle H(\hat{S_{r}})$	$\displaystyle\leq\frac{1}{2}\log\left(\frac{2\pi e\sigma_{S_{r}}^{2}}{\Delta_{s_{r}}^{2}}\right)$
	$\displaystyle\stackrel{{\scriptstyle{\text{(a)}}}}{{=}}\frac{1}{2}\log\left(\frac{2\pi e(\sigma^{2}_{S}+\sigma^{2}_{R})}{\Delta_{s_{r}}^{2}}\right)$
	$\displaystyle\stackrel{{\scriptstyle{\text{(b)}}}}{{=}}\frac{1}{2}\log\left(\frac{2\pi e(2^{2\delta}\sigma^{2}_{S})}{(2^{2\delta}-1)\Delta_{s_{r}}^{2}}\right),$	(9)

where (a) holds as $S$ and $R$ are independent and (b) follows by setting $\sigma^{2}_{R}$ equal to $\beta$ given by (5). By inspection of (9), we can see that the smaller the information leakage $\delta$ is, i.e., the higher the privacy level is, the higher the amount of bits for representing the quantized obfuscated data $\hat{S_{r}}$ will be. Clearly there is a trade-off between them. In Fig. 2 we give an example based on (9) to demonstrate this trade-off, where we set $\sigma^{2}_{S}=1$ and $\Delta_{s_{r}}=10^{-5}$ .

V Proposed approach

After explaining why there is a trade-off between privacy and communication cost in noise insertion approaches, we now proceed to introduce the proposed approach which addresses this trade-off by using the adaptive differential quantization scheme of [39, 40]. The reason of choosing this quantization scheme is because it can help to save the communication cost without compromising privacy. In addition, we exploit the idea of additive noise insertion to guarantee privacy after applying quantization.

In this section we will first briefly introduce the adaptive differential quantization technique. After that, we introduce the proposed approach and explain how to guarantee privacy by making use of the auxiliary variable $\bm{z}^{(0)}$ , see Section II-B, as noise. Finally, we analyze the performance of the proposed approach based on the concerned requirements mentioned in Section III-C, i.e., individual privacy, output correctness and communication cost.

The main idea of applying adaptive differential quantization is based on the observation that for fixed point iterations the difference of successive iterations will converge to zero (i.e, it is a Cauchy sequence), which implies that the entropy of the difference of successive iterations will decrease to zero as the number of iteration increases. Motivated by this, the adaptive differential quantization scheme proposed in [39, 40] quantize the difference of the auxiliary variable at every two successive iterations with an adaptive cell-width decreasing with increasing iterations, details will be given below. By doing so, low data rate transmission between nodes can be achieved without compromising the accuracy of the algorithm.

With the adaptive differential quantization scheme, the process of the proposed approach is given as follows. At initialization $t=0$ , each node $i\in\mathcal{N}$ initializes its auxiliary variables $\{\bm{z}_{j|i}^{(0)}\}_{j\in\mathcal{N}_{i}}$ and sends the corresponding $\bm{z}_{j|i}^{(0)}$ to each and every neighboring node $j\in\mathcal{N}_{i}$ , respectively. Then update $\bm{x}_{i}^{(1)}$ and $\bm{z}_{j|i}^{(1)}$ as

	$\displaystyle\bm{x}_{i}^{(1)}=\arg\min_{\bm{x}_{i}}\big{(}f_{i}(\bm{x}_{i})+\operatorname*{\textstyle\sum}_{j\in\mathcal{N}_{i}}{\bm{z}_{i\|j}^{(0)}}\bm{B}_{i\|j}\bm{x}_{i}+\frac{cd_{i}}{2}\bm{x}_{i}^{2}\big{)}$		(10)
	$\displaystyle\forall j\in\mathcal{N}_{i}:\bm{z}_{j\|i}^{(1)}=\bm{z}_{i\|j}^{(0)}+2c\bm{B}_{j\|i}\bm{x}_{i}^{(1)}$		(11)

Let $\hat{\bm{z}}$ denote the quantized version of $\bm{z}$ . At iteration $t\geq 1$ , each node does not transmit the unquantized $\bm{z}_{j|i}^{(t)}$ to node $j$ directly, instead it first defines the difference variable $\bm{v}^{(t)}$ as

\displaystyle\bm{v}^{(t)}\triangleq\left\{\begin{array}[]{ll}\bm{z}^{(1)}-\bm{z}^{(0)},&\textrm{ if $t=1$},\\ \bm{z}^{(t)}-\hat{\bm{z}}^{(t-1)},&\textrm{ if $t>1$}.\end{array}\right.

(14)

Let $Q(\cdot)$ denote the quantization operation. Applying quantization to the difference variable $\bm{v}^{(t)}$ we have

\displaystyle\hat{\bm{v}}^{(t)}=Q(\bm{v}^{(t)})=\bm{v}^{(t)}+\bm{n}_{q,v^{(t)}},

(15)

where $\bm{n}_{q,v^{(t)}}$ denotes the noise introduced by quantizing $\bm{v}^{(t)}$ . The adaptive differential quantizater quantizes the difference variable $\{\bm{v}^{(t)}\}_{t\geq 1}$ with a geometrically decreasing cell-width $\Delta^{(t)}=\gamma^{t-1}\Delta^{(0)}$ , where $\Delta^{(0)}$ denotes the initial cell-width and $\gamma\in(0,1)$ denotes the rate of growth. After obtaining $\hat{\bm{v}}^{(t+1)}$ , the quantized $\hat{\bm{z}}^{(t+1)}$ can be obtained by

\displaystyle\hat{\bm{z}}^{(t)}=\left\{\begin{array}[]{ll}\bm{z}^{(0)}+\hat{\bm{v}}^{(1)},&\textrm{ if $t=1$},\\ \hat{\bm{z}}^{(t-1)}+\hat{\bm{v}}^{(t)},&\textrm{ if $t>1$}.\end{array}\right.

(18)

Note that all $\{\hat{\bm{z}}^{(t)}\}_{t\geq 1}$ can be reconstructed when knowing $\bm{z}^{(0)}$ and the quantized $\{\hat{\bm{v}}^{(t)}\}_{t\geq 1}$ as

\displaystyle\forall t\geq 1:\hat{\bm{z}}^{(t)}=\bm{z}^{(0)}+\sum_{\tau=1}^{t}\hat{\bm{v}}^{(\tau)}.

(19)

After constructing $\hat{\bm{z}}^{(t)}$ , each node can update the local variables $\bm{x}_{i}^{(t+1)}$ and $\bm{z}_{j|i}^{(t+1)}$ using the quantized $\hat{\bm{z}}_{i|j}^{(t)}$ from the previous iteration, i.e.,

	$\displaystyle\bm{x}_{i}^{(t+1)}=\arg\min_{\bm{x}_{i}}\big{(}f_{i}(\bm{x}_{i})+\operatorname*{\textstyle\sum}_{j\in\mathcal{N}_{i}}{\hat{\bm{z}}_{i\|j}^{(t)}}\bm{B}_{i\|j}\bm{x}_{i}+\frac{cd_{i}}{2}\bm{x}_{i}^{2}\big{)}$		(20)
	$\displaystyle\forall j\in\mathcal{N}_{i}:\bm{z}_{j\|i}^{(t+1)}=\hat{\bm{z}}_{i\|j}^{(t)}+2c\bm{B}_{j\|i}\bm{x}_{i}^{(t+1)}$		(21)

Overall, we conclude that all messages that need to be transmitted are the initialized $\bm{z}^{(0)}$ and the quantized $\{\hat{\bm{v}}^{(t)}\}_{t\geq 1}$ . Because all $\{\hat{\bm{z}}^{(t)}\}_{t\geq 1}$ can be computed using $\bm{z}^{(0)}$ and $\{\hat{\bm{v}}^{(t)}\}_{t\geq 1}$ , all $\{\bm{x}^{(t)}\}_{t\geq 1}$ can be computed using $\bm{z}^{(0)}$ and $\{\hat{\bm{z}}^{(t)}\}_{t\geq 1}$ using (10) and (20).

Having introduced how to apply adaptive differential quantization to reduce the communication bandwidth, we now proceed to explain how to guarantee privacy. Motivated based on the idea of using additive noise insertion to achieve privacy-preservation, instead of inserting extra noise we propose to make use of the initialized $\bm{z}^{(0)}$ as noise. To guarantee privacy, we assume that it is transmitted at high precision (see the following individual privacy analysis for details).

Input : Initialized auxiliary variables:

\{\bm{z}_{j|i}^{(0)}\}_{(i,j)\in\mathcal{E}}

Initial quantization cell-width:

\Delta^{(0)}

Number of bits of quantizer:

l

Rate of growth:

\gamma

Output : Optimum optimization solutions:

\{\bm{x}_{i}^{*}\}_{i\in\mathcal{N}}

Initialization : Each node

i\in\mathcal{N}

, initializes

\{\bm{z}_{j|i}^{(0)}\}_{j\in\mathcal{N}_{i}}

based on the desired privacy level.

if $\|\bm{x}_{i}^{(t)}-\bm{x}_{i}^{*}\|^{2}<$ threshold then

if $t=0$ then

Receive

\bm{z}_{i|j}^{(0)}

from all neighbors

j\in\mathcal{N}_{i}

through securely encrypted channels [41].

Update

\bm{x}_{i}^{(1)}

using (10),

\{\bm{z}_{j|i}^{(1)}\}_{j\in\mathcal{N}_{i}}

using (11).

end if

if $t\geq 1$ then

Receive

\hat{\bm{v}}_{i|j}^{(t)}

from all neighbors

j\in\mathcal{N}_{i}

through non-securely encrypted channels.

Update

\{\hat{\bm{z}}_{i|j}^{(t)}\}_{j\in\mathcal{N}_{i}}

using

\eqref{eq.zRec}

Update

\bm{x}_{i}^{(t+1)}

using (20),

\{\bm{z}_{j|i}^{(t+1)}\}_{j\in\mathcal{N}_{i}}

using (21).

end if

Compute

\{\bm{v}_{j|i}^{(t+1)}\}_{j\in\mathcal{N}_{i}}

using (14).

Quantize

\{\bm{v}_{j|i}^{(t+1)}\}_{j\in\mathcal{N}_{i}}

with a

l

-bit uniform quantizer having cell-width

\Delta^{(t+1)}=\gamma^{t}\Delta^{(0)}

Transmit

\hat{\bm{v}}_{j|i}^{(t+1)}

to each neighbor

j\in\mathcal{N}_{i}

end if

Algorithm 1 Communication efficient privacy-preserving distributed optimization using adaptive differential quantization

V-A Individual privacy

By inspection of (20), for $t\geq 1$ the updates $\bm{x}_{i}^{(t)}$ satisfy

\displaystyle\partial f_{i}(\bm{x}_{i}^{(t+1)})+\sum_{j\in\mathcal{N}_{i}}\bm{B}_{i|j}\hat{\bm{z}}_{i|j}^{(t)}+cd_{i}\bm{x}_{i}^{(t+1)}=0.

(22)

We can see that the private data is only contained in the subgradient $\partial f_{i}(\bm{x}_{i}^{(t+1)})$ . As a consequence, the goal of the privacy analysis is to see what information regarding $\partial f_{i}(\bm{x}_{i}^{(t+1)})$ is revealed during the iterations. Note that for $t=0$ we have $\partial f_{i}(\bm{x}_{i}^{(1)})+\sum_{j\in\mathcal{N}_{i}}\bm{B}_{i|j}\bm{z}_{i|j}^{(0)}+cd_{i}\bm{x}_{i}^{(1)}=0$ .

For simplicity, assume $\bm{B}_{i|j}=1$ for all $j\in\mathcal{N}_{i}$ , and thus $\bm{B}_{j|i}=-1$ . Denote $\mathcal{N}_{c}$ and $\mathcal{N}_{h}$ as the set of corrupted nodes and honest nodes, respectively. Let $\mathcal{N}_{i,c}=\mathcal{N}_{i}\cap\mathcal{N}_{c}$ and $\mathcal{N}_{i,h}=\mathcal{N}_{i}\cap\mathcal{N}_{h}$ denote the set of the corrupted and honest neighbors of the node $i$ , respectively. In addition, we assume a worse case that each honest node has at least one corrupted neighboring node, i.e., $\mathcal{N}_{i,c}\neq\emptyset$ . Combining (14) and (15) we conclude that $\hat{\bm{v}}^{(t)}-\bm{n}_{q,v^{(t)}}=\bm{z}^{(t)}-\hat{\bm{z}}^{(t-1)}$ , so that (18) can be expressed as

\displaystyle\hat{\bm{z}}^{(t)}

\displaystyle=\bm{z}^{(t)}+\bm{n}_{q,v^{(t)}}.

(23)

For node $k\in\mathcal{N}_{i,c}$ , using (21) and (23), we can express the left-hand side of (22) as

\displaystyle\partial f_{i}(\bm{x}_{i}^{(t+1)})\!+\!\sum_{j\in\mathcal{N}_{i}}\hat{\bm{z}}^{(t)}_{i|j}-\frac{d_{i}(\hat{\bm{z}}_{k|i}^{(t+1)}\!-\bm{n}_{q,v_{k|i}^{(t+1)}}\!-\hat{\bm{z}}_{i|k}^{(t)}}{2}).

(24)

To quantify the amount of information about the private data $\partial f_{i}(\bm{x}_{i}^{(t+1)})$ learned by the adversaries, we must first inspect what information is available to them. We first consider the passive adversary. As it can collect all the information available to the corrupted nodes, it has the following knowledge:

\displaystyle\{\bm{x}_{i}^{(t)}\}_{i\in\mathcal{N}_{c},t\geq 1}\cup\{{\bm{z}}_{i|j}^{(0)},\hat{\bm{v}}_{i|j}^{(t+1)}\}_{(i,j)\in\mathcal{E}_{c},t\geq 0},

where $\mathcal{E}_{c}=\{(i,j)\in\mathcal{E},(i,j)\notin\mathcal{N}_{h}\times\mathcal{N}_{h}\}$ denotes the set of corrupted edges. With the above knowledge, the passive adversary is able to compute both $\sum_{j\in\mathcal{N}_{i,c}}\hat{\bm{z}}^{(t)}_{i|j}$ using (19) and $\frac{1}{2}d_{i}(\hat{\bm{z}}_{k|i}^{(t+1)}-\hat{\bm{z}}_{i|k}^{(t)})$ in (24). After computing these known terms, the unknown terms in (24) are given by

\displaystyle\{

\displaystyle\partial f_{i}(\bm{x}_{i}^{(t+1)})+\sum_{j\in\mathcal{N}_{i,h}}\hat{\bm{z}}^{(t)}_{i|j}+\frac{d_{i}}{2}\bm{n}_{q,v_{k|i}^{(t+1)}}\}_{k\in\mathcal{N}_{i,c}}.

(25)

Next, we consider the eavesdropping adversary. To minimize the expense of requiring securely encrypted communication channels, we propose to use secure channel encryption only once. More specifically, no channel encryption is involved except for transmitting $\bm{z}^{(0)}$ during the initialization step. As a consequence, the eavesdropping adversary can listen to all transmitted messages after initialization, i.e.,

\displaystyle\{\hat{\bm{v}}_{i|j}^{(t+1)}\}_{(i,j)\in\mathcal{E},t\geq 0},

note that it does not have knowledge about ${\bm{z}}_{i|j}^{(0)}$ . Based on (19), we can, therefore, deduce $\sum_{\tau=1}^{t}\hat{\bm{v}}_{i|j}^{(\tau)}$ from $\hat{\bm{z}}^{(t)}_{i|j}$ in (25) as it is known to the eavesdropping adversary. Consequently, we conclude that all what the passive and eavesdropping adversaries observe about the honest node $i$ is given by

\displaystyle\{\partial f_{i}(\bm{x}_{i}^{(t+1)})+\sum_{j\in\mathcal{N}_{i,h}}{\bm{z}}_{i|j}^{(0)}-\frac{d_{i}}{2}\bm{n}_{q,v_{k|i}^{(t+1)}}\}_{k\in\mathcal{N}_{i,c}}

(26)

where the last term $\{\bm{n}_{q,v_{k|i}^{(t+1)}}\}_{j\in\mathcal{N}_{i,c}}$ will converge to the all-zero vector as the iterations proceed. If node $i$ has at least one honest neighbor, i.e., $\mathcal{N}_{i,h}\neq\emptyset$ , the term $\sum_{j\in\mathcal{N}_{i,h}}\bm{z}_{i|j}^{(0)}$ can be considered as noise. Hence, we can, by Proposition 1, protect the private data $\partial f_{i}(\bm{x}_{i}^{(t+1)})$ from being revealed by making the variance of $\bm{z}^{(0)}$ arbitrarily large at the initialization step. Therefore, arbitrarily small information leakage regarding $\partial f_{i}(\bm{x}_{i}^{(t+1)})$ can be achieved at every iteration.

We remark that the proposed quantized approach can be seen as a privacy-enhanced version of the existing subspace perturbation based approach [16] since it introduces an additional noise component $\bm{n}_{q,v_{k|i}^{(t+1)}}$ in (26) which helps to further protect the private data. Hence, we conclude that the conditions to guarantee the privacy of the data of honest node $i\in\mathcal{N}_{h}$ for both passive and eavesdropping adversaries are given by:

•

It has at least one honest neighbor. That is, $\mathcal{N}_{i,h}\neq\emptyset$ .
•

The communication channels are securely encrypted in the initialization phase when transmitting $\bm{z}^{(0)}$ .

V-B Output correctness and communication cost

In [40] it has been shown that if the sequence $\{{\bm{n}_{q,v^{(t)}}}\}_{t>0}$ is finitely summable, then Douglas-Rachford splitting will convergence to a fixed point $\bm{x}^{*}$ which is the solution to (1). Hence, the output correctness requirement is satisfied. As for the communication cost, we can see that with the help of quantization, the communication cost of the proposed approach is substantially reduced. In fact, as we will demonstrate in the next section, we can quantize the data with a one-bit quanitzer ( $l=1$ ) and still obtain perfect output correctness and individual privacy.

The details of the proposed algorithm are summarized in Algorithm 1.

VI Numerical results

In this section, we will demonstrate simulation results for the proposed approach and compare this with existing approaches. We simulated a geometric network with $n=30$ nodes where every two nodes are allowed to transmit messages if their distance is within a radius of $\sqrt{\frac{2\log(n)}{n}}$ , as this condition ensures that the corresponding graph is connected with high probability [42].

VI-A Performance of the proposed approach

We use two applications to test the performance of the proposed approach: distributed average consensus and distributed least squares. The main reason for choosing these two applications is that they are intensively investigated in the literature [43, 44, 45, 24, 11, 46, 47, 48, 49, 14, 15]. The detailed problem formulation of distributed average consensus is already introduced in (2). As for distributed least squares, assume each node has partial knowledge of a linear system (assuming overdetermined) including an input observation, denoted as $\bm{Q}_{i}\in\mathbb{R}^{p_{i}\times u},\,p_{i}>u$ and a decision vector, denoted as $\bm{y}_{i}\in\mathbb{R}^{p_{i}}$ . Stacking the partial knowledge together we denote $\bm{Q}=[\bm{Q}^{\top}_{1},\dots,\bm{Q}^{\top}_{n}]^{\top}\in\mathbb{R}^{P_{n}\times u}$ and $\bm{y}=[\bm{y}^{\top}_{1},\dots,\bm{y}^{\top}_{n}]^{\top}\in\mathbb{R}^{P_{n}}$ , where $P_{n}=\sum_{i\in\mathcal{N}}p_{i}$ . The goal of privacy-preserving distributed least squares is to allow each node to achieve the global optimum solution $\forall i\in\mathcal{N},\,\bm{x}_{i}^{*}=(\bm{Q}^{\top}\bm{Q})^{-1}\bm{Q}^{\top}\bm{y}\in\mathbb{R}^{u}$ , without revealing its private data, i.e., $\bm{Q}_{i},\bm{y}_{i}$ . With distributed optimization this problem can be formulated as

\begin{array}[]{ll}{\displaystyle\min_{\bm{x}_{i}}}&{\sum_{i\in\mathcal{N}}\frac{1}{2}\|\bm{y}_{i}-\bm{Q}_{i}\bm{x}_{i}\|^{2}_{2}}\\ {\text{ s.t. }}&{\bm{x}_{i}=\bm{x}_{j},{\forall}(i,j)\in\mathcal{E}}.\end{array}

(27)

In all experiments, we randomly draw the private data, i.e., $\bm{s}_{i}$ in the case of distributed average consensus and $\bm{Q}_{i},\bm{y}_{i}$ in the case of distributed least squares, from a zero-mean Gaussian distribution with unit variance. In addition, we set $c=\gamma=0.9$ and the auxiliary variable $\bm{z}^{(0)}$ is initialized with zero-mean Gaussian distributed noise having a variance $\sigma^{2}_{z^{(0)}}\!={\Delta^{(0)}}^{2}$ , where $\Delta^{(0)}$ is the initial quantization cell-width. Moreover, for the proposed quantized approach, a one-bit (mid-rise) quantizer is used with cell-width $\Delta^{(t)}$ , which means that we only transmit the signs of the $\bm{z}_{i|j}$ s which will be reconstructed at the receiver by $\pm\Delta^{(t)}/2$ .

The performance of the proposed approach is demonstrated in terms of the three requirements mentioned in Section III-C.

1.

Output correctness: From Fig.3 we can see that applying the proposed adaptive differential quantization scheme to both PDMM (QPDMM) and ADMM (QADMM), the quantization noise $\bm{n}_{q,v^{(t)}}$ converges to zero and the optimization variable $\bm{x}^{(t)}$ converges to the optimal $\bm{x}^{*}$ . These results validate the claim stated in Section V-B: if the sequence $\{{\bm{n}_{q,v^{(t)}}}\}_{t>0}$ is finite summable, the output correctness will be guaranteed. Hence, we conclude that the proposed approach satisfies the output correctness requirement, i.e., accuracy is not compromised by considering both quantization and privacy. Additionally, it is generally applicable to both ADMM and PDMM.
2.

Communication cost: Fig. 4 demonstrates the total communication cost (the amount of bits) of the proposed QADMM and QPDMM under three different privacy levels: $\sigma^{2}_{z^{(0)}}=10^{0},\sigma^{2}_{z^{(0)}}=10^{2},\sigma^{2}_{z^{(0)}}=10^{4}$ . Note that for the proposed approach we have $l=1$ since a one-bit quantizer is used. We can see that the convergence rate of the proposed approach is invariant to the privacy level.
3.

Individual privacy: Fig.5 shows the individual privacy of an arbitrary honest node over iterations using the proposed approach under the condition that there is only one honest neighboring node when applied to the distributed average consensus problem. That is, the normalized mutual information measured based on (26) when $\mathcal{N}_{i,c}=d_{i}-1$ . We can see that the larger $\sigma^{2}_{z^{(0)}}$ is, the less individual privacy is revealed, i.e., the higher the privacy level is. Hence, the proposed approach is able to guarantee individual privacy by controlling the variance of the initialized $\bm{z}^{(0)}$ , i.e., $\sigma^{2}_{z^{(0)}}$ .

VI-B Comparison with existing approaches

We now compare the performance of the proposed QADMM with existing approaches including subspace perturbation (SP) based approach [16], secret sharing (SS) based approach [44] and differential privacy (DP) based approach [46]. To ensure a fair comparison, we insert the same amount of noise in all these algorithms. More specifically, all inserted noise are Gaussian distributed with zero mean and variance $10^{2}$ . Additionally, all algorithms are based on the ADMM optimizer. Note that since none of the existing algorithms use a quantization scheme, the number of bits to represent each massage is set to $l=64$ (MATLAB double precision floating-point format). From Fig.6, we can see that

•

among these approaches, differential privacy based approach does not output an accurate result, i.e., it suffers from a privacy-accuracy trade-off;
•

as expected, compared to all existing approaches the proposed algorithm significantly reduces the communication cost.

One remark is placed here. Among all existing approaches: subspace perturbation, secret sharing and differential privacy based approaches, the proposed approach is obtained by applying adaptive differential quantization to the subspace perturbation based approaches such that the communication cost is reduced without sacrificing the individual privacy and output correctness. For the other two types of approaches it would also be interesting to investigate how quantization affects their performances in terms of privacy and accuracy.

VII Conclusion

In this paper, we proposed a novel yet general communication efficient privacy-preserving distributed optimization approach using adaptive differential quantization. By adopting an adaptive quantizer that dynamically decreases its cell-width for each iteration to reduce the communication cost and making use of additive noise insertion to achieve privacy-preservation, we are able to alleviate the trade-off between privacy and communication cost without compromising the algorithm accuracy. In addition, the proposed algorithm is able to protect privacy of any honest node against the passive adversary by requiring only one honest neighboring node. Moreover, the proposed method is computationally very lightweight in its way of dealing with an eavesdropping adversary as no secure encryption is needed, except for in the initialization step. Finally, numerical results were conducted, which confirm the desirable properties of the proposed approach in terms of accuracy, privacy and communication cost and show that the proposed approach has superior performance compared to the existing approaches.

References

[1] M. Anderson, Technology device ownership, 2015, Pew Research Center, 2015.
[2] J. Poushter and others, “Smartphone ownership and internet usage continues to climb in emerging economies,” Pew Research Center, vol. 22, pp. 1–44, 2016.
[3] Z. Huang, S. Mitra, and N. Vaidya, “Differentially private distributed optimization., pp. 1–10,” in Proc. Int. Conf. Distrib. Comput. Netw, 2015.
[4] S. Han, U. Topcu, and G. J. Pappas, “Differentially private distributed constrained optimization,” IEEE Trans. Autom. Control., vol. 62, no. 1, pp 50-64, 2016.
[5] E. Nozari, P. Tallapragada, and J. Cortés, “Differentially private distributed convex optimization via functional perturbation,” IEEE Trans. Control Netw. Syst., vol. 5, no. 1, pp 395-408, 2018.
[6] T. Zhang and Q. Zhu, “Dynamic differential privacy for ADMM-based distributed classification learning,” IEEE Trans. Inf. Forensics Security, vol. 12, no. 1, pp. 172–187, 2016.
[7] X. Zhang, M. M. Khalili, and M. Liu, “Recycled ADMM: Improve privacy and accuracy with less computation in distributed algorithms,” in in Proc. 56th Annu. Allerton Conf. Commun., Control, Comput. pp.959–965, 2018.
[8] X. Zhang, M. M. Khalili, and M. Liu, “Improving the privacy and accuracy of ADMM-based distributed algorithms,” Proc. Int. Conf. Mach. Lear. pp. 5796–5805, 2018.
[9] Y. Xiong, J. Xu, K. You, J. Liu and L. Wu, “Privacy preserving distributed online optimization over unbalanced digraphs via subgradient rescaling,” IEEE Trans. Control Netw. Syst., 2020.
[10] K. Tjell and R. Wisniewski, “Privacy preservation in distributed optimization via dual decomposition and ADMM,” in Proc. IEEE 58th Conf. Decis. Control., pp. 7203–7208, 2020.
[11] K. Tjell, I. Cascudo and R. Wisniewski, “Privacy preserving recursive least squares solutions,” in Proc. Eur. Control Conf., pp.3490–3495, 2019.
[12] R. Cramer, I. B. Damgård, and J. B. Nielsen, Secure Multiparty Computation and Secret Sharing, Cambridge University Press, 2015.
[13] I. Damgård, V. Pastro, N. Smart, and S. Zakarias, “Multiparty computation from somewhat homomorphic encryption,” in Advances in Cryptology–CRYPTO, pp. 643–662. Springer, 2012.
[14] Q. Li, R. Heusdens and M. G. Christensen, “Convex optimisation-based privacy-preserving distributed average consensus in wireless sensor networks,” in Proc. Int. Conf. Acoust., Speech, Signal Process., pp. 5895-5899, 2020.
[15] Q. Li, R. Heusdens and M. G. Christensen, “Convex optimization-based privacy-preserving distributed least squares via subspace perturbation,” in Proc. Eur. Signal Process. Conf., pp. 2110-2114, 2021.
[16] Q. Li, R. Heusdens and M. G. Christensen, “Privacy-preserving distributed optimization via subspace perturbation: A general framework,” in IEEE Trans. Signal Process., vol. 68, pp. 5983 - 5996, 2020.
[17] S. Boyd, N. Parikh, E. Chu, B. Peleato, J. Eckstein, et al., “Distributed optimization and statistical learning via the alternating direction method of multipliers,” Foundations and Trends in Machine learning, vol. 3, no. 1, pp. 1–122, 2011.
[18] G. Zhang and R. Heusdens, “Bi-alternating direction method of multipliers over graphs,” in Proc. Int. Conf. Acoustics, Speech, Signal Proc. pp. 3571–3575, 2015.
[19] G. Zhang and R. Heusdens, “Distributed optimization using the primal-dual method of multipliers,” IEEE Trans. Signal Process., vol. 4, no. 1, pp. 173–187, 2018.
[20] T. Sherson, R. Heusdens, W. B. Kleijn, “Derivation and analysis of the primal-dual method of multipliers based on monotone operator theory,” IEEE Trans. Signal Inf. Process. Netw., vol. 5, no. 2, pp 334-347, 2018.
[21] E. Ryu, S. P. Boyd, “Primer on monotone operator methods,” Appl. Comput. Math., vol. 15, no. 1, pp. 3-43,, 2016.
[22] G. Giaconi, D. Gündüz, H. V. Poor, “Privacy-aware smart metering: Progress and challenges,” IEEE Signal Process. Mag., vol. 35, no. 6, pp. 59-78, 2018.
[23] D. Bogdanov, S. Laur, J. Willemson, “Sharemind: A framework for fast privacy-preserving computations,” in Proc. 13th Eur. Symp. Res. Comput. Security: Comput. Security, pp. 192-206,, 2008.
[24] Q. Li and M. G. Christensen, “A privacy-preserving asynchronous averaging algorithm based on shamir’s secret sharing,” in Proc. Eur. Signal Process. Conf., pp. 1-5, 2019.
[25] T. M. Cover and J. A. Tomas, Elements of information theory, John Wiley & Sons, 2012.
[26] Q. Li, J. S. Gundersen, R. Heusdens and M. G. Christensen, “Privacy-preserving distributed processing: Metrics, bounds, and algorithms,” in IEEE Trans. Inf. Forensics Security. vol. 16, pp. 2090–2103, 2021.
[27] M. Lopuhaä-Zwakenberg, B. Škorić and N. Li, “Information-theoretic metrics for local differential privacy protocols,” arXiv preprint arXiv:1910.07826, 2019.
[28] Q. Li, M. Coutino, G. Leus and M. G. Christensen, “Privacy-preserving distributed graph filtering,” in Proc. Eur. Signal Process. Conf., pp. 2155-2159, 2021.
[29] S. Yagli, A. Dytso and H.V. Poor, “Information-theoretic bounds on the generalization error and privacy leakage in federated learning,” in IEEE 21st International Workshop on Signal Processing Advances in Wireless Communications (SPAWC), 2020, pp. 1–5.
[30] Y. Bu, S. Zou, and V. V. Veeravalli, “Tightening mutual information-based bounds on generalization error,” IEEE J. Sel. Areas Info. Theory. vol. 1, no. 1, pp. 121–130, 2020.
[31] A. Pensia, V. Jog, and P. L. Loh, “Generalization error bounds for noisy, iterative algorithms,” in Proc. of IEEE Int. Symp. Inform. Theory (ISIT), pp. 546–550, 2018.
[32] Jeffrey Negrea, Mahdi Haghifam, Gintare Karolina Dziugaite, Ashish Khisti, and Daniel M Roy, “Information-theoretic generalization bounds for sgld via data-dependent estimates.,” in Proc. of Neural Information Processing Systems (NeurIPS), pp. 11013–11023, 2019.
[33] P. Cuff and L. Yu, “Differential privacy as a mutual information constraint,” in Proc. 23rd ACM SIGSAC Conf. Comput. Commun. Secur., pp 43–54, 2016.
[34] M. Gtz, A. Machanavajjhala, G. Wang, X. Xiao, J. Gehrke, “Publishing search logs—a comparative study of privacy guarantees,” IEEE Trans. Knowl. Data. Eng. vol. 24, pp. 520 - 532, 2011.
[35] A. Haeberlen, B. C. Pierce, A. Narayan, “Differential privacy under fire.,” in Proc. 20th USENIX Conf. Security., vol. 33, 2011.
[36] A. Korolova, K. Kenthapadi, N. Mishra, A. Ntoulas, “Releasing search queries and clicks privately,” in Proc. Int’l Conf. World Wide Web, pp. 171–180, 2009.
[37] D. Kifer and A. Machanavajjhala, “No free lunch in data privacy,” in SIGMOD, pp. 193–204, 2011.
[38] J. Østergaard, “Multiple-description lattice vector quantization,” in Ph.D. dissertation, Delft University of Technology. IEEE, 2007.
[39] D. H. M. Schellekens, T. Sherson, and R. Heusdens, “Quantisation effects in PDMM: A first study for synchronous distributed averaging,” in Proc. Int. Conf. Acoust., Speech, Signal Process., pp. 4237–4241, 2017.
[40] J. A. G. Jonkman, T. Sherson, and R. Heusdens, “Quantisation effects in distributed optimisation,” in Proc. Int. Conf. Acoust., Speech, Signal Process., pp. 3649–3653, 2018.
[41] D. Dolev, C. Dwork, O. Waarts, M. Yung, “Perfectly secure message transmission,” J. Assoc. Comput. Mach., vol. 40, no. 1, pp. 17-47,, 1993.
[42] J. Dall and M. Christensen, “Random geometric graphs,” Physical review E, vol. 66, no. 1, pp. 016121, 2002.
[43] N. Gupta, J. Katz, N. Chopra, “Privacy in distributed average consensus,” IFAC-PapersOnLine, vol. 50, no. 1, pp. 9515-9520, 2017.
[44] N. Gupta, J. Kat and N. Chopra, “Statistical privacy in distributed average consensus on bounded real inputs,” in ACC, pp 1836-1841, 2019.
[45] Q. Li, I. Cascudo, and M. G. Christensen, “Privacy-preserving distributed average consensus based on additive secret sharing,” in Proc. Eur. Signal Process. Conf., pp. 1-5, 2019.
[46] E. Nozari, P. Tallapragada, and J. Cortés, “Differentially private average consensus: Obstructions, trade-offs, and optimal algorithm design,” Automatica, vol. 81, pp. 221–231, 2017.
[47] J. He, L. Cai, C. Zhao, P. Cheng, X. Guan, “Privacy-preserving average consensus: privacy analysis and algorithm design,” IEEE Trans. Signal Inf. Process. Netw., vol. 5, no. 1, pp. 127–138, 2019.
[48] M. H. Ruan, M. Ahmad, Y. Q. Wang, “Secure and privacy-preserving average consensus,” in Proc. Workshop Cyber-Phys. Syst. Secur. Privacy, pp. 123-129, 2017.
[49] Y. Mo and R. M. Murray, “Privacy preserving average consensus,” IEEE Trans. Automat Contr., vol. 62, no. 2, pp. 753–765, 2017.