Implement budget privacy on Node and Researcher side (central and local)
Budget privacy is currently implemented as an example in the Monai Image Registration (LDP, CDP) notebook.
In the notebook, budget privacy actions/methods calculates the max number of rounds (respecting the budget privacy) based on min data size in the nodes and the number of epochs at each round. If researcher requests more rounds than it is allowed to, notebook does not assert exp.run
. This implementation is a prototype for future implementations.
Possible future implementation:
-
To be more secure, number of rounds should be controlled on the node side. Privacy budget should be calculated on the node side before performing the training. This implementation requires node to know the participants of the federated training and the memory of the experiment. We can follow two approach;
1 - Share experiment data through researcher with the train request. Drawback: Sharing this information through researcher may not be safe since train request and the message can be mimicked by the user/researcher.2 - Nodes communicate each other to verify experiment parameters that is going to be executed. Thanks to this communication nodes will very the nodes participates to the training by providing structural information of the dataset and the current round number.
-
Another solution comes with using central aggregator/researcher where orchestration of federated training is manged where researcher/user doesn't have direct access). Thanks to this approach the memory of the experiment will be kept in the central aggregator/researcher. This will allow to calculate budget privacy in every train request and allow or don't allow training.
Local privacy spent: privacy spent at each iteration of training:
DPController
class has a method called assess_budget_locally
that is written in order to calculate privacy spent at each iteration of the training. This method return two parameters as epsilon
and alpha
. These two parameters should be used to decide if training should continue.