Abstract
Federated Learning and Analytics (FLA) have seen widespread adoption bytechnology platforms for processing sensitive on-device data. However, basicFLA systems have privacy limitations: they do not necessarily requireanonymization mechanisms like differential privacy (DP), and provide limitedprotections against a potentially malicious service provider. Adding DP to abasic FLA system currently requires either adding excessive noise to eachdevice's updates, or assuming an honest service provider that correctlyimplements the mechanism and only uses the privatized outputs. Securemultiparty computation (SMPC) -based oblivious aggregations can limit theservice provider's access to individual user updates and improve DP tradeoffs,but the tradeoffs are still suboptimal, and they suffer from scalabilitychallenges and susceptibility to Sybil attacks. This paper introduces a novelsystem architecture that leverages trusted execution environments (TEEs) andopen-sourcing to both ensure confidentiality of server-side computations andprovide externally verifiable privacy properties, bolstering the robustness andtrustworthiness of private federated computations.