{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T02:03:41Z","timestamp":1780452221429,"version":"3.54.1"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2024,5,17]],"date-time":"2024-05-17T00:00:00Z","timestamp":1715904000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Intell. Syst. Technol."],"published-print":{"date-parts":[[2024,6,30]]},"abstract":"<jats:p>\n            In federated learning, benign participants aim to optimize a global model collaboratively. However, the risk of\n            <jats:italic>privacy leakage<\/jats:italic>\n            cannot be ignored in the presence of\n            <jats:italic>semi-honest<\/jats:italic>\n            adversaries. Existing research has focused either on designing protection mechanisms or on inventing attacking mechanisms. While the battle between defenders and attackers seems never-ending, we are concerned with one critical question: Is it possible to prevent potential attacks in advance? To address this, we propose the first game-theoretic framework that considers both FL defenders and attackers in terms of their respective payoffs, which include computational costs, FL model utilities, and privacy leakage risks. We name this game the federated learning privacy game (FLPG), in which neither defenders nor attackers are aware of all participants\u2019 payoffs. To handle the\n            <jats:italic>incomplete information<\/jats:italic>\n            inherent in this situation, we propose associating the FLPG with an\n            <jats:italic>oracle<\/jats:italic>\n            that has two primary responsibilities. First, the oracle provides lower and upper bounds of the payoffs for the players. Second, the oracle acts as a correlation device, privately providing suggested actions to each player. With this novel framework, we analyze the optimal strategies of defenders and attackers. Furthermore, we derive and demonstrate conditions under which the attacker, as a rational decision-maker, should always follow the oracle\u2019s suggestion\n            <jats:italic>not to attack<\/jats:italic>\n            .\n          <\/jats:p>","DOI":"10.1145\/3656049","type":"journal-article","created":{"date-parts":[[2024,4,10]],"date-time":"2024-04-10T12:25:23Z","timestamp":1712751923000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["A Game-theoretic Framework for Privacy-preserving Federated Learning"],"prefix":"10.1145","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9065-6852","authenticated-orcid":false,"given":"Xiaojin","family":"Zhang","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8162-7096","authenticated-orcid":false,"given":"Lixin","family":"Fan","sequence":"additional","affiliation":[{"name":"AI Group, WeBank Co., Ltd, Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0940-0162","authenticated-orcid":false,"given":"Siwei","family":"Wang","sequence":"additional","affiliation":[{"name":"Microsoft Research Asia, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2717-9031","authenticated-orcid":false,"given":"Wenjie","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University Graduate School at Shenzhen, Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2587-6028","authenticated-orcid":false,"given":"Kai","family":"Chen","sequence":"additional","affiliation":[{"name":"Hong Kong University of Science and Technology School of Engineering, Hong Kong, Hong Kong"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5059-8360","authenticated-orcid":false,"given":"Qiang","family":"Yang","sequence":"additional","affiliation":[{"name":"WeBank, Hong Kong, Hong Kong and HKUST, Hong Kong, Hong Kong"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,5,17]]},"reference":[{"key":"e_1_3_4_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_4_3_2","doi-asserted-by":"crossref","unstructured":"Michele Aghassi and Dimitris Bertsimas. 2006. Robust game theory. Math. Program. 107 1 (2006) 231\u2013273.","DOI":"10.1007\/s10107-005-0686-0"},{"key":"e_1_3_4_4_2","unstructured":"Hilal Asi Jonathan Ullman and Lydia Zakynthinou. 2023. From robustness to privacy and back. arXiv preprint arXiv:2302.01855 (2023)."},{"key":"e_1_3_4_5_2","doi-asserted-by":"crossref","unstructured":"Robert J. Aumann. 1974. Subjectivity and correlation in randomized strategies. J. Math. Econ. 1 1 (1974) 67\u201396.","DOI":"10.1016\/0304-4068(74)90037-8"},{"key":"e_1_3_4_6_2","doi-asserted-by":"crossref","unstructured":"Adriana D. Correia and Henk T. C. Stoof. 2019. Nash equilibria in the response strategy of correlated games. Scient. Rep. 9 1 (2019) 1\u20138.","DOI":"10.1038\/s41598-018-36562-2"},{"key":"e_1_3_4_7_2","unstructured":"Kate Donahue and Jon Kleinberg. 2020. Model-sharing games: Analyzing federated learning under voluntary participation. arXiv preprint arXiv:2010.00753 (2020)."},{"key":"e_1_3_4_8_2","doi-asserted-by":"crossref","first-page":"1401","DOI":"10.1109\/Allerton.2012.6483382","volume-title":"Proceedings of the 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton\u201912)","author":"Calmon Fl\u00e1vio du Pin","year":"2012","unstructured":"Fl\u00e1vio du Pin Calmon and Nadia Fawaz. 2012. Privacy against statistical inference. In Proceedings of the 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton\u201912). IEEE, 1401\u20131408."},{"key":"e_1_3_4_9_2","unstructured":"John Duchi Elad Hazan and Yoram Singer. 2011. Adaptive subgradient methods for online learning and stochastic optimization. J. Mach. Learn. Res. 12 7 (2011)."},{"key":"e_1_3_4_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_4_11_2","unstructured":"Jonas Geiping Hartmut Bauermeister Hannah Dr\u00f6ge and Michael Moeller. 2020. Inverting gradients\u2013How easy is it to break privacy in federated learning? arXiv preprint arXiv:2003.14053 (2020)."},{"key":"e_1_3_4_12_2","volume-title":"A Fully Homomorphic Encryption Scheme","author":"Gentry Craig","year":"2009","unstructured":"Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Stanford University."},{"key":"e_1_3_4_13_2","unstructured":"Robin C. Geyer Tassilo Klein and Moin Nabi. 2017. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 (2017)."},{"key":"e_1_3_4_14_2","unstructured":"Hanlin Gu Lixin Fan Bowen Li Yan Kang Yuan Yao and Qiang Yang. 2021. Federated deep learning with Bayesian privacy. arXiv preprint arXiv:2109.13012 (2021)."},{"key":"e_1_3_4_15_2","doi-asserted-by":"crossref","unstructured":"Otkrist Gupta and Ramesh Raskar. 2018. Distributed learning of deep neural network over multiple agents. J. Netw. Comput. Applic. 116 (2018) 1\u20138.","DOI":"10.1016\/j.jnca.2018.05.003"},{"key":"e_1_3_4_16_2","doi-asserted-by":"crossref","unstructured":"John C. Harsanyi. 1967. Games with incomplete information played by \u201cBayesian\u201d players I\u2013III Part I. The basic model. Manag. Sci. 14 3 (1967) 159\u2013182.","DOI":"10.1287\/mnsc.14.3.159"},{"key":"e_1_3_4_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359824"},{"key":"e_1_3_4_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_3_4_19_2","unstructured":"Peter Kairouz Mehdi Bennis H. Brendan McMahan Arjun Nitin Bhagoji Brendan Avent Kallista Bonawitz Aur\u00e9lien Bellet Zachary Charles Graham Cormode Rachel Cummings Rafael G.L. D.Oliveira Hubert Eichner Zachary Garrett Salim El Rouayheb David Evans Adri\u00e0 Gasc\u00f3n Badih Ghazi Josh Gardner Phillip B. Gibbons Marco Gruteser Zaid Harchaoui Chaoyang He Lie He Zhouyuan Huo Gauri Joshi Farinaz Koushanfar Prateek Mittal Rasmus Pagh Mariana Raykova Ziteng Sun Jianyu Wang Ben Hutchinson Mikhail Khodak Justin Hsu Jakub Kone\u010dn\u00fd Martin Jaggi Tara Javidi Sanmi Koyejo Tancr\u00e8de Lepoint Mehryar Mohri Richard Nock Hang Qi Dawn Song Ananda Theertha Suresh Li Xiong Zheng Xu Daniel Ramage Weikang Song Florian Tram\u00e8r Qiang Yang Aleksandra Korolova Yang Liu Ayfer \u00d6zg\u00fcr Ramesh Raskar Sebastian U. Stich Praneeth Vepakomma Han Yu Felix X. Yu Sen Zhao.. 2019. Advances and open problems in federated learning. arXiv preprint arXiv:1912.04977 (2019)."},{"key":"e_1_3_4_20_2","doi-asserted-by":"crossref","unstructured":"Shizuo Kakutani. 1941. A generalization of Brouwer\u2019s fixed point theorem. Duke Math. J. 8 3 (1941) 457\u2013459.","DOI":"10.1215\/S0012-7094-41-00838-4"},{"key":"e_1_3_4_21_2","unstructured":"Yan Kang Jiahuan Luo Yuanqin He Xiaojin Zhang Lixin Fan and Qiang Yang. 2022. A framework for evaluating privacy-utility trade-off in vertical federated learning. arXiv preprint arXiv:2209.03885 (2022)."},{"key":"e_1_3_4_22_2","volume-title":"Proceedings of the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (PKDD\u201907)","author":"Kargupta Hillol","year":"2007","unstructured":"Hillol Kargupta, Kamalika Das, and Kun Liu. 2007. A game theoretic approach toward multi-party privacy-preserving distributed data mining. In Proceedings of the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (PKDD\u201907). Citeseer."},{"key":"e_1_3_4_23_2","unstructured":"Diederik P. Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)."},{"key":"e_1_3_4_24_2","unstructured":"Jakub Kone\u010dn\u1ef3 H. Brendan McMahan Daniel Ramage and Peter Richt\u00e1rik. 2016. Federated optimization: Distributed machine learning for on-device intelligence. arXiv preprint arXiv:1610.02527 (2016)."},{"key":"e_1_3_4_25_2","unstructured":"Jakub Kone\u010dn\u1ef3 H. Brendan McMahan Felix X. Yu Peter Richt\u00e1rik Ananda Theertha Suresh and Dave Bacon. 2016. Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492 (2016)."},{"key":"e_1_3_4_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63076-8_1"},{"key":"e_1_3_4_27_2","first-page":"1273","volume-title":"Artificial Intelligence and Statistics","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273\u20131282."},{"key":"e_1_3_4_28_2","unstructured":"H. Brendan McMahan Eider Moore Daniel Ramage and Blaise Ag\u00fcera y Arcas. 2016. Federated learning of deep networks using model averaging. arXiv preprint arXiv:1602.05629 (2016)."},{"key":"e_1_3_4_29_2","doi-asserted-by":"crossref","unstructured":"Stephen Morris. 1995. The common prior assumption in economic theory. Econ. Philos. 11 2 (1995) 227\u2013253.","DOI":"10.1017\/S0266267100003382"},{"key":"e_1_3_4_30_2","volume-title":"Game Theory: Analysis of Conflict","author":"Myerson Roger B.","year":"1997","unstructured":"Roger B. Myerson. 1997. Game Theory: Analysis of Conflict. Harvard University Press."},{"key":"e_1_3_4_31_2","doi-asserted-by":"crossref","unstructured":"John Nash. 1951. Non-cooperative games. Ann. Math. (1951) 286\u2013295.","DOI":"10.2307\/1969529"},{"key":"e_1_3_4_32_2","doi-asserted-by":"crossref","unstructured":"John F. Nash Jr. 1950. Equilibrium points in n-person games. Proc. Nat\u2019l Acad. Sci. 36 1 (1950) 48\u201349.","DOI":"10.1073\/pnas.36.1.48"},{"key":"e_1_3_4_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813687"},{"key":"e_1_3_4_34_2","unstructured":"Chandra Thapa Mahawaga Arachchige Pathum Chamikara and Seyit Camtepe. 2020. SplitFed: When federated learning meets split learning. arXiv preprint arXiv:2004.12088 (2020)."},{"key":"e_1_3_4_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/3378679.3394533"},{"key":"e_1_3_4_36_2","unstructured":"Xuezhen Tu Kun Zhu Nguyen Cong Luong Dusit Niyato Yang Zhang and Juan Li. 2021. Incentive mechanisms for federated learning: From economic and game theoretic perspective. arXiv preprint arXiv:2111.11850 (2021)."},{"key":"e_1_3_4_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737416"},{"key":"e_1_3_4_38_2","doi-asserted-by":"crossref","unstructured":"Ningbo Wu Changgen Peng and Kun Niu. 2020. A privacy-preserving game model for local differential privacy by using information-theoretic approach. IEEE Access 8 (2020) 216741\u2013216751.","DOI":"10.1109\/ACCESS.2020.3041854"},{"key":"e_1_3_4_39_2","unstructured":"Xiaotong Wu Taotao Wu Maqbool Khan Qiang Ni and Wanchun Dou. 2017. Game theory based correlated privacy preserving analysis in big data. IEEE Trans. Big Data 7 4 (2017) 643\u2013656."},{"key":"e_1_3_4_40_2","doi-asserted-by":"crossref","unstructured":"Qiang Yang Yang Liu Tianjian Chen and Yongxin Tong. 2019. Federated machine learning: Concept and applications. ACM Trans. Intell. Syst. Technol. 10 2 (2019) 1\u201319.","DOI":"10.1145\/3298981"},{"key":"e_1_3_4_41_2","doi-asserted-by":"crossref","unstructured":"Yufeng Zhan Peng Li Zhihao Qu Deze Zeng and Song Guo. 2020. A learning-based incentive mechanism for federated learning. IEEE Internet Things J. 7 7 (2020) 6360\u20136368.","DOI":"10.1109\/JIOT.2020.2967772"},{"key":"e_1_3_4_42_2","first-page":"493","volume-title":"Proceedings of the Annual Technical Conference (USENIX ATC\u201920)","author":"Zhang Chengliang","year":"2020","unstructured":"Chengliang Zhang, Suyi Li, Junzhe Xia, Wei Wang, Feng Yan, and Yang Liu. 2020. BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning. In Proceedings of the Annual Technical Conference (USENIX ATC\u201920). USENIX Association, 493\u2013506. Retrieved from: https:\/\/www.usenix.org\/conference\/atc20\/presentation\/zhang-chengliang"},{"key":"e_1_3_4_43_2","unstructured":"Xiaojin Zhang Kai Chen and Qiang Yang. 2023. Towards achieving near-optimal utility for privacy-preserving federated learning via data generation and parameter distortion. arXiv preprint arXiv:2305.04288 (2023)."},{"key":"e_1_3_4_44_2","doi-asserted-by":"crossref","unstructured":"Xiaojin Zhang Hanlin Gu Lixin Fan Kai Chen and Qiang Yang. 2022. No free lunch theorem for security and utility in federated learning. ACM Trans. Intell. Syst. Technol. 14 1 (2022) 1\u201335.","DOI":"10.1145\/3563219"},{"key":"e_1_3_4_45_2","unstructured":"Xiaojin Zhang Anbu Huang Lixin Fan Kai Chen and Qiang Yang. 2023. Probably approximately correct federated learning. arXiv preprint arXiv:2304.04641 (2023)."},{"key":"e_1_3_4_46_2","doi-asserted-by":"crossref","unstructured":"Xiaojin Zhang Yan Kang Kai Chen Lixin Fan and Qiang Yang. 2023. Trading off privacy utility and efficiency in federated learning. ACM Transactions on Intelligent Systems and Technology 14 6 (2023) 1\u201332.","DOI":"10.1145\/3595185"},{"key":"e_1_3_4_47_2","doi-asserted-by":"crossref","unstructured":"Xiaojin Zhang Yan Kang Lixin Fan Kai Chen and Qiang Yang. 2023. A meta-learning framework for tuning parameters of protection mechanisms in trustworthy federated learning. arXiv preprint arXiv:2305.18400 (2023).","DOI":"10.1145\/3652612"},{"key":"e_1_3_4_48_2","unstructured":"Xiaojin Zhang Wenjie Li Kai Chen Shutao Xia and Qiang Yang. 2023. Theoretically principled federated learning for balancing privacy and utility. arXiv preprint arXiv:2305.15148 (2023)."},{"key":"e_1_3_4_49_2","unstructured":"Bo Zhao Konda Reddy Mopuri and Hakan Bilen. 2020. iDLG: Improved deep leakage from gradients. arXiv preprint arXiv:2001.02610 (2020)."},{"key":"e_1_3_4_50_2","first-page":"4160","volume-title":"Proceedings of the 34th International Conference on Machine Learning (Proceedings of Machine Learning Research)","volume":"70","author":"Zhou Yichi","year":"2017","unstructured":"Yichi Zhou, Jialian Li, and Jun Zhu. 2017. Identify the Nash equilibrium in static games with random payoffs. In Proceedings of the 34th International Conference on Machine Learning (Proceedings of Machine Learning Research), Doina Precup and Yee Whye Teh (Eds.), Vol. 70. PMLR, 4160\u20134169. Retrieved from: https:\/\/proceedings.mlr.press\/v70\/zhou17b.html"},{"key":"e_1_3_4_51_2","first-page":"17","volume-title":"Federated Learning","author":"Zhu Ligeng","year":"2020","unstructured":"Ligeng Zhu and Song Han. 2020. Deep leakage from gradients. In Federated Learning. Springer, 17\u201331."},{"key":"e_1_3_4_52_2","volume-title":"Proceedings of the Annual Conference on Neural Information Processing Systems (NeurIPS\u201919)","author":"Zhu Ligeng","year":"2019","unstructured":"Ligeng Zhu, Zhijian Liu, and Song Han. 2019. Deep leakage from gradients. In Proceedings of the Annual Conference on Neural Information Processing Systems (NeurIPS\u201919)."},{"key":"e_1_3_4_53_2","unstructured":"Ligeng Zhu Zhijian Liu and Song Han. 2019. Deep leakage from gradients. Adv. Neural Inf. Process. Syst. 32 (2019)."}],"container-title":["ACM Transactions on Intelligent Systems and Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3656049","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3656049","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:03:48Z","timestamp":1750291428000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3656049"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,17]]},"references-count":52,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,6,30]]}},"alternative-id":["10.1145\/3656049"],"URL":"https:\/\/doi.org\/10.1145\/3656049","relation":{},"ISSN":["2157-6904","2157-6912"],"issn-type":[{"value":"2157-6904","type":"print"},{"value":"2157-6912","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,5,17]]},"assertion":[{"value":"2023-04-11","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-12-06","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-05-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}