I'm also Jewish, and I have to say the last paragraph at of that blog at least is blatantly antisemitic. On the other hand, it is from 2007, so I don't think we need to destroy this guy's career over it. An apology would go a long way.
You're thinking of "somewhat homomorphic encryption", which is homomorphic encryption that can support both addition/OR and multiplication/AND, but only in circuits of a limited depth. The original FHE paper did indeed prove that you can rework any "somewhat homomorphic" system into a fully homomorphic one.
Partially homomorphic encryption is different because it really only enables one of those two types of operations. For example, Pallier encryption has the property that Enc(A) + Enc(B) = Enc(A+B), but there's no way to go from Enc(A) and Enc(B) to Enc(A×B).
I definitely recommend reading more about it because I’m not the best at explaining it. But differential privacy (without federated learning) is what Apple has been doing.
Do you have a specific technical criticism of the secure aggregation protocol? That’s what’s supposed to make it impossible to deduce the data from model updates. Or is your concern something else?
You’re not wrong, but it does say those privacy risks can be mitigated with differential privacy. That McMahan et al. paper (which is also Google) makes the accuracy cost seem low.
Secure aggregation isn’t meaningless, but you’re right that it’s the wrong tool for the problem you’re talking about. The right tool is differential privacy.
Differential privacy is exactly meant for this, in fact. Differential privacy adds a certain amount of randomly-generated noise to client inputs. The result is that, statistically speaking, it’s impossible to tell the difference between a model with your data in it and a model without your data in it.
Arguably the reason the comic doesn’t mention differential privacy is that it’s neither new nor invented at Google. Or maybe just because it’s not technically part of federated learning. But the “federated learning at scale” paper Google put out mentions it, and says they have implemented DP techniques.
Fully homomorphic encryption, in which you can do arbitrary computation on encrypted data, is still quite slow. But partially homomorphic decryption, in which you can add encrypted values together but not multiply (or vice versa), is quite efficient. And since the secure aggregation protocol only needs to add together encrypted values to get an average, it only needs partially homomorphic encryption properties.