Yingting Liu,Chaochao Chen,Longfei Zheng,Li Wang,Jun Zhou,Guiquan Liu,Shuang Yang

DOI: https://doi.org/10.48550/arxiv.2002.02091

2020-01-01

Abstract:In this paper, we present a general multiparty modeling paradigm with PrivacyPreserving Principal Component Analysis (PPPCA) for horizontally partitioneddata. PPPCA can accomplish multiparty cooperative execution of PCA under thepremise of keeping plaintext data locally. We also propose implementationsusing two techniques, i.e., homomorphic encryption and secret sharing. Theoutput of PPPCA can be sent directly to data consumer to build any machinelearning models. We conduct experiments on three UCI benchmark datasets and areal-world fraud detection dataset. Results show that the accuracy of the modelbuilt upon PPPCA is the same as the model with PCA that is built based oncentralized plaintext data.

Lingchen Zhao,Qian Wang,Qin Zou,Yan Zhang,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2019.2939713

2018-01-01

Abstract:With powerful parallel computing GPUs and massive user data, neural-network-based deep learning can well exert its strong power in problem modeling and solving, and has archived great success in many applications such as image classification, speech recognition and machine translation etc. While deep learning has been increasingly popular, the problem of privacy leakage becomes more and more urgent. Given the fact that the training data may contain highly sensitive information, e.g., personal medical records, directly sharing them among the users (i.e., participants) or centrally storing them in one single location may pose a considerable threat to user privacy. In this paper, we present a practical privacy-preserving collaborative deep learning system that allows users to cooperatively build a collective deep learning model with data of all participants, without direct data sharing and central data storage. In our system, each participant trains a local model with their own data and only shares model parameters with the others. To further avoid potential privacy leakage from sharing model parameters, we use functional mechanism to perturb the objective function of the neural network in the training process to achieve $\epsilon $ -differential privacy. In particular, for the first time, we consider the existence of unreliable participants , i.e., the participants with low-quality data, and propose a solution to reduce the impact of these participants while protecting their privacy. We evaluate the performance of our system on two well-known real-world datasets for regression and classification tasks. The results demonstrate that the proposed system is robust against unreliable participants, and achieves high accuracy close to the model trained in a traditional centralized manner while ensuring rigorous privacy protection.

Zhiyao Ren,Yibing Zhan,Liang Ding,Gaoang Wang,Chaoyue Wang,Zhongyi Fan,Dacheng Tao

DOI: https://doi.org/10.1609/aaai.v38i5.28267

2024-01-01

Abstract:Denoising Diffusion Probabilistic Models (DDPMs) have achieved significant success in generation tasks. Nevertheless, the exposure bias issue, i.e., the natural discrepancy between the training (the output of each step is calculated individually by a given input) and inference (the output of each step is calculated based on the input iteratively obtained based on the model), harms the performance of DDPMs. To our knowledge, few works have tried to tackle this issue by modifying the training process for DDPMs, but they still perform unsatisfactorily due to 1) partially modeling the discrepancy and 2) ignoring the prediction error accumulation. To address the above issues, in this paper, we propose a multi-step denoising scheduled sampling (MDSS) strategy to alleviate the exposure bias for DDPMs. Analyzing the formulations of the training and inference of DDPMs, MDSS 1) comprehensively considers the discrepancy influence of prediction errors on the output of the model (the Gaussian noise) and the output of the step (the calculated input signal of the next step), and 2) efficiently models the prediction error accumulation by using multiple iterations of a mathematical formulation initialized from one-step prediction error obtained from the model. The experimental results, compared with previous works, demonstrate that our approach is more effective in mitigating exposure bias in DDPM, DDIM, and DPM-solver. In particular, MDSS achieves an FID score of 3.86 in 100 sample steps of DDIM on the CIFAR-10 dataset, whereas the second best obtains 4.78. The code will be available on GitHub.

Christopher A. Choquette-Choo,Natalie Dullerud,Adam Dziedzic,Yunxiang Zhang,Somesh Jha,Nicolas Papernot,Xiao Wang

DOI: https://doi.org/10.48550/arXiv.2102.05188

2021-03-20

Abstract:Machine learning benefits from large training datasets, which may not always be possible to collect by any single entity, especially when using privacy-sensitive data. In many contexts, such as healthcare and finance, separate parties may wish to collaborate and learn from each other's data but are prevented from doing so due to privacy regulations. Some regulations prevent explicit sharing of data between parties by joining datasets in a central location (confidentiality). Others also limit implicit sharing of data, e.g., through model predictions (privacy). There is currently no method that enables machine learning in such a setting, where both confidentiality and privacy need to be preserved, to prevent both explicit and implicit sharing of data. Federated learning only provides confidentiality, not privacy, since gradients shared still contain private information. Differentially private learning assumes unreasonably large datasets. Furthermore, both of these learning paradigms produce a central model whose architecture was previously agreed upon by all parties rather than enabling collaborative learning where each party learns and improves their own local model. We introduce Confidential and Private Collaborative (CaPC) learning, the first method provably achieving both confidentiality and privacy in a collaborative setting. We leverage secure multi-party computation (MPC), homomorphic encryption (HE), and other techniques in combination with privately aggregated teacher models. We demonstrate how CaPC allows participants to collaborate without having to explicitly join their training sets or train a central model. Each party is able to improve the accuracy and fairness of their model, even in settings where each party has a model that performs well on their own dataset or when datasets are not IID and model architectures are heterogeneous across parties.

Machine Learning,Cryptography and Security

Qipan Xu,Youlong Ding,Xinxi Zhang,Jie Gao,Hao Wang

2024-04-22

Abstract:Data privacy protection is garnering increased attention among researchers. Diffusion models (DMs), particularly with strict differential privacy, can potentially produce images with both high privacy and visual quality. However, challenges arise such as in ensuring robust protection in privatizing specific data attributes, areas where current models often fall short. To address these challenges, we introduce the PAC Privacy Preserving Diffusion Model, a model leverages diffusion principles and ensure Probably Approximately Correct (PAC) privacy. We enhance privacy protection by integrating a private classifier guidance into the Langevin Sampling Process. Additionally, recognizing the gap in measuring the privacy of models, we have developed a novel metric to gauge privacy levels. Our model, assessed with this new metric and supported by Gaussian matrix computations for the PAC bound, has shown superior performance in privacy protection over existing leading private generative models according to benchmark tests.

Machine Learning,Artificial Intelligence

Renuga Kanagavelu,Zengxiang Li,Juniarto Samsudin,Yechao Yang,Feng Yang,Rick Siow Mong Goh,Mervyn Cheah,Praewpiraya Wiwatphonthana,Khajonpong Akkarajitsakul,Shangguang Wangz

DOI: https://doi.org/10.48550/arXiv.2005.11901

2020-05-25

Distributed, Parallel, and Cluster Computing

Abstract:Countries across the globe have been pushing strict regulations on the protection of personal or private data collected. The traditional centralized machine learning method, where data is collected from end-users or IoT devices, so that it can discover insights behind real-world data, may not be feasible for many data-driven industry applications in light of such regulations. A new machine learning method, coined by Google as Federated Learning (FL) enables multiple participants to train a machine learning model collectively without directly exchanging data. However, recent studies have shown that there is still a possibility to exploit the shared models to extract personal or confidential data. In this paper, we propose to adopt Multi Party Computation (MPC) to achieve privacy-preserving model aggregation for FL. The MPC-enabled model aggregation in a peer-to-peer manner incurs high communication overhead with low scalability. To address this problem, the authors proposed to develop a two-phase mechanism by 1) electing a small committee and 2) providing MPC-enabled model aggregation service to a larger number of participants through the committee. The MPC enabled FL framework has been integrated in an IoT platform for smart manufacturing. It enables a set of companies to train high quality models collectively by leveraging their complementary data-sets on their own premises, without compromising privacy, model accuracy vis-a-vis traditional machine learning methods and execution efficiency in terms of communication cost and execution time.

TANG Ling-tao,WANG Di,ZHANG Lu-fei,LIU Sheng-yun

DOI: https://doi.org/10.11896/jsjkx.210800108

2022-01-01

Computer Science

Abstract:Federated learning provides a novel solution to collaborative learning among untrusted entities. Through a local-trai-ning-and-central-aggregation pattern,the federated learning algorithm trains a global model while protects local data privacy of each entity. However,recent studies show that local models uploaded by clients and global models produced by the server may still leak users' private information. Secure multi-party computation and differential privacy are two mainstream privacy-preserving techniques,which are used to protect the privacy of computation process and computation outputs respectively. There are few works that exploit the benefits of these two techniques at the same time. This paper proposes a privacy-preserving federated learning scheme for deep learning by combining secure multi-party computation and differential privacy. Clients add noise to local models,and secret share them to multiple servers. Servers aggregate these model shares by secure multi-party computation to obtain a private global model. The proposed scheme not only protects the privacy of local model updates uploaded by clients,but also prevents adversaries from inferring sensitive information from globally shared data such as aggregated models. The scheme also allows dropout of unstable clients and is compatible with complex aggregation functions. In addition,it can be naturally extended to the decentralized setting for real-world applications where no trusted centers exist. We implement our system in Python and Pytorch. Experiments validate that the proposed scheme achieves the same level of efficiency and accuracy as plaintext fede-rated learning.

Huiyong Wang,Tianming Chen,Yong Ding,Yujue Wang,Changsong Yang

DOI: https://doi.org/10.1016/j.csi.2024.103857

IF: 3.721

2024-04-11

Computer Standards & Interfaces

Abstract:In recent years, machine learning techniques have been widely deployed in various fields. However, machine learning faces problems like high computation overhead, low training accuracy, and poor security due to data silos, privacy issues and communication limitations, especially in the environment of cloud computing. Logistic regression (LR) is a popular machine learning method used for prediction, while current LR algorithms suffer from high computation cost and communication burden due to interactions between users and cloud servers. In this paper, we propose a Privacy-Preserving Multi-party Logistic Regression (PPMLR) algorithm, which achieves privacy-preserving and non-interactive gradient descent regression training in machine learning. PPMLR uses the Distributed two Trapdoors Public-Key Cryptosystem (DT-PKC) as a main building block, which satisfies additive homomorphic encryption. Specifically, users go off-line after encrypting local private data, then the service provider ( SP ) trains the global logistic regression model by interacting with the cloud server ( CS ), so that the confidentiality and privacy of user's private data can be guaranteed during the training process. We prove by detailed security proof that PPMLR guarantees data and model privacy. Finally, we conduct experiments on two popular medical datasets from the UCI machine learning repository. The experimental results show that PPMLR can conduct privacy-preserving training efficiently. Comparison with the stat-of-the-art Privacy-Preserving Logistic Regression Algorithm (PPLRA) shows that the model training time is reduced by about 4 times.

computer science, software engineering, hardware & architecture

M.A.P. Chamikara,P. Bertok,I. Khalil,D. Liu,S. Camtepe

DOI: https://doi.org/10.1016/j.comcom.2021.02.014

IF: 5.047

2021-04-01

Computer Communications

Abstract:<p>Edge computing and distributed machine learning have advanced to a level that can revolutionize a particular organization. Distributed devices such as the Internet of Things (IoT) often produce a large amount of data, eventually resulting in big data that can be vital in uncovering hidden patterns, and other insights in numerous fields such as healthcare, banking, and policing. Data related to areas such as healthcare and banking can contain potentially sensitive data that can become public if they are not appropriately sanitized. Federated learning (FedML) is a recently developed distributed machine learning (DML) approach that tries to preserve privacy by bringing the learning of an ML model to data owners'. However, literature shows different attack methods such as membership inference that exploit the vulnerabilities of ML models as well as the coordinating servers to retrieve private data. Hence, FedML needs additional measures to guarantee data privacy. Furthermore, big data often requires more resources than available in a standard computer. This paper addresses these issues by proposing a distributed perturbation algorithm named as DISTPAB, for privacy preservation of horizontally partitioned data. DISTPAB alleviates computational bottlenecks by distributing the task of privacy preservation utilizing the asymmetry of resources of a distributed environment, which can have resource-constrained devices as well as high-performance computers. Experiments show that DISTPAB provides high accuracy, high efficiency, high scalability, and high attack resistance. Further experiments on privacy-preserving FedML show that DISTPAB is an excellent solution to stop privacy leaks in DML while preserving high data utility.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Juexiao Zhou,Longxi Zhou,Di Wang,Xiaopeng Xu,Haoyang Li,Yuetan Chu,Wenkai Han,Xin Gao

DOI: https://doi.org/10.1016/j.compbiomed.2023.107861

IF: 7.7

2023-12-24

Computers in Biology and Medicine

Abstract:Heterogeneous data is endemic due to the use of diverse models and settings of devices by hospitals in the field of medical imaging . However, there are few open-source frameworks for federated heterogeneous medical image analysis with personalization and privacy protection without the demand to modify the existing model structures or to share any private data. Here, we proposed PPPML-HMI, a novel open-source learning paradigm for personalized and privacy-preserving federated heterogeneous medical image analysis. To our best knowledge, personalization and privacy protection were discussed simultaneously for the first time under the federated scenario by integrating the PerFedAvg algorithm and designing the novel cyclic secure aggregation with the homomorphic encryption algorithm. To show the utility of PPPML-HMI, we applied it to a simulated classification task namely the classification of healthy people and patients from the RAD-ChestCT Dataset, and one real-world segmentation task namely the segmentation of lung infections from COVID-19 CT scans . Meanwhile, we applied the improved deep leakage from gradients to simulate adversarial attacks and showed the strong privacy-preserving capability of PPPML-HMI. By applying PPPML-HMI to both tasks with different neural networks, a varied number of users, and sample sizes, we demonstrated the strong generalizability of PPPML-HMI in privacy-preserving federated learning on heterogeneous medical images.

engineering, biomedical,computer science, interdisciplinary applications,mathematical & computational biology,biology

Ismat Jarin,Birhanu Eshete

DOI: https://doi.org/10.1145/3445970.3451156

2021-04-26

Abstract:When multiple parties that deal with private data aim for a collaborative prediction task such as medical image classification, they are often constrained by data protection regulations and lack of trust among collaborating parties. If done in a privacy-preserving manner, predictive analytics can benefit from the collective prediction capability of multiple parties holding complementary datasets on the same machine learning task. This paper presents PRICURE, a system that combines complementary strengths of secure multi-party computation (SMPC) and differential privacy (DP) to enable privacy-preserving collaborative prediction among multiple model owners. SMPC enables secret-sharing of private models and client inputs with non-colluding secure servers to compute predictions without leaking model parameters and inputs. DP masks true prediction results via noisy aggregation so as to deter a semi-honest client who may mount membership inference attacks. We evaluate PRICURE on neural networks across four datasets including benchmark medical image classification datasets. Our results suggest PRICURE guarantees privacy for tens of model owners and clients with acceptable accuracy loss. We also show that DP reduces membership inference attack exposure without hurting accuracy.

Zhiwei An,Jinli Zhang,Zongli Jiang,Jinlian Du,Zhiyi Yin,Chen Li

DOI: https://doi.org/10.1016/j.ymeth.2023.07.006

IF: 4.647

Methods

Abstract:In recent years, healthcare data from various sources such as clinical institutions, patients, and pharmaceutical industries have become increasingly abundant. However, due to the complex healthcare system and data privacy concerns, aggregating and utilizing these data in a centralized manner can be challenging. Federated learning (FL) has emerged as a promising solution for distributed training in edge computing scenarios, utilizing on-device user data while reducing server costs. In traditional FL, a central server trains a global model sampled client data randomly, and the server combines the collected model from different clients into one global model. However, for not independent and identically distributed (non-i.i.d.) datasets, randomly selecting users to train server is not an optimal choice and can lead to poor model training performance. To address this limitation, we propose the Federated Multi-Center Clustering algorithm (FedMCC) to enhance the robustness and accuracy for all clients. FedMCC leverages the Model-Agnostic Meta-Learning (MAML) algorithm, focusing on training a robust base model during the initial training phase and better capturing features from different users. Subsequently, clustering methods are used to ensure that features among users within each cluster are similar, approximating an i.i.d. training process in each round, resulting in more effective training of the global model. We validate the effectiveness and generalizability of FedMCC through extensive experiments on public healthcare datasets. The results demonstrate that FedMCC achieves improved performance and accuracy for all clients while maintaining data privacy and security, showcasing its potential for various healthcare applications.

Chuan Zhang,Liehuang Zhu,Chang Xu,Rongxing Lu

DOI: https://doi.org/10.1016/j.future.2017.09.002

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Disease prediction systems have played an important role in people’s life, since predicting the risk of diseases is essential for people to lead a healthy life. The recent proliferation of data mining techniques has given rise to disease prediction systems. Specifically, with the vast amount of medical data generated every day, Single-Layer Perceptron can be utilized to obtain valuable information to construct a disease prediction system. Although the disease prediction system is quite promising, many challenges may limit it in practical use, including information security and prediction efficiency. In this paper, we propose an efficient and privacy-preserving disease prediction system, called PPDP. In PPDP, patients’ historical medical data are encrypted and outsourced to the cloud server, which can be further utilized to train prediction models by using Single-Layer Perceptron learning algorithm in a privacy-preserving way. The risk of diseases for new coming medical data can be computed based on the prediction models. In particular, PPDP builds on new medical data encryption, disease learning and disease prediction algorithms that novelly utilize random matrices. Security analysis indicates that PPDP offers a required level of privacy protection. In addition, real experiments on different datasets show that computation costs of data encryption, disease learning and disease prediction are several magnitudes lower than existing disease prediction schemes.

Beomyeol Jeon,S.M. Ferdous,Muntasir Raihan Rahman,Anwar Walid

DOI: https://doi.org/10.48550/arXiv.2012.07183

2020-12-29

Abstract:Federated learning is a promising framework for learning over decentralized data spanning multiple regions. This approach avoids expensive central training data aggregation cost and can improve privacy because distributed sites do not have to reveal privacy-sensitive data. In this paper, we develop a privacy-preserving decentralized aggregation protocol for federated learning. We formulate the distributed aggregation protocol with the Alternating Direction Method of Multiplier (ADMM) and examine its privacy weakness. Unlike prior work that use Differential Privacy or homomorphic encryption for privacy, we develop a protocol that controls communication among participants in each round of aggregation to minimize privacy leakage. We establish its privacy guarantee against an honest-but-curious adversary. We also propose an efficient algorithm to construct such a communication pattern, inspired by combinatorial block design theory. Our secure aggregation protocol based on this novel group communication pattern design leads to an efficient algorithm for federated training with privacy guarantees. We evaluate our federated training algorithm on image classification and next-word prediction applications over benchmark datasets with 9 and 15 distributed sites. Evaluation results show that our algorithm performs comparably to the standard centralized federated learning method while preserving privacy; the degradation in test accuracy is only up to 0.73%.

Machine Learning,Distributed, Parallel, and Cluster Computing

Teng Wang,Yao Zhang,Jiangguo Liang,Shuai Wang,Shuanggen Liu

DOI: https://doi.org/10.32604/cmc.2024.048115

2024-01-01

Abstract:With the widespread data collection and processing, privacy-preserving machine learning has become increasingly important in addressing privacy risks related to individuals. Support vector machine (SVM) is one of the most elementary learning models of machine learning. Privacy issues surrounding SVM classifier training have attracted increasing attention. In this paper, we investigate Differential Privacy-compliant Federated Machine Learning with Dimensionality Reduction, called FedDPDR-DPML, which greatly improves data utility while providing strong privacy guarantees. Considering in distributed learning scenarios, multiple participants usually hold unbalanced or small amounts of data. Therefore, FedDPDR-DPML enables multiple participants to collaboratively learn a global model based on weighted model averaging and knowledge aggregation and then the server distributes the global model to each participant to improve local data utility. Aiming at high-dimensional data, we adopt differential privacy in both the principal component analysis (PCA)-based dimensionality reduction phase and SVM classifiers training phase, which improves model accuracy while achieving strict differential privacy protection. Besides, we train Differential privacy (DP)-compliant SVM classifiers by adding noise to the objective function itself, thus leading to better data utility. Extensive experiments on three high-dimensional datasets demonstrate that FedDPDR-DPML can achieve high accuracy while ensuring strong privacy protection.

computer science, information systems,materials science, multidisciplinary

Kwabena Owusu-Agyemang,Zhen Qin,Appiah Benjamin,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.3934/mbe.2021151

2021-03-29

Abstract:Multiple organizations would benefit from collaborative learning models trained over aggregated datasets from various human activity recognition applications without privacy leakages. Two of the prevailing privacy-preserving protocols, secure multi-party computation and differential privacy, however, are still confronted with serious privacy leakages: lack of provision for privacy guarantee about individual data and insufficient protection against inference attacks on the resultant models. To mitigate the aforementioned shortfalls, we propose privacy-preserving architecture to explore the potential of secure multi-party computation and differential privacy. We utilize the inherent prospects of output perturbation and gradient perturbation in our differential privacy method, and progress with an innovation for both techniques in the distributed learning domain. Data owners collaboratively aggregate the locally trained models inside a secure multi-party computation domain in the output perturbation algorithm, and later inject appreciable statistical noise before exposing the classifier. We inject noise during every iterative update to collaboratively train a global model in our gradient perturbation algorithm. The utility guarantee of our gradient perturbation method is determined by an expected curvature relative to the minimum curvature. With the application of expected curvature, we theoretically justify the advantage of gradient perturbation in our proposed algorithm, therefore closing existing gap between practice and theory. Validation of our algorithm on real-world human recognition activity datasets establishes that our protocol incurs minimal computational overhead, provides substantial utility gains for typical security and privacy guarantees.

Meng Hao,Hongwei Li,Guowen Xu,Sen Liu,Haomiao Yang

DOI: https://doi.org/10.1109/icc.2019.8761267

2019-05-01

Abstract:Deep learning has been applied in many areas, such as computer vision, natural language processing and emotion analysis. Differing from the traditional deep learning that collects users’ data centrally, federated deep learning requires participants to train the networks on private datasets and share the training results, and hence has more gratifying efficiency and stronger security. However, it still presents some privacy issues since adversaries can deduce users’ privacy from local outputs, such as gradients. While the problem of private federated deep learning has been an active research issue, the latest research findings are still inadequate in terms of security, accuracy and efficiency. In this paper, we propose an efficient and privacy-preserving federated deep learning protocol based on stochastic gradient descent method by integrating the additively homomorphic encryption with differential privacy. Specifically, users add noises to each local gradients before encrypting them to obtain the optical performance and security. Moreover, our scheme is secure to honest-but-curious server setting even if the cloud server colludes with multiple users. Besides, our scheme supports federated learning for large-scale users scenarios and extensive experiments demonstrate our scheme has high efficiency and high accuracy compared with non-private model.

Guowen Xu,Guanlin Li,Shangwei Guo,Tianwei Zhang,Hongwei Li

DOI: https://doi.org/10.48550/arXiv.2207.04604

2022-07-11

Abstract:Decentralized deep learning plays a key role in collaborative model training due to its attractive properties, including tolerating high network latency and less prone to single-point failures. Unfortunately, such a training mode is more vulnerable to data privacy leaks compared to other distributed training frameworks. Existing efforts exclusively use differential privacy as the cornerstone to alleviate the data privacy threat. However, it is still not clear whether differential privacy can provide a satisfactory utility-privacy trade-off for model training, due to its inherent contradictions. To address this problem, we propose D-MHE, the first secure and efficient decentralized training framework with lossless precision. Inspired by the latest developments in the homomorphic encryption technology, we design a multiparty version of Brakerski-Fan-Vercauteren (BFV), one of the most advanced cryptosystems, and use it to implement private gradient updates of users'local models. D-MHE can reduce the communication complexity of general Secure Multiparty Computation (MPC) tasks from quadratic to linear in the number of users, making it very suitable and scalable for large-scale decentralized learning systems. Moreover, D-MHE provides strict semantic security protection even if the majority of users are dishonest with collusion. We conduct extensive experiments on MNIST and CIFAR-10 datasets to demonstrate the superiority of D-MHE in terms of model accuracy, computation and communication cost compared with existing schemes.

Cryptography and Security

Chuhan Wu,Fangzhao Wu,Tao Qi,Yongfeng Huang,Xing Xie

DOI: https://doi.org/10.21203/rs.3.rs-1682972/v1

2022-01-01

Abstract:Abstract Privacy protection is critical for responsible artificial intelligence. Federated learning is a privacy-aware machine learning paradigm, which is often combined with differential privacy to guarantee privacy protection. Unfortunately, existing methods cannot achieve a satisfactory tradeoff between privacy and utility when the models are large, and their computation and communication costs are also huge. Here, we present a differentially private, efficient, and effective machine learning method named FedPrompt to learn big models in a federated way via prompt tuning. It only learns, perturbs, and exchanges the small prompt models injected into the big models. FedPrompt is validated on five datasets. The results show FedPrompt can achieve 0.5%~34.7% better performance than standard federated learning under same privacy budgets, meanwhile saving 99% of communication cost, 75% of memory, and 64% of training time. FedPrompt offers a new direction to efficiently and effectively distributed machine learning with privacy guarantees.