1: \begin{abstract}

2: \Ac{DL} enables collaborative learning without a server and without training data leaving the users' devices.

3: However, the models shared in DL can still be used to infer training data.

4: Conventional privacy defenses such as differential privacy and secure aggregation fall short in effectively safeguarding user privacy in \ac{DL}.

5: We introduce \sys, a novel DL approach in which nodes create \acp{VN} to disseminate chunks of their full model on their behalf.

6: This enhances privacy by 

7: \begin{enumerate*}[label=\emph{(\roman*)}]

8: 	\item preventing attackers from collecting full models from other nodes, and 

9: 	\item hiding the identity of the original node that produced a given model chunk.

10: \end{enumerate*}

11: We theoretically prove the convergence of \sys and provide a formal analysis demonstrating how \sys reduces the efficacy of attacks compared to when exchanging full models between participating nodes.

12: We evaluate the convergence and attack resilience of \sys with existing DL algorithms, with heterogeneous datasets, and against three standard privacy attacks, including gradient inversion.

13: Our evaluation shows that \sys not only renders these privacy attacks infeasible when each node operates 16 VNs but also exhibits a positive impact on model convergence compared to standard \ac{DL}.

14: This enhanced privacy comes with a manageable increase in communication volume.

15: \end{abstract}

16: