Gain without Pain: Offsetting DP-injected Nosies Stealthily in Cross-device Federated Learning

TL;DR

This paper introduces NISS, a novel method for offsetting differential privacy noise in federated learning by sharing negated noises among clients, significantly improving model accuracy and privacy protection.

Contribution

The paper proposes NISS, a new noise sharing algorithm that offsets DP noise in federated learning, with theoretical guarantees and practical effectiveness demonstrated through experiments.

Findings

NISS can offset DP noise when clients are trustworthy.

NISS improves model accuracy by 21% on average.

NISS enhances privacy protection with trustworthy clients.

Abstract

Federated Learning (FL) is an emerging paradigm through which decentralized devices can collaboratively train a common model. However, a serious concern is the leakage of privacy from exchanged gradient information between clients and the parameter server (PS) in FL. To protect gradient information, clients can adopt differential privacy (DP) to add additional noises and distort original gradients before they are uploaded to the PS. Nevertheless, the model accuracy will be significantly impaired by DP noises, making DP impracticable in real systems. In this work, we propose a novel Noise Information Secretly Sharing (NISS) algorithm to alleviate the disturbance of DP noises by sharing negated noises among clients. We theoretically prove that: 1) If clients are trustworthy, DP noises can be perfectly offset on the PS; 2) Clients can easily distort negated DP noises to protect themselves in case that other clients are not totally trustworthy, though the cost lowers model accuracy. NISS is particularly applicable for FL across multiple IoT (Internet of Things) systems, in which all IoT devices need to collaboratively train a model. To verify the effectiveness and the superiority of the NISS algorithm, we conduct experiments with the MNIST and CIFAR-10 datasets. The experiment results verify our analysis and demonstrate that NISS can improve model accuracy by 21% on average and obtain better privacy protection if clients are trustworthy.