The Distributed Discrete Gaussian Mechanism for Federated Learning with Secure Aggregation

TL;DR

This paper introduces a discrete Gaussian mechanism for federated learning that ensures privacy through secure aggregation, discretization, and noise addition, achieving near-central privacy guarantees with minimal precision overhead.

Contribution

It presents a novel end-to-end system with a new privacy analysis for discrete Gaussian sums, balancing communication, privacy, and accuracy in federated learning.

Findings

Achieves accuracy comparable to central differential privacy with less than 16 bits of precision.

Provides a new privacy analysis for sums of discrete Gaussians.

Demonstrates effective privacy-utility trade-offs in federated settings.

Abstract

We consider training models on private data that are distributed across user devices. To ensure privacy, we add on-device noise and use secure aggregation so that only the noisy sum is revealed to the server. We present a comprehensive end-to-end system, which appropriately discretizes the data and adds discrete Gaussian noise before performing secure aggregation. We provide a novel privacy analysis for sums of discrete Gaussians and carefully analyze the effects of data quantization and modular summation arithmetic. Our theoretical guarantees highlight the complex tension between communication, privacy, and accuracy. Our extensive experimental results demonstrate that our solution is essentially able to match the accuracy to central differential privacy with less than 16 bits of precision per value.