Make Landscape Flatter in Differentially Private Federated Learning

TL;DR

This paper introduces DP-FedSAM, a novel differentially private federated learning algorithm that uses Sharpness Aware Minimization to produce flatter models, improving robustness and performance under privacy constraints.

Contribution

The paper proposes DP-FedSAM, integrating SAM into DPFL to create flatter models, with theoretical analysis and empirical validation showing improved robustness and accuracy.

Findings

DP-FedSAM achieves state-of-the-art performance in DPFL.

The method produces flatter loss landscapes and better robustness.

Theoretical analysis confirms mitigation of DP-induced performance degradation.

Abstract

To defend the inference attacks and mitigate the sensitive information leakages in Federated Learning (FL), client-level Differentially Private FL (DPFL) is the de-facto standard for privacy protection by clipping local updates and adding random noise. However, existing DPFL methods tend to make a sharper loss landscape and have poorer weight perturbation robustness, resulting in severe performance degradation. To alleviate these issues, we propose a novel DPFL algorithm named DP-FedSAM, which leverages gradient perturbation to mitigate the negative impact of DP. Specifically, DP-FedSAM integrates Sharpness Aware Minimization (SAM) optimizer to generate local flatness models with better stability and weight perturbation robustness, which results in the small norm of local updates and robustness to DP noise, thereby improving the performance. From the theoretical perspective, we analyze in detail how DP-FedSAM mitigates the performance degradation induced by DP. Meanwhile, we give rigorous privacy guarantees with R\'enyi DP and present the sensitivity analysis of local updates. At last, we empirically confirm that our algorithm achieves state-of-the-art (SOTA) performance compared with existing SOTA baselines in DPFL. Code is available at https://github.com/YMJS-Irfan/DP-FedSAM