Towards the Flatter Landscape and Better Generalization in Federated Learning under Client-level Differential Privacy

TL;DR

This paper introduces DP-FedSAM, a novel differentially private federated learning algorithm that uses sharpness-aware minimization to produce flatter models, enhancing robustness and performance under privacy constraints.

Contribution

The paper proposes DP-FedSAM, integrating SAM optimizer into DPFL to improve model stability and robustness, along with a sparsification variant and comprehensive theoretical analysis.

Findings

Achieves state-of-the-art performance in DPFL

Produces flatter models with better generalization

Demonstrates improved robustness to DP noise

Abstract

To defend the inference attacks and mitigate the sensitive information leakages in Federated Learning (FL), client-level Differentially Private FL (DPFL) is the de-facto standard for privacy protection by clipping local updates and adding random noise. However, existing DPFL methods tend to make a sharp loss landscape and have poor weight perturbation robustness, resulting in severe performance degradation. To alleviate these issues, we propose a novel DPFL algorithm named DP-FedSAM, which leverages gradient perturbation to mitigate the negative impact of DP. Specifically, DP-FedSAM integrates Sharpness Aware Minimization (SAM) optimizer to generate local flatness models with improved stability and weight perturbation robustness, which results in the small norm of local updates and robustness to DP noise, thereby improving the performance. To further reduce the magnitude of random noise while achieving better performance, we propose DP-FedSAM-$top_k$ by adopting the local update sparsification technique. From the theoretical perspective, we present the convergence analysis to investigate how our algorithms mitigate the performance degradation induced by DP. Meanwhile, we give rigorous privacy guarantees with R\'enyi DP, the sensitivity analysis of local updates, and generalization analysis. At last, we empirically confirm that our algorithms achieve state-of-the-art (SOTA) performance compared with existing SOTA baselines in DPFL.