Convergent Differential Privacy Analysis for General Federated Learning

TL;DR

This paper provides a convergent differential privacy analysis for federated learning, demonstrating tight privacy bounds and stability over long-term training using advanced $f$-DP techniques.

Contribution

It introduces a novel $f$-DP based analysis that proves tight privacy bounds for Noisy-FedAvg and stable privacy guarantees for Noisy-FedProx in federated learning.

Findings

Privacy in Noisy-FedAvg converges tightly over time.

Privacy in Noisy-FedProx maintains a stable constant lower bound.

Analysis applies to $(psilon,elta)$-DP and RDP frameworks.

Abstract

The powerful cooperation of federated learning (FL) and differential privacy~(DP) provides a promising paradigm for the large-scale private clients. However, existing analyses in FL-DP mostly rely on the composition theorem and cannot tightly quantify the privacy leakage challenges, which is tight for a few communication rounds but yields an arbitrarily loose and divergent bound eventually. This also implies a counterintuitive judgment, suggesting that FL-DP may not provide adequate privacy support during long-term training under constant-level noisy perturbations, yielding discrepancy between the theoretical and experimental results. To further investigate the convergent privacy and reliability of the FL-DP framework, in this paper, we comprehensively evaluate the worst privacy of two classical methods under the non-convex and smooth objectives based on the $f$-DP analysis. With the aid of the shifted interpolation technique, we successfully prove that privacy in {\ttfamily Noisy-FedAvg} has a tight convergent bound. Moreover, with the regularization of the proxy term, privacy in {\ttfamily Noisy-FedProx} has a stable constant lower bound. Our analysis further demonstrates a solid theoretical foundation for the reliability of privacy in FL-DP. Meanwhile, our conclusions can also be losslessly converted to other classical DP analytical frameworks, e.g. $(\epsilon,\delta)$-DP and R$\acute{\text{e}}$nyi-DP~(RDP), to provide more fine-grained understandings for the FL-DP frameworks.