Differentially Private Federated Learning: A Systematic Review | AI Security Portal

JA

JA

EN

TOP Literature Database Differentially Private Federated Learning: A Systematic Review

arxiv

Differentially Private Federated Learning: A Systematic Review

AI Security Portal bot

Information in the literature database is collected automatically.

Source

https://arxiv.org/abs/2405.08299

PDF

https://arxiv.org/pdf/2405.08299

Paper Information

Author: Jie Fu,Yuan Hong,Xinpeng Ling,Leixia Wang,Xun Ran,Zhiyu Sun,Wendy Hui Wang,Zhili Chen,Yang Cao
Published: 5-14-2024
Updated: 10-2-2025
Affiliation: Stevens Institute of Technology
Country: United States of America
Conference

Labels Estimated by AI

Privacy Protection Method Poisoning Communication Efficiency

These labels were automatically added by AI and may be inaccurate.
For details, see About Literature Database.

Abstract

In recent years, privacy and security concerns in machine learning have promoted trusted federated learning to the forefront of research. Differential privacy has emerged as the de facto standard for privacy protection in federated learning due to its rigorous mathematical foundation and provable guarantee. Despite extensive research on algorithms that incorporate differential privacy within federated learning, there remains an evident deficiency in systematic reviews that categorize and synthesize these studies. Our work presents a systematic overview of the differentially private federated learning. Existing taxonomies have not adequately considered objects and level of privacy protection provided by various differential privacy models in federated learning. To rectify this gap, we propose a new taxonomy of differentially private federated learning based on definition and guarantee of various differential privacy models and federated scenarios. Our classification allows for a clear delineation of the protected objects across various differential privacy models and their respective neighborhood levels within federated learning environments. Furthermore, we explore the applications of differential privacy in federated learning scenarios. Our work provide valuable insights into privacy-preserving federated learning and suggest practical directions for future research.

External Datasets

Dataset of Hospital K

References

Proceedings of the 2016 ACM SIGSAC conference on computer and communications security

Deep learning with differential privacy

Martin Abadi, Andy Chu, Ian Goodfellow, H Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang

Published: 2016

Proceedings of the AAAI Conference on Artificial Intelligence

Little is Enough: Boosting Privacy by Sharing Only Hard Labels in Federated Semi-Supervised Learning

Amr Abourayya, Jens Kleesiek, Kanishka Rao, Erman Ayday, Bharat Rao, Geoffrey I Webb, Michael Kamp

Published: 2025

Conference on Neural Information Processing Systems (NeurIPS)

The Skellam Mechanism for Differentially Private Federated Learning

Naman Agarwal, Peter Kairouz, Ziyu Liu

Published: 10.11.2021

We introduce the multi-dimensional Skellam mechanism, a discrete differential privacy mechanism based on the difference of two independent Poisson random variables. To quantify its privacy guarantees, we analyze the privacy loss distribution via a numerical evaluation and provide a sharp bound on the R\'enyi divergence between two shifted Skellam distributions. While useful in both centralized and distributed privacy applications, we investigate how it can be applied in the context of federated learning with secure aggregation under communication constraints. Our theoretical findings and extensive experimental evaluations demonstrate that the Skellam mechanism provides the same privacy-accuracy trade-offs as the continuous Gaussian mechanism, even when the precision is low. More importantly, Skellam is closed under summation and sampling from it only requires sampling from a Poisson distribution -- an efficient routine that ships with all machine learning and data analysis software packages. These features, along with its discrete nature and competitive privacy-accuracy trade-offs, make it an attractive practical alternative to the newly introduced discrete Gaussian mechanism.

Federated Learning Privacy Violation Distributed Learning

Proc. NeurIPS

cpsgd: Communication-efficient and differentially-private distributed SGD

Naman Agarwal, Ananda Theertha Suresh, Felix X. Yu, Sanjiv Kumar, Brendan McMahan

Published: 2018

Federated collaborative filtering for privacy-preserving personalized recommendation system

Muhammad Ammad-Ud-Din, Elena Ivannikova, Suleiman A Khan, Were Oyomno, Qiang Fu, Kuan Eeik Tan, Adrian Flanagan

Published: 2019

Advances in Neural Information Processing Systems

Differentially private learning with adaptive clipping

Galen Andrew, Om Thakkar, Brendan McMahan, Swaroop Ramaswamy

Published: 2021

International Conference on Artificial Intelligence and Statistics

Hypothesis testing interpretations and renyi differential privacy

Borja Balle, Gilles Barthe, Marco Gaboardi, Justin Hsu, Tetsuya Sato

Published: 2020

Advances in Cryptology–CRYPTO 2019

The privacy blanket of the shuffle model

Borja Balle, James Bell, Adrià Gascón, Kobbi Nissim

Published: 2019

34th USENIX Security Symposium

Unlocking the Power of Differentially Private Zeroth-order Optimization for Fine-tuning {LLMs}

Ergute Bao, Yangfan Jiang, Fei Wei, Xiaokui Xiao, Zitao Li, Yaliang Li, Bolin Ding

Published: 2025

International Conference on Machine Learning (ICML)

Personalization Improves Privacy-Accuracy Tradeoffs in Federated Learning

Alberto Bietti, Chen-Yu Wei, Miroslav Dudík, John Langford, Zhiwei Steven Wu

Published: 2.11.2022

Large-scale machine learning systems often involve data distributed across a collection of users. Federated learning algorithms leverage this structure by communicating model updates to a central server, rather than entire datasets. In this paper, we study stochastic optimization algorithms for a personalized federated learning setting involving local and global models subject to user-level (joint) differential privacy. While learning a private global model induces a cost of privacy, local learning is perfectly private. We provide generalization guarantees showing that coordinating local learning with private centralized learning yields a generically useful and improved tradeoff between accuracy and privacy. We illustrate our theoretical results with experiments on synthetic and real-world datasets.

Privacy Risk Management Algorithm Design Privacy Enhancing Protocol

Proceedings of the 26th Symposium on Operating Systems Principles

Prochlo: Strong privacy for analytics in the crowd

Andrea Bittau, Ulfar Erlingsson, Petros Maniatis, Ilya Mironov, Ananth Raghunathan, David Lie, Mitch Rudominer, Ushasree Kode, Julien Tinnes, Bernhard Seefeld

Published: 2017