Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differentially Private Low-Rank Adaptation of Large Language Model Using Federated Learning

Xiao-Yang Liu, Rongyi Zhu, Daochen Zha, Jiechao Gao, Shan Zhong, Matt White, Meikang Qiu

TL;DR

This work tackles privacy-preserving, domain-specific fine-tuning of large language models by marrying federated learning with differential privacy and low-rank adaptation. The proposed DP-LoRA algorithm injects Gaussian noise into the learned low-rank adapters during distributed training, achieving $(\epsilon,\delta)$-DP while dramatically reducing communication by updating compact factors $\mathbf{A}$ and $\mathbf{B}$ instead of full model weights. Through experiments across medical, financial, and general domains with multiple LLM backbones, DP-LoRA demonstrates robust privacy guarantees and meaningful communication savings, albeit with a predictable trade-off in task performance under tighter privacy budgets. The approach offers a practical path for cross-institution collaboration where data cannot be shared, enabling privacy-safe, cost-efficient domain-specific model enhancement with broad real-world impact.

Abstract

The surge in interest and application of large language models (LLMs) has sparked a drive to fine-tune these models to suit specific applications, such as finance and medical science. However, concerns regarding data privacy have emerged, especially when multiple stakeholders aim to collaboratively enhance LLMs using sensitive data. In this scenario, federated learning becomes a natural choice, allowing decentralized fine-tuning without exposing raw data to central servers. Motivated by this, we investigate how data privacy can be ensured in LLM fine-tuning through practical federated learning approaches, enabling secure contributions from multiple parties to enhance LLMs. Yet, challenges arise: 1) despite avoiding raw data exposure, there is a risk of inferring sensitive information from model outputs, and 2) federated learning for LLMs incurs notable communication overhead. To address these challenges, this article introduces DP-LoRA, a novel federated learning algorithm tailored for LLMs. DP-LoRA preserves data privacy by employing a Gaussian mechanism that adds noise in weight updates, maintaining individual data privacy while facilitating collaborative model training. Moreover, DP-LoRA optimizes communication efficiency via low-rank adaptation, minimizing the transmission of updated weights during distributed training. The experimental results across medical, financial, and general datasets using various LLMs demonstrate that DP-LoRA effectively ensures strict privacy constraints while minimizing communication overhead.

Differentially Private Low-Rank Adaptation of Large Language Model Using Federated Learning

TL;DR

This work tackles privacy-preserving, domain-specific fine-tuning of large language models by marrying federated learning with differential privacy and low-rank adaptation. The proposed DP-LoRA algorithm injects Gaussian noise into the learned low-rank adapters during distributed training, achieving -DP while dramatically reducing communication by updating compact factors and instead of full model weights. Through experiments across medical, financial, and general domains with multiple LLM backbones, DP-LoRA demonstrates robust privacy guarantees and meaningful communication savings, albeit with a predictable trade-off in task performance under tighter privacy budgets. The approach offers a practical path for cross-institution collaboration where data cannot be shared, enabling privacy-safe, cost-efficient domain-specific model enhancement with broad real-world impact.

Abstract

The surge in interest and application of large language models (LLMs) has sparked a drive to fine-tune these models to suit specific applications, such as finance and medical science. However, concerns regarding data privacy have emerged, especially when multiple stakeholders aim to collaboratively enhance LLMs using sensitive data. In this scenario, federated learning becomes a natural choice, allowing decentralized fine-tuning without exposing raw data to central servers. Motivated by this, we investigate how data privacy can be ensured in LLM fine-tuning through practical federated learning approaches, enabling secure contributions from multiple parties to enhance LLMs. Yet, challenges arise: 1) despite avoiding raw data exposure, there is a risk of inferring sensitive information from model outputs, and 2) federated learning for LLMs incurs notable communication overhead. To address these challenges, this article introduces DP-LoRA, a novel federated learning algorithm tailored for LLMs. DP-LoRA preserves data privacy by employing a Gaussian mechanism that adds noise in weight updates, maintaining individual data privacy while facilitating collaborative model training. Moreover, DP-LoRA optimizes communication efficiency via low-rank adaptation, minimizing the transmission of updated weights during distributed training. The experimental results across medical, financial, and general datasets using various LLMs demonstrate that DP-LoRA effectively ensures strict privacy constraints while minimizing communication overhead.
Paper Structure (21 sections, 4 theorems, 7 equations, 1 figure, 19 tables, 1 algorithm)

This paper contains 21 sections, 4 theorems, 7 equations, 1 figure, 19 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Privacy Issues of LLMs
  4. From General-Purpose LLMs to Domain-specific LLMs
  5. Parameter-Efficient Tuning of LLMs
  6. Federated Learning and Differential Privacy
  7. Background of Differential Privacy
  8. Differentially Private Low-Rank Adaptation (DP-LoRA) of LLMs
  9. Motivation
  10. DP-LoRA Algorithm
  11. Guarantee of Differential Privacy
  12. Reducing Communication Overhead in Federate Learning
  13. Performance Evaluation
  14. Tasks and Datasets
  15. Experiments Setup
  16. ...and 6 more sections

Key Result

Theorem 1

(Sequential composition mcsherry2009privacy) Let $\mathcal{M}_t$ each provides $(\epsilon_t, \delta_t)$-differential privacy, $t = 1,2,...,T$. The sequential composition of $\mathcal{M}_t$ provides $(\epsilon_t^{'}, \delta_t^{'})$-differential privacy, where the $\epsilon_t^{'} = \sum_t\epsilon_t$ a

Figures (1)

  • Figure 1: Differential private low-rank adaptation (DP-LoRA) algorithm for LLMs using federated learning. Each node communicates with the server in updating $\bm{\theta}$.

Theorems & Definitions (4)

  • Theorem 1
  • Theorem 2
  • Theorem 3
  • Theorem 4