Differentially Private Federated Learning: A Systematic Review
Jie Fu, Yuan Hong, Xinpeng Ling, Leixia Wang, Xun Ran, Zhiyu Sun, Wendy Hui Wang, Zhili Chen, Yang Cao
TL;DR
This systematic review clarifies how differential privacy models—DP, local DP, and the shuffle model—map onto horizontal, vertical, and transfer federated learning, revealing distinct privacy targets (samples vs. clients) and the role of secure aggregation in practice. It surveys DP implementations across HFL, VFL, and TFL, detailing mechanisms (DPSGD, DP-FedAvg, LDP variants, and discrete noise schemes) and the nuanced trade-offs between privacy budgets, utility, and communication costs. The work highlights real-world applications across graph data, time series, healthcare, IoT, and finance, and identifies open challenges in convergence analysis, user-level DP, privacy auditing, and cross-domain and multimodal DP-FL, proposing six practical directions for future research. The comprehensive taxonomy and synthesis provide a technical foundation for researchers and practitioners to design, audit, and deploy privacy-preserving federated learning systems with clearer guarantees and better utility.
Abstract
In recent years, privacy and security concerns in machine learning have promoted trusted federated learning to the forefront of research. Differential privacy has emerged as the de facto standard for privacy protection in federated learning due to its rigorous mathematical foundation and provable guarantee. Despite extensive research on algorithms that incorporate differential privacy within federated learning, there remains an evident deficiency in systematic reviews that categorize and synthesize these studies. Our work presents a systematic overview of the differentially private federated learning. Existing taxonomies have not adequately considered objects and level of privacy protection provided by various differential privacy models in federated learning. To rectify this gap, we propose a new taxonomy of differentially private federated learning based on definition and guarantee of various differential privacy models and federated scenarios. Our classification allows for a clear delineation of the protected objects across various differential privacy models and their respective neighborhood levels within federated learning environments. Furthermore, we explore the applications of differential privacy in federated learning scenarios. Our work provide valuable insights into privacy-preserving federated learning and suggest practical directions for future research.