On Using Secure Aggregation in Differentially Private Federated Learning with Multiple Local Steps
Mikko A. Heikkilä
TL;DR
The paper tackles privacy-preserving federated learning with fine-grained sample-level DP in the presence of secure aggregation. It introduces a simple yet powerful privacy analysis that enables multiple local optimization steps per FL round while maintaining distributed DP guarantees via a trusted aggregator, leveraging sum-dominating mechanisms such as Gaussian and Skellam noise. Empirically, the approach yields notable utility gains under limited communication rounds across Fashion-MNIST, CIFAR-10, and ACS Income datasets, with improvements of up to around 16 percentage points in some settings. This work narrows the gap between theoretical DP-FL guarantees and practical performance, and provides a framework for deploying DP-FL with SecAgg in real-world, communication-constrained environments.
Abstract
Federated learning is a distributed learning setting where the main aim is to train machine learning models without having to share raw data but only what is required for learning. To guarantee training data privacy and high-utility models, differential privacy and secure aggregation techniques are often combined with federated learning. However, with fine-grained protection granularities, e.g., with the common sample-level protection, the currently existing techniques generally require the parties to communicate for each local optimization step, if they want to fully benefit from the secure aggregation in terms of the resulting formal privacy guarantees. In this paper, we show how a simple new analysis allows the parties to perform multiple local optimization steps while still benefiting from using secure aggregation. We show that our analysis enables higher utility models with guaranteed privacy protection under limited number of communication rounds.