Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DEeR: Deviation Eliminating and Noise Regulating for Privacy-preserving Federated Low-rank Adaptation

Meilu Zhu, Axiu Mao, Jun Liu, Yixuan Yuan

TL;DR

This work tackles privacy-preserving federated fine-tuning of foundation models with LoRA, focusing on medical tasks. It identifies aggregation deviation and DP-noise amplification as core challenges when aggregating LoRA updates and introduces DEeR, which combines a server-side deviation eliminator based on generalized alternating minimization and a client-side noise regulator to decouple DP noise from LoRA updates. Theoretical results show that aggregation deviation vanishes when LoRA parameters are equivalent across clients, and empirical results on OCT-C8, Kvasir-v2, M&MS, and Polyp Segmentation demonstrate that DEeR consistently outperforms state-of-the-art LoRA-based FedFT methods under DP constraints. The approach yields robust performance across data heterogeneity, rank choices, communication budgets, and client counts, highlighting its practical potential for privacy-aware medical model finetuning. Code is available at the provided GitHub link.

Abstract

Integrating low-rank adaptation (LoRA) with federated learning (FL) has received widespread attention recently, aiming to adapt pretrained foundation models (FMs) to downstream medical tasks via privacy-preserving decentralized training. However, owing to the direct combination of LoRA and FL, current methods generally undergo two problems, i.e., aggregation deviation, and differential privacy (DP) noise amplification effect. To address these problems, we propose a novel privacy-preserving federated finetuning framework called \underline{D}eviation \underline{E}liminating and Nois\underline{e} \underline{R}egulating (DEeR). Specifically, we firstly theoretically prove that the necessary condition to eliminate aggregation deviation is guaranteing the equivalence between LoRA parameters of clients. Based on the theoretical insight, a deviation eliminator is designed to utilize alternating minimization algorithm to iteratively optimize the zero-initialized and non-zero-initialized parameter matrices of LoRA, ensuring that aggregation deviation always be zeros during training. Furthermore, we also conduct an in-depth analysis of the noise amplification effect and find that this problem is mainly caused by the ``linear relationship'' between DP noise and LoRA parameters. To suppress the noise amplification effect, we propose a noise regulator that exploits two regulator factors to decouple relationship between DP and LoRA, thereby achieving robust privacy protection and excellent finetuning performance. Additionally, we perform comprehensive ablated experiments to verify the effectiveness of the deviation eliminator and noise regulator. DEeR shows better performance on public medical datasets in comparison with state-of-the-art approaches. The code is available at https://github.com/CUHK-AIM-Group/DEeR.

DEeR: Deviation Eliminating and Noise Regulating for Privacy-preserving Federated Low-rank Adaptation

TL;DR

This work tackles privacy-preserving federated fine-tuning of foundation models with LoRA, focusing on medical tasks. It identifies aggregation deviation and DP-noise amplification as core challenges when aggregating LoRA updates and introduces DEeR, which combines a server-side deviation eliminator based on generalized alternating minimization and a client-side noise regulator to decouple DP noise from LoRA updates. Theoretical results show that aggregation deviation vanishes when LoRA parameters are equivalent across clients, and empirical results on OCT-C8, Kvasir-v2, M&MS, and Polyp Segmentation demonstrate that DEeR consistently outperforms state-of-the-art LoRA-based FedFT methods under DP constraints. The approach yields robust performance across data heterogeneity, rank choices, communication budgets, and client counts, highlighting its practical potential for privacy-aware medical model finetuning. Code is available at the provided GitHub link.

Abstract

Integrating low-rank adaptation (LoRA) with federated learning (FL) has received widespread attention recently, aiming to adapt pretrained foundation models (FMs) to downstream medical tasks via privacy-preserving decentralized training. However, owing to the direct combination of LoRA and FL, current methods generally undergo two problems, i.e., aggregation deviation, and differential privacy (DP) noise amplification effect. To address these problems, we propose a novel privacy-preserving federated finetuning framework called \underline{D}eviation \underline{E}liminating and Nois\underline{e} \underline{R}egulating (DEeR). Specifically, we firstly theoretically prove that the necessary condition to eliminate aggregation deviation is guaranteing the equivalence between LoRA parameters of clients. Based on the theoretical insight, a deviation eliminator is designed to utilize alternating minimization algorithm to iteratively optimize the zero-initialized and non-zero-initialized parameter matrices of LoRA, ensuring that aggregation deviation always be zeros during training. Furthermore, we also conduct an in-depth analysis of the noise amplification effect and find that this problem is mainly caused by the ``linear relationship'' between DP noise and LoRA parameters. To suppress the noise amplification effect, we propose a noise regulator that exploits two regulator factors to decouple relationship between DP and LoRA, thereby achieving robust privacy protection and excellent finetuning performance. Additionally, we perform comprehensive ablated experiments to verify the effectiveness of the deviation eliminator and noise regulator. DEeR shows better performance on public medical datasets in comparison with state-of-the-art approaches. The code is available at https://github.com/CUHK-AIM-Group/DEeR.

Paper Structure

This paper contains 29 sections, 2 theorems, 19 equations, 7 figures, 7 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Parameter Efficient Fine Tuning (PEFT)
  4. Federated Finetuning with LoRA
  5. Preliminaries
  6. methodology
  7. Problem Formulation
  8. Overview
  9. Deviation Eliminator
  10. Noise Regulator
  11. Experiments
  12. Datasets
  13. OCT-C8
  14. Kvasir-v2
  15. M&MS
  16. ...and 14 more sections

Key Result

Theorem 1

Given a collection of $K$ clients, let $\mathbf{B}_k$, $\mathbf{A}_k$ and $\mathbf{B}_{k'}$, $\mathbf{A}_{k'}$ be the LoRA parameters of any two clients $k$ and $k'$, respectively. The overall aggregation deviation $\mathcal{O}$ will be zero when $\mathbf{B}_k$ and $\mathbf{B}_{k'}$ or $\mathbf{A}_k

Figures (7)

  • Figure 1: Directly combining FL and LoRA to finetune FMs brings two challenges, i.e., aggregation deviation and noise amplification effect.
  • Figure 2: The norm changes of linear noise items with communication round: (a) $\|\bm{\xi}_k^{\mathbf{B}}\mathbf{A}_k\|_F$, (b)$\|\mathbf{B}_k\bm{\xi}_k^{\mathbf{A}}\|_F$. (Best viewed in color.)
  • Figure 3: The overview of the proposed DEeR framework for federated finetuning with LoRA (Best viewed in color). DEeR is equipped with a deviation eliminator at the server side and a noise regulator at the client side. The deviation eliminator exploits alternating minimization algorithm to optimize the parameters $\mathbf{A}$ and $\mathbf{B}$ of LoRA for mitigating aggregation deviation. The noise regulator introduces two regulator factors to suppress noise amplification effect.
  • Figure 4: The confusion matrices of different methods on Kvasir-v2.
  • Figure 5: Visualization of segmentation results for different methods on M&MS dataset. The columns (1)-(3) correspond to $\varepsilon = 0.1$ and columns (4)-(5) correspond to $\varepsilon = 1.0$.
  • ...and 2 more figures

Theorems & Definitions (3)

  • Definition 1
  • Theorem 1
  • Theorem 2