Providing Differential Privacy for Federated Learning Over Wireless: A Cross-layer Framework
Jiayu Mao, Tongxin Yin, Aylin Yener, Mingyan Liu
TL;DR
This work tackles differential privacy in Over-the-Air Federated Learning over wireless channels by introducing a fully decentralized adaptive power-control framework that optionally employs a cooperative jammer to meet any $(\varepsilon,\delta)$-DP. The method preserves learning efficiency across multiple FL algorithms (Upcycled-FL, FedAvg, FedProx) and provides rigorous privacy guarantees using the Moments Accountant, along with a convergence analysis for non-convex objectives under heterogeneous data. The authors validate the approach on non-IID FEMNIST, showing that their power-control design consistently outperforms the prior state-of-the-art DP OTA-FL under the same privacy constraints, with the cooperative jammer proving especially beneficial for stringent DP. Overall, the framework enables practical, private OTA-FL in wireless networks while keeping communication and computation efficient, and points to future work on RIS integration and energy-aware privacy.
Abstract
Federated Learning (FL) is a distributed machine learning framework that inherently allows edge devices to maintain their local training data, thus providing some level of privacy. However, FL's model updates still pose a risk of privacy leakage, which must be mitigated. Over-the-air FL (OTA-FL) is an adapted FL design for wireless edge networks that leverages the natural superposition property of the wireless medium. We propose a wireless physical layer (PHY) design for OTA-FL which improves differential privacy (DP) through a decentralized, dynamic power control that utilizes both inherent Gaussian noise in the wireless channel and a cooperative jammer (CJ) for additional artificial noise generation when higher privacy levels are required. Although primarily implemented within the Upcycled-FL framework, where a resource-efficient method with first-order approximations is used at every even iteration to decrease the required information from clients, our power control strategy is applicable to any FL framework, including FedAvg and FedProx as shown in the paper. This adaptation showcases the flexibility and effectiveness of our design across different learning algorithms while maintaining a strong emphasis on privacy. Our design removes the need for client-side artificial noise injection for DP, utilizing a cooperative jammer to enhance privacy without affecting transmission efficiency for higher privacy demands. Privacy analysis is provided using the Moments Accountant method. We perform a convergence analysis for non-convex objectives to tackle heterogeneous data distributions, highlighting the inherent trade-offs between privacy and accuracy. Numerical results show that our approach with various FL algorithms outperforms the state-of-the-art under the same DP conditions on the non-i.i.d. FEMNIST dataset, and highlight the cooperative jammer's effectiveness in ensuring strict privacy.