Lossless Privacy-Preserving Aggregation for Decentralized Federated Learning
Xiaoye Miao, Bin Li, Yanzhang, Xinkui Zhao, Yangyang Wu
TL;DR
LPPA tackles the privacy leakage risk in decentralized federated learning by injecting the noise difference into the initial gradient-tracking variable and leveraging noise flow conservation to globally cancel noise during aggregation. This approach achieves lossless global model accuracy while providing stronger gradient protection, with a formal privacy-budget advantage of a factor of $\\sqrt{2}$ over standard differential privacy. Empirical results on six real datasets demonstrate that LPPA matches or exceeds the accuracy of standard DSGT, while yielding substantially higher resistance to data-reconstruction attacks compared to DP methods. The combination of a preemptive noise-exchange phase and noise-difference injection enables robust privacy without compromising convergence or performance, making it a practical option for privacy-aware DFL in edge and distributed settings.
Abstract
Privacy concerns arise as sensitive data proliferate. Despite decentralized federated learning (DFL) aggregating gradients from neighbors to avoid direct data transmission, it still poses indirect data leaks from the transmitted gradients. Existing privacy-preserving methods for DFL add noise to gradients. They either diminish the model predictive accuracy or suffer from ineffective gradient protection. In this paper, we propose a novel lossless privacy-preserving aggregation rule named LPPA to enhance gradient protection as much as possible but without loss of DFL model predictive accuracy. LPPA subtly injects the noise difference between the sent and received noise into transmitted gradients for gradient protection. The noise difference incorporates neighbors' randomness for each client, effectively safeguarding against data leaks. LPPA employs the noise flow conservation theory to ensure that the noise impact can be globally eliminated. The global sum of all noise differences remains zero, ensuring that accurate gradient aggregation is unaffected and the model accuracy remains intact. We theoretically prove that the privacy-preserving capacity of LPPA is \sqrt{2} times greater than that of noise addition, while maintaining comparable model accuracy to the standard DFL aggregation without noise injection. Experimental results verify the theoretical findings and show that LPPA achieves a 14% mean improvement in accuracy over noise addition. We also demonstrate the effectiveness of LPPA in protecting raw data and guaranteeing lossless model accuracy.