Privacy-Preserving Decentralized Federated Learning via Explainable Adaptive Differential Privacy

TL;DR

This work tackles privacy in decentralized Federated Learning by introducing PrivateDFL, a serverless framework that combines HyperDimensional Computing with an explainable, cumulative DP noise accountant. By tracking and injecting only incremental noise to meet privacy budgets, PrivateDFL achieves tighter privacy-utility tradeoffs and maintains high accuracy. Empirical results across MNIST, ISOLET, and UCI-HAR show superior performance and substantial gains in latency and energy efficiency compared to DP-trained baselines, under both IID and non-IID data splits. The approach enables practical, trustworthy privacy-preserving distributed pattern recognition with clear avenues for future enhancements in topology, budgets, and adversarial resilience.

Abstract

Decentralized Federated Learning (DFL) enables collaborative model training without a central server, but it remains vulnerable to privacy leakage because shared model updates can expose sensitive information through inversion, reconstruction, and membership inference attacks. Differential Privacy (DP) provides formal safeguards, yet existing DP-enabled DFL methods operate as black-boxes that cannot track cumulative noise added across clients and rounds, forcing each participant to inject worst-case perturbations that severely degrade accuracy. We propose PrivateDFL, a new explainable and privacy-preserving framework that addresses this gap by combining a HyperDimensional Computing (HD) model with a transparent DP noise accountant tailored to decentralized learning. HD offers structured, noise-tolerant high-dimensional representations, while the accountant explicitly tracks cumulative perturbations so each client adds only the minimal incremental noise required to satisfy its (epsilon, delta) budget. This yields significantly tighter and more interpretable privacy-utility tradeoffs than prior DP-DFL approaches. Experiments on MNIST (image), ISOLET (speech), and UCI-HAR (wearable sensor) show that PrivateDFL consistently surpasses centralized DP-SGD and Renyi-DP Transformer and deep learning baselines under both IID and non-IID partitions, improving accuracy by up to 24.4% on MNIST, over 80% on ISOLET, and 14.7% on UCI-HAR, while reducing inference latency by up to 76 times and energy consumption by up to 36 times. These results position PrivateDFL as an efficient and trustworthy solution for privacy-sensitive pattern recognition applications such as healthcare, finance, human-activity monitoring, and industrial sensing. Future work will extend the accountant to adversarial participation, heterogeneous privacy budgets, and dynamic topologies.

Figures (12)

• Figure 1: (a) Centralized federated learning framework. (b) Decentralized federated learning setting showing potential data leakage through model inversion and membership inference attacks.
• Figure 2: Reconstruction of a differentially protected data point under varying noise levels.
• Figure 3: Overview of the PrivateDFL framework with XAI-guided noise accounting and decentralized HD-based model updates.
• Figure 4: Overview of the hyperdimensional computing model illustrating the encoding, training, inference, and retraining stages.
• Figure 5: Accuracy of PrivateDFL under varying privacy parameters, including the privacy budget ($\varepsilon$) and privacy loss coefficient ($\delta_{0}$), for both IID and non-IID data distributions. Panels (a)–(c) report results on MNIST, ISOLET, and UCI-HAR under IID partitioning, while panels (d)–(f) show the corresponding outcomes under non-IID splits.

Theorems & Definitions (12)

• Definition 1
• Definition 2
• Definition 3
• Theorem 1
• Theorem 2
• Proof 1
• Theorem 3
• Proof 2
• Theorem 4
• Proof 3