Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy Enhancement in Over-the-Air Federated Learning via Adaptive Receive Scaling

Faeze Moradi Kalarde, Ben Liang, Min Dong, Yahia A. Eldemerdash Ahmed, Ho Ting Cheng

TL;DR

The paper tackles privacy-aware adaptive receive scaling in over-the-air federated learning under time-varying channels. It introduces AdaScale, an online algorithm that minimizes time-averaged Rényi differential privacy leakage while enforcing a convergence constraint, using a single-round, convex per-round reformulation and a virtual-queue driven Lyapunov-type control. Theoretical results establish bounds on drift, queue length, constraint violation, and dynamic regret, with diminishing regret when $1<eta<2$, implying convergence to a stationary point. Empirical results on MNIST and CIFAR-10 show AdaScale achieving substantial reductions in both RDP and DP leakages without sacrificing learning performance, approaching offline-optimal performance in practice.

Abstract

In Federated Learning (FL) with over-the-air aggregation, the quality of the signal received at the server critically depends on the receive scaling factors. While a larger scaling factor can reduce the effective noise power and improve training performance, it also compromises the privacy of devices by reducing uncertainty. In this work, we aim to adaptively design the receive scaling factors across training rounds to balance the trade-off between training convergence and privacy in an FL system under dynamic channel conditions. We formulate a stochastic optimization problem that minimizes the overall Rényi differential privacy (RDP) leakage over the entire training process, subject to a long-term constraint that ensures convergence of the global loss function. Our problem depends on unknown future information, and we observe that standard Lyapunov optimization is not applicable. Thus, we develop a new online algorithm, termed AdaScale, based on a sequence of novel per-round problems that can be solved efficiently. We further derive upper bounds on the dynamic regret and constraint violation of AdaSacle, establishing that it achieves diminishing dynamic regret in terms of time-averaged RDP leakage while ensuring convergence of FL training to a stationary point. Numerical experiments on canonical classification tasks show that our approach effectively reduces RDP and DP leakages compared with state-of-the-art benchmarks without compromising learning performance.

Privacy Enhancement in Over-the-Air Federated Learning via Adaptive Receive Scaling

TL;DR

The paper tackles privacy-aware adaptive receive scaling in over-the-air federated learning under time-varying channels. It introduces AdaScale, an online algorithm that minimizes time-averaged Rényi differential privacy leakage while enforcing a convergence constraint, using a single-round, convex per-round reformulation and a virtual-queue driven Lyapunov-type control. Theoretical results establish bounds on drift, queue length, constraint violation, and dynamic regret, with diminishing regret when , implying convergence to a stationary point. Empirical results on MNIST and CIFAR-10 show AdaScale achieving substantial reductions in both RDP and DP leakages without sacrificing learning performance, approaching offline-optimal performance in practice.

Abstract

In Federated Learning (FL) with over-the-air aggregation, the quality of the signal received at the server critically depends on the receive scaling factors. While a larger scaling factor can reduce the effective noise power and improve training performance, it also compromises the privacy of devices by reducing uncertainty. In this work, we aim to adaptively design the receive scaling factors across training rounds to balance the trade-off between training convergence and privacy in an FL system under dynamic channel conditions. We formulate a stochastic optimization problem that minimizes the overall Rényi differential privacy (RDP) leakage over the entire training process, subject to a long-term constraint that ensures convergence of the global loss function. Our problem depends on unknown future information, and we observe that standard Lyapunov optimization is not applicable. Thus, we develop a new online algorithm, termed AdaScale, based on a sequence of novel per-round problems that can be solved efficiently. We further derive upper bounds on the dynamic regret and constraint violation of AdaSacle, establishing that it achieves diminishing dynamic regret in terms of time-averaged RDP leakage while ensuring convergence of FL training to a stationary point. Numerical experiments on canonical classification tasks show that our approach effectively reduces RDP and DP leakages compared with state-of-the-art benchmarks without compromising learning performance.

Paper Structure

This paper contains 30 sections, 11 theorems, 56 equations, 2 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. FL System
  5. Differential Privacy
  6. System Model and Problem Formulation
  7. FedSGD with OTA Aggregation
  8. RDP Leakage Calculation
  9. Per-Round RDP Leakage
  10. Overall RDP Leakage
  11. Problem Formulation
  12. Adaptive Receive Scalar Design
  13. Problem Reformulation via Training Convergence Analysis
  14. Convergence Analysis
  15. Problem Reformulation
  16. ...and 15 more sections

Key Result

Lemma 1

For any integer $\alpha > 1$, the SGM defined in Definition SGMdEF, with mapping $u(\cdot)$ having $\ell_2$-sensitivity $\Delta$, satisfies $(\alpha, \rho_{\alpha}(q, \sigma_{\text{eff}}))$-RDP, where $\sigma_{\text{eff}} \triangleq \frac{\sigma}{\Delta}$ is the effective noise multiplier, $\rho_{\a

Figures (2)

  • Figure 1: RDP and DP leakage vs. $\nu$ for MNIST. Range of $\nu$ corresponds to test accuracies between $90\%$ and $95\%$.
  • Figure 2: RDP and DP leakage vs. $\nu$ for CIFAR-10. Range of $\nu$ corresponds to test accuracies between $60\%$ and $65\%$.

Theorems & Definitions (30)

  • Definition 1: ($\varepsilon$, $\delta$)-DP dwork2014algorithmic
  • Definition 2: ($\alpha$, $\varepsilon$)-RDP rdp1
  • Remark 1: Conversion from RDP to DP rdp1
  • Definition 3: Sampled Gaussian Mechanism (SGM) rdp2-sampledGauss
  • Definition 4: $\ell_2$-sensitivity
  • Lemma 1: RDP leakage of SGM
  • proof
  • Remark 2
  • Theorem 1: Training convergence
  • proof
  • ...and 20 more