Federated Online Prediction from Experts with Differential Privacy: Separations and Regret Speed-ups (2409.19092v1)

Abstract: We study the problems of differentially private federated online prediction from experts against both stochastic adversaries and oblivious adversaries. We aim to minimize the average regret on $m$ clients working in parallel over time horizon $T$ with explicit differential privacy (DP) guarantees. With stochastic adversaries, we propose a Fed-DP-OPE-Stoch algorithm that achieves $\sqrt{m}$-fold speed-up of the per-client regret compared to the single-player counterparts under both pure DP and approximate DP constraints, while maintaining logarithmic communication costs. With oblivious adversaries, we establish non-trivial lower bounds indicating that collaboration among clients does not lead to regret speed-up with general oblivious adversaries. We then consider a special case of the oblivious adversaries setting, where there exists a low-loss expert. We design a new algorithm Fed-SVT and show that it achieves an $m$-fold regret speed-up under both pure DP and approximate DP constraints over the single-player counterparts. Our lower bound indicates that Fed-SVT is nearly optimal up to logarithmic factors. Experiments demonstrate the effectiveness of our proposed algorithms. To the best of our knowledge, this is the first work examining the differentially private online prediction from experts in the federated setting.

• The paper introduces Fed-DP-OPE-Stoch, achieving a √m-fold per-client regret speed-up under both pure and approximate DP for stochastic adversaries.
• For oblivious adversaries, it establishes a non-trivial lower bound, showing that client collaboration does not accelerate regret minimization.
• In the realizable setting, the Fed-SVT algorithm achieves an almost optimal m-fold regret reduction with logarithmic communication costs.

Federated Online Prediction from Experts with Differential Privacy: Separations and Regret Speed-ups

The paper by Gao, Huang, and Yang provides an in-depth exploration of differentially private federated online prediction from experts, addressing both stochastic adversaries and oblivious adversaries. This work is particularly notable for its detailed examination of federated learning (FL) frameworks under differential privacy (DP) constraints, aimed at minimizing the average regret across multiple clients.

Summary of Contributions

1. Federated Online Prediction from Experts (Fed-DP-OPE-Stoch):
   • Stochastic Adversaries: The paper introduces the Fed-DP-OPE-Stoch algorithm, which achieves a significant $\sqrt{m}$-fold speed-up in per-client regret compared to single-player models under both pure DP and approximate DP constraints. Importantly, Fed-DP-OPE-Stoch maintains logarithmic communication costs.
   • Lower Bounds for Oblivious Adversaries: For oblivious adversaries, the authors establish a non-trivial lower bound, elucidating that collaboration among clients does not yield regret speed-up in this context. This insight is key in understanding the limitations of federated learning in adversarial settings.
2. Realizable Case with Oblivious Adversaries:
   • Algorithm Design with Realizability: The special case where a low-loss expert exists is addressed by the Fed-SVT algorithm. This algorithm achieves an $m$-fold speed-up in regret, showcasing the benefit of client collaboration under these specific circumstances. The authors demonstrate that the regret bound of Fed-SVT is nearly optimal up to logarithmic factors.

Key Numerical Results and Implications

• For stochastic adversaries, the Fed-DP-OPE-Stoch algorithm guarantees a per-client regret of $$O\left((\alpha+\beta)\log T \sqrt{\frac{T \log d}{m} + \frac{\sqrt{\alpha \beta} \log d \sqrt{T} \log T}{m^{\frac{1}{4}} \sqrt{\varepsilon}}}\right)$$ with a communication cost of $$O\left(m^{\frac{5}{4}} d \sqrt{\frac{T \varepsilon \beta}{\alpha \log d}}\right)$$.
• In the realizable setting with oblivious adversaries, Fed-SVT achieves a per-client regret of $$O\left(\frac{\log^2 d + \log^T \log d}{m \varepsilon} \right)$$ for pure DP and $$O\left(\frac{\log T \log d + \log^{3/2} d}{m \varepsilon}\right)$$ for approximate DP, demonstrating significant improvements over single-player scenarios.

Technical Approach and Innovations

The authors develop distinct algorithms based on advanced DP techniques and gradient-based optimization methods adapted to the federated setting:

1. Fed-DP-OPE-Stoch Algorithm:
   • Local Loss Function Gradient Estimation: Clients estimate gradients locally and communicate these estimates to the server, reducing communication overhead.
   • Local Privatization: Clients add noise to gradient estimates in adherence to DP principles, ensuring privacy of communicated information.
   • Global Expert Prediction: The central server aggregates noisy gradient estimates and predicts new experts, efficiently coordinating client behavior.
2. Fed-SVT Algorithm:
   • Sparse-Vector Technique: The algorithm employs the sparse-vector technique to privately aggregate client updates and determine when to switch to a different expert, balancing privacy with accuracy.

Lower Bound Insights

The theoretical lower bounds presented in this paper underscore critical distinctions between stochastic and oblivious adversaries in federated settings. The findings reveal that for general oblivious adversaries, client collaboration does not enhance regret minimization, highlighting inherent limitations. Conversely, in realizable cases where an optimal expert exists, collaboration leads to significant regret reduction.

Implications and Future Directions

This paper's contributions have considerable implications for both theoretical and practical aspects of FL and DP:

• Theoretical Impact: It lays foundational work in understanding the interplay between FL and DP, particularly in adversarial settings, and introduces novel techniques such as policy reduction for FL, which can be extended to other problems.
• Practical Applications: The proposed algorithms can enhance privacy-preserving FL systems in healthcare, finance, and personalized recommender systems, where sensitive data is involved.

Future research can explore adaptive adversaries and their impact on FL with DP guarantees, as well as extend these methodologies to other online learning scenarios such as multi-armed bandits and reinforcement learning. The exploration of real-world use cases will also be crucial for validating and refining these algorithms. The insights drawn from this paper mark a significant step towards robust, privacy-preserving collaborative learning frameworks.