Papers
Topics
Authors
Recent
Search
2000 character limit reached

DP-FL: Federated Learning with Differential Privacy

Updated 19 May 2026
  • Federated Learning with Differential Privacy (DP-FL) is a framework that combines decentralized model training with rigorous privacy guarantees to protect individual data.
  • It utilizes techniques such as noise injection, gradient clipping, and privacy accounting to ensure that updates remain secure while preserving model accuracy.
  • DP-FL finds critical applications in sensitive domains like healthcare, finance, and mobile computing where strict data privacy and governance are required.

Federated Learning with Differential Privacy (DP-FL) is a paradigm that fuses large-scale distributed learning with rigorous, mathematically quantifiable privacy guarantees. It enables multiple clients or organizations to collaboratively train machine learning models while ensuring that no sensitive information can be directly inferred about any individual’s data, either within or across participating parties. The core technical mechanism is the integration of differential privacy (DP)—via noise injection, clipping, and advanced privacy accounting—at various stages of the federated optimization procedure. DP-FL has become foundational for privacy-conscious ML in healthcare, finance, mobile/on-device intelligence, and any setting with strict data-governance regimes.

1. Formal Foundations: Federated Learning and Differential Privacy

Federated Learning Protocol

Federated learning (FL) coordinates NN clients, each with their own private data DiD_i, to jointly optimize a global objective without centralizing data. At every global round tt, a random subset St⊆{1,…,N}S_t \subseteq \{1, \dots, N\} is selected. Clients i∈Sti \in S_t download the current global model xt−1x^{t-1}, perform EE steps of local SGD on their loss Fi(x)F_i(x), and upload their updates Δit\Delta_i^t. The server aggregates: xt=xt−1−η⋅Aggregate({Δit:i∈St})x^t = x^{t-1} - \eta \cdot \text{Aggregate}(\{\Delta_i^t : i \in S_t\}) Standard aggregation is weighted averaging (FedAvg).

Differential Privacy Guarantee

A randomized mechanism DiD_i0 is DiD_i1-DP if for every pair of neighboring datasets DiD_i2 (differing in at most one sample or user) and all measurable DiD_i3: DiD_i4 Here DiD_i5 controls the worst-case privacy loss; DiD_i6 allows a small failure probability. Sensitivity DiD_i7 is key for noise calibration. The Gaussian mechanism achieves DiD_i8-DP for output DiD_i9 with tt0, tt1 (Ren et al., 2024, Sen et al., 2024).

2. Taxonomy of DP-FL Paradigms

DP-FL can be categorized by where noise is injected, what is protected, and the trust model (Ren et al., 2024, Sen et al., 2024):

Paradigm Noise Injection Location Protection Granularity
Central DP (Server-level) Server-side, after aggregation Entire client/user
Local DP (LDP) Client-side, pre-aggregation Each client’s update
Shuffle Model Client-side + shuffling proxy Near-central, removes linkage
Secure Aggregation-based After secure sum over clients Matches central, server-untrusted
  • Central DP: Server clips and noises updates to hide full client contributions. Sampling amplifies DP.
  • Local DP: Each client privatizes its update before sending, usually leading to heavy utility loss, especially for high-dimensional models.
  • Shuffle Model: Clients use small LDP noise; a shuffler permits privacy amplification by breaking source-linkage.
  • Secure Aggregation-based: Clients add distributed noise; the server learns only the (noisy) sum, closely matching central DP accuracy with improved trust assumptions.

3. Optimization Principles: Mechanisms, Calibration, and Accounting

DP-FL Core Algorithm

  • DP-SGD for FL: Each client computes and clips gradient tt2, sending

tt3

Aggregated update: [ \tilde{g}t = \frac{1}{m} \sum

Definition Search Book Streamline Icon: https://streamlinehq.com
References (2)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Federated Learning with Differential Privacy (DP-FL).