Challenges and Solutions for Privacy in Federated Learning: A Differential Privacy Approach
Abstract
This paper analyzes the application of differential privacy (DP) in federated learning (FL) using PyTorch, investigating the trade-off between privacy and performance on non-IID data. Experimentally, we demonstrate that DP impacts accuracy and loss, with higher accuracy (ϵ=0.5) resulting in greater degradation, but without rendering the system unviable. The research confirms the inverse relationship between privacy and model quality, highlighting the need for a balance. This work contributes to the practical implementation of robust data protection policies in FL.
Keywords:
privacidade diferencial, aprendizado federado, dados não-IID, PyTorch, Opacus
References
Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., and Zhang, L. (2016). Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 308–318.
Andrew, G., Thakkar, O., McMahan, B., and Ramaswamy, S. (2021). Differentially private learning with adaptive clipping. Advances in Neural Information Processing Systems, 34:17455–17466.
Beutel, D. J., Topal, T., Mathur, A., Qiu, X., Fernandez-Marques, J., Gao, Y., Sani, L., Li, K. H., Parcollet, T., De Gusmão, P. P. B., et al. (2020). Flower: A friendly federated learning research framework. arXiv preprint arXiv:2007.14390.
Dwork, C., McSherry, F., Nissim, K., and Smith, A. (2006). Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference, pages 265–284. Springer.
Geyer, R. C., Klein, T., and Nabi, M. (2017). Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557.
Hsieh, K., Phanishayee, A., Mutlu, O., and Gibbons, P. (2020). The non-iid data quagmire of decentralized machine learning. In International Conference on Machine Learning, pages 4387–4398. PMLR.
Kim, S.-W., Kim, S., Kim, J., Ji, S., and Lee, S.-H. (2025). Fedwsq: Efficient federated learning with weight standardization and distribution-aware non-uniform quantization. arXiv preprint arXiv:2506.23516.
Li, T., Sahu, A. K., Talwalkar, A., and Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE signal processing magazine, 37(3):50–60.
McMahan, B., Moore, E., Ramage, D., Hampson, S., and y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics, pages 1273–1282. PMLR.
Paszke, A., Gross, S., Massa, F., Lerer, A., Bradbury, J., Chanan, G., Killeen, T., Lin, Z., Gimelshein, N., Antiga, L., et al. (2019). Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems, 32.
Truex, S., Liu, L., Chow, K.-H., Gursoy, M. E., and Wei, W. (2020). Ldp-fed: Federated learning with local differential privacy. In Proceedings of the third ACM international workshop on edge systems, analytics and networking, pages 61–66.
Vieira, F. and Campos, C. A. V. (2024). Reducing costs using normalization in federated learning in heterogeneous data distributions.
Wei, K., Li, J., Ding, M., Ma, C., Yang, H. H., Farokhi, F., Jin, S., Quek, T. Q., and Poor, H. V. (2020). Federated learning with differential privacy: Algorithms and performance analysis. IEEE transactions on information forensics and security, 15:3454–3469.
Andrew, G., Thakkar, O., McMahan, B., and Ramaswamy, S. (2021). Differentially private learning with adaptive clipping. Advances in Neural Information Processing Systems, 34:17455–17466.
Beutel, D. J., Topal, T., Mathur, A., Qiu, X., Fernandez-Marques, J., Gao, Y., Sani, L., Li, K. H., Parcollet, T., De Gusmão, P. P. B., et al. (2020). Flower: A friendly federated learning research framework. arXiv preprint arXiv:2007.14390.
Dwork, C., McSherry, F., Nissim, K., and Smith, A. (2006). Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference, pages 265–284. Springer.
Geyer, R. C., Klein, T., and Nabi, M. (2017). Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557.
Hsieh, K., Phanishayee, A., Mutlu, O., and Gibbons, P. (2020). The non-iid data quagmire of decentralized machine learning. In International Conference on Machine Learning, pages 4387–4398. PMLR.
Kim, S.-W., Kim, S., Kim, J., Ji, S., and Lee, S.-H. (2025). Fedwsq: Efficient federated learning with weight standardization and distribution-aware non-uniform quantization. arXiv preprint arXiv:2506.23516.
Li, T., Sahu, A. K., Talwalkar, A., and Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE signal processing magazine, 37(3):50–60.
McMahan, B., Moore, E., Ramage, D., Hampson, S., and y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. In Artificial intelligence and statistics, pages 1273–1282. PMLR.
Paszke, A., Gross, S., Massa, F., Lerer, A., Bradbury, J., Chanan, G., Killeen, T., Lin, Z., Gimelshein, N., Antiga, L., et al. (2019). Pytorch: An imperative style, high-performance deep learning library. Advances in neural information processing systems, 32.
Truex, S., Liu, L., Chow, K.-H., Gursoy, M. E., and Wei, W. (2020). Ldp-fed: Federated learning with local differential privacy. In Proceedings of the third ACM international workshop on edge systems, analytics and networking, pages 61–66.
Vieira, F. and Campos, C. A. V. (2024). Reducing costs using normalization in federated learning in heterogeneous data distributions.
Wei, K., Li, J., Ding, M., Ma, C., Yang, H. H., Farokhi, F., Jin, S., Quek, T. Q., and Poor, H. V. (2020). Federated learning with differential privacy: Algorithms and performance analysis. IEEE transactions on information forensics and security, 15:3454–3469.
Published
2025-09-17
How to Cite
FLORENTINO, José Augusto Nogueira; CAMPOS, Carlos Alberto Vieira.
Challenges and Solutions for Privacy in Federated Learning: A Differential Privacy Approach. In: WORKSHOP ON INFORMATION SYSTEMS (WSIS), 16. , 2025, Rio Paranaíba/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 172-181.
DOI: https://doi.org/10.5753/wsis.2025.15784.
