Li Zhaorui,Huang Zhicong,Chen Chaochao,Hong Cheng

2019-01-01

Abstract: With the growing emphasis on users' privacy, federated learning has become more and more popular. Many architectures have been raised for a better security. Most architecture work on the assumption that data's gradient could not leak information. However, some work, recently, has shown such gradients may lead to leakage of the training data. In this paper, we discuss the leakage based on a federated approximated logistic regression model and show that such gradient's leakage could leak the complete training data if all elements of the inputs are either 0 or 1.

Xiao-Yang Liu,Rongyi Zhu,Daochen Zha,Jiechao Gao,Shan Zhong,Matt White,Meikang Qiu

2024-06-02

Abstract:The surge in interest and application of large language models (LLMs) has sparked a drive to fine-tune these models to suit specific applications, such as finance and medical science. However, concerns regarding data privacy have emerged, especially when multiple stakeholders aim to collaboratively enhance LLMs using sensitive data. In this scenario, federated learning becomes a natural choice, allowing decentralized fine-tuning without exposing raw data to central servers. Motivated by this, we investigate how data privacy can be ensured in LLM fine-tuning through practical federated learning approaches, enabling secure contributions from multiple parties to enhance LLMs. Yet, challenges arise: 1) despite avoiding raw data exposure, there is a risk of inferring sensitive information from model outputs, and 2) federated learning for LLMs incurs notable communication overhead. To address these challenges, this article introduces DP-LoRA, a novel federated learning algorithm tailored for LLMs. DP-LoRA preserves data privacy by employing a Gaussian mechanism that adds noise in weight updates, maintaining individual data privacy while facilitating collaborative model training. Moreover, DP-LoRA optimizes communication efficiency via low-rank adaptation, minimizing the transmission of updated weights during distributed training. The experimental results across medical, financial, and general datasets using various LLMs demonstrate that DP-LoRA effectively ensures strict privacy constraints while minimizing communication overhead.

Machine Learning,Cryptography and Security

Huixuan Zong,Qing Wang,Xiaofeng Liu,Yinchuan Li,Yunfeng Shao

DOI: https://doi.org/10.1109/ICCC52777.2021.9580315

2021-01-01

Abstract:As an emerging framework of distributed learning, federated learning (FL) has been a research focus since it enables clients to train deep learning models collaboratively without exposing their original data. Nevertheless, private information can still be inferred from the communicated model parameters by adversaries. In addition, due to the limited channel bandwidth, the model communication between clients and the server has become a serious bottleneck. In this paper, we consider an FL framework that utilizes local differential privacy, where the client adds artificial Gaussian noise to the local model update before aggregation. To reduce the communication overhead of the differential privacy-protected model, we propose the universal vector quantization for FL with local differential privacy mechanism, which quantizes the model parameters in a universal vector quantization approach. Furthermore, we analyze the privacy performance of the proposed approach and track the privacy loss by accounting the log moments. Experiments show that even if the quantization bit is relatively small, our method can achieve model compression without reducing the accuracy of the global model.

Youbang Sun,Zitao Li,Yaliang Li,Bolin Ding

2024-03-19

Abstract:Low-rank adaptation (LoRA) is one of the most popular task-specific parameter-efficient fine-tuning (PEFT) methods on pre-trained language models for its good performance and computational efficiency. LoRA injects a product of two trainable rank decomposition matrices over the top of each frozen pre-trained model module. However, when applied in the setting of privacy-preserving federated learning (FL), LoRA may become unstable due to the following facts: 1) the effects of data heterogeneity and multi-step local updates are non-negligible, 2) additive noise enforced on updating gradients to guarantee differential privacy (DP) can be amplified and 3) the final performance is susceptible to hyper-parameters. A key factor leading to these phenomena is the discordance between jointly optimizing the two low-rank matrices by local clients and separately aggregating them by the central server. Thus, this paper proposes an efficient and effective version of LoRA, Federated Freeze A LoRA (FFA-LoRA), to alleviate these challenges and further halve the communication cost of federated fine-tuning LLMs. The core idea of FFA-LoRA is to fix the randomly initialized non-zero matrices and only fine-tune the zero-initialized matrices. Compared to LoRA, FFA-LoRA is motivated by practical and theoretical benefits in privacy-preserved FL. Our experiments demonstrate that FFA-LoRA provides more consistent performance with better computational efficiency over vanilla LoRA in various FL tasks.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jiaxing QI,Zhongzhi Luan,Shaohan Huang,Carol Fung,Hailong Yang,Depei Qian

2024-06-12

Abstract:Large language models (LLMs) have emerged as important components across various fields, yet their training requires substantial computation resources and abundant labeled data. It poses a challenge to robustly training LLMs for individual users (clients). To tackle this challenge, the intuitive idea is to introduce federated learning (FL), which can collaboratively train models on distributed private data. However, existing methods suffer from the challenges of data heterogeneity, system heterogeneity, and model size, resulting in suboptimal performance and high costs. In this work, we proposed a variant of personalized federated learning (PFL) framework, namely FDLoRA, which allows the client to be a single device or a cluster and adopts low-rank adaptation (LoRA) tuning. FDLoRA sets dual LoRA modules on each client to capture personalized and global knowledge, respectively, and only the global LoRA module uploads parameters to the central server to aggregate cross-client knowledge. Finally, an adaptive fusion approach is employed to combine the parameters of the dual LoRAs. This enables FDLoRA to make effective use of private data distributed across different clients, thereby improving performance on the client without incurring high communication and computing costs. We conducted extensive experiments in two practice scenarios. The results demonstrate that FDLoRA outperforms six baselines in terms of performance, stability, robustness, computation cost, and communication cost.

Distributed, Parallel, and Cluster Computing

Yifan Wang,Xianghui Cao,Shi Jin,Mo-Yuen Chow

2024-05-28

Abstract:Federated learning (FL) has been widely regarded as a promising paradigm for privacy preservation of raw data in machine learning. Although, the data privacy in FL is locally protected to some extent, it is still a desideratum to enhance privacy and alleviate communication overhead caused by repetitively transmitting model parameters. Typically, these challenges are addressed separately, or jointly via a unified scheme that consists of noise-injected privacy mechanism and communication compression, which may lead to model corruption due to the introduced composite noise. In this work, we propose a novel model-splitting privacy-preserving FL (MSP-FL) scheme to achieve private FL with precise accuracy guarantee. Based upon MSP-FL, we further propose a model-splitting privacy-preserving FL with dynamic quantization (MSPDQ-FL) to mitigate the communication overhead, which incorporates a shrinking quantization interval to reduce the quantization error. We provide privacy and convergence analysis for both MSP-FL and MSPDQ-FL under non-i.i.d. dataset, partial clients participation and finite quantization level. Numerical results are presented to validate the superiority of the proposed schemes.

Optimization and Control

Qian Chen,Zheng Chai,Zilong Wang,Haonan Yan,Xiaodong Lin,Jianying Zhou

DOI: https://doi.org/10.1109/jiot.2024.3395310

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the deployment of local differential privacy (LDP), federated learning (FL) has gained stronger privacypreserving capability against inference-type attacks. However, existing LDP methods reduce global model performance. In this paper, we propose a QP-LDP algorithm for FL to obtain a better-performed global model without losing privacy guarantees defined by the original LDP. Different from previous LDP methods for FL, QP-LDP improves the global model performance by precisely disturbing the non-common components of quantized local contributions. In addition, QP-LDP comprehensively protects two types of local contributions. Through security analysis, QP-LDP provides the probability indistinguishability of clients' private local contributions at a component-level. More importantly, ingenious experiments show that with the deployment of QP-LDP, the global model outperforms that in the original LDPbased FL in terms of prediction accuracy and convergence rate.

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Yan Hong,Zhiqing Huang,Chenyang Zhang

DOI: https://doi.org/10.1117/12.2684744

2023-01-01

Abstract:Federated learning is a new privacy protection framework for machine learning. The central server aggregates multiple participants to decentralized optimized parameters, then distributes the generated model to the client, and finally converges the global model. The model obtained by performance approaching centralized data training is trained under the condition that the data is not leave local. However, many studies have shown that this centralized federation system is vulnerable to confidentiality attacks by "honest but curious" attackers, using the gradient parameter information transmitted during federation model training to carry out reconstruction attacks or inference attacks, obtain the privacy data of participants or deduce some member information, which poses a severe challenge to the privacy protection of federated learning. In this paper, a hybrid defense strategy based on confusion self-encoder combined with localized differential privacy is proposed. On the one hand, the labels of the participants' local data are confused through the self-encoder network, so as to cut off the relationship between the gradient information and the original data. On the other hand, the localized differential privacy mechanism is used to disturb the transmitted gradient parameter information, and a model performance loss constraint mechanism is designed to reduce the impact of noise addition on the model performance. Experiments show that the hybrid defense strategy proposed in this paper can effectively resist reconstruction attacks and inference attacks in the process of federated learning model training, and achieve a better balance among computing overhead, model performance and privacy security.

Lingjie Zhang,Hai Zhang

DOI: https://doi.org/10.1142/s0219691323500200

2023-01-01

Abstract:Federated learning (FL) is an important approach to cooperate with multiple devices for learning without exchanging data between devices and central server. However, due to bandwidth and other reasons, the communication efficiency should be considered when the volume of information transmitted is limited. In this paper, we utilize the tool of lattice quantization form quantization theory and the variable intercommunication interval to improve communication efficiency. Meanwhile, to make strong privacy guarantee, we incorporate the notion of differential privacy (DP) to the FL framework with local SGD algorithm. By adding calibrated noises, we propose a universal lattice quantization for differentially private federated averaging algorithm (ULQ-DP-FedAvg). We provide tight privacy bound by using some privacy techniques. We also analyze the convergence bound of ULQ-DP-FedAvg based on bits rate constraints and the growing inter-communication interval as well as the data are non-independent identically distribution (Non-IID). It turns out that the algorithm converges and preserves that the privacy has scarcely influenced on the convergence rate. The effectiveness of our algorithm is demonstrated by synthetic and real datasets.

Zixin Wang,Yong Zhou,Yuanming Shi,Khaled. B. Letaief

2024-07-03

Abstract:Pre-trained foundation models (FMs), with extensive number of neurons, are key to advancing next-generation intelligence services, where personalizing these models requires massive amount of task-specific data and computational resources. The prevalent solution involves centralized processing at the edge server, which, however, raises privacy concerns due to the transmission of raw data. Instead, federated fine-tuning (FedFT) is an emerging privacy-preserving fine-tuning (FT) paradigm for personalized pre-trained foundation models. In particular, by integrating low-rank adaptation (LoRA) with federated learning (FL), federated LoRA enables the collaborative FT of a global model with edge devices, achieving comparable learning performance to full FT while training fewer parameters over distributed data and preserving raw data privacy. However, the limited radio resources and computation capabilities of edge devices pose significant challenges for deploying federated LoRA over wireless networks. To this paper, we propose a split federated LoRA framework, which deploys the computationally-intensive encoder of a pre-trained model at the edge server, while keeping the embedding and task modules at the edge devices. Building on this split framework, the paper provides a rigorous analysis of the upper bound of the convergence gap for the wireless federated LoRA system. This analysis motivates the formulation of a long-term upper bound minimization problem, where we decompose the formulated long-term mixed-integer programming (MIP) problem into sequential sub-problems using the Lyapunov technique. We then develop an online algorithm for effective device scheduling and bandwidth allocation. Simulation results demonstrate the effectiveness of the proposed online algorithm in enhancing learning performance.

Systems and Control

Zhen Liu,Changsong Yang,Yong Ding,Hai Liang,Yujue Wang

DOI: https://doi.org/10.1109/jiot.2024.3478208

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The emergence of Big Data and Artificial Intelligence (AI) marks a significant milestone in technological advancement, impacting various sectors and transforming the essence of public and personal activities. Traditional machine learning, known as centralized learning, involves collecting data from multiple sources for model development, which poses significant privacy risks. To address the conflict between the need for data sharing and the protection of privacy, federated learning has emerged as a promising solution. This approach allows for the continuous sharing of model updates between a central server and numerous local devices, fostering collaborative model development. However, it also brings about considerable communication costs and raises privacy concerns due to the potential for sensitive information leakage from the central server and local devices. To address these issues, we propose a lightweight and accuracy-lossless privacy-preserving federated learning scheme based on gradient clipping. The central server introduces noise to the global model to prevent clients from extracting valuable information, and then the local devices train these models using their data. To reduce the communication load, parameters with less impact on the model are removed using the Fisher information matrix. Additionally, to enhance privacy protection, the client-computed parameters are perturbed using the Diffie-Hellman key exchange method. Our experiments show that this approach greatly reduces the communication load for clients and the server, while effectively safeguarding client privacy and maintaining the model’s accuracy.

Xinchen Lyu,Xinyun Hou,Chenshan Ren,Xin Ge,Penglin Yang,Qimei Cui,Xiaofeng Tao

DOI: https://doi.org/10.1109/tifs.2024.3374590

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning is a popular distributed machine learning paradigm that enables collaborative model training at multiple entities via exchanging intermediate learning results. Security and communication efficiency are crucial for successful applications of federated learning in various privacy-sensitive services. However, existing work focused on gradient defense and communication efficiency separately, and also incurred additional computation, signaling, and accuracy overhead. A lightweight (in terms of time-complexity and signaling) technique that simultaneously achieves security and communication efficiency is critical for massive resource-constrained devices (e.g., Internet-of-Things generating the data), but has yet to be established. This paper proposes a secure and efficient federated learning framework with provable communication-accuracy-security performance guarantees. A low-complexity and signaling-free stochastic quantization module is added at the client side that quantizes the original local gradients to discrete values for communication-efficient global aggregation. The stochastic quantization module is shown to be interpreted as triangular or Gaussian-multiply-triangular noises under uniform or Gaussian distributions of local gradients, hence protecting data privacy. We prove that the proposed framework exhibits an { O (log 2 1/δ), O (δ 2 ), O (1/δ)}-tradeoff between the communication overhead, model accuracy, and data protection, where δ is an adjustable quantization interval. Experimental results validate the tradeoff and the superiority of the proposed stochastic quantization technique in terms of communication efficiency (only 14.1% of differential privacy and 0.2% of homomorphic encryption) and computation complexity (similar to differential privacy and only 0.03% of homomorphic encryption). Under the same data protection performance, the proposed approach also outperforms (in terms of accuracy) differential privacy in all the 9 comparison settings on CIFAR10 dataset.

Ziyao Wang,Zheyu Shen,Yexiao He,Guoheng Sun,Hongyi Wang,Lingjuan Lyu,Ang Li

2024-09-10

Abstract:The rapid development of Large Language Models (LLMs) has been pivotal in advancing AI, with pre-trained LLMs being adaptable to diverse downstream tasks through fine-tuning. Federated learning (FL) further enhances fine-tuning in a privacy-aware manner by utilizing clients' local data through in-situ computation, eliminating the need for data movement. However, fine-tuning LLMs, given their massive scale of parameters, poses challenges for clients with constrained and heterogeneous resources in FL. Previous methods employed low-rank adaptation (LoRA) for efficient federated fine-tuning but utilized traditional FL aggregation strategies on LoRA adapters. These approaches led to mathematically inaccurate aggregation noise, reducing fine-tuning effectiveness and failing to address heterogeneous LoRAs. In this work, we first highlight the mathematical incorrectness of LoRA aggregation in existing federated fine-tuning methods. We introduce a new approach called FLORA that enables federated fine-tuning on heterogeneous LoRA adapters across clients through a novel stacking-based aggregation method. Our approach is noise-free and seamlessly supports heterogeneous LoRA adapters. Extensive experiments demonstrate FLORA' s superior performance in both homogeneous and heterogeneous settings, surpassing state-of-the-art methods. We envision this work as a milestone for efficient, privacy-preserving, and accurate federated fine-tuning of LLMs. Our code is available at <a class="link-external link-https" href="https://github.com/ATP-1010/FederatedLLM" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Distributed, Parallel, and Cluster Computing

Xiaoguang Liu,Han Yu,Gang Wang,Liping Yi

DOI: https://doi.org/10.48550/arXiv.2310.13283

Abstract:Federated learning (FL) is an emerging machine learning paradigm in which a central server coordinates multiple participants (a.k.a. FL clients) to train a model collaboratively on decentralized data with privacy protection. This paradigm constrains that all clients have to train models with the same structures (homogeneous). In practice, FL often faces statistical heterogeneity, system heterogeneity and model heterogeneity challenges. These challenging issues inspire the field of Model-Heterogeneous Personalized Federated Learning (MHPFL) which aims to train a personalized and heterogeneous local model for each FL client. Existing MH-PFL approaches cannot achieve satisfactory model performance, acceptable computational overhead and efficient communication simultaneously. To bridge this gap, we propose a novel computation-and communication-efficient model-heterogeneous personalized Federated learning framework based on LoRA tuning ( FedLoRA ). It is designed to incorporate a homogeneous small adapter for each client’s heterogeneous local model. Both models are trained following the proposed iterative training for global-local knowledge exchange. The homogeneous small local adapters are sent to the FL server to be aggregated into a global adapter. In this way, FL clients can train heterogeneous local models without incurring high computation and communication costs. We theoretically prove the non-convex convergence rate of FedLoRA . Extensive experiments on two real-world datasets demonstrate that FedLoRA outperforms six state-of-the-art baselines, beating the best approach by 1 . 35% in terms of test accuracy, 11 . 81 × computation overhead reduction and 7 . 41 × communication cost saving.

Computer Science

Zhong Long,Yuling Chen,Hui Dou,Yun Luo,Chaoyue Tan,Yancheng Sun

DOI: https://doi.org/10.1109/dasc/picom/cbdcom/cy59711.2023.10361468

2023-01-01

Abstract:Google proposed federated learning in 2016, which aims to solve the problems of data silos and privacy leakage in machine learning. However, as the difficulty of the target task increases and the model performance requirements progressively improve, these have to consume more communication costs to increase the model parameters. In order to solve this problem, this paper proposes the Federated Learning with Sparsity and Quantization(FedSQ) method, where we select the gradients with a large rate of change in the gradients of the participants in each round for transmission, and utilize binary compression to quantize the selected model parameters, while adopting a suitable aggregation algorithm to replace the original FedAvg, so that it does not excessively impair the model accuracy in the case of high-fold compression. Finally, we verify the effectiveness of the scheme proposed in this paper, which can improve the quality of model training under model compression.

Yang Su,Na Yan,Yansha Deng

2024-11-11

Abstract:Federated fine-tuning of pre-trained Large Language Models (LLMs) enables task-specific adaptation across diverse datasets while preserving data privacy. However, the large model size and heterogeneity in client resources pose significant computational and communication challenges. To address these issues, in this paper, we propose a novel Heterogeneous Adaptive Federated Low-Rank Adaptation (LoRA) fine-tuned LLM framework (HAFL). To accommodate client resource heterogeneity, we first introduce an importance-based parameter truncation scheme, which allows clients to have different LoRA ranks, and smoothed sensitivity scores are used as importance indicators. Despite its flexibility, the truncation process may cause performance degradation. To tackle this problem, we develop an importance-based parameter freezing scheme. In this approach, both the cloud server and clients maintain the same LoRA rank, while clients selectively update only the most important decomposed LoRA rank-1 matrices, keeping the rest frozen. To mitigate the information dilution caused by the zero-padding aggregation method, we propose an adaptive aggregation approach that operates at the decomposed rank-1 matrix level. Experiments on the 20 News Group classification task show that our method converges quickly with low communication size, and avoids performance degradation when distributing models to clients compared to truncation-based heterogeneous LoRA rank scheme. Additionally, our adaptive aggregation method achieves faster convergence compared to the zero-padding approach.

Machine Learning,Artificial Intelligence,Distributed, Parallel, and Cluster Computing

Kuang Hangdong,Mi Bo

DOI: https://doi.org/10.48550/arXiv.2301.11705

2023-03-16

Abstract:Federated Learning is a distributed machine-learning environment that allows clients to learn collaboratively without sharing private data. This is accomplished by exchanging parameters. However, the differences in data distributions and computing resources among clients make related studies difficult. To address these heterogeneous problems, we propose a novel Federated Learning method. Our method utilizes a pre-trained model as the backbone of the local model, with fully connected layers comprising the head. The backbone extracts features for the head, and the embedding vector of classes is shared between clients to improve the head and enhance the performance of the local model. By sharing the embedding vector of classes instead of gradient-based parameters, clients can better adapt to private data, and communication between the server and clients is more effective. To protect privacy, we propose a privacy-preserving hybrid method that adds noise to the embedding vector of classes. This method has a minimal effect on the performance of the local model when differential privacy is met. We conduct a comprehensive evaluation of our approach on a self-built vehicle dataset, comparing it with other Federated Learning methods under non-independent identically distributed(Non-IID).

Machine Learning,Artificial Intelligence

Zhenqing Ling,Daoyuan Chen,Liuyi Yao,Yaliang Li,Ying Shen

2024-06-18

Abstract:The confluence of Federated Learning (FL) and Large Language Models (LLMs) is ushering in a new era in privacy-preserving natural language processing. However, the intensive memory requirements for fine-tuning LLMs pose significant challenges, especially when deploying on clients with limited computational resources. To circumvent this, we explore the novel integration of Memory-efficient Zeroth-Order Optimization within a federated setting, a synergy we term as FedMeZO. Our study is the first to examine the theoretical underpinnings of FedMeZO in the context of LLMs, tackling key questions regarding the influence of large parameter spaces on optimization behavior, the establishment of convergence properties, and the identification of critical parameters for convergence to inform personalized federated strategies. Our extensive empirical evidence supports the theory, showing that FedMeZO not only converges faster than traditional first-order methods such as FedAvg but also significantly reduces GPU memory usage during training to levels comparable to those during inference. Moreover, the proposed personalized FL strategy that is built upon the theoretical insights to customize the client-wise learning rate can effectively accelerate loss reduction. We hope our work can help to bridge theoretical and practical aspects of federated fine-tuning for LLMs, thereby stimulating further advancements and research in this area.

Machine Learning,Computation and Language

Weiqi Wang,Shushu Liu,An Liu,Christy Jie Liang,Shui Yu

DOI: https://doi.org/10.1109/globecom48099.2022.10001571

2022-01-01

Abstract:Federated learning (FL) is an emerging solution for machine learning model training in edge/fog computing systems. Unlike traditional systems that collect and train models on clouds, FL allows multiple edge/fog nodes to train a global model collaboratively without revealing their local data to clouds. Compared with traditional systems, it is inherited with better privacy protection ability. Although the basic privacy protection is inherited in FL, the privacy leakage from shard models is still unsolved. Existing solutions attempt to enhance the privacy of shared model parameters by adding differential privacy (DP) noise. However, these solutions all suffer from accuracy loss and convergence problems owing to the injected noise. In this paper, we propose a novel federated learning protocol to solve the above problem. The model trained on a carefully selected sampling subset can achieve the same level privacy protection as DP while preserving the model accuracy. Experimentally, we proved that our protocol achieves better model accuracy in the same privacy guarantee compared with noise injecting DP methods.