Qian Chen,Zheng Chai,Zilong Wang,Haonan Yan,Xiaodong Lin,Jianying Zhou

DOI: https://doi.org/10.1109/jiot.2024.3395310

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the deployment of local differential privacy (LDP), federated learning (FL) has gained stronger privacypreserving capability against inference-type attacks. However, existing LDP methods reduce global model performance. In this paper, we propose a QP-LDP algorithm for FL to obtain a better-performed global model without losing privacy guarantees defined by the original LDP. Different from previous LDP methods for FL, QP-LDP improves the global model performance by precisely disturbing the non-common components of quantized local contributions. In addition, QP-LDP comprehensively protects two types of local contributions. Through security analysis, QP-LDP provides the probability indistinguishability of clients' private local contributions at a component-level. More importantly, ingenious experiments show that with the deployment of QP-LDP, the global model outperforms that in the original LDPbased FL in terms of prediction accuracy and convergence rate.

Yufeng Wang,Jianhua Ma,Xu Zhang,Qun Jin

DOI: https://doi.org/10.1002/cpe.7429

2022-11-01

Abstract:As a distributed learning framework, Federated Learning (FL) allows different local learners/participants to collaboratively train a joint model without exposing their own localdata,andoffersafeasiblesolutiontolegallyresolvedataislands.However,among them, the data privacy and model security are two challenges. The former means that, if original data are used for trained FL models, various methods can be used to deduce the original data samples, thereby causing the leakage of data. The latter implies that unreliable/malicious participants may affect or destroy the joint FL model, through uploading wrong local model parameters. Therefore, this paper proposes a novel distributed FL training framework, namely LDP-Fed + , which takes into account differential privacy protection and model security defense. Specifically, firstly, a local perturbationmoduleisaddedatthelocallearnerside,whichperturbstheoriginaldata of local learners through feature extraction, binary encoding and decoding, and random response. Then, through using the perturbed data, local neural network model is trained to obtain the network parameters that meet local differential protection, to effectively deal with model inversion attacks. Secondly, a security defense module is added on the server side, which uses the auxiliary model and differential index mechanismtoselectanappropriatenumberoflocaldisturbanceparametersforaggre-gationtoenhancemodelsecuritydefenseanddealwithmembershipinferenceattacks. The experimental results show that, compared with other federated learning models based on differential privacy, LDP-Fed + has stronger robustness for model security and higher accuracy for model training while ensuring strict privacy protection.

Computer Science

Xiaoying Shen,Hang Jiang,Yange Chen,Baocang Wang,Le Gao

DOI: https://doi.org/10.3390/e25030485

IF: 2.738

2023-03-11

Entropy

Abstract:As a popular machine learning method, federated learning (FL) can effectively solve the issues of data silos and data privacy. However, traditional federated learning schemes cannot provide sufficient privacy protection. Furthermore, most secure federated learning schemes based on local differential privacy (LDP) ignore an important issue: they do not consider each client's differentiated privacy requirements. This paper introduces a perturbation algorithm (PDPM) that satisfies personalized local differential privacy (PLDP), resolving the issue of inadequate or excessive privacy protection for some participants due to the same privacy budget set for all clients. The algorithm enables clients to adjust the privacy parameters according to the sensitivity of their data, thus allowing the scheme to provide personalized privacy protection. To ensure the privacy of the scheme, we have conducted a strict privacy proof and simulated the scheme on both synthetic and real data sets. Experiments have demonstrated that our scheme is successful in producing high-quality models and fulfilling the demands of personalized privacy protection.

physics, multidisciplinary

KANG Haiyan,JI Yuanrui

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022189

2022-01-01

Abstract:As a type of collaborative machine learning framework, federated learning is capable of preserving private data from participants while training the data into useful models.Nevertheless, from a viewpoint of information theory, it is still vulnerable for a curious server to infer private information from the shared models uploaded by participants.To solve the inference attack problem in federated learning training, a local differential privacy federated learning (LDP-FL) approach was proposed.Firstly, to ensure the federated model training process was protected from inference attacks, a local differential privacy mechanism was designed for transmission of parameters in federated learning.Secondly, a performance loss constraint mechanism for federated learning was proposed and designed to reduce the performance loss of local differential privacy federated model by optimizing the constraint range of the loss function.Finally, the effectiveness of proposed LDP-FL approach was verified by comparative experiments on MNIST and Fashion MNIST datasets.

Chun Liu,Youliang Tian,Jinchuan Tang,Shuping Dang,Gaojie Chen

DOI: https://doi.org/10.1016/j.eswa.2023.120266

IF: 8.5

2023-05-03

Expert Systems with Applications

Abstract:Local differential privacy federated learning (LDP-FL) is a framework to achieve high local data privacy protection while training the model in a decentralized environment. Currently, LDP-FL's trainings are suffering from efficiency problems due to many existing researches combine LDP and FL without looking deep into the relationships between the two most important parameters, i.e., privacy budget for privacy protection and gradients for model training. In this work, we propose a novel LDP-FL under multi-privacy regimes to combat the above problems. Firstly, unlike the existing multiple privacy regimes-based LDP-FL to compute the non-unbiased global gradient, we propose an unbiased mean estimator using maximum likelihood estimation (MLE) to obtain small variance global gradients with a higher training accuracy. Secondly, to improve the efficiency of model training for multi-privacy scenarios, we design two different dynamic privacy budget allocation approaches for users to choose from. The first approach allocates the privacy budget based on the training model's accuracy, and the second approach's privacy budget grows linearly, avoiding the computational effort caused by the comparison operation. Finally, since directly perturbing the high-dimensional local gradients in traditional methods would lead to considerable utility loss, we propose a layered dimension selection strategy by randomly selecting the layers of gradients that take part in the noise perturbation while others remain untouched. In simulations using the handwritten MNIST and Fashion-MNIST datasets, we compare our framework with the traditional LDP-FL, simple personalized mean estimation (S-PME), and PLU-FedOA. The results demonstrate the training efficiency of our framework.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Shuhong Chen,Jiawei Yang,Guojun Wang,Zijia Wang,Haojie Yin,Yinglin Feng

DOI: https://doi.org/10.1016/j.sysarc.2024.103067

IF: 5.836

2024-01-28

Journal of Systems Architecture

Abstract:Privacy preserving is a severe challenge in machine learning and artificial intelligence. Recently, many works have been devoted to solving this problem by proposing various federated learning frameworks and introducing local differential privacy. However, applying local differential privacy to federated learning has lower utility after perturbing the parameters. Therefore, to improve the accuracy and communication efficiency of the model while having strict privacy preserving, we propose CLFLDP, a communication-efficient layer clipping federated learning model with differential privacy preserving. First, a novel adaptive privacy budget allocation scheme is proposed to allocate the privacy budget based on the communication rounds and client relevance which can reduce the loss of privacy budget and the size of model noise. Second, a layer-based top k parameter selection method and aggregation scheme are proposed. The communication cost of the system is reduced by uploading layers with higher client-side relevance and excluding layers with lower relevance. Therefore, the proposed framework can achieve better balance between privacy preserving, communication efficiency and model accuracy of federated learning. Theoretical analysis and experiments on various commonly used image datasets demonstrate the superiority of our framework over the state-of-the-art federated learning frameworks.

computer science, software engineering, hardware & architecture

Xicong Shen,Ying Liu,Zhaoyang Zhang

DOI: https://doi.org/10.1109/jiot.2022.3189361

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL), which enables multiple distributed devices (clients) to collaboratively train a global model without transmitting their private data, has attracted much attention in the Internet of Things (IoT) domain. Compared with centralized learning, FL has obvious privacy advantages because it can protect the clients’ raw data from direct access by adversaries. Furthermore, to prevent the adversaries from inferring private information from the transmitted parameters, several FL algorithms based on differential privacy (DP) have been proposed, where the clients add artificial noise to their local parameters for privacy protection. Nevertheless, the added noise would disrupt the learning process and degrade the performance of the trained model. Considering this, in this article, we develop a performance-enhanced DP-based FL (PEDPFL) algorithm, where a classifier-perturbation regularization method is proposed to improve the robustness of the trained model against DP-injected noise. We derive the theoretical privacy and convergence analysis of the proposed algorithm, and also demonstrate the influence of some hyperparameters on the convergence performance. Simulation results on real-world data sets show that the proposed algorithm has better classification performance than the existing DP-based FL algorithms at the same level of privacy protection, and thus, it is more applicable to IoT applications.

Wenjun Qian,Qingni Shen,Xiaoyi Chen,Cong Li,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1093/comjnl/bxae081

2024-01-01

Abstract:Federated learning (FL) as a privacy-preserving technology enables multiple clients to collaboratively train models on decentralized data. However, transmitting model parameters between local clients and the central server can potentially result in information leakage. Differentially private federated learning (DPFL) has emerged as a promising solution to enhance privacy. Nevertheless, existing DPFL schemes suffer from two issues: (i) most schemes that aim to achieve desired model accuracy may incur a high privacy budget. (ii) several schemes that consider the trade-off between privacy and accuracy by utilizing linear clipping bound may distort numerous model parameters. In this paper, we first propose FDP-FL, a flexible differential privacy approach for FL. FDP-FL introduces a novel series sum privacy budget allocation instead of uniform allocation and enables adaptive and nonlinear noise scale decay. In this way, a tight bound for cumulative privacy loss can be achieved while optimizing model accuracy. Then in order to mitigate gradient leakages caused by honest-but-curious clients and server, we further design client-level FDP-FL and record-level FDP-FL, respectively. Experimental results demonstrate that our FDP-FL improves model accuracy by $\sim $13.3% compared with the basic DP-FL under a fixed privacy budget and outperforms existing trade-off schemes with the same hyperparameter setting.

Lu Shi,Jiangang Shu,Weizhe Zhang,Yang Liu

DOI: https://doi.org/10.1109/globecom46510.2021.9685644

2021-01-01

Abstract:Federated learning (FL) is a framework of distributed machine learning, which aims to protect data privacy by transferring parameters instead of private data from local clients. Compared with the typical cloud-client architecture, applying FL on a cloud-edge-client hierarchical architecture could train the model faster and achieve better communication-computation trade-offs. However, hierarchical federated learning (HFL) still suffers from privacy leakage by analyzing uploaded parameters from clients or edge servers. To address this problem, we propose a privacy-preserving scheme based on the theory of local differential privacy (LDP), where adding the noise to the shared model parameters before uploading them to edge and cloud servers. According to our analysis by the moment accounting, the proposed algorithm can realize the strict differential privacy guarantee for the layers of clients and edge servers with adjustable privacy protection levels. We evaluate its performance based on the image classification tasks, and the result demonstrates that our theoretical analyses are consistent with simulations.

Licheng Lin,Zhouxiang Zhao,Zhaohui Yang,Zhaoyang Zhang

DOI: https://doi.org/10.1109/iccworkshops57953.2023.10283760

2023-01-01

Abstract:In this paper, a joint communication and learning resource allocation design is investigated for differential privacy (DP) based federated learning (FL) over multi-cell networks. In the considered model, each cell serves multiple users and each user transmits its local model plus Gaussian noise to the corresponding serving base station for protecting privacy. Each base station aggregates the received local model and forwards the obtained result to the server for final aggregation. To consider the privacy of the whole system, the problem is formulated as a total DP minimization through optimizing user association, transmit power, DP noise power with considering the convergence, user association, and power control constraints. To solve this problem, an iterative algorithm is proposed through optimizing user association subproblem, power control subproblem, and DP noise power subproblem. Simulation results show the effectiveness of the proposed scheme.

Linghui Zhu,Xinyi Liu,Yiming Li,Xue Yang,Shu-Tao Xia,Rongxing Lu

DOI: https://doi.org/10.1109/jiot.2021.3131258

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) enables data owners to train a global model with shared gradients while keeping private training data locally. However, recent research demonstrated that the adversary may infer private training data of clients from the exchanged local gradients, e.g., having deep leakage from gradients (DLGs). Many existing privacy-preserving approaches take usage of differential privacy (DP) to guarantee privacy. Nevertheless, the widely used privacy budget of DP (e.g., evenly distribution) leads to a sharp decline of model accuracy. To improve the model accuracy, some schemes only consider allocating the privacy budget to the fully connected layers. However, we reveal that the adversary may still reconstruct the private training data by adopting the DLG attack with the gradients of convolutional layers. In this article, we propose a fine-grained DP federated learning (DPFL) scheme, which guarantees privacy and remains high model performance simultaneously. Specifically, inspired by the methods that measure the importance of layers in deep learning, we propose a fine-grained method to allocate noise according to the importance value of layers in order to remain high model performance. Besides, we combine an active client selection strategy with DPFL and perform fine-tuning with a public data set on the server to further ensure the model performance. We evaluate DPFL under both independent and identically distributed (i.i.d) and non-i.i.d data settings to show that our method can achieve similar accuracy as the plain FL (e.g., FedAvg). We also demonstrate that our DPFL can resist the DLG attack to verify its privacy guarantee.

Xia Wu,Lei Xu,Liehuang Zhu

DOI: https://doi.org/10.3390/app13074168

2023-01-01

Applied Sciences

Abstract:Federated learning is a distributed machine learning paradigm, which utilizes multiple clients’ data to train a model. Although federated learning does not require clients to disclose their original data, studies have shown that attackers can infer clients’ privacy by analyzing the local models shared by clients. Local differential privacy (LDP) can help to solve the above privacy issue. However, most of the existing federated learning studies based on LDP, rarely consider the diverse privacy requirements of clients. In this paper, we propose an LDP-based federated learning framework, that can meet the personalized privacy requirements of clients. We consider both independent identically distributed (IID) datasets and non-independent identically distributed (non-IID) datasets, and design model perturbation methods, respectively. Moreover, we propose two model aggregation methods, namely weighted average method and probability-based selection method. The main idea, is to weaken the impact of those privacy-conscious clients, who choose relatively small privacy budgets, on the federated model. Experiments on three commonly used datasets, namely MNIST, Fashion-MNIST, and forest cover-types, show that the proposed aggregation methods perform better than the classic arithmetic average method, in the personalized privacy preserving scenario.

Bingzhu Zhu,Shan Chang,Guanghao Liang,Hongzi Zhu,Jie Xu

DOI: https://doi.org/10.1109/iwqos61813.2024.10682944

2024-01-01

Abstract:Federated Learning (FL) enables multiple participants to collaboratively train a globally shared model without the need of explicit data sharing. However, prior research indicates that local model updates released during the federated training may also jeopardize privacy of participants. To address this issue, local differential privacy (LDP) mechanism has been applied to FL systems. LDP provides privacy protection with rigorous mathematical proof by introducing random perturbations, e.g., Gaussian noise, to the released updates, however excessive noise compromises the utility of the updates. In this paper, we propose a novel Correlation-aware Adaptive LDP mechanism, Fed-CAD, for FL, which reduces the required scale of noise by leveraging the temporal correlation between consecutive local model updates belonging to the same participant, without increasing the privacy budgets (risks). We theoretically prove that Fed-CAD satisfies (ε, δ)-LDP as long as the difference between local models is smaller than the differential bound, and analyze the noise variance, a metric of utility. We implement Fed-CAD on image classification FL tasks. Experimental results demonstrate that Fed-CAD significantly outperforms the one-shot LDP baseline.

Junpeng Zhang,Hui Zhu,Fengwei Wang,Yandong Zheng,Zhe Liu,Hui Li

DOI: https://doi.org/10.1016/j.ins.2024.121035

IF: 8.1

2024-01-01

Information Sciences

Abstract:Federated learning (FL), as a distributed machine learning paradigm, essentially promises that multiple parties can jointly train the model collaboratively without sharing local data. Recent research demonstrates that the adversary can deduce the sensitive data through shared model updates. To protect the data privacy of the participants, differential privacy (DP) is deployed in various FL scenarios due to the lightweight computational overhead. However, the trade-off between the availability and privacy of local models is the fundamental problem that needs to be solved in DP applications. In this paper, we propose a fine-grained and privacy-aware FL framework (iDP-FL) to enable training data and model parameters to satisfy confidentiality while markedly improving the model's prediction accuracy. Specifically, we first design an individualized perturbation noise (IPN) algorithm that adds different artificial noises dependent on the importance of each participant's model weight. Then, we propose a perturbation mechanism on the aggregator side, a DP protection method under the premise of loss function convergence, which prevents the global model parameters from being stolen by malicious adversaries. Moreover, to achieve lightweight protection throughout the learning, we present an advanced bilateral perturbation (ABP) protocol to perform iterative training. Theoretical analysis indicates that iDP-FL provides the DP guarantee, which yields superior prediction accuracy and excellent privacy-preserving with the same privacy level. Finally, extensive experiments conducted on real-world datasets demonstrate that our approach shows significant advantages with limited privacy budgets, especially at small privacy losses.

Kang Wei,Jun Li,Ming Ding,Chuan Ma,Hang Su,Bo Zhang,H. Vincent Poor

2020-01-01

Abstract:As a means of decentralized machine learning, federated learning (FL) has recently drawn considerable attentions. One of the prominent advantages of FL is its capability of preventing clients' data from being directly exposed to external adversaries. Nevertheless, via a viewpoint of information theory, it is still possible for an attacker to steal private information from eavesdropping upon the shared models uploaded by FL clients. In order to address this problem, we develop a novel privacy preserving FL framework based on the concept of differential privacy (DP). To be specific, we first borrow the concept of local DP and introduce a client-level DP (CDP) by adding artificial noises to the shared models before uploading them to servers. Then, we prove that our proposed CDP algorithm can satisfy the DP guarantee with adjustable privacy protection levels by varying the variances of the artificial noises. More importantly, we derive a theoretical convergence upper-bound of the CDP algorithm. Our derived upper-bound reveals that there exists an optimal number of communication rounds to achieve the best convergence performance in terms of loss function values for a given privacy protection level. Furthermore, to obtain this optimal number of communication rounds, which cannot be derived in a closed-form expression, we propose a communication rounds discounting (CRD) method. Compared with the heuristic searching method, our proposed CRD can achieve a much better trade-off between the computational complexity of searching for the optimal number and the convergence performance. Extensive experiments indicate that our CDP algorithm with an optimization on the number of communication rounds using the proposed CRD can effectively improve both the FL training efficiency and FL model quality for a given privacy protection level.

Shuo Wang,Zhengkang Fang,Keke Gai

DOI: https://doi.org/10.1109/cscloud62866.2024.00038

2024-01-01

Abstract:Federated learning realizes distributed machine learning training by sharing the model rather than sharing the local dataset. However, the local dataset may be leaked during model training. While differential privacy techniques can mitigate privacy leakage to some extent, the noise tends to have a significant negative impact on model accuracy. To minimize the impact of noise on model accuracy and protect the privacy of the original data, we propose an Layer-wise Relevance Propagation-based Adaptive Federated Learning (LRPAFL). To ensure local data privacy, we inject adaptive noises that satisfy DP into the training sample according to the correlation between local training data features and the model. Specifically, we set a correlation boundary ct. We only inject an adaptive amount of noise when the correlation between the feature and the model is greater than or equal to ct. Furthermore, to evaluate the performance of our approach, we propose a relationship between privacy budget and accuracy. We theoretically and experimentally analyze the performance of this model. Compared with the baseline method, our method has a better performance and the proposed model reduces the impact of noise on model accuracy while protecting data. For example, compared with the state-of-the-art scheme, the accuracy of RASFL is increased by 2% when $\epsilon=1$

Yinbin Miao,Rongpeng Xie,Xinghua Li,Ximeng Liu,Zhuo Ma,Robert H. Deng

DOI: https://doi.org/10.1145/3564625.3567973

2022-01-01

Abstract:Federated learning (FL) was once considered secure for keeping clients’ raw data locally without relaying on a central server. However, the transmitted model weights or gradients still reveal private information, which can be exploited to launch various inference attacks. Moreover, FL based on deep neural networks is prone to the curse of dimensionality. In this paper, we propose a compressed and privacy-preserving FL scheme in DNN architecture by using Compressive sensing and Adaptive local differential privacy (called as CAFL). Specifically, we first compress the local models by using Compressive Sensing (CS), then adaptively perturb the remaining weights according to their different centers of variation ranges in different layers and their own offsets from corresponding range centers by using Local Differential Privacy (LDP), finally reconstruct the global model almost perfectly by using the reconstruction algorithm of CS. Formal security analysis shows that our scheme achieves ϵ-LDP security and introduces zero bias to estimating average weights. Extensive experiments using MINIST and Fashion-MINIST datasets demonstrate that our scheme with minimum compression ratio 0.05 can reduce the number of parameters by 95%, and with a lower privacy budget ϵ = 1 can improve the accuracy by 80% on MINIST and 12.7% on Fashion-MINIST compared with state-of-the-art schemes.

Chen Wang,Xinkui Wu,Gaoyang Liu,Tianping Deng,Kai Peng,Shaohua Wan

DOI: https://doi.org/10.1016/j.dcan.2021.11.006

IF: 6.348

2021-11-01

Digital Communications and Networks

Abstract:Federated Learning (FL) is a new computing paradigm in privacy-preserving Machine Learning (ML), where the ML model is trained in a decentralized manner by the clients, preventing the server from directly accessing privacy-sensitive data from the clients. Unfortunately, recent advances have shown potential risks for user-level privacy breaches under the cross-silo FL framework. In this paper, we propose addressing the issue by using a three-plane framework to secure the cross-silo FL, taking advantage of the Local Differential Privacy (LDP) mechanism. The key insight here is that LDP can provide strong data privacy protection while still retaining user data statistics to preserve its high utility. Experimental results on three real-world datasets demonstrate the effectiveness of our framework.

telecommunications

Jiawei Yang,Shuhong Chen,Guojun Wang,Zijia Wang,Zhiyong Jie,Muhammad Arif

DOI: https://doi.org/10.1007/s11042-023-16543-y

IF: 2.577

2023-08-31

Multimedia Tools and Applications

Abstract:Federated learning(FL) is a popular distributed machine learning framework which can protect users' private data from being exposed to adversaries. However, related work shows that sensitive private information can still be compromised by analyzing parameters uploaded by clients. Applying differential privacy to federated learning has been a popular privacy-preserving way to achieve strict privacy guarantees in recent years. To reduce the impact of noise, this paper proposes to apply local differential privacy(LDP) to federated learning. We propose a gradient compression federated learning framework based on adaptive local differential privacy budget allocation(GFL-ALDPA). We propose a novel adaptive privacy budget allocation scheme based on communication rounds to reduce the loss of privacy budget and the amount of model noise. It can maximize the limited privacy budget and improve the model accuracy by assigning different privacy budgets to different communication rounds during training. Furthermore, we also propose a gradient compression mechanism based on dimension reduction, which can reduce the communication cost, overall noise size, and loss of the total privacy budget of the model simultaneously to ensure accuracy under a specific privacy-preserving guarantee. Finally, this paper presents the experimental evaluation on the MINIST dataset. Theoretical analysis and experiments demonstrate that our framework can achieve a better trade-off between privacy preservation, communication efficiency, and model accuracy.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Junxu Liu,Jian Lou,Li Xiong,Xiaofeng Meng

DOI: https://doi.org/10.1145/3583780.3615247

2023-01-01

Abstract:The meteoric rise of cross-silo Federated Learning (FL) is due to its ability to mitigate data breaches during collaborative training. To further provide rigorous privacy protection with consideration of the varying privacy requirements across different clients, a privacy-enhanced line of work on personalized differentially private federated learning (PDP-FL) has been proposed. However, the existing solution for PDP-FL [20] assumes the raw privacy budgets of all clients should be collected by the server. These values are then directly utilized to improve the model utility via facilitating the privacy preferences partitioning (i.e., partitioning all clients into multiple privacy groups). It is however non-realistic because the raw privacy budgets can be quite informative and sensitive. In this work, our goal is to achieve PDP-FL without exposing clients' raw privacy budgets by indirectly partitioning the privacy preferences solely based on clients' noisy model updates. The crux lies in the fact that the noisy updates could be influenced by two entangled factors of DP noises and non-IID clients' data, leaving it unknown whether it is possible to uncover privacy preferences by disentangling the two affecting factors. To overcome the hurdle, we systematically investigate the unexplored question of under what conditions can the model updates of clients be primarily influenced by noise levels rather than data distribution. Then, we propose a simple yet effective strategy based on clustering the L2 norm of the noisy updates, which can be integrated into the vanilla PDP-FL to maintain the same performance. Experimental results demonstrate the effectiveness and feasibility of our privacy-budget-agnostic PDP-FL method.