Federated learning (FL) enables edge devices to collaboratively train machine learning models, with model communication replacing direct data uploading. While over-the-air model aggregation improves communication efficiency, uploading models to an edge server over wireless networks can pose privacy risks. Differential privacy (DP) is a widely used quantitative technique to measure statistical data privacy in FL. Previous research has focused on over-the-air FL with a single-antenna server, leveraging communication noise to enhance user-level DP. This approach achieves the so-called "free DP" by controlling transmit power rather than introducing additional DP-preserving mechanisms at devices, such as adding artificial noise. In this paper, we study differentially private over-the-air FL over a multiple-input multiple-output (MIMO) fading channel. We show that FL model communication with a multiple-antenna server amplifies privacy leakage as the multiple-antenna server employs separate receive combining for model aggregation and information inference. Consequently, relying solely on communication noise, as done in the multiple-input single-output system, cannot meet high privacy requirements, and a device-side privacy-preserving mechanism is necessary for optimal DP design. We analyze the learning convergence and privacy loss of the studied FL system and propose a transceiver design algorithm based on alternating optimization. Numerical results demonstrate that the proposed method achieves a better privacy-learning trade-off compared to prior work.

翻译：联邦学习使边缘设备能够协作训练机器学习模型，通过模型通信替代直接数据上传。虽然空中模型聚合提升了通信效率，但在无线网络上将模型上传至边缘服务器可能带来隐私风险。差分隐私是联邦学习中一种广泛使用的量化统计数据隐私的技术。以往研究聚焦于单天线服务器的空中联邦学习，利用通信噪声增强用户级差分隐私。该方法通过控制发射功率而非在设备端引入额外差分隐私保护机制（如添加人工噪声）实现所谓"免费差分隐私"。本文研究了多输入多输出（MIMO）衰落信道下的差分隐私空中联邦学习。我们发现，多天线服务器的联邦学习模型通信会放大隐私泄露，因为多天线服务器分别采用接收合并进行模型聚合和信息推断。因此，仅依赖通信噪声（如多输入单输出系统那样）无法满足高隐私要求，最优差分隐私设计需要设备端隐私保护机制。我们分析了所研究联邦学习系统的学习收敛性与隐私损失，并提出了一种基于交替优化的收发机设计算法。数值结果表明，与现有工作相比，所提方法能实现更优的隐私-学习权衡。