To defend the inference attacks and mitigate the sensitive information leakages in Federated Learning (FL), client-level Differentially Private FL (DPFL) is the de-facto standard for privacy protection by clipping local updates and adding random noise. However, existing DPFL methods tend to make a sharper loss landscape and have poorer weight perturbation robustness, resulting in severe performance degradation. To alleviate these issues, we propose a novel DPFL algorithm named DP-FedSAM, which leverages gradient perturbation to mitigate the negative impact of DP. Specifically, DP-FedSAM integrates Sharpness Aware Minimization (SAM) optimizer to generate local flatness models with better stability and weight perturbation robustness, which results in the small norm of local updates and robustness to DP noise, thereby improving the performance. From the theoretical perspective, we analyze in detail how DP-FedSAM mitigates the performance degradation induced by DP. Meanwhile, we give rigorous privacy guarantees with R\'enyi DP and present the sensitivity analysis of local updates. At last, we empirically confirm that our algorithm achieves state-of-the-art (SOTA) performance compared with existing SOTA baselines in DPFL.

翻译：为抵御联邦学习（FL）中的推理攻击并缓解敏感信息泄露，客户端级差分隐私联邦学习（DPFL）通过裁剪本地更新并添加随机噪声，已成为隐私保护的事实标准。然而，现有DPFL方法往往导致更尖锐的损失景观与较差的权重扰动鲁棒性，从而引发严重的性能退化。为缓解这些问题，我们提出一种名为DP-FedSAM的新型DPFL算法，该算法利用梯度扰动来减轻差分隐私带来的负面影响。具体而言，DP-FedSAM结合锐度感知最小化（SAM）优化器生成具有更好稳定性与权重扰动鲁棒性的局部平坦模型，从而减小本地更新范数并增强对DP噪声的鲁棒性，最终提升性能。从理论角度，我们详细分析了DP-FedSAM如何缓解DP引发的性能退化，同时基于Rényi差分隐私给出严格的隐私保证，并提出本地更新的灵敏度分析。最后，实验证实：与现有DPFL最先进基线相比，我们的算法达到了当前最优（SOTA）性能。