While preserving the privacy of federated learning (FL), differential privacy (DP) inevitably degrades the utility (i.e., accuracy) of FL due to model perturbations caused by DP noise added to model updates. Existing studies have considered exclusively noise with persistent root-mean-square amplitude and overlooked an opportunity of adjusting the amplitudes to alleviate the adverse effects of the noise. This paper presents a new DP perturbation mechanism with a time-varying noise amplitude to protect the privacy of FL and retain the capability of adjusting the learning performance. Specifically, we propose a geometric series form for the noise amplitude and reveal analytically the dependence of the series on the number of global aggregations and the $(\epsilon,\delta)$-DP requirement. We derive an online refinement of the series to prevent FL from premature convergence resulting from excessive perturbation noise. Another important aspect is an upper bound developed for the loss function of a multi-layer perceptron (MLP) trained by FL running the new DP mechanism. Accordingly, the optimal number of global aggregations is obtained, balancing the learning and privacy. Extensive experiments are conducted using MLP, supporting vector machine, and convolutional neural network models on four public datasets. The contribution of the new DP mechanism to the convergence and accuracy of privacy-preserving FL is corroborated, compared to the state-of-the-art Gaussian noise mechanism with a persistent noise amplitude.

翻译：差分隐私在保护联邦学习隐私的同时，由于添加到模型更新中的噪声引起的模型扰动，不可避免地会降低联邦学习的效用（即准确性）。现有研究仅考虑了具有恒定均方根振幅的噪声，忽略了通过调节振幅来减轻噪声负面影响的可能性。本文提出了一种具有时变噪声振幅的新型差分隐私扰动机制，以保护联邦学习隐私并保持调节学习性能的能力。具体而言，我们提出噪声振幅的几何级数形式，并解析揭示了该级数与全局聚合次数及$(\epsilon,\delta)$-差分隐私要求之间的依赖关系。我们推导了该级数的在线精化方法，以防止因过度扰动噪声导致联邦学习过早收敛。另一个重要方面是针对采用该新型差分隐私机制训练的多层感知机，建立了其损失函数的上界。据此获得了平衡学习性能与隐私的最优全局聚合次数。采用多层感知机、支持向量机和卷积神经网络模型在四个公开数据集上进行了广泛实验。与采用恒定噪声振幅的先进高斯噪声机制相比，该新型差分隐私机制对隐私保护联邦学习的收敛性和准确性的贡献得到了验证。