Federated Learning, as a popular paradigm for collaborative training, is vulnerable against privacy attacks. Different privacy levels regarding users' attitudes need to be satisfied locally, while a strict privacy guarantee for the global model is also required centrally. Personalized Local Differential Privacy (PLDP) is suitable for preserving users' varying local privacy, yet only provides a central privacy guarantee equivalent to the worst-case local privacy level. Thus, achieving strong central privacy as well as personalized local privacy with a utility-promising model is a challenging problem. In this work, a general framework (APES) is built up to strengthen model privacy under personalized local privacy by leveraging the privacy amplification effect of the shuffle model. To tighten the privacy bound, we quantify the heterogeneous contributions to the central privacy user by user. The contributions are characterized by the ability of generating "echos" from the perturbation of each user, which is carefully measured by proposed methods Neighbor Divergence and Clip-Laplace Mechanism. Furthermore, we propose a refined framework (S-APES) with the post-sparsification technique to reduce privacy loss in high-dimension scenarios. To the best of our knowledge, the impact of shuffling on personalized local privacy is considered for the first time. We provide a strong privacy amplification effect, and the bound is tighter than the baseline result based on existing methods for uniform local privacy. Experiments demonstrate that our frameworks ensure comparable or higher accuracy for the global model.

翻译：联邦学习作为一种流行的协作训练范式，容易遭受隐私攻击。本地需要满足用户不同态度下的差异化隐私水平，同时中央还需对全局模型提供严格的隐私保障。个性化本地差分隐私（PLDP）适用于保护用户各异的本地隐私，但其中心隐私保证仅等价于最差情况下的本地隐私水平。因此，在保证强中心隐私与个性化本地隐私的同时获得具有良好效用的模型是一项具有挑战性的问题。本文通过利用混洗模型的隐私放大效应，构建了一个通用框架（APES）以增强个性化本地隐私下的模型隐私。为收紧隐私界限，我们逐用户量化了对中心隐私的异质性贡献。这些贡献通过每个用户扰动生成的"回声"能力来表征，并通过所提出的邻居散度与Clip-Laplace机制进行精确度量。此外，我们提出了结合后稀疏化技术的改进框架（S-APES），以降低高维场景中的隐私损失。据我们所知，这是首次考虑混洗对个性化本地隐私的影响。我们提供了显著的隐私放大效应，且该界限比基于现有统一本地隐私方法的基线结果更为严格。实验表明，我们的框架能确保全局模型具有相当或更高的准确性。