Federated Learning with Bayesian Differential Privacy

We consider the problem of reinforcing federated learning with formal privacy guarantees. We propose to employ Bayesian differential privacy, a relaxation of differential privacy for similarly distributed data, to provide sharper privacy loss bounds. We adapt the Bayesian privacy accounting method to the federated setting and suggest multiple improvements for more efficient privacy budgeting at different levels. Our experiments show significant advantage over the state-of-the-art differential privacy bounds for federated learning on image classification tasks, including a medical application, bringing the privacy budget below epsilon = 1 at the client level, and below epsilon = 0.1 at the instance level. Lower amounts of noise also benefit the model accuracy and reduce the number of communication rounds.