Differentially Private Federated Low Rank Adaptation Beyond Fixed-Matrix
This work addresses privacy concerns in federated learning for domain-specific LLM fine-tuning, offering a novel solution to balance privacy and model performance, though it is incremental in the context of existing federated and DP methods.
The paper tackles the privacy leakage risk in federated fine-tuning of large language models using LoRA by proposing FedASK, a differentially private framework that updates both low-rank adapters effectively, achieving consistent performance gains over baselines across various privacy settings and data distributions.
Large language models (LLMs) typically require fine-tuning for domain-specific tasks, and LoRA offers a computationally efficient approach by training low-rank adapters. LoRA is also communication-efficient for federated LLMs when multiple users collaboratively fine-tune a global LLM model without sharing their proprietary raw data. However, even the transmission of local adapters between a server and clients risks serious privacy leakage. Applying differential privacy (DP) to federated LoRA encounters a dilemma: adding noise to both adapters amplifies synthetic noise on the model, while fixing one adapter impairs the learnability of fine-tuning. In this paper, we propose FedASK (Differentially Private Federated Low Rank Adaptation with Double Sketching) , a novel federated LoRA framework to enable effective updating of both low-rank adapters with robust differential privacy. Inspired by randomized SVD, our key idea is a two-stage sketching pipeline. This pipeline first aggregates carefully sketched, privacy-preserving local updates, and then reconstructs the global matrices on the server to facilitate effective updating of both adapters. We theoretically prove FedASK's differential privacy guarantee and its exact aggregation property. Comprehensive experiments demonstrate that FedASK consistently outperforms baseline methods across a variety of privacy settings and data distributions.