We consider cross-silo federated linear contextual bandit (LCB) problem under differential privacy. In this setting, multiple silos or agents interact with the local users and communicate via a central server to realize collaboration while without sacrificing each user's privacy. We identify two issues in the state-of-the-art algorithm of \cite{dubey2020differentially}: (i) failure of claimed privacy protection and (ii) noise miscalculation in regret bound. To resolve these issues, we take a two-step principled approach. First, we design an algorithmic framework consisting of a generic federated LCB algorithm and flexible privacy protocols. Then, leveraging the proposed framework, we study federated LCBs under two different privacy constraints. We first establish privacy and regret guarantees under silo-level local differential privacy, which fix the issues present in state-of-the-art algorithm. To further improve the regret performance, we next consider shuffle model of differential privacy, under which we show that our algorithm can achieve nearly ``optimal'' regret without a trusted server. We accomplish this via two different schemes -- one relies on a new result on privacy amplification via shuffling for DP mechanisms and another one leverages the integration of a shuffle protocol for vector sum into the tree-based mechanism, both of which might be of independent interest. Finally, we support our theoretical results with numerical evaluations over contextual bandit instances generated from both synthetic and real-life data.
翻译:我们考虑的是不同隐私下的跨筒仓联盟线性线性土匪(LCB)问题。在这个背景下,多个筒仓或代理商与当地用户互动,并通过中央服务器进行交流,以实现协作,而同时又不牺牲每个用户的隐私。我们首先确定以下两个问题:(一) 要求隐私保护的失败,以及(二) 遗憾的误判。为了解决这些问题,我们采取两步原则性原则方法。首先,我们设计一个算法框架,由通用的LCB算法和灵活的隐私协议组成。然后,利用拟议的框架,在两种不同的隐私限制下,我们研究联合的LCBB。我们首先在本地差异隐私的最先进的算法下建立隐私和遗憾的保证。为了进一步改善现状,我们接下来要考虑基于差异性隐私支持的松散模式,在这个模式下,我们算法可以在没有可信任的服务器的情况下实现几乎“阿洛蒂玛”的遗憾。我们通过两种不同的隐私机制完成这一算法。我们通过两种不同的内部机制, 将一个内部机制的LCBCBA 用于另一个内部机制。</s>