Differentially Private Iterative Synchronous Consensus

The iterative consensus problem requires a set of processes or agents with different initial values, to interact and update their states to eventually converge to a common value. Protocols solving iterative consensus serve as building blocks in a variety of systems where distributed coordination is required for load balancing, data aggregation, sensor fusion, filtering, clock synchronization and platooning of autonomous vehicles. In this paper, we introduce the private iterative consensus problem where agents are required to converge while protecting the privacy of their initial values from honest but curious adversaries. Protecting the initial states, in many applications, suffice to protect all subsequent states of the individual participants. First, we adapt the notion of differential privacy in this setting of iterative computation. Next, we present a server-based and a completely distributed randomized mechanism for solving private iterative consensus with adversaries who can observe the messages as well as the internal states of the server and a subset of the clients. Finally, we establish the tradeoff between privacy and the accuracy of the proposed randomized mechanism.

💡 Research Summary

The paper addresses a gap in the literature on distributed coordination by introducing the “private iterative consensus” problem, which requires a set of agents to converge to a common value while guaranteeing the privacy of their initial states against honest‑but‑curious adversaries. The authors first adapt the classic definition of differential privacy to the setting of iterative computation. Instead of adding noise to a single query answer, they inject independent random noise (typically Laplace or Gaussian) into the messages exchanged at every iteration. This ensures that any two neighboring executions—where the only difference is the initial value of a single agent—produce output distributions that differ by at most the prescribed (ε, δ) parameters. By protecting only the initial values, the mechanism automatically shields all subsequent states, because the later updates are deterministic functions of already‑private data.

Two concrete protocols are proposed. The first is a server‑based architecture. Each client adds calibrated noise to its current state and sends the noisy value to a central server. The server aggregates all received values (usually by averaging) to compute a new global estimate, which it then broadcasts back to the clients. The server itself is modeled as an honest‑but‑curious entity that may inspect its internal state and the messages it forwards. To preserve differential privacy even under this threat, the authors compute the sensitivity of the aggregation function (the maximum change in the average caused by a single agent’s input) and scale the noise accordingly.

The second protocol eliminates the central coordinator and operates fully distributed. Agents communicate directly with their neighbors according to a pre‑defined weighted graph. At each synchronous round, an agent i sends x_i(t) + η_i(t) (its current estimate plus independent noise) to each neighbor, receives similarly perturbed values from its neighbors, and updates its own estimate by taking a weighted average of the received messages. The weight matrix is required to be doubly stochastic and to have a spectral gap that guarantees rapid convergence in the absence of noise. The authors also consider a partial‑adversary model in which a subset of agents may be compromised and reveal their internal states; the privacy analysis shows that the overall system still satisfies ε‑differential privacy as long as the noise parameters are chosen uniformly across all agents.

A central contribution of the work is a rigorous privacy‑accuracy trade‑off analysis. The added noise inevitably perturbs the consensus value, leading to a steady‑state bias that scales with the noise magnitude. Using Markov‑chain convergence theory and concentration inequalities, the authors derive an upper bound on the expected deviation of the final consensus from the true average:

  E