Mitigating Unintended Memorization with LoRA in Federated Learning for LLMs

Thierry Bossy, Julien Vignoud, Tahseen Rabbani, Juan R. Troncoso Pastoriza, Martin Jaggi · Feb 7, 2025 · Citations: 0

Open arXiv Find Implementation RSS feed Shortlist (0)

How to use this page

Provisional trust

This page is a lightweight research summary built from the abstract and metadata while deeper extraction catches up.

Best use

Background context only

What to verify

Read the full paper before copying any benchmark, metric, or protocol choices.

Evidence quality

Provisional

Derived from abstract and metadata only.

Abstract

Federated learning (FL) is a popular paradigm for collaborative training which avoids direct data exposure between clients. However, data privacy issues still remain: FL-trained large language models are capable of memorizing and completing phrases and sentences contained in training data when given their prefixes. Thus, it is possible for adversarial and honest- but-curious clients to recover training data of other participants simply through targeted prompting. In this work, we demonstrate that a popular and simple fine-tuning strategy, low-rank adaptation (LoRA), reduces memorization during FL by a factor of up to 10 without significant performance cost. We study this effect by performing fine-tuning tasks in high-risk domains such as medicine, law, and finance. We observe a reduction in memorization for a wide variety of model families, from 1B to 70B parameters. We find that LoRA can reduce memorization in centralized learning as well, and we compare how the memorization patterns differ. Furthermore, we study the effect of hyperparameters and show that LoRA can be combined with other privacy-preserving techniques such as gradient clipping and Gaussian noise, secure aggregation, and Goldfish loss to further improve record-level privacy while maintaining performance.

Abstract-only analysis — low confidence

All signals on this page are inferred from the abstract only and may be inaccurate. Do not use this page as a primary protocol reference.

This page is still relying on abstract and metadata signals, not a fuller protocol read.

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub

Should You Rely On This Paper?

Signal extraction is still processing. This page currently shows metadata-first guidance until structured protocol fields are ready.

Best use

Background context only

Use if you need

A provisional background reference while structured extraction finishes.

Main weakness

This page is still relying on abstract and metadata signals, not a fuller protocol read.

Trust level

Provisional

Usefulness score

Unavailable

Eval-fit score is unavailable until extraction completes.

Human Feedback Signal

Not explicit in abstract metadata

Evaluation Signal

Weak / implicit signal

Usefulness for eval research

Provisional (processing)

Extraction confidence 0%

If you are doing eval pipeline work, start here:

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub Tool-Use Eval Hub

What We Could Verify

These are the protocol signals we could actually recover from the available paper metadata. Use them to decide whether this paper is worth deeper reading.