To address the privacy-utility trade-off in differentially private LoRA fine-tuning of large language models (LLMs) within federated learning, this paper proposes FedASK—the first framework enabling joint differential privacy protection for two low-rank adapters. Its core innovation is a two-stage randomized SVD sketching mechanism: local adapters are first compressed via low-rank approximation and jointly perturbed; then, the server reconstructs them losslessly without amplifying noise or freezing adapters—overcoming limitations of conventional one-sided noise injection. FedASK provides rigorous ε-differential privacy guarantees and bounded aggregation error. Experiments demonstrate that FedASK significantly outperforms baselines under heterogeneous data distributions and varying privacy budgets, achieving superior fine-tuning performance, faster convergence, and enhanced generalization—all while preserving model utility.

Large language models (LLMs) typically require fine-tuning for domain-specific tasks, and LoRA offers a computationally efficient approach by training low-rank adapters. LoRA is also communication-efficient for federated LLMs when multiple users collaboratively fine-tune a global LLM model without sharing their proprietary raw data. However, even the transmission of local adapters between a server and clients risks serious privacy leakage. Applying differential privacy (DP) to federated LoRA encounters a dilemma: adding noise to both adapters amplifies synthetic noise on the model, while fixing one adapter impairs the learnability of fine-tuning. In this paper, we propose FedASK (Differentially Private Federated Low Rank Adaptation with Double Sketching) , a novel federated LoRA framework to enable effective updating of both low-rank adapters with robust differential privacy. Inspired by randomized SVD, our key idea is a two-stage sketching pipeline. This pipeline first aggregates carefully sketched, privacy-preserving local updates, and then reconstructs the global matrices on the server to facilitate effective updating of both adapters. We theoretically prove FedASK's differential privacy guarantee and its exact aggregation property. Comprehensive experiments demonstrate that FedASK consistently outperforms baseline methods across a variety of privacy settings and data distributions.