As multi-agent systems proliferate and share more and more user data, new approaches are needed to protect sensitive data while still guaranteeing successful operation. To address this need, we present a private multi-agent LQ control framework. We consider problems in which each agent has linear dynamics and the agents are coupled by a quadratic cost. Generating optimal control values for the agents is a centralized operation, and we therefore introduce a cloud computer into the network for this purpose. The cloud is tasked with aggregating agents' outputs, computing control inputs, and transmitting these inputs to the agents, which apply them in their state updates. Agents' state information can be sensitive and we therefore protect it using differential privacy. Differential privacy is a statistical notion of privacy enforced by adding noise to sensitive data before sharing it, and agents will therefore add noise to all data before sending it to the cloud. The result is a private multi-agent LQG framework in which agents' states are protected from both the cloud and other agents. Adding noise to agents' data certainly impacts the performance of the system, and we provide a trade-off between agents' privacy levels and the entropy seen at the cloud as a measure of how difficult it is to compute control values when privacy is enforced. We further characterize this system by bounding the accuracy with which an adversary could predict agents' states by using the differentially private information they share. Simulation results are provided to validate the theoretical developments made.
I. INTRODUCTION
MANY multi-agent systems, such as smart power grids, robotic swarms, and traffic monitoring systems, require agents to exchange information to work together. In some cases, the information shared may be rather sensitive. For example, power consumption data in a smart power grid can expose certain habits, behaviors, and activities of an individual including his or her daily schedule [1]- [5]. Sensitive user data should therefore be protected when it is shared, though of course it must remain useful in multi-agent coordination. Hence, providing privacy in the setting of multi-agent control should protect sensitive data from the recipient of a transmission while still ensuring that transmitted data remains useful to that recipient.Recently, privacy of this form has been achieved using differential privacy. Differential privacy originates in the database literature, and was originally designed to protect sensitive data of individuals when databases are queried