Distributed Differentially Private Control Synthesis for Multi-Agent Systems with Metric Temporal Logic Specifications Nasim Baharisangari and Zhe Xu

2025-04-27 0 0 603.28KB 9 页 10玖币
侵权投诉
Distributed Differentially Private Control Synthesis for Multi-Agent
Systems with Metric Temporal Logic Specifications
Nasim Baharisangari and Zhe Xu
Abstract In this paper, we propose a distributed differ-
entially private receding horizon control (RHC) approach for
multi-agent systems (MAS) with metric temporal logic (MTL)
specifications. In the MAS considered in this paper, each agent
privatizes its sensitive information from other agents using a
differential privacy mechanism. In other words, each agent adds
privacy noise (e.g., Gaussian noise) to its output to maintain its
privacy and communicates its noisy output with its neighboring
agents. We define two types of MTL specifications for the
MAS: agent-level specifications and system-level specifications.
Agents should collaborate to satisfy the system-level MTL
specifications with a minimum probability while each agent
must satisfy its own agent-level MTL specifications at the same
time. In the proposed distributed RHC approach, each agent
communicates with its neighboring agents to acquire their noisy
outputs and calculates an estimate of the system-level trajectory.
Then each agent synthesizes its own control inputs such that
the system-level specifications are satisfied with a minimum
probability while the agent-level specifications are also satisfied.
In the proposed optimization formulation of RHC, we directly
incorporate Kalman filter equations to calculate the estimates
of the system-level trajectory, and we use mixed-integer linear
programming (MILP) to encode the MTL specifications as
optimization constraints. Finally, we implement the proposed
distributed RHC approach in a case study.
I. INTRODUCTION
In multi-agent systems (MAS), it is common that agents
collaborate to accomplish different types of system-level
tasks through communication with each other, where the
communication occurs among the agents that are neighbors
[1]. Distributed control of an MAS, in comparison with
centralized control has the advantages of scalability and
fast computing [2] [3] [4] [5]. Furthermore, the central-
ized control can be computationally expensive, and if the
central control unit fails, then the whole system may fail.
In comparison, distributed control has a better potential in
fault tolerance [6]. Distributed control has been used in
many applications such as mobile robots [7] and autonomous
underwater vehicles (AUVs) [8].
In an MAS, it is possible that while the agents are coop-
erating to satisfy system-level tasks through communication,
each agent should protect its sensitive information (e.g.,
actual position state) from its neighboring agents [9]. In such
situations, differential privacy can be employed to protect the
privacy of the agents in an MAS. Differential privacy ensures
that an adversary is not able to deduce an agent’s sensitive
information while allowing decision making on system level
[10] [11] [12]. For dynamical systems (e.g., multi-agent
Nasim Baharisangari and Zhe Xu are with the School for Engineering of
Matter, Transport and Energy, Arizona State University, Tempe, AZ 85287.
{nbaharis, xzhe1}@asu.edu (Corresponding author: Zhe Xu)
systems), differential privacy protects the privacy of each
agent by adding differential privacy noise (e.g., Gaussian
noise) to the trajectories containing sensitive information
such that an adversary is not able to deduce the privatized
trajectories [9].
Metric temporal logic (MTL) can be used to define differ-
ent complicated tasks for an MAS due to being expressive
and human-interpretable [13] [14]. MTL is one type of
temporal logics which is defined over real-valued data in
discrete time domain [15]. In addition, MTL is amenable to
formal analysis, and these advantages make MTL a good
candidate to define complicated tasks, such as collision
avoidance [16], in the form of MTL formulas [17] [18] [19].
In the MAS considered in this paper, the agents collaborate
with each other to satisfy system-level tasks while protecting
their privacy and satisfying their own agent-level tasks at the
same time, where the tasks are defined in the form of MTL
formulas and each agent incorporates differential privacy
to privatize its trajectory containing sensitive information.
For satisfying the system-level tasks, each agent calculates
an estimate of the system-level trajectory. First, each agent
communicates with its neighboring agents to acquire their
noisy outputs. Then, each agent employs Kalman filter to
compute the estimates of the states of its neighboring agents
and use the estimated information to estimate the system
trajectory. In the next step, each agent uses receding horizon
control (RHC) to synthesize control inputs for satisfying the
system-level tasks and the agent-level tasks.
Contributions: We summarize our contributions as follows.
(a) We propose a distributed differentially private receding
horizon control (RHC) formulation for an MAS which is
considered a stochastic dynamic system with MTL specifica-
tions. (b) In the proposed approach, we directly incorporate
Kalman filter equations in the optimization formulation of
RHC to account for the uncertainties stemming from differ-
ential privacy. In the proposed optimization formulation, we
employ a one-step ahead predication of the noisy outputs to
be used in the Kalman filter equations. (c) In the proposed
distributed RHC, by assigning individual tasks in addition to
system-level tasks, we utilize a higher portion of the capacity
of each agent in accomplishing different tasks.
II. PRELIMINARIES
In this section, we explain the notations, definitions, and
concepts that we use in this paper. Table I shows the
important notations that we use in this section and the
following sections.
arXiv:2210.01759v1 [eess.SY] 4 Oct 2022
A. System Dynamics and Features of Multi-Agent Systems
In this paper, an MAS consisting of Zagents moves in
a bounded environment SRD, where Zdenotes the set
of the agents in the MAS, Zdenotes the cardinality of Z,
and D={d1, d2, ..., dD}with Dbeing the cardinality of
the set D. We represent the system dynamics of this MAS
in the finite discrete time domain T={1,2, ..., τ}(where
τN={1,2, ...}) with Eq. (1).
s[t]=As[t1]+Bu[t1],(1)
where s[t]=[(s1[t])T,(s2[t])T, ..., (sZ[t])T]Tis the
vector of the states of the agents in the MAS at time
step tand si[t]=[si,d1[t], si,d2[t], ..., si,dD[t]]T(where
iZ) denotes the state of agent iat time step t;u[t
1]=[(u1[t1])T,(u2[t1])T, ..., (uZ[t1])T]Tis the
vector of the control inputs at time step t1and ui[t1]=
[ui,d1[t1], ui,d2[t1], ..., ui,dD[t1]]Tis the control input
vector of agent iat time step t1, and Aand Bare Z×Z
diagonal time-invariant matrices. The dynamics equation of
agent ican be expressed as si[t]=Aisi[t1]+Biui[t
1], where si[t]Sand ui[t1]U={uuumax}for
all iZand for all tT, and Aiand Birefer to the i-th
row of matrix Aand B, respectively.
Definition 1. We define the system-level trajectory ηas a
function ηTSto denote evolution of the average of
the states of all the agents in the MAS within a finite time
horizon defined in the discrete time domain Tand we define
η[t]=1
Z
Z
i=1
si[t]. We also define the agent-level trajectory
sias a function siTSto denote the evolution of the
state of each agent iwithin a finite time horizon defined in
the discrete time domain T.
In this paper, we represent the topology of the MAS with
an undirected graph Gthat is time-invariant.
Definition 2. We denote an undirected graph by G=(C,E),
where C={c1, c2, ..., cnC}is a finite set of nodes, E=
{e1,2, e1,3, ..., e1,nE, e2,3, ..., enE1,nE}is a finite set of edges,
and nC, nEN={1,2, ...}. In the set of edges E,ei,l
represents the edge that connects the nodes ciand cl.
Each node ciof the undirected graph Grepresents an agent
in the MAS. Each edge ei,l connecting the nodes iand l
represents the fact that agnets iand lare neighbors, i.e.,
agent iand lcommunicate with each other. Hereafter, we
denote the set of the neighboring agents of agent iwith Zi.
Also, we denote the adjacency matrix of the graph Gwith
D.
B. Differential Privacy
In this subsection, we review the theoretical framework of
differential privacy that we use in this paper [20] [21] [9]. To
apply differential privacy to protect the sensitive information
of each agent, we use the “input perturbation” approach, i.e.,
each agent adds noise to its state and then shares its noisy
output with its neighboring agents. Before formalizing the
definition of differential privacy, we explain the preliminary
definitions and notations related to differential privacy.
For a trajectory κi=si[0], si[1], ..., si[t], ..., where
si[t]=κi[t]RDfor all t, we use the `pnorm as
κi`p=
t=1si[t]p
p
1
p
, where .pis the ordinary p-norm
on Rd(dN{0}), and we define the set `d
p={κisi[t]
Rd,κ`p<}. Then, we define the truncation operator PQ
over trajectories κias follows: PQ(κi)=si[t]if tQ; and
P(κi)=0, otherwise. Now, we define the set ˜
`D
2as the set
of sequences of vectors in RDwhose finite truncations are
all in `D
2(p=2and d=D). In other words, κi˜
`D
2if
and only if PQ(κi)`D
2for all QN.
Definition 3. (Adjacency) For a fixed adjacency parameter
νi, the adjacency relation Aνi, for all κi, κ
i˜
`D
2, is defined
as Eq. (2).
Aνi(κi, κ
i)=
1,if κiκ
i`2νi
0,otherwise.(2)
In other words, two trajectories generated by agent iare
adjacent if the `2distance between the two is less or equal
to νi. Differential privacy is expected to make agent is true
trajectory, denoted by κi, indistinguishable from all other
trajectories contained in an `2-ball of radius νicentred at
the true trajectory κi.
We use a probability space (,F,P)in order to state a
formal definition for differential privacy for dynamical sys-
tems which specifies the probabilistic guarantees of privacy.
For the formal definition of differential privacy mechanism
that we explain shortly, we assume that the outputs of the
mechanism is in ˜
`q
2and uses a σ-algebra over ˜
`q
2which is
denoted by Θq
2and the construction of Θq
2is explained in
[22].
Definition 4. ((i, δi)-Differential Privacy for Agent i)With
i>0and δi(0,1
2)for agent i, a mechanism M˜
`D
2×
˜
`q
2is (i, δi)-differentially private if for all adjacent
trajectories κi, κ
i˜
`D
2and for all SΘq
2, we have the
following (Eq. (3)).
P[M(κi)S]eiP[M(κ
i)S]+δi(3)
At each time step t, each agent ioutputs the value Ciyi[t],
where Ciis the i-th row of the Z×Ztime-invariant
diagonal matrix C. At time step t, for protecting the privacy
of agent i, noise must be added to its output yi[t]so an
adversary can not infer agent is trajectory κi[t]from its
output yi[t]. Calibrating the level of noise is done using
“sensitivity” of an agent’s output.
Definition 5. (Sensitivity for Input Perturbation Privacy)
The `2-norm sensitivity of agent is output map is the
greatest distance between two output trajectories ϑi=
yi[0], yi[1], ..., yi[t], ... and ϑ
i=yi[0], yi[1], ..., yi[t], ...
defined as Eq. (4) for κi, κ
i˜
`D
2.
`2ϑi=sup
κi
iCiκiCiκ
i`2(4)
摘要:

DistributedDifferentiallyPrivateControlSynthesisforMulti-AgentSystemswithMetricTemporalLogicSpecicationsNasimBaharisangariandZheXuAbstract—Inthispaper,weproposeadistributeddiffer-entiallyprivaterecedinghorizoncontrol(RHC)approachformulti-agentsystems(MAS)withmetrictemporallogic(MTL)specications.In...

展开>> 收起<<
Distributed Differentially Private Control Synthesis for Multi-Agent Systems with Metric Temporal Logic Specifications Nasim Baharisangari and Zhe Xu.pdf

共9页,预览2页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:9 页 大小:603.28KB 格式:PDF 时间:2025-04-27

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 动力学连接体 力的合成 配电装置 高考理综 全宋诗作者索引 公务员考试
/ 9
评分 收藏
分享
立即下载
客服
关注