The paper provides major weaknesses, explained below.

Major Weaknesses

The most important weakness is that the paper seems to lack of substantial contributions:

1- In terms of theory, the core of their improvement relies in Lemma 4.6, stating that if the vector $\left(\sum_{i=1}^N \mathcal{A}^{(1)}_i, \dots ,\sum\_{i=1}^N \mathcal{A}^{(S)}_i\right)$ is $(\epsilon, \delta)$-DP then $\sum\_{i=1}^N \sum\_{s=1}^S \mathcal{A}^{(s)}\_i$ is also $(\epsilon, \delta)$-DP. This seems trivial from post-processing. I am not really seeing why the privacy analysis in the current setting (of many local steps) cannot use already existing tools.

This also seems to be the case in Lemmas 4.5 and 4.3, which immediately follow from existing theory and in Theorem 4.7 which is a direct instantiation of Lemma 4.6 mentioned above to the FL setting.

2- The current empirical analysis compares single local step vs multiple local step DPFL+SecAgg. The results are what is already expected when increasing the number of local steps in (cross-silo) FL. Therefore, I find that this comparison does not provide new research insights. If increasing the number local steps in the current setting is not substantially challenging for the privacy analysis (as it is argued above and shown in the paper), a very interesting direction would be to show the full privacy potential of FL+SecAgg in a broader comparison of DPFL techniques. This would make the contribution sufficiently substantial and could include, for example, techniques that rely on shuffling[R3] or FTRL related techniques [R1,R2] in aspects such as communication, computation and accuracy.

Minor

• Page 3: the text between parenthesis "(compare this disagreement of empirical results and theory to the discussion by Mishchenko et al. 2022 on the provable usefulness of local steps in non-DP FL)" is confusing.
• Page 10: "different states have very number of samples ..." $\rightarrow$ "different states have very different number ... "

References

[R1] McMahan, H. Brendan, Zheng Xu, and Yanxiang Zhang. "A Hassle-free Algorithm for Private Learning in Practice: Don't Use Tree Aggregation, Use BLTs." arXiv preprint arXiv:2408.08868 (2024).

[R2] Kairouz, Peter, et al. "Practical and private (deep) learning without sampling or shuffling." International Conference on Machine Learning. PMLR, 2021.

[R3] Ghazi, Badih, et al. "Differentially private aggregation in the shuffle model: Almost central accuracy in almost a single message." International Conference on Machine Learning. PMLR, 2021.

1. The privacy analysis is quite simple and can be derived without difficulty following Definition 4.2, limiting the significance of the work.
2. The paper aims to analyze the privacy budget, but it is not reflected in the experiment set up. The empirical results only show that training with multiple local steps is better than single step, which is apparent from many previous works. An experimental study on privacy auditing to measure the privacy spent is needed to support the main theoretical argument.

• The practical significance of sample-level DP guarantees is hard to judge. Since DP guarantees are quite abstract, it is hard to understand how client-level guarantees differ from sample-level guarantees.
• Theorem 4.7 lacks a comparison with the motivating Section 3.2.
• While Section 5 shows the advantages of several local steps, it does not directly demonstrate the benefit of Theorem 4.7. Specifically, the current experiments conflate two variables: the number of seen examples and the privacy accounting.