Federated learning is a kind of distributed machine learning technology to ensure that local data is not compromised when training with big data for machine learning models.However,a series of attacks shows that the adversary can steal private information from machine learning model parameters even if local data is inaccessible.Thus,many privacy threats must be mitigated,since they can arise from the intermediate model parameters transmitted between participants and the aggregator in the training phase or from the finally released aggregated model.Therefore,various privacy-preserving federated learning approaches have emerged,primarily based on cryptography and differential privacy technology.This paper surveys the privacy threats and adversary models that may appear when we publish local models and aggregated model of federated learning.Furthermore,we systematically summarize the related defense technologies and research advances.Finally,we also presents a prospect for the development trend of privacy-preserving federated learning.