pith. sign in

arxiv: 2501.11659 · v1 · pith:NTEFQQKMnew · submitted 2025-01-20 · 💻 cs.CR

BlindFL: Segmented Federated Learning with Fully Homomorphic Encryption

classification 💻 cs.CR
keywords modelblindflwhiledataglobalschemesupdatesaggregation
0
0 comments X
read the original abstract

Federated learning (FL) is a popular privacy-preserving edge-to-cloud technique used for training and deploying artificial intelligence (AI) models on edge devices. FL aims to secure local client data while also collaboratively training a global model. Under standard FL, clients within the federation send model updates, derived from local data, to a central server for aggregation into a global model. However, extensive research has demonstrated that private data can be reliably reconstructed from these model updates using gradient inversion attacks (GIAs). To protect client data from server-side GIAs, previous FL schemes have employed fully homomorphic encryption (FHE) to secure model updates while still enabling popular aggregation methods. However, current FHE-based FL schemes either incur substantial computational overhead or trade security and/or model accuracy for efficiency. We introduce BlindFL, a framework for global model aggregation in which clients encrypt and send a subset of their local model update. With choice over the subset size, BlindFL offers flexible efficiency gains while preserving full encryption of aggregated updates. Moreover, we demonstrate that implementing BlindFL can substantially lower space and time transmission costs per client, compared with plain FL with FHE, while maintaining global model accuracy. BlindFL also offers additional depth of security. While current single-key, FHE-based FL schemes explicitly defend against server-side adversaries, they do not address the realistic threat of malicious clients within the federation. By contrast, we theoretically and experimentally demonstrate that BlindFL significantly impedes client-side model poisoning attacks, a first for single-key, FHE-based FL schemes.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. HADES: Privacy-Preserving Federated Learning via Selective Feature Encryption and Hybrid Model Fusion

    cs.CR 2026-06 unverdicted novelty 6.0

    HADES selectively encrypts privacy-sensitive features identified by PCA in federated learning, trains hybrid encrypted and plaintext networks, and fuses them to match vanilla FL accuracy with reduced overhead and bett...