Federated Learning Using Fully Homomorphic Encryption

Abstract

Traditional machine learning approaches require centralizing data for training, which raises significant privacy concerns when dealing with sensitive information. Federated learning (FL) addresses this by keeping data local and enabling multiple users to collaboratively train a shared machine learning model. In spite of this, FL remains vulnerable to inference attacks, as sensitive information can still be extracted from the model’s learned parameters. While traditional privacy-enhancing techniques such as di!erential privacy introduce noise to model updates to obscure individual data points, they often present a fundamental trade-o! between privacy and utility. Furthermore, these approaches still carry risks of data leakage if implementation is flawed or adversaries possess sophisticated attack capabilities. To address these limitations, we propose a novel federated learning framework that integrates Homomorphic Encryption and Secret Sharing to provide robust privacy guarantees. Our approach ensures that both raw data and model updates remain confidential throughout the learning process. By enabling computations on encrypted data, our framework allows the aggregation server to perform model updates without ever accessing plaintext information. We evaluate our framework on the CIFAR10 and MNIST handwritten digit classification dataset, demonstrating that it achieves comparable accuracy to traditional FL while providing substantially stronger privacy protections. Performance analysis shows that our approach introduces acceptable computational overhead, making it practical for real-world applications. The framework is especially valuable in sensitive domains such as healthcare, defence, finance, and personal monitoring systems where data confidentiality is paramount. Our contribution advances the state of the art in privacy-preserving machine learning by o!ering a comprehensive solution that maintains utility while providing cryptographic privacy guarantees that protect against both honest-but-curious aggregators and potential adversaries.