An Efficient Privacy-Enhanced Federated Learning With Single-Key Homomorphic Encryption

Abstract

As the proliferation of Internet of Things (IoT) devices continues, vast amounts of data are being collected on various end devices. However, uploading these data to the cloud for centralized processing poses significant privacy risks. Federated learning (FL) addresses this issue by sharing model updates instead of raw data, which helps mitigate privacy concerns. Nonetheless, model updates transmitted in plaintext remain vulnerable to inference and reconstruction attacks. While homomorphic encryption (HE) can enhance security, traditional single-key schemes struggle to defend against collusion. Multikey HE schemes introduce substantial computational and communication overhead, making them impractical for resource-constrained IoT environments. In this article, we propose a novel FL framework that integrates single-key HE, elliptic curve cryptography (ECC), and trusted execution environments (TEE) to achieve robust protection against collusion attacks. Specifically, we utilize ECC-based public key encryption to secure HE private key and employ secret sharing to split the ECC private key into multiple subsecrets, which are distributed to edge nodes, ensuring no single party can independently decrypt model updates. Additionally, we delegate the HE private key reconstruction and global model decryption processes to the TEE, and introduce a hash verification mechanism to ensure that only aggregated global model updates can be decrypted. Finally, we provide comprehensive security proofs and extensive experimental results, demonstrating the effectiveness and superiority of the proposed framework.