TY - GEN
T1 - Unveiling the (in)Security of Threshold FHE-Based Federated Learning
T2 - 38th IEEE Computer Security Foundations Symposium, CSF 2025
AU - Bendoukha, Adda Akram
AU - Sirdey, Renaud
AU - Boudguiga, Aymen
AU - Kaaniche, Nesrine
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - The security of Fully Homomorphic Encryption (FHE) has received a lot of attention in recent years with new security notions emerging to better understand the practical attacks that may threaten the real-world deployments of passively secure FHE schemes. One such new notions is CPAD a slight extension of CPA security modelling a passive adversary who is granted access to a decryption oracle accepting only well-formed ciphertexts. While successful CPAD attacks have initially been performed on approximate FHE schemes such as CKKS, recent works have also demonstrated practical CPAD attacks on all mainstream non-approximate FHE, such as BFV, BGV or TFHE. Despite their clear computational practicality, these latter attacks however focus on the abstract security game defining CPAD security. In this paper, we show how to concretely build on these to mount successful FHE key recovery attacks in the Federated Learning (FL) setting, an application scenario of choice for FHE techniques. In FL, participating entities or workers encrypt successive model updates based on their local training data, enabling a central server to aggregate them in order to homomorphically update a global model. As this paper demonstrates, this environment provides a playground for an attacker to launch key recovery attacks against the FHE underlying the secure aggregation mechanism. As such, our findings reveal substantial stealthy key-recovery threats from both the server and a single worker, with very limited impact on the FL training progression or final model quality.
AB - The security of Fully Homomorphic Encryption (FHE) has received a lot of attention in recent years with new security notions emerging to better understand the practical attacks that may threaten the real-world deployments of passively secure FHE schemes. One such new notions is CPAD a slight extension of CPA security modelling a passive adversary who is granted access to a decryption oracle accepting only well-formed ciphertexts. While successful CPAD attacks have initially been performed on approximate FHE schemes such as CKKS, recent works have also demonstrated practical CPAD attacks on all mainstream non-approximate FHE, such as BFV, BGV or TFHE. Despite their clear computational practicality, these latter attacks however focus on the abstract security game defining CPAD security. In this paper, we show how to concretely build on these to mount successful FHE key recovery attacks in the Federated Learning (FL) setting, an application scenario of choice for FHE techniques. In FL, participating entities or workers encrypt successive model updates based on their local training data, enabling a central server to aggregate them in order to homomorphically update a global model. As this paper demonstrates, this environment provides a playground for an attacker to launch key recovery attacks against the FHE underlying the secure aggregation mechanism. As such, our findings reveal substantial stealthy key-recovery threats from both the server and a single worker, with very limited impact on the FL training progression or final model quality.
KW - federated learning
KW - fully homomorphic encryption
KW - machine learning privacy
UR - https://www.scopus.com/pages/publications/105014757932
U2 - 10.1109/CSF64896.2025.00025
DO - 10.1109/CSF64896.2025.00025
M3 - Conference contribution
AN - SCOPUS:105014757932
T3 - Proceedings - IEEE Computer Security Foundations Symposium
SP - 425
EP - 440
BT - Proceedings - 2025 IEEE 38th Computer Security Foundations Symposium, CSF 2025
PB - IEEE Computer Society
Y2 - 16 June 2025 through 20 June 2025
ER -