Enabling Privacy-preserving Model Evaluation in Federated Learning via Fully Homomorphic Encryption

• URL: http://arxiv.org/abs/2403.14428v2
• Date: Mon, 11 Aug 2025 12:36:27 GMT
• Title: Enabling Privacy-preserving Model Evaluation in Federated Learning via Fully Homomorphic Encryption
• Authors: Cem Ata Baykara, Ali Burak Ünal, Mete Akgün,
• Abstract summary: Federated learning has become increasingly widespread due to its ability to train models collaboratively without centralizing sensitive data.<n>The evaluation phase presents significant privacy risks that have not been adequately addressed in the literature.<n>We propose a novel evaluation method that leverages fully homomorphic encryption.
• Score: 1.9662978733004604
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Federated learning has become increasingly widespread due to its ability to train models collaboratively without centralizing sensitive data. While most research on FL emphasizes privacy-preserving techniques during training, the evaluation phase also presents significant privacy risks that have not been adequately addressed in the literature. In particular, the state-of-the-art solution for computing the area under the curve (AUC) in FL systems employs differential privacy, which not only fails to protect against a malicious aggregator but also suffers from severe performance degradation on smaller datasets. To overcome these limitations, we propose a novel evaluation method that leverages fully homomorphic encryption. To the best of our knowledge, this is the first work to apply FHE to privacy-preserving model evaluation in federated learning while providing verifiable security guarantees. In our approach, clients encrypt their true-positive and false-positive counts based on predefined thresholds and submit them to an aggregator, which then performs homomorphic operations to compute the global AUC without ever seeing intermediate or final results in plaintext. We offer two variants of our protocol: one secure against a semi-honest aggregator and one that additionally detects and prevents manipulations by a malicious aggregator. Besides providing verifiable security guarantees, our solution achieves superior accuracy across datasets of any size and distribution, eliminating the performance issues faced by the existing state-of-the-art method on small datasets and its runtime is negligibly small and independent of the test-set size. Experimental results confirm that our method can compute the AUC among 100 parties in under two seconds with near-perfect (99.93%) accuracy while preserving complete data privacy.

Related papers

• Privacy-Preserving Federated Learning with Verifiable Fairness Guarantees [0.0]
  Federated learning enables collaborative model training across distributed institutions without centralizing sensitive data.<n>This paper introduces CryptoFair-FL, a novel cryptographic framework providing the first verifiable fairness guarantees for federated learning systems.
  arXiv  Detail & Related papers  (2026-01-18T15:06:30Z)
• Perfectly-Private Analog Secure Aggregation in Federated Learning [51.61616734974475]
  In federated learning, multiple parties train models locally and share their parameters with a central server, which aggregates them to update a global model.<n>In this paper, a novel secure parameter aggregation method is proposed that employs the torus rather than a finite field.
  arXiv  Detail & Related papers  (2025-09-10T15:22:40Z)
• Efficient Machine Unlearning via Influence Approximation [75.31015485113993]
  Influence-based unlearning has emerged as a prominent approach to estimate the impact of individual training samples on model parameters without retraining.<n>This paper establishes a theoretical link between memorizing (incremental learning) and forgetting (unlearning)<n>We introduce the Influence Approximation Unlearning algorithm for efficient machine unlearning from the incremental perspective.
  arXiv  Detail & Related papers  (2025-07-31T05:34:27Z)
• Private Aggregation for Byzantine-Resilient Heterogeneous Federated Learning [5.2086628085326065]
  We propose a multi-stage method encompassing a careful co-design of verifiable secret sharing, secure aggregation, and a tailored symmetric private information retrieval scheme.<n>We evaluate the effectiveness of our scheme on a variety of attacks and show how it outperforms the previously known techniques.
  arXiv  Detail & Related papers  (2025-06-11T15:42:18Z)
• Benchmarking Federated Machine Unlearning methods for Tabular Data [9.30408906787193]
  Machine unlearning enables a model to forget specific data upon request.<n>This paper presents a pioneering study on benchmarking machine unlearning methods within a federated setting.<n>We explore unlearning at the feature and instance levels, employing both machine learning, random forest and logistic regression models.
  arXiv  Detail & Related papers  (2025-04-01T15:53:36Z)
• Federated Learning with Differential Privacy: An Utility-Enhanced Approach [12.614480013684759]
  Federated learning has emerged as an attractive approach to protect data privacy by eliminating the need for sharing clients' data.<n>Recent studies have shown that federated learning alone does not guarantee privacy, as private data may still be inferred from the uploaded parameters to the central server.<n>We present a modification to these vanilla differentially private algorithms based on a Haar wavelet transformation step and a novel noise injection scheme that significantly lowers the bound of the noise variance.
  arXiv  Detail & Related papers  (2025-03-27T04:48:29Z)
• Towards Privacy-Preserving Data-Driven Education: The Potential of Federated Learning [0.0]
  This paper presents an experimental evaluation of federated learning for educational data prediction. Our findings indicate that federated learning achieves comparable predictive accuracy. Under adversarial attacks, federated learning demonstrates greater resilience compared to non-federated settings.
  arXiv  Detail & Related papers  (2025-03-16T14:37:32Z)
• Privacy-Preserved Automated Scoring using Federated Learning for Educational Research [1.2556373621040728]
  This study proposes a federated learning framework for automatic scoring in educational assessments. Student responses are processed locally on edge devices, and only optimized model parameters are shared with a central aggregation server. We evaluate our framework using assessment data from nine middle schools, comparing the accuracy of federated learning-based scoring models with traditionally trained centralized models.
  arXiv  Detail & Related papers  (2025-03-12T19:06:25Z)
• FedEM: A Privacy-Preserving Framework for Concurrent Utility Preservation in Federated Learning [17.853502904387376]
  Federated Learning (FL) enables collaborative training of models across distributed clients without sharing local data, addressing privacy concerns in decentralized systems.<n>We propose Federated Error Minimization (FedEM), a novel algorithm that incorporates controlled perturbations through adaptive noise injection.<n> Experimental results on benchmark datasets demonstrate that FedEM significantly reduces privacy risks and preserves model accuracy, achieving a robust balance between privacy protection and utility preservation.
  arXiv  Detail & Related papers  (2025-03-08T02:48:00Z)
• Communication-Efficient and Privacy-Adaptable Mechanism for Federated Learning [54.20871516148981]
  We introduce the Communication-Efficient and Privacy-Adaptable Mechanism (CEPAM)<n>CEPAM achieves communication efficiency and privacy protection simultaneously.<n>We theoretically analyze the privacy guarantee of CEPAM and investigate the trade-offs among user privacy and accuracy of CEPAM.
  arXiv  Detail & Related papers  (2025-01-21T11:16:05Z)
• DWFL: Enhancing Federated Learning through Dynamic Weighted Averaging [2.499907423888049]
  We propose a deep feed-forward neural network-based enhanced federated learning method for protein sequence classification. We introduce dynamic weighted federated learning (DWFL) which is a federated learning-based approach. We conduct experiments using real-world protein sequence datasets to assess the effectiveness of DWFL.
  arXiv  Detail & Related papers  (2024-11-07T20:24:23Z)
• Benchmarking Vision Language Model Unlearning via Fictitious Facial Identity Dataset [94.13848736705575]
  We introduce Facial Identity Unlearning Benchmark (FIUBench), a novel VLM unlearning benchmark designed to robustly evaluate the effectiveness of unlearning algorithms. We apply a two-stage evaluation pipeline that is designed to precisely control the sources of information and their exposure levels. Through the evaluation of four baseline VLM unlearning algorithms within FIUBench, we find that all methods remain limited in their unlearning performance.
  arXiv  Detail & Related papers  (2024-11-05T23:26:10Z)
• FEDLAD: Federated Evaluation of Deep Leakage Attacks and Defenses [50.921333548391345]
  Federated Learning is a privacy preserving decentralized machine learning paradigm. Recent research has revealed that private ground truth data can be recovered through a gradient technique known as Deep Leakage. This paper introduces the FEDLAD Framework (Federated Evaluation of Deep Leakage Attacks and Defenses), a comprehensive benchmark for evaluating Deep Leakage attacks and defenses.
  arXiv  Detail & Related papers  (2024-11-05T11:42:26Z)
• Pseudo-Probability Unlearning: Towards Efficient and Privacy-Preserving Machine Unlearning [59.29849532966454]
  We propose PseudoProbability Unlearning (PPU), a novel method that enables models to forget data to adhere to privacy-preserving manner. Our method achieves over 20% improvements in forgetting error compared to the state-of-the-art.
  arXiv  Detail & Related papers  (2024-11-04T21:27:06Z)
• PriRoAgg: Achieving Robust Model Aggregation with Minimum Privacy Leakage for Federated Learning [49.916365792036636]
  Federated learning (FL) has recently gained significant momentum due to its potential to leverage large-scale distributed user data.<n>The transmitted model updates can potentially leak sensitive user information, and the lack of central control of the local training process leaves the global model susceptible to malicious manipulations on model updates.<n>We develop a general framework PriRoAgg, utilizing Lagrange coded computing and distributed zero-knowledge proof, to execute a wide range of robust aggregation algorithms while satisfying aggregated privacy.
  arXiv  Detail & Related papers  (2024-07-12T03:18:08Z)
• An Empirical Study of Efficiency and Privacy of Federated Learning Algorithms [2.994794762377111]
  In today's world, the rapid expansion of IoT networks and the proliferation of smart devices have resulted in the generation of substantial amounts of heterogeneous data. To handle this data effectively, advanced data processing technologies are necessary to guarantee the preservation of both privacy and efficiency. Federated learning emerged as a distributed learning method that trains models locally and aggregates them on a server to preserve data privacy.
  arXiv  Detail & Related papers  (2023-12-24T00:13:41Z)
• Exploring Federated Unlearning: Analysis, Comparison, and Insights [101.64910079905566]
  federated unlearning enables the selective removal of data from models trained in federated systems. This paper examines existing federated unlearning approaches, examining their algorithmic efficiency, impact on model accuracy, and effectiveness in preserving privacy. We propose the OpenFederatedUnlearning framework, a unified benchmark for evaluating federated unlearning methods.
  arXiv  Detail & Related papers  (2023-10-30T01:34:33Z)
• Theoretically Principled Federated Learning for Balancing Privacy and Utility [61.03993520243198]
  We propose a general learning framework for the protection mechanisms that protects privacy via distorting model parameters. It can achieve personalized utility-privacy trade-off for each model parameter, on each client, at each communication round in federated learning.
  arXiv  Detail & Related papers  (2023-05-24T13:44:02Z)
• LAVA: Data Valuation without Pre-Specified Learning Algorithms [20.578106028270607]
  We introduce a new framework that can value training data in a way that is oblivious to the downstream learning algorithm. We develop a proxy for the validation performance associated with a training set based on a non-conventional class-wise Wasserstein distance between training and validation sets. We show that the distance characterizes the upper bound of the validation performance for any given model under certain Lipschitz conditions.
  arXiv  Detail & Related papers  (2023-04-28T19:05:16Z)
• Is Vertical Logistic Regression Privacy-Preserving? A Comprehensive Privacy Analysis and Beyond [57.10914865054868]
  We consider vertical logistic regression (VLR) trained with mini-batch descent gradient. We provide a comprehensive and rigorous privacy analysis of VLR in a class of open-source Federated Learning frameworks.
  arXiv  Detail & Related papers  (2022-07-19T05:47:30Z)
• Balanced Self-Paced Learning for AUC Maximization [88.53174245457268]
  Existing self-paced methods are limited to pointwise AUC. Our algorithm converges to a stationary point on the basis of closed-form solutions.
  arXiv  Detail & Related papers  (2022-07-08T02:09:32Z)
• Precision-Weighted Federated Learning [1.8160945635344528]
  We propose a novel algorithm that takes into account the variance of the gradients when computing the weighted average of the parameters of models trained in a Federated Learning setting. Our method was evaluated using standard image classification datasets with two different data partitioning strategies (IID/non-IID) to measure the performance and speed of our method in resource-constrained environments.
  arXiv  Detail & Related papers  (2021-07-20T17:17:10Z)
• Can Active Learning Preemptively Mitigate Fairness Issues? [66.84854430781097]
  dataset bias is one of the prevailing causes of unfairness in machine learning. We study whether models trained with uncertainty-based ALs are fairer in their decisions with respect to a protected class. We also explore the interaction of algorithmic fairness methods such as gradient reversal (GRAD) and BALD.
  arXiv  Detail & Related papers  (2021-04-14T14:20:22Z)
• On Deep Learning with Label Differential Privacy [54.45348348861426]
  We study the multi-class classification setting where the labels are considered sensitive and ought to be protected. We propose a new algorithm for training deep neural networks with label differential privacy, and run evaluations on several datasets.
  arXiv  Detail & Related papers  (2021-02-11T15:09:06Z)
• Federated Doubly Stochastic Kernel Learning for Vertically Partitioned Data [93.76907759950608]
  We propose a doubly kernel learning algorithm for vertically partitioned data. We show that FDSKL is significantly faster than state-of-the-art federated learning methods when dealing with kernels.
  arXiv  Detail & Related papers  (2020-08-14T05:46:56Z)
• SPEED: Secure, PrivatE, and Efficient Deep learning [2.283665431721732]
  We introduce a deep learning framework able to deal with strong privacy constraints. Based on collaborative learning, differential privacy and homomorphic encryption, the proposed approach advances state-of-the-art.
  arXiv  Detail & Related papers  (2020-06-16T19:31:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.