Boosting Vertical Federated Learning: Optimizing Paillier Encryption & Model Stability

Background

With the rapid growth of big data, the value of data increases while the risk of leakage also rises. To meet privacy, security, and regulatory requirements, a reasonable machine‑learning framework is needed that allows AI systems to use data efficiently without exposing raw data. Federated learning, which enables parties to jointly train a shared model through encrypted parameter exchange while keeping data locally, addresses the "data usable but invisible" goal.

Policy documents such as the "Guiding Opinions on Promoting the Data Security Industry" emphasize core‑technology breakthroughs, new computing models, and the deployment of privacy‑preserving techniques like secure multi‑party computation, federated learning, and fully homomorphic encryption across sectors such as e‑commerce, telemedicine, online education, and national data‑center infrastructure.

Federated learning is generally divided into three categories based on sample‑space and feature‑space overlap: vertical federated learning (many overlapping samples, few overlapping features), horizontal federated learning (many overlapping features, few overlapping samples), and federated transfer learning (both samples and features have little overlap). This article focuses on vertical federated learning.

Our team implements vertical federated learning to enable data collaboration across departments without moving data, covering framework efficiency optimization, federated algorithm development, and platform‑level integration.

Optimizing and Practicing a Vertical Federated Learning Framework

The typical federated learning workflow includes secure sample alignment and model training (e.g., tree models, neural networks). We adopted Tencent's self‑developed PowerFL framework and optimized secure sample alignment and a partially homomorphic encryption (PHE) scheme to improve overall training efficiency. Model‑stability techniques based on adversarial learning were also federated, and the capabilities were integrated into the WXG machine‑learning platform Adams.

2.1. Optimizations for Vertical Federated Learning

Homomorphic encryption, especially Paillier encryption, is widely used but suffers from low computational efficiency. We optimized the Paillier scheme and the secure sample alignment algorithm (based on k‑out‑of‑n OT), achieving notable performance gains. The following list classifies homomorphic encryption types:

Fully Homomorphic Encryption (FHE) : supports unlimited additions and multiplications.

Somewhat Homomorphic Encryption (SWHE) : supports both operations but only a limited number of times.

Partially Homomorphic Encryption (PHE) : supports either addition or multiplication only.

Paillier Principle Introduction

Proposed in 1999, Paillier is a probabilistic public‑key encryption scheme based on the hardness of the composite residuosity problem. It is additive‑homomorphic and supports scalar multiplication, making it suitable for many privacy‑preserving computations in federated learning.

Key‑pair generation

Randomly select two large primes p and q of equal length.

Compute n = p·q and λ = lcm(p‑1, q‑1).

Choose a random g ∈ Z*_{n²} such that g satisfies the required conditions.

Derive μ = (L(g^λ mod n²))^{-1} mod n.

The public key is (n, g) and the private key is (λ, μ).

Public‑key encryption

Input plaintext m (0 ≤ m < n).

Select random r ∈ Z*_{n}.

Compute ciphertext c = g^m · r^n mod n².

Private‑key decryption

Input ciphertext c.

Compute m = L(c^λ mod n²)·μ mod n.

Ciphertext computation

Homomorphic addition: c₁·c₂ mod n² yields encryption of m₁+m₂.

Homomorphic scalar multiplication: c^k mod n² yields encryption of k·m.

Correctness follows from the properties of the L function and Fermat’s little theorem.

Security relies on the Decisional Composite Residuosity Assumption, which remains intractable for sufficiently large keys.

2.1.2. Paillier Encryption/Decryption Optimizations

We implemented Scheme 3, a variant that selects a generator from a reduced residue subgroup, achieving faster encryption/decryption than the original Scheme 1. Further acceleration (≈4.1×) was obtained by simplifying the modulus exponent via subgroup structure exploitation, as demonstrated on a 320‑bit key.

2.2. Algorithm Development and Business Practice

In many modeling scenarios, label latency can span months, causing distribution drift between training and inference periods. The Population Stability Index (PSI) quantifies this drift; thresholds guide model maintenance actions.

Traditional Modeling Approach

PSI is calculated by comparing expected and actual sample proportions across bins. Values < 0.1 indicate negligible drift, 0.1–0.25 suggest moderate change, and > 0.25 signal significant shift requiring model redevelopment. Features with high PSI are filtered before building the vertical federated model, though aggressive filtering may discard useful information.

Adversarial Learning for Model Stability

Because PSI cannot be directly optimized as a loss, we instead treat the difficulty of predicting the timestamp from the target value as a stability metric. An adversarial architecture combines an encoder (automatic feature derivation), a discriminator (filters unstable features), and a classifier (predicts the target). This joint training improves stability while preserving predictive power, yielding a 5.6% performance gain and reducing PSI to 14% of the baseline.

2.3. Integration into the Machine‑Learning Platform

To make federated learning accessible to other teams, we integrated its capabilities into the WXG platform Adams. Key integration aspects include:

Task Authorization : Each party creates a federated workflow and fills in the counterpart’s node information, enabling mutual task initiation.

Workflow Start/Stop : Previously, both parties had to start tasks manually; now a single party can launch the workflow, and failure of any party automatically stops all related tasks.

Parameter Synchronization : After linking nodes, saving the workflow on one side copies shared parameters to the other parties, preventing configuration mismatches.

Conclusion

We have presented optimizations for vertical federated learning covering secure sample alignment, federated feature engineering, and model training. These improvements have been merged into the PowerFL framework and are applicable to other frameworks. Additionally, federated learning capabilities have been integrated into the Adams platform, facilitating cross‑department data collaboration while preserving privacy.

Privacy computing remains a challenging field; we are recruiting talent to explore advanced techniques and unlock new value from data.

References

[1] Shafi G, Silvio M. Probabilistic encryption & how to play mental poker keeping secret all partial information. Proceedings of the 14th Annual ACM Symposium on Theory of Computing, 1982.

[2] ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985.

[3] Paillier P. Public‑key cryptosystems based on composite degree residuosity classes. International Conference on the Theory and Applications of Cryptographic Techniques, 1999.

[4] Boneh D, Goh E J, Nissim K. Evaluating 2‑DNF formulas on ciphertexts. Theory of Cryptography Conference, 2005.

[5] Ma H, Han S, Lei H. Optimized Paillier’s cryptosystem with fast encryption and decryption. Annual Computer Security Applications Conference, 2021.

[6] Yurdakul B. Statistical properties of population stability index. Western Michigan University, 2018.

[7] Ganin Y, Ustinova E, Ajakan H, et al. Domain‑adversarial training of neural networks. Journal of Machine Learning Research, 2016.