Federated Learning and Secure Multi‑Party Computation: Concepts, Security Challenges, and Practical Solutions

Federated learning (FL) was introduced by Google in 2016 to enable distributed model training on Android devices without collecting raw user data, preserving privacy by transmitting only model updates (gradients) to a central server.

Google’s FL targets massive numbers of mobile devices (horizontal FL), whereas domestic implementations focus on cross‑silo scenarios involving a few institutions (vertical FL) that jointly train models on complementary feature sets.

The security challenges of FL include potential leakage of raw data from gradients, especially when participants are few, and the difficulty of aligning samples in vertical FL without exposing user identities.

Google mitigates these risks using differential privacy (adding noise to gradients) and secure aggregation (aggregating encrypted gradients so the server cannot see individual contributions), though both approaches can degrade model accuracy.

In cross‑silo FL, additional threats arise: limited participant numbers enable gradient‑based attacks, and vertical data partitioning requires secure sample alignment and handling of unlabeled parties.

Secure Multi‑Party Computation (MPC) offers a cryptographically provable solution: parties secret‑share their data, perform computations on the shared values, and only reveal the final result, ensuring zero leakage of intermediate data.

Using secret sharing, parties can compute functions such as addition, multiplication, and division on encrypted values; the article illustrates this with a step‑by‑step example of secret‑sharing gradients between Alice and Bob.

For vertical FL tasks like Weight of Evidence (WOE) calculation, MPC enables parties to jointly compute positive/negative sample ratios, logarithms, and divisions without revealing raw counts, overcoming the limitations of differential privacy and homomorphic encryption.

Advantages of MPC include eliminating the need for data alignment and providing strong privacy guarantees; however, MPC incurs higher communication overhead and slower performance compared to FL, especially for complex models (e.g., XGBoost).

Despite performance drawbacks, optimized MPC implementations can train logistic regression models on millions of samples within seconds, as demonstrated by the authors’ award‑winning solution in the iDASH competition.

The article concludes that while FL and MPC each have trade‑offs, combining them—using MPC for sensitive vertical collaborations and FL for large‑scale horizontal scenarios—offers a comprehensive toolkit for privacy‑preserving machine learning.