Integrating Fully Homomorphic Encryption with Federated Learning: Methods, Recent Advances, and Future Directions

Introduction – The talk, presented by Dr. Lu Wenjie from Alibaba and edited by Huang Weicong (Nanjing University), introduces the intersection of fully homomorphic encryption (FHE) and federated learning (FL), covering privacy concerns, technical foundations, recent progress, and research outlook.

01. Federated Learning and Privacy Protection

Federated learning originates from large‑scale distributed training on edge devices, where each data owner (DO) computes local gradients ∇_i θ and sends them to a Parameter Server (PS) that aggregates them into a global model update θ ← Σ∇_i θ . The core idea is to keep raw data on‑device and exchange only minimal information (e.g., gradients). The article raises three privacy‑related questions: what information can be exchanged, which intermediate values may be revealed to the PS, and how to securely collect and exchange these values.

Various privacy levels are compared: baseline (PS sees local gradients), FL‑plus (PS sees only global gradients), distributed secure computation (PS sees nothing), and distributed FHE (multiple DOs jointly generate a public key, preventing any single party from learning others' data). The discussion then focuses on how homomorphic encryption can enable secure collection and exchange of gradients.

02. Fully Homomorphic Encryption and Federated Learning

Two types of homomorphic encryption are described. Additive HE (e.g., Paillier) supports only ciphertext addition, is easy to implement, but suffers from high latency for large‑scale operations and cannot handle non‑linear functions such as sigmoid. Fully homomorphic encryption (FHE) based on lattice‑based schemes (BFV, CKKS) supports both addition and multiplication, offering higher throughput at the cost of larger latency. By designing algorithms that exploit FHE, one can achieve performance comparable to or better than additive HE while enabling richer computations.

An example shows FATE’s logistic‑regression training on heterogeneous data: matrix‑vector multiplication under HE can take 1.5 hours for a 4096×4096 matrix, whereas a custom FPGA implementation speeds this up 10×, and the proposed FHE‑based method reduces the same operation to under 2 seconds (a 10³‑fold improvement).

The article then proposes an FHE‑based federated computation model where a master DO generates a key pair, other DOs encrypt their data and upload ciphertexts, and the PS performs all computations on ciphertexts, returning only the final encrypted result to the master for decryption. Experiments on MNIST (11k × 197 features) and the Abalone dataset demonstrate training times of ~200 s/epoch and ~15 s/epoch respectively on an 8‑core CPU.

03. POSEIDON: Distributed FHE for Federated Learning

POSEIDON extends single‑key FHE by having each DO generate a share of the secret key, collaboratively forming a public key and jointly decrypting, which mitigates collusion risks. In a distributed mode, only ciphertext gradients are exchanged, preserving data locality. The system also supports key‑rotation via proxy re‑encryption, allowing a third party to hold a refreshed key without participating in the original key generation.

Experimental results from the POSEIDON paper show that with 10 DOs training an MLP on 2000 rows, one epoch completes in ~20 seconds.

04. New Advances in Fully Homomorphic Encryption

The PEGASUS framework enhances FHE by enabling direct evaluation of non‑linear functions on ciphertexts (e.g., FHE.Enc(σ(x)) ) through input space discretization. While this approach incurs higher computational cost (0.5–1 s per evaluation), it eliminates extra communication rounds required by hybrid MPC‑HE solutions.

Hardware acceleration strategies are discussed to address FHE’s performance bottlenecks: AVX‑512 optimizations can cut NTT latency by ~50 %; GPU implementations achieve ~5 % of CPU runtime; FPGA designs can reduce NTT cost to <1 % of CPU time.

05. Topics and Outlook

The main research challenge is optimizing FHE performance, especially the costly number‑theoretic transform (NTT) operations. Potential solutions include leveraging AVX‑512, GPGPU, and FPGA accelerators. Future visions include offering Federated‑Learning‑as‑a‑Service (FLaaS) where powerful server‑side nodes handle heavy FHE computations while clients only perform key generation and encryption, possibly using PEGASUS for non‑linear operations.

Q&A Session

Questions addressed include the implementation of Alibaba’s FHE (based on Microsoft SEAL with performance optimizations), comparisons between fully and partially homomorphic encryption in FATE, network overhead of encrypted data transmission, and handling of non‑linear functions such as sigmoid, logarithm, and division within FHE.

The presentation concludes with thanks and an invitation to join the DataFunTalk community for further discussion.