Per-element Secure Aggregation against Data Reconstruction Attacks in Federated Learning

Federated learning (FL) enables collaborative model training without sharing raw data, but individual model updates may still leak sensitive information. Secure aggregation (SecAgg) mitigates this risk by allowing the server to access only the sum of client updates, thereby concealing individual contributions. However, a significant vulnerability has recently attracted increasing attention: when model updates are sparse vectors, a non-zero value contributed by a single client at a given index can be directly revealed in the aggregate, enabling precise data reconstruction attacks. In this paper, we propose a novel enhancement to SecAgg that reveals aggregated values only at indices with at least $t$ non-zero contributions. Our mechanism introduces a per-element masking strategy to prevent the exposure of under-contributed elements, while maintaining modularity and compatibility with many existing SecAgg implementations by relying solely on cryptographic primitives already employed in a typical setup. We integrate this mechanism into Flamingo, a low-round SecAgg protocol, to provide a robust defense against such attacks. Our analysis and experimental results indicate that the additional computational and communication overhead introduced by our mechanism remains within an acceptable range, supporting the practicality of our approach.

Key Contributions

• Per-element masking strategy for SecAgg that reveals aggregated values only at indices where at least t clients contribute non-zero updates, preventing single-client index exposure
• Integration of the mechanism into Flamingo (a low-round SecAgg protocol) using only existing cryptographic primitives, maintaining compatibility with standard SecAgg deployments
• Analytical and experimental evaluation demonstrating that the additional computational and communication overhead remains within acceptable bounds

🛡️ Threat Analysis

Details

Similar Papers