Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

EncCluster: Scalable Functional Encryption in Federated Learning through Weight Clustering and Probabilistic Filters

Vasileios Tsouvalas, Samaneh Mohammadi, Ali Balador, Tanir Ozcelebi, Francesco Flammini, Nirvana Meratnia

TL;DR

EncCluster tackles the privacy-efficiency trade-off in Federated Learning by compressing local updates via weight clustering and protecting them with decentralized Functional Encryption, while encoding the cluster mappings with Binary Fuse filters for secure server-side aggregation. This design confines heavy cryptographic work to a small set of centroids and relies on efficient hashing to convey mapping information, enabling secure, weighted aggregation without a trusted authority. Across CIFAR-10/100 and several architectures, EncCluster achieves substantial gains in communication cost (over 13x reduction) and encryption speed (over 4x faster) with minimal accuracy loss, demonstrating near-constant communication overhead as encryption levels rise. The approach enables scalable privacy-preserving FL on edge devices and opens avenues for integrating dynamic decentralized FE and more advanced privacy-encoding schemes without prohibitive overheads.

Abstract

Federated Learning (FL) enables model training across decentralized devices by communicating solely local model updates to an aggregation server. Although such limited data sharing makes FL more secure than centralized approached, FL remains vulnerable to inference attacks during model update transmissions. Existing secure aggregation approaches rely on differential privacy or cryptographic schemes like Functional Encryption (FE) to safeguard individual client data. However, such strategies can reduce performance or introduce unacceptable computational and communication overheads on clients running on edge devices with limited resources. In this work, we present EncCluster, a novel method that integrates model compression through weight clustering with recent decentralized FE and privacy-enhancing data encoding using probabilistic filters to deliver strong privacy guarantees in FL without affecting model performance or adding unnecessary burdens to clients. We performed a comprehensive evaluation, spanning various datasets and architectures, to demonstrate EncCluster's scalability across encryption levels. Our findings reveal that EncCluster significantly reduces communication costs - below even conventional FedAvg - and accelerates encryption by more than four times over all baselines; at the same time, it maintains high model accuracy and enhanced privacy assurances.

EncCluster: Scalable Functional Encryption in Federated Learning through Weight Clustering and Probabilistic Filters

TL;DR

EncCluster tackles the privacy-efficiency trade-off in Federated Learning by compressing local updates via weight clustering and protecting them with decentralized Functional Encryption, while encoding the cluster mappings with Binary Fuse filters for secure server-side aggregation. This design confines heavy cryptographic work to a small set of centroids and relies on efficient hashing to convey mapping information, enabling secure, weighted aggregation without a trusted authority. Across CIFAR-10/100 and several architectures, EncCluster achieves substantial gains in communication cost (over 13x reduction) and encryption speed (over 4x faster) with minimal accuracy loss, demonstrating near-constant communication overhead as encryption levels rise. The approach enables scalable privacy-preserving FL on edge devices and opens avenues for integrating dynamic decentralized FE and more advanced privacy-encoding schemes without prohibitive overheads.

Abstract

Federated Learning (FL) enables model training across decentralized devices by communicating solely local model updates to an aggregation server. Although such limited data sharing makes FL more secure than centralized approached, FL remains vulnerable to inference attacks during model update transmissions. Existing secure aggregation approaches rely on differential privacy or cryptographic schemes like Functional Encryption (FE) to safeguard individual client data. However, such strategies can reduce performance or introduce unacceptable computational and communication overheads on clients running on edge devices with limited resources. In this work, we present EncCluster, a novel method that integrates model compression through weight clustering with recent decentralized FE and privacy-enhancing data encoding using probabilistic filters to deliver strong privacy guarantees in FL without affecting model performance or adding unnecessary burdens to clients. We performed a comprehensive evaluation, spanning various datasets and architectures, to demonstrate EncCluster's scalability across encryption levels. Our findings reveal that EncCluster significantly reduces communication costs - below even conventional FedAvg - and accelerates encryption by more than four times over all baselines; at the same time, it maintains high model accuracy and enhanced privacy assurances.
Paper Structure (22 sections, 10 equations, 4 figures, 5 tables, 2 algorithms)

This paper contains 22 sections, 10 equations, 4 figures, 5 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. EncCluster Framework
  4. Notations
  5. Threat Model and Assumptions
  6. EncCluster Overview
  7. Efficient Client-side Encryption
  8. Secure Aggregation
  9. Security and Privacy Analysis
  10. Security Foundations
  11. Privacy Safeguards
  12. Quantitative Evaluation on Privacy Leakage due to Weights Clustering
  13. Efficiency Evaluation
  14. Experimental Setup
  15. FL training on Data Splits
  16. ...and 7 more sections

Figures (4)

  • Figure 1: Overview of EncCluster's training process: Clients train on local data, cluster weights, then encrypt centroids using DMCFE into ciphertexts and encode cluster-weight $mappings$ into BF filter fingerprints (hashed array). The server reconstructs $mappings$ via BF filter queries using fingerprints, derives encrypted clustered weights, and aggregates them to update the model.
  • Figure 2: Evaluation of Cluster Inference Attacks in EncCluster. We report MSE between the client's data embeddings extracted from client's true and estimated weights for both (a) IID and (b) non-IID settings.
  • Figure 3: EncCluster performance evaluation with varied cluster sizes ($\kappa$) and DMCFE key sizes ($\textrm{KS}$). Experiments conducted using ResNet-20 under IID settings ($\gamma \approx 1.0$) on the CIFAR-10. Subfigure (a) shows model accuracy on the test set and data transmitted in upstream communication compared with FedAvg, while (b) illustrates accuracy loss versus FedAvg for various $\kappa$ and $\textrm{KS}$ values. Federated parameters were set to $N=10$, $R=100$, and $\rho=1.0$.
  • Figure 4: Evaluation of computation and communication efficiency for EncCluster. Experiments conducted with ResNet-20 under IID settings ($\gamma \approx 1.0$) on CIFAR-10 with $N=10$ and $\rho=1$. In (a), we detail the computational time required for the encryption process in a logarithmic scale, while (b) contrasts the volume of data transmitted with that of the standard FedAvg. In (b), we specify the average bits-per-parameter ($bpp$), indicated by the numerals atop each experiment to clearly illustrate EncCluster efficiency.