Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Enhancing Quantum Security over Federated Learning via Post-Quantum Cryptography

Pingzhi Li, Tianlong Chen, Junyu Liu

TL;DR

The paper addresses the threat of quantum-adversary tampering with federated learning updates by evaluating three NIST PQC digital signature schemes—Dilithium, Falcon, and SPHINCS+—as post-quantum protections in the FedAvg protocol. It systematically compares these schemes across multiple model-task combinations and an extended quantum neural network setting, finding that Dilithium provides the best overall efficiency while preserving convergence and final performance, whereas SPHINCS+ incurs higher costs. The results illuminate the security-efficiency trade-offs in post-quantum FL deployments and inform practical PQC choices for protecting update integrity in the presence of quantum threats. The study also identifies MITM risks during key exchange and underscores the need for real-network benchmarks to measure communication-time overhead in distributed environments, guiding future work on secure key distribution and scalable PQC-enabled FL systems.

Abstract

Federated learning (FL) has become one of the standard approaches for deploying machine learning models on edge devices, where private training data are distributed across clients, and a shared model is learned by aggregating locally computed updates from each client. While this paradigm enhances communication efficiency by only requiring updates at the end of each training epoch, the transmitted model updates remain vulnerable to malicious tampering, posing risks to the integrity of the global model. Although current digital signature algorithms can protect these communicated model updates, they fail to ensure quantum security in the era of large-scale quantum computing. Fortunately, various post-quantum cryptography algorithms have been developed to address this vulnerability, especially the three NIST-standardized algorithms - Dilithium, FALCON, and SPHINCS+. In this work, we empirically investigate the impact of these three NIST-standardized PQC algorithms for digital signatures within the FL procedure, covering a wide range of models, tasks, and FL settings. Our results indicate that Dilithium stands out as the most efficient PQC algorithm for digital signature in federated learning. Additionally, we offer an in-depth discussion of the implications of our findings and potential directions for future research.

Enhancing Quantum Security over Federated Learning via Post-Quantum Cryptography

TL;DR

The paper addresses the threat of quantum-adversary tampering with federated learning updates by evaluating three NIST PQC digital signature schemes—Dilithium, Falcon, and SPHINCS+—as post-quantum protections in the FedAvg protocol. It systematically compares these schemes across multiple model-task combinations and an extended quantum neural network setting, finding that Dilithium provides the best overall efficiency while preserving convergence and final performance, whereas SPHINCS+ incurs higher costs. The results illuminate the security-efficiency trade-offs in post-quantum FL deployments and inform practical PQC choices for protecting update integrity in the presence of quantum threats. The study also identifies MITM risks during key exchange and underscores the need for real-network benchmarks to measure communication-time overhead in distributed environments, guiding future work on secure key distribution and scalable PQC-enabled FL systems.

Abstract

Federated learning (FL) has become one of the standard approaches for deploying machine learning models on edge devices, where private training data are distributed across clients, and a shared model is learned by aggregating locally computed updates from each client. While this paradigm enhances communication efficiency by only requiring updates at the end of each training epoch, the transmitted model updates remain vulnerable to malicious tampering, posing risks to the integrity of the global model. Although current digital signature algorithms can protect these communicated model updates, they fail to ensure quantum security in the era of large-scale quantum computing. Fortunately, various post-quantum cryptography algorithms have been developed to address this vulnerability, especially the three NIST-standardized algorithms - Dilithium, FALCON, and SPHINCS+. In this work, we empirically investigate the impact of these three NIST-standardized PQC algorithms for digital signatures within the FL procedure, covering a wide range of models, tasks, and FL settings. Our results indicate that Dilithium stands out as the most efficient PQC algorithm for digital signature in federated learning. Additionally, we offer an in-depth discussion of the implications of our findings and potential directions for future research.
Paper Structure (29 sections, 4 figures, 2 tables, 1 algorithm)

This paper contains 29 sections, 4 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Threats to Federated Learning Security
  3. Communication in Federated Learning
  4. Federated Learning Problem Definition
  5. FedAvg Communication
  6. Poisoning Attacks and Federated Learning
  7. Methodology
  8. NIST-Standardized Post-Quantum Cryptography
  9. Dilithium
  10. Falcon
  11. SPHINCS+
  12. FL Quantum Security via PQC
  13. Experiments
  14. Implementation Details
  15. Models and Datasets
  16. ...and 14 more sections

Figures (4)

  • Figure 1: (Left) In the current pre-quantum federated learning landscape, the training process can be safeguarded against poisoning attacks using public-key cryptography algorithms like RSA. (Right) However, in the post-quantum era, classical cryptographic algorithms(e.g., RSA) are vulnerable to being broken by large-scale quantum computers and can no longer provide adequate security. Instead, post-quantum cryptography algorithms, such as Dilithium, Falcon, and SPHINCS+, should be employed for digital signature authentication.
  • Figure 2: Poisoning attack from outsiders on the communicated model parameters in federated learning.
  • Figure 3: Federated learning training curves of the MLP on MNIST (left), Pythia-$70$M on RTE (middle), and the ResNet-$18$ on CIFAR-$100$. We evaluate the training time with the $3$ different PQC algorithms.
  • Figure 4: Federated learning training curves of the QNN model on MNIST. We evaluate the training time with the $3$ PQC algorithms.