One-Shot Secure Aggregation: A Hybrid Cryptographic Protocol for Private Federated Learning in IoT
Imraul Emmaka, Tran Viet Xuan Phuong
TL;DR
<3-5 sentence high-level summary> The paper tackles the prohibitive communication costs of secure aggregation in IoT-enabled federated learning by introducing Hyb-Agg, a one-shot, non-interactive protocol that combines Multi-Key CKKS with ECDH-based additive masking. It proves confidentiality, integrity, and collusion resistance under RLWE and CDH assumptions, modeling the PRF via ChaCha20, and achieves constant per-client communication regardless of participant count with about a 12x expansion. Empirical evaluations on both a high-end machine and a Raspberry Pi 4 demonstrate sub-second end-to-end times on edge hardware and practical scalability for IoT deployments, even under potential server collusion with up to N-2 clients. The work highlights a viable path to scalable, privacy-preserving FL in bandwidth- and energy-constrained environments, while outlining future enhancements for dropout resilience and dynamic participation.
Abstract
Federated Learning (FL) offers a promising approach to collaboratively train machine learning models without centralizing raw data, yet its scalability is often throttled by excessive communication overhead. This challenge is magnified in Internet of Things (IoT) environments, where devices face stringent bandwidth, latency, and energy constraints. Conventional secure aggregation protocols, while essential for protecting model updates, frequently require multiple interaction rounds, large payload sizes, and per-client costs rendering them impractical for many edge deployments. In this work, we present Hyb-Agg, a lightweight and communication-efficient secure aggregation protocol that integrates Multi-Key CKKS (MK-CKKS) homomorphic encryption with Elliptic Curve Diffie-Hellman (ECDH)-based additive masking. Hyb-Agg reduces the secure aggregation process to a single, non-interactive client-to-server transmission per round, ensuring that per-client communication remains constant regardless of the number of participants. This design eliminates partial decryption exchanges, preserves strong privacy under the RLWE, CDH, and random oracle assumptions, and maintains robustness against collusion by the server and up to $N-2$ clients. We implement and evaluate Hyb-Agg on both high-performance and resource-constrained devices, including a Raspberry Pi 4, demonstrating that it delivers sub-second execution times while achieving a constant communication expansion factor of approximately 12x over plaintext size. By directly addressing the communication bottleneck, Hyb-Agg enables scalable, privacy-preserving federated learning that is practical for real-world IoT deployments.