arXiv:2510.21086v1 Announce Type: new 
Abstract: Federated Learning (FL) enables collaborative model training across institutions without sharing raw data. However, gradient sharing still risks privacy leakage, such as gradient inversion attacks. Homomorphic Encryption (HE) can secure aggregation but often incurs prohibitive computational and communication overhead. Existing HE-based FL methods sit at two extremes: encrypting all gradients for full privacy at high cost, or partially encrypting gradients to save resources while exposing vulnerabilities. We present DictPFL, a practical framework that achieves full gradient protection with minimal overhead. DictPFL encrypts every transmitted gradient while keeping non-transmitted parameters local, preserving privacy without heavy computation. It introduces two key modules: Decompose-for-Partial-Encrypt (DePE), which decomposes model weights into a static dictionary and an updatable lookup table, only the latter is encrypted and aggregated, while the static dictionary remains local and requires neither sharing nor encryption; and Prune-for-Minimum-Encrypt (PrME), which applies encryption-aware pruning to minimize encrypted parameters via consistent, history-guided masks. Experiments show that DictPFL reduces communication cost by 402-748$\times$ and accelerates training by 28-65$\times$ compared to fully encrypted FL, while outperforming state-of-the-art selective encryption methods by 51-155$\times$ in overhead and 4-19$\times$ in speed. Remarkably, DictPFL's runtime is within 2$\times$ of plaintext FL, demonstrating for the first time, that HE-based private federated learning is practical for real-world deployment. The code is publicly available at https://github.com/UCF-ML-Research/DictPFL.

تُعتبر المقدمة الحديثة لـ DictPFL تقدمًا كبيرًا في التعلم الفيدرالي من خلال معالجة مخاوف الخصوصية المرتبطة بمشاركة التدرجات. تستخدم هذه الطريقة المبتكرة التشفير المتجانس لتأمين تجميع البيانات مع تقليل الحمل الحسابي وعبء الاتصال. هذا أمر حاسم لأنه يسمح للمؤسسات بالتعاون في تدريب النماذج دون المساس بالمعلومات الحساسة، مما يجعلها نقطة تحول في مجال التعلم الآلي وخصوصية البيانات.

La reciente introducción de DictPFL marca un avance significativo en el aprendizaje federado al abordar las preocupaciones de privacidad asociadas con el intercambio de gradientes. Este enfoque innovador utiliza cifrado homomórfico para asegurar la agregación de datos mientras minimiza la sobrecarga computacional y de comunicación. Esto es crucial, ya que permite a las instituciones colaborar en el entrenamiento de modelos sin comprometer información sensible, convirtiéndose en un cambio de juego en el campo del aprendizaje automático y la privacidad de datos.

La récente introduction de DictPFL marque une avancée significative dans l'apprentissage fédéré en abordant les préoccupations de confidentialité liées au partage de gradients. Cette approche innovante utilise le chiffrement homomorphe pour sécuriser l'agrégation des données tout en minimisant les coûts computationnels et de communication. Cela est crucial car cela permet aux institutions de collaborer sur l'entraînement de modèles sans compromettre des informations sensibles, ce qui en fait un changement de donne dans le domaine de l'apprentissage automatique et de la confidentialité des données.

The recent introduction of DictPFL marks a significant advancement in federated learning by addressing privacy concerns associated with gradient sharing. This innovative approach utilizes homomorphic encryption to secure data aggregation while minimizing computational and communication overhead. This is crucial as it allows institutions to collaborate on model training without compromising sensitive information, making it a game-changer in the field of machine learning and data privacy.

DictPFL: Efficient and Private Federated Learning on Encrypted Gradients

arXiv:2511.20983v1 Announce Type: new 
Abstract: Collaborative machine learning across healthcare institutions promises improved diagnostic accuracy by leveraging diverse datasets, yet privacy regulations such as HIPAA prohibit direct patient data sharing. While federated learning (FL) enables decentralized training without raw data exchange, recent studies show that model gradients in conventional FL remain vulnerable to reconstruction attacks, potentially exposing sensitive medical information. This paper presents a privacy-preserving federated learning framework combining Vision Transformers (ViT) with homomorphic encryption (HE) for secure multi-institutional histopathology classification. The approach leverages the ViT CLS token as a compact 768-dimensional feature representation for secure aggregation, encrypting these tokens using CKKS homomorphic encryption before transmission to the server. We demonstrate that encrypting CLS tokens achieves a 30-fold communication reduction compared to gradient encryption while maintaining strong privacy guarantees. Through evaluation on a three-client federated setup for lung cancer histopathology classification, we show that gradients are highly susceptible to model inversion attacks (PSNR: 52.26 dB, SSIM: 0.999, NMI: 0.741), enabling near-perfect image reconstruction. In contrast, the proposed CLS-protected HE approach prevents such attacks while enabling encrypted inference directly on ciphertexts, requiring only 326 KB of encrypted data transmission per aggregation round. The framework achieves 96.12 percent global classification accuracy in the unencrypted domain and 90.02 percent in the encrypted domain.

تم تقديم إطار جديد للتعلم الفيدرالي الذي يحافظ على الخصوصية، يجمع بين المحولات البصرية والتشفير المتجانس الخفيف لتحسين تصنيف علم الأمراض النسيجية عبر مؤسسات الرعاية الصحية المتعددة. تتناول هذه الطريقة التحديات التي تفرضها لوائح الخصوصية مثل HIPAA، التي تحظر تبادل بيانات المرضى المباشرة، بينما تتيح التعلم التعاوني.

Se ha introducido un nuevo marco para el aprendizaje federado que preserva la privacidad, combinando Transformadores de Visión con cifrado homomórfico ligero para mejorar la clasificación en histopatología entre múltiples instituciones de salud. Este enfoque aborda los desafíos planteados por regulaciones de privacidad como HIPAA, que restringen el intercambio directo de datos de pacientes, mientras permite el aprendizaje colaborativo.

Un nouveau cadre pour l'apprentissage fédéré préservant la vie privée a été introduit, combinant des Transformers de Vision avec un chiffrement homomorphe léger pour améliorer la classification en histopathologie entre plusieurs institutions de santé. Cette approche répond aux défis posés par les réglementations sur la vie privée comme la HIPAA, qui interdisent le partage direct des données des patients, tout en permettant l'apprentissage collaboratif.

A new framework for privacy-preserving federated learning has been introduced, combining Vision Transformers with lightweight homomorphic encryption to enhance histopathology classification across multiple healthcare institutions. This approach addresses the challenges posed by privacy regulations like HIPAA, which restrict direct patient data sharing, while still enabling collaborative machine learning.

Privacy-Preserving Federated Vision Transformer Learning Leveraging Lightweight Homomorphic Encryption in Medical AI

arXiv:2511.18611v1 Announce Type: new 
Abstract: Split learning emerges as a promising paradigm for collaborative distributed model training, akin to federated learning, by partitioning neural networks between clients and a server without raw data exchange. However, sequential split learning suffers from poor scalability, while parallel variants like parallel split learning and split federated learning often incur high server resource overhead due to model duplication and aggregation, and generally exhibit reduced model performance and convergence owing to factors like client drift and lag. To address these limitations, we introduce CycleSL, a novel aggregation-free split learning framework that enhances scalability and performance and can be seamlessly integrated with existing methods. Inspired by alternating block coordinate descent, CycleSL treats server-side training as an independent higher-level machine learning task, resampling client-extracted features (smashed data) to mitigate heterogeneity and drift. It then performs cyclical updates, namely optimizing the server model first, followed by client updates using the updated server for gradient computation. We integrate CycleSL into previous algorithms and benchmark them on five publicly available datasets with non-iid data distribution and partial client attendance. Our empirical findings highlight the effectiveness of CycleSL in enhancing model performance. Our source code is available at https://gitlab.lrz.de/hctl/CycleSL.

تم تقديم CycleSL كإطار جديد للتعلم المنقسم القابل للتوسع، حيث يعالج القيود التي تواجه الأساليب الحالية من خلال القضاء على الحاجة إلى التجميع وتحسين الأداء. تتيح هذه الطريقة تعاونًا أفضل في تدريب النماذج الموزعة دون تبادل البيانات الخام، مما يحافظ على خصوصية البيانات.

CycleSL ha sido presentado como un nuevo marco para el aprendizaje dividido escalable, abordando las limitaciones de los métodos existentes al eliminar la necesidad de agregación y mejorar el rendimiento. Este enfoque permite una mejor colaboración en el entrenamiento de modelos distribuidos sin el intercambio de datos en bruto, manteniendo así la privacidad de los datos.

CycleSL a été introduit comme un nouveau cadre pour l'apprentissage fractionné évolutif, abordant les limitations des méthodes existantes en éliminant le besoin d'agrégation et en améliorant les performances. Cette approche permet une meilleure collaboration dans l'entraînement de modèles distribués sans échange de données brutes, préservant ainsi la confidentialité des données.

CycleSL has been introduced as a new framework for scalable split learning, addressing the limitations of existing methods by eliminating the need for aggregation and enhancing performance. This approach allows for improved collaboration in distributed model training without the exchange of raw data, thereby maintaining data privacy.

CycleSL: Server-Client Cyclical Update Driven Scalable Split Learning

arXiv:2511.19248v1 Announce Type: cross 
Abstract: Test-time personalization in federated learning enables models at clients to adjust online to local domain shifts, enhancing robustness and personalization in deployment. Yet, existing federated learning work largely overlooks the security risks that arise when local adaptation occurs at test time. Heterogeneous domain arrivals, diverse adaptation algorithms, and limited cross-client visibility create vulnerabilities where compromised participants can craft poisoned inputs and submit adversarial updates that undermine both global and per-client performance. To address this threat, we introduce FedPoisonTTP, a realistic grey-box attack framework that explores test-time data poisoning in the federated adaptation setting. FedPoisonTTP distills a surrogate model from adversarial queries, synthesizes in-distribution poisons using feature-consistency, and optimizes attack objectives to generate high-entropy or class-confident poisons that evade common adaptation filters. These poisons are injected during local adaptation and spread through collaborative updates, leading to broad degradation. Extensive experiments on corrupted vision benchmarks show that compromised participants can substantially diminish overall test-time performance.

تم تقديم إطار جديد يسمى FedPoisonTTP لمعالجة الثغرات الأمنية في التعلم الفيدرالي خلال تخصيص وقت الاختبار. يبرز هذا الإطار كيف يمكن للمشاركين المفسدين استغلال التكيفات المحلية لتقديم مدخلات مسمومة، مما قد يؤدي إلى تدهور الأداء العالمي والفردي للنماذج. يقوم الإطار بتوليف تحديثات عدائية لإنشاء سموم عالية الإنتروبيا أو موثوقة في الفئة، مما يشكل مخاطر كبيرة على نزاهة أنظمة التعلم الفيدرالي.

Se ha introducido un nuevo marco llamado FedPoisonTTP para abordar las vulnerabilidades de seguridad en el aprendizaje federado durante la personalización en el momento de la prueba. Este marco destaca cómo los participantes comprometidos pueden explotar las adaptaciones locales para enviar entradas envenenadas, lo que puede degradar tanto el rendimiento global como el individual de los modelos. El marco sintetiza actualizaciones adversariales para crear venenos de alta entropía o confiados en clase, planteando riesgos significativos para la integridad de los sistemas de aprendizaje federado.

Un nouveau cadre appelé FedPoisonTTP a été introduit pour aborder les vulnérabilités de sécurité dans l'apprentissage fédéré lors de la personnalisation au moment du test. Ce cadre met en évidence comment des participants compromis peuvent exploiter les adaptations locales pour soumettre des entrées empoisonnées, ce qui peut dégrader à la fois la performance globale et individuelle des modèles. Le cadre synthétise des mises à jour adversariales pour créer des poisons à haute entropie ou confiants en classe, posant des risques significatifs pour l'intégrité des systèmes d'apprentissage fédéré.

A new framework called FedPoisonTTP has been introduced to address security vulnerabilities in federated learning during test-time personalization. This framework highlights how compromised participants can exploit local adaptations to submit poisoned inputs, which can degrade both global and individual model performance. The framework synthesizes adversarial updates to create high-entropy or class-confident poisons, posing significant risks to the integrity of federated learning systems.

DictPFL: Efficient and Private Federated Learning on Encrypted Gradients

Was this article worth reading? Share it

Aqaba.ai

Lurel

FastML