Federated Learning Faces Quantum Security Threats

As federated learning gains traction, a pressing concern emerges: the vulnerability of transmitted model updates to malicious tampering and quantum attacks. With traditional digital signature algorithms no longer sufficient in large-scale quantum computing, post-quantum cryptography (PQC) algorithms are spotlighted. Three NIST-standardized PQC algorithms – Dilithium, FALCON, and SPHINCS – have been investigated for their potential to provide secure digital signatures in federated learning.

Notably, Dilithium stands out as the most efficient PQC algorithm for digital signature, offering significant advantages over other options. As machine learning applications continue to grow, ensuring quantum security becomes paramount, with far-reaching implications for developing and deploying edge devices.

In recent years, federated learning has emerged as a promising approach for deploying machine learning models on edge devices, where private training data are distributed across clients, and a shared model is learned by aggregating locally computed updates from each client. This paradigm enhances communication efficiency by only requiring updates at the end of each training epoch. However, the transmitted model updates remain vulnerable to malicious tampering, posing risks to the integrity of the global model.

The current digital signature algorithms can protect these communicated model updates but fail to ensure quantum security in the era of large-scale quantum computing. Fortunately, various post-quantum cryptography (PQC) algorithms have been developed to address this vulnerability, especially the three NIST-standardized algorithms: Dilithium, FALCON, and SPHINCS.

In this work, researchers empirically investigate the impact of these three NIST-standardized PQC algorithms for digital signatures within the FL procedure, covering a wide range of models, tasks, and FL settings. Their results indicate that Dilithium stands out as the most efficient PQC algorithm for digital signature in federated learning.

What is Federated Learning?

Federated learning is an emerging machine learning paradigm where many devices (clients) collaborate to train a machine learning model while keeping the data on the devices themselves. This approach addresses the challenge of continuous user data collection to refine and update machine learning models, especially in largescale distributed systems such as smartphone networks involving millions of users.

In federated learning, each client trains a local model using its private data and sends only the updates (differences) to the central server, which aggregates these updates to learn a global model. This approach enhances communication efficiency by reducing the amount of data transmitted between clients and the server. However, this also makes the transmitted model updates vulnerable to malicious tampering.

The Limitations of Pre-Quantum Federated Learning

In the current pre-quantum federated learning landscape, the training process can be safeguarded against poisoning attacks using public-key cryptography algorithms like RSA (Rivest-Shamir-Adleman). However, in the post-quantum era, these classical digital signature algorithms fail to ensure quantum security.

The transmitted model updates remain vulnerable to malicious tampering, posing risks to the integrity of the global model. This is because large-scale quantum computers can potentially break the RSA algorithm and compromise the security of the federated learning process.

Post-Quantum Cryptography: A Solution to Quantum Security

Fortunately, various post-quantum cryptography (PQC) algorithms have been developed to address this vulnerability. These PQC algorithms are designed to provide quantum security against large-scale quantum computers.

The three NIST-standardized PQC algorithms investigated in this work are Dilithium, FALCON, and SPHINCS. These algorithms offer different trade-offs between efficiency, security, and implementation complexity.

Empirical Investigation of Post-Quantum Cryptography Algorithms

Researchers empirically investigate the impact of these three NIST-standardized PQC algorithms for digital signatures within the FL procedure, covering a wide range of models, tasks, and FL settings. Their results indicate that Dilithium stands out as the most efficient PQC algorithm for digital signature in federated learning.

The researchers offer an in-depth discussion of the implications of their findings and potential directions for future research. They highlight the importance of considering post-quantum cryptography algorithms in the design of secure federated learning systems.