Homomorphic encryption (HE) is widely adopted in untrusted environments such as federated learning. A notable limitation of conventional single-key HE schemes is the stringent security assumption regarding collusion between the parameter server and participating clients: Adversary clients are assumed not to collude with the server, as otherwise, the parameter could transmit the ciphertext of one client \(C_0\) to another client \(C_1\), who shares the same private key and could recover the local model of \(C_0\). One plausible solution to alleviate this strong assumption is multi-key HE schemes, which, unfortunately, prove impractically slow in production systems. In this work, we propose a new protocol that achieves the balance between security and performance: We extend single-key HE schemes with efficient secret sharing, ensuring that collusion between the parameter server and any compromised clients cannot reveal any local model. We term this protocol Skefl: Single-key homomorphic encryption for secure federated learning. The key idea behind Skefl is the secret-sharing of homomorphic \textit{ciphertexts} generated by multiple clients using the same pair of secret and public keys. We will substantiate the security claims of the proposed protocol using the well-known simulation framework in cryptography. Additionally, we will report on the practical performance of the Skefl protocol.

翻译：同态加密（HE）在联邦学习等不可信环境中被广泛采用。传统单密钥HE方案存在一个显著局限性，即其对参数服务器与参与客户端之间合谋的严苛安全假设：假设恶意客户端不与服务器合谋，否则参数服务器可将某客户端\(C_0\)的密文传输给共享同一私钥的另一客户端\(C_1\)，从而恢复\(C_0\)的本地模型。缓解这一强假设的一种可行方案是多密钥HE方案，但此类方案在生产系统中被证明效率过低。本文提出一种兼顾安全性与性能的新协议：通过高效秘密共享扩展单密钥HE方案，确保参数服务器与任何被攻陷客户端合谋时均无法泄露任何本地模型。我们将该协议命名为Skefl（面向安全联邦学习的单密钥同态加密）。其核心思想在于，对使用同一密钥对（公钥与私钥）的多客户端生成的同态\textit{密文}进行秘密共享。我们将利用密码学领域广为人知的仿真框架来论证所提协议的安全性声明。此外，我们还将报告Skefl协议的实际性能表现。