While Secure Aggregation (SA) protects update confidentiality in Cross-silo Federated Learning, it fails to guarantee aggregation integrity, allowing malicious servers to silently omit or tamper with updates. Existing verifiable aggregation schemes rely on heavyweight cryptography (e.g., ZKPs, HE), incurring computational costs that scale poorly with model size. In this paper, we propose a lightweight architecture that shifts from extrinsic cryptographic proofs to \textit{Intrinsic Proofs}. We repurpose backdoor injection to embed verification signals directly into model parameters. By harnessing Catastrophic Forgetting, these signals are robust for immediate verification yet ephemeral, naturally decaying to preserve final model utility. We design a randomized, single-verifier auditing framework compatible with SA, ensuring client anonymity and preventing signal collision without trusted third parties. Experiments on SVHN, CIFAR-10, and CIFAR-100 demonstrate high detection probabilities against malicious servers. Notably, our approach achieves over $1000\times$ speedup on ResNet-18 compared to cryptographic baselines, effectively scaling to large models.

翻译：尽管安全聚合（SA）在跨机构联邦学习中保护了更新数据的机密性，但其无法保证聚合的完整性，使得恶意服务器能够悄无声息地忽略或篡改更新。现有的可验证聚合方案依赖于重量级密码学技术（例如零知识证明、同态加密），其计算成本随模型规模增长而急剧上升。本文提出一种轻量级架构，将验证机制从外在的密码学证明转向\textit{内在证明}。我们重新利用后门注入技术，将验证信号直接嵌入模型参数中。通过利用灾难性遗忘现象，这些信号在即时验证时具有鲁棒性，同时又是瞬态的——会自然衰减以保护最终模型的实用性。我们设计了一个与SA兼容的随机化单验证者审计框架，确保客户端匿名性，并在无需可信第三方的情况下防止信号冲突。在SVHN、CIFAR-10和CIFAR-100数据集上的实验表明，该方法对恶意服务器具有高检测概率。值得注意的是，与密码学基线方法相比，我们的方案在ResNet-18上实现了超过$1000\times$的加速，并能有效扩展至大型模型。