SAFELearn: Secure Aggregation for private FEderated Learning

Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Helen Mollering, Thien Duc Nguyen, Phillip Rieger, Ahmad Reza Sadeghi, Thomas Schneider, Hossein Yalame, Shaza Zeitouni

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

24 Citations (Scopus)
188 Downloads (Pure)


Federated learning (FL) is an emerging distributed machine learning paradigm which addresses critical data privacy issues in machine learning by enabling clients, using an aggregation server (aggregator), to jointly train a global model without revealing their training data thereby, it improves not only privacy but is also efficient as it uses the computation power and data of potentially millions of clients for training in parallel. However, FL is vulnerable to so-called inference attacks by malicious aggregators which can infer information about clients' data from their model updates. Secure aggregation restricts the central aggregator to only learn the summation or average of the updates of clients. Unfortunately, existing protocols for secure aggregation for FL suffer from high communication, computation, and many communication rounds.In this work, we present SAFELearn, a generic design for efficient private FL systems that protects against inference attacks that have to analyze individual clients' model updates using secure aggregation. It is flexibly adaptable to the efficiency and security requirements of various FL applications and can be instantiated with MPC or FHE. In contrast to previous works, we only need 2 rounds of communication in each training iteration, do not use any expensive cryptographic primitives on clients, tolerate dropouts, and do not rely on a trusted third party. We implement and benchmark an instantiation of our generic design with secure two-party computation. Our implementation aggregates 500 models with more than 300K parameters in less than 0.5 seconds.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
Number of pages7
ISBN (Electronic)9781728189345
Publication statusPublished - May 2021
MoE publication typeA4 Article in a conference publication
EventIEEE Symposium on Security and Privacy - Virtual, Online, San Francisco, United States
Duration: 24 May 202127 May 2021
Conference number: 42


ConferenceIEEE Symposium on Security and Privacy
Abbreviated titleSP
Country/TerritoryUnited States
CitySan Francisco


  • Data Privacy
  • Federated Learning
  • Inference Attacks
  • Secure Computation


Dive into the research topics of 'SAFELearn: Secure Aggregation for private FEderated Learning'. Together they form a unique fingerprint.

Cite this