![[2412.10537] VerifiableFL: Verifiable Claims for Federated Learning using Exclaves](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2412.10537] VerifiableFL: Verifiable Claims for Federated Learning using Exclaves
Summary
The paper presents VerifiableFL, a system for federated learning that ensures verifiable claims about model training using exclaves, enhancing security against data leakage.
Why It Matters
As federated learning gains traction, ensuring the integrity and verifiability of training processes is crucial. VerifiableFL addresses vulnerabilities in traditional methods, offering a robust solution that enhances trust in machine learning models without compromising performance.
Key Takeaways
- VerifiableFL uses exclaves to provide verifiable claims in federated learning.
- It mitigates risks associated with data leakage and malicious behavior during training.
- The system introduces less than 12% overhead compared to unprotected federated learning.
- Runtime attestation proofs create a verifiable dataflow graph for auditing.
- VerifiableFL extends the NVFlare framework, enhancing its security features.
Computer Science > Cryptography and Security arXiv:2412.10537 (cs) [Submitted on 13 Dec 2024 (v1), last revised 17 Feb 2026 (this version, v4)] Title:VerifiableFL: Verifiable Claims for Federated Learning using Exclaves Authors:Jinnan Guo, Kapil Vaswani, Andrew Paverd, Peter Pietzuch View a PDF of the paper titled VerifiableFL: Verifiable Claims for Federated Learning using Exclaves, by Jinnan Guo and 3 other authors View PDF HTML (experimental) Abstract:In federated learning (FL), data providers jointly train a machine learning model without sharing their training data. This makes it challenging to provide verifiable claims about the trained FL model, e.g., related to the employed training data, any data sanitization, or the correct training algorithm-a malicious data provider can simply deviate from the correct training protocol without detection. While prior FL training systems have explored the use of trusted execution environments (TEEs) to protect the training computation, such approaches rely on the confidentiality and integrity of TEEs. The confidentiality guarantees of TEEs, however, have been shown to be vulnerable to a wide range of attacks, such as side-channel attacks. We describe VerifiableFL, a system for training FL models that establishes verifiable claims about trained FL models with the help of fine-grained runtime attestation proofs. Since these runtime attestation proofs only require integrity protection, VerifiableFL generates them using the new abstr...
