Enhancing Quantum Security over Federated Learning via Post-Quantum Cryptography

TL;DR

This paper explores integrating post-quantum cryptography algorithms into federated learning to enhance security against quantum attacks, evaluating their efficiency and impact across various models and settings.

Contribution

It empirically assesses three NIST-standardized PQC algorithms for digital signatures in federated learning, identifying Dilithium as the most efficient option.

Findings

Dilithium is the most efficient PQC algorithm for FL.

Post-quantum signatures can be integrated without significant performance loss.

The study covers diverse models, tasks, and FL configurations.

Abstract

Federated learning (FL) has become one of the standard approaches for deploying machine learning models on edge devices, where private training data are distributed across clients, and a shared model is learned by aggregating locally computed updates from each client. While this paradigm enhances communication efficiency by only requiring updates at the end of each training epoch, the transmitted model updates remain vulnerable to malicious tampering, posing risks to the integrity of the global model. Although current digital signature algorithms can protect these communicated model updates, they fail to ensure quantum security in the era of large-scale quantum computing. Fortunately, various post-quantum cryptography algorithms have been developed to address this vulnerability, especially the three NIST-standardized algorithms - Dilithium, FALCON, and SPHINCS+. In this work, we empirically investigate the impact of these three NIST-standardized PQC algorithms for digital signatures within the FL procedure, covering a wide range of models, tasks, and FL settings. Our results indicate that Dilithium stands out as the most efficient PQC algorithm for digital signature in federated learning. Additionally, we offer an in-depth discussion of the implications of our findings and potential directions for future research.