SHE-LoRA: Selective Homomorphic Encryption for Federated Tuning with Heterogeneous LoRA
Jianmin Liu, Li Yan, Borui Li, Lei Yu, Chao Shen
TL;DR
SHE-LoRA introduces a privacy-preserving federated tuning method for large language models that balances security, efficiency, and performance by selectively encrypting model parameters based on sensitivity, suitable for heterogeneous device environments.
Contribution
The paper proposes a novel selective homomorphic encryption approach combined with LoRA for efficient, privacy-preserving federated LLM tuning in heterogeneous settings.
Findings
Maintains comparable performance to non-private models.
Achieves 99.71% reduction in communication overhead.
Reduces encryption time by 99.87% compared to baseline methods.
Abstract
Federated fine-tuning is critical for improving the performance of large language models (LLMs) in handling domain-specific tasks while keeping training data decentralized and private. However, prior work has shown that clients' private data can actually be recovered via gradient inversion attacks. Existing privacy preservation techniques against such attacks typically entail performance degradation and high costs, making them ill-suited for clients with heterogeneous data distributions and device capabilities. In this paper, we propose SHE-LoRA, which integrates selective homomorphic encryption (SHE) and low-rank adaptation (LoRA) to enable efficient and privacy-preserving federated tuning of LLMs in cross-device environments. Based on model parameter sensitivity assessment, heterogeneous clients adaptively negotiate and select a subset of model parameters for homomorphic encryption.…
Peer Reviews
Decision·ICLR 2026 Poster
1. The framework explicitly supports clients with different hardware capabilities, network conditions, and privacy budgets. 2. This paper introduces selective homomorphic encryption at the column level of LoRA matrices, encrypting only the most privacy-sensitive components. 3. Experiments on NLP and vision datasets demonstrate that SHE-LoRA achieves accuracy comparable to or better than state-of-the-art methods (e.g., Flex-LoRA) under heterogeneous and Non-IID conditions.
1. The privacy guarantees of selective encryption, the convergence behavior of federated training under mixed plaintext/ciphertext updates, and the optimality of the HE subset negotiation are not formally proved. 2. SHE-LoRA method can't adapt to heterogeneous LoRA approaches like FLoRA. 3. The experiments rely on relatively small base models and simple benchmark tasks, which limits the generalizability of its results to large-scale or more complex real-world scenarios. It is recommended to eval
- The proposed method is empirically effective, which shows advantages in privacy-preserving, communication cost, and model performance. - The problem of vulnerable and heterogeneous LoRA updates is motivated well. - Principled design of the proposed algorithm.
- Limited novelty in the adoption of SHE methods to LLM LoRA fine-tuning. - Column-wise weighted averaging is proposed, but the choice of weights (e.g., proportional to client data size or sensitivity) is not formally justified or compared. - The negotiated global HE subset is claimed to optimally balance privacy and HE overhead per client, but lacks formal optimality guarantees or approximation bounds (e.g., submodular coverage, budgeted max coverage). - The paper argues that encrypting A is su
1. Massive reductions in HE time and bandwidth vs. full HE and MaskCrypt, with stable per-client times due to column clustering and budget control. 2. Comparable to non-private Flex-LoRA across GLUE/MMLU and vision tasks; sometimes better on subsets.
1. OPE preserves order information; while only rankings are revealed, the paper does not quantify leakage from order disclosure or compare with order-revealing encryption alternatives. 2. For 30B/70B models, ciphertext size/time per parameter increases notably and requires larger key sizes. While still workable at small budgets, the practicality at higher budgets or longer runs is unclear.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Data Security · Cryptographic Implementations and Security · Cryptography and Residue Arithmetic