Repurposing Backdoors for Good: Ephemeral Intrinsic Proofs for Verifiable Aggregation in Cross-silo Federated Learning

TL;DR

This paper introduces a lightweight, intrinsic proof-based verification method for federated learning that embeds verification signals into model parameters, ensuring integrity with high efficiency and robustness against malicious servers.

Contribution

It proposes a novel approach using backdoor injection for intrinsic proofs, enabling scalable, efficient, and ephemeral verification in federated learning without heavy cryptography.

Findings

High detection probability against malicious servers

Over 1000x speedup compared to cryptographic methods

Effective verification on large models like ResNet-18

Abstract

While Secure Aggregation (SA) protects update confidentiality in Cross-silo Federated Learning, it fails to guarantee aggregation integrity, allowing malicious servers to silently omit or tamper with updates. Existing verifiable aggregation schemes rely on heavyweight cryptography (e.g., ZKPs, HE), incurring computational costs that scale poorly with model size. In this paper, we propose a lightweight architecture that shifts from extrinsic cryptographic proofs to \textit{Intrinsic Proofs}. We repurpose backdoor injection to embed verification signals directly into model parameters. By harnessing Catastrophic Forgetting, these signals are robust for immediate verification yet ephemeral, naturally decaying to preserve final model utility. We design a randomized, single-verifier auditing framework compatible with SA, ensuring client anonymity and preventing signal collision without trusted third parties. Experiments on SVHN, CIFAR-10, and CIFAR-100 demonstrate high detection probabilities against malicious servers. Notably, our approach achieves over $1000\times$ speedup on ResNet-18 compared to cryptographic baselines, effectively scaling to large models.