Hardening Confidential Federated Compute against Side-channel Attacks

James Bell-Clark; Albert Cheu; Adria Gascon; Jonathan Katz

arXiv:2603.21469·cs.CR·March 24, 2026

Hardening Confidential Federated Compute against Side-channel Attacks

James Bell-Clark, Albert Cheu, Adria Gascon, Jonathan Katz

PDF

Open Access

TL;DR

This paper identifies side-channels in a confidential federated compute platform that threaten privacy guarantees and demonstrates how differential privacy can mitigate some of these vulnerabilities, including implementation in an open-source library.

Contribution

The work uncovers specific side-channels in federated compute platforms and shows how differential privacy can mitigate these risks, with practical implementation.

Findings

01

DP mitigates two identified side-channels

02

One side-channel has been implemented in open-source code

03

Highlights importance of security analysis in federated compute

Abstract

In this work, we identify a set of side-channels in our Confidential Federated Compute platform that a hypothetical insider could exploit to circumvent differential privacy (DP) guarantees. We show how DP can mitigate two of the side-channels, one of which has been implemented in our open-source library.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsCryptographic Implementations and Security · Security and Verification in Computing · Cryptography and Data Security