Janus: Dual-Server Multi-Round Secure Aggregation with Verifiability for Federated Learning

Download PDF

Lang Pu, Jingjing Gu, Chao Lin, Xinyi Huang

Published: 01 May 2025, Last Modified: 18 Jun 2025ICML 2025 posterEveryoneRevisionsBibTeXCC BY 4.0
Abstract: Secure Aggregation (SA) is a cornerstone of Federated Learning (FL), ensuring that user updates remain hidden from servers. The advanced Flamingo (S\&P'23) has realized multi-round aggregation and improved efficiency. However, it still faces several key challenges: scalability issues with dynamic user participation, a lack of verifiability for server-side aggregation results, and vulnerability to Model Inconsistency Attacks (MIA) caused by a malicious server distributing inconsistent models. To address these issues, we propose $\textit{Janus}$, a generic SA scheme based on dual-server architecture. Janus ensures security against up to $n-2$ colluding clients (where $n$ is the total client count), which prevents privacy breaches for non-colluders. Additionally, Janus is model-independent, ensuring applicability across any FL model without specific adaptations. Furthermore, Janus introduces a new cryptographic primitive, Separable Homomorphic Commitment, which enables clients to efficiently verify the correctness of aggregation. Finally, extensive experiments show that Janus not only significantly enhances security but also reduces per-client communication and computation overhead from logarithmic to constant scale, with a tolerable impact on model performance.
Lay Summary: Federated Learning (FL) enables collaborative model training without sharing raw data. To keep individual updates private, Secure Aggregation (SA) combines updates in a way that hides each user's contribution. However, existing SA schemes struggle with user dropout, are prone to attacks causing model inconsistency, and lack verifiability. We propose Janus, a new SA method that overcomes these challenges through several key innovations. First, it introduces a dual-server architecture that splits responsibilities, improving both security and flexibility. Second, it uses a novel cryptographic tool called Separable Homomorphic Commitment, enabling users to efficiently verify aggregation correctness. Third, Janus supports model-independent use and scales efficiently, even with changing user participation. Our theoretical analysis and experimental results demonstrate that Janus advances secure federated learning with strong privacy, low overhead, and robust performance across diverse settings.
Primary Area: Social Aspects->Privacy
Keywords: federated learning, multi-round secure aggregation, privacy enhancement
Submission Number: 9564