PPFLex: Securing Non-IID Optimization in Federated Learning via MPC

Nergiz Yuca; Christian Internò; Nikolay Matyunin; Markus Olhofer; Barbara Hammer; Stefan Katzenbeisser

PPFLex: Securing Non-IID Optimization in Federated Learning via MPC

Nergiz Yuca, Christian Internò, Nikolay Matyunin, Markus Olhofer, Barbara Hammer, Stefan Katzenbeisser

Published: 27 Jan 2026, Last Modified: 27 Jan 2026FLCA PosterEveryoneRevisionsCC BY 4.0

Keywords: Federated Learning (FL), Secure Multi-Party Computation (MPC), Privacy-Preserving Machine Learning, Non-IID Data Optimization, Secure Aggregation, Federated Loss Exploration (FedLEx)

TL;DR: We secure the Federated Loss Exploration (FedLEx) optimized framework for non-IID data using Multi-Party Computation (MPC), achieving strong privacy guarantees with minimal impact on model accuracy.

Abstract: Effective deployment of Federated Learning (FL) often faces the dual challenge of ensuring high model performance on heterogeneous (non-IID) data and providing strong privacy guarantees. To improve performance on non-IID data, advanced FL optimization methods have emerged that share auxiliary insights, such as client gradient behaviors. While these gradient-guided optimization FL methods, such as Federated Loss Exploration (FedLEx), improve the model accuracy, their reliance on sharing additional gradient information creates an unaddressed privacy vulnerability. In this work, we empirically quantify this privacy-sensitive data leakage and address it through an end-to-end Secure Multi-Party Computation (MPC)-based solution that secures FedLEx. Specifically, we conduct a privacy leakage experiment and show that a malicious server can indeed infer clients’ label sets from shared guidance matrices in a pathological non-IID setting. PPFLex replaces the single server in FedLEx setting with three MPC servers to securely compute the global guidance matrix and perform federated averaging under semi-honest and malicious adversary assumptions across Semi2k, Replicated2k, SPDZ2k, and PSReplicated2k protocols using the MP-SPDZ framework. Finally, we quantify the practical trade-offs of using MPC and analyze FedLEx’s robustness to noise. Our experiments over MNIST data show that PPFLex successfully preserves the model accuracy achieved by the unsecured FedLEx pipeline while providing stronger privacy guarantees.

Email Sharing: We authorize the sharing of all author emails with Program Chairs.

Data Release: We authorize the release of our submission and author names to the public in the event of acceptance.

Submission Number: 19

Loading