6. Federated Learning with Encrypted Assets
This section demonstrates typical privacy-preserving model training scenarios using Fully Homomorphic Encryption (FHE) via the cifer securetrain CLI.
Here are example workflows between two parties, Alice and Bob:
Alice is the Data Owner
Bob is the Project Owner who trains and tunes the model using Alice’s encrypted data
Scenario 1: Compute on Encrypted Data on Project Owner’s Device
In this workflow, Bob (Project Owner) trains a model directly on Alice’s encrypted data without accessing the plaintext.
Data Owner Encrypts Dataset and Generates Key Pair
cifer securetrain encrypt-dataset \
--dataset ./alice/prj1_alice_data.npz \
--output ./alice/encrypted_prj1_alice_data.encThis creates:
Encrypted dataset:
./alice/encrypted_prj1_alice_data.encPublic key:
./keys/public.key(to share with Bob)Private key:
./keys/private.key(kept securely by Alice)
Note: As described in Step 5: Encryption, keys are stored by default in the
./keys/directory.
Project Owner Trains Model on Encrypted Data
cifer securetrain train \
--encrypted-data ./alice/encrypted_prj1_alice_data.enc \
--public-key ./keys/prj1_alice_public.key \
--output-model ./bob/prj1_trained_model.h5Output:
Trained model:
./bob/prj1_trained_model.h5
Training accuracy example: 99.93% (0.9993)
Scenario 2: Federated Learning with Encrypted Model on Data Owner’s Device
In this scenario, Bob encrypts a model and sends it to Alice, who retrains the model on her encrypted data using Federated Learning principles.
Project Owner Encrypts Model and Generates Key Pair
cifer securetrain encrypt-model \
--model ./bob/prj2_model.h5 \
--output ./bob/encrypted_prj2_model.encThis creates:
Encrypted model:
./bob/encrypted_prj2_model.encPublic key:
./keys/public.key(to share with Alice)Private key:
./keys/private.key(kept securely by Bob)
Note: As described in Step 5: Encryption, keys are stored by default in the
./keys/directory.
Data Owner Trains Model on Encrypted Dataset Using Public Key from Project Owner
cifer securetrain train \
--encrypted-data ./alice/encrypted_prj2_alice_data.enc \
--public-key ./keys/prj2_bob_public.key \
--output-model ./alice/prj2_trained_model.h5Output:
Retrained model:
./alice/prj2_trained_model.h5
Training accuracy example: 99.93% (0.9993)
Alice may send this updated model back to Bob for further refinement.
Data Owner Encrypts the Updated Model Before Returning
For additional security, Alice encrypts the updated model:
cifer securetrain encrypt-model \
--model ./alice/prj2_trained_model.h5 \
--output ./alice/encrypted_prj2_trained_model.encAlice sends:
Encrypted updated model:
encrypted_prj2_trained_model.encHer private key securely via a separate channel
Project Owner Decrypts the Final Model
cifer securetrain decrypt-model \
--input-model ./bob/encrypted_prj2_trained_model.enc \
--private-key ./keys/alice_private.key \
--output-model ./bob/final_model_decrypted.h5The decrypted model is saved as: ./bob/final_model_decrypted.h5 and ready for deployment or further use.
This workflow highlights how Fully Homomorphic Encryption (FHE) enables secure federated learning by allowing computation on encrypted datasets and models without exposing sensitive data. By carefully managing encryption keys and workflow roles, Data Owners can protect privacy while Project Owners can train and tune models effectively.
Using the cifer securetrain CLI, teams can implement these privacy-preserving training workflows in a practical and scalable way. The separation of encrypted data, keys, and model files maintains strong security guarantees while providing flexibility for collaborative machine learning projects.
Last updated