search

6. Federated Learning with Encrypted Assets

This section demonstrates typical privacy-preserving model training scenarios using Fully Homomorphic Encryption (FHE) via the cifer securetrain CLI.

Here are example workflows between two parties, Alice and Bob:

  • Alice is the Data Owner

  • Bob is the Project Owner who trains and tunes the model using Alice’s encrypted data

hashtag
Scenario 1: Compute on Encrypted Data on Project Owner’s Device

In this workflow, Bob (Project Owner) trains a model directly on Alice’s encrypted data without accessing the plaintext.

1

hashtag
Data Owner Encrypts Dataset and Generates Key Pair

bash
cifer securetrain encrypt-dataset \
  --dataset ./alice/prj1_alice_data.npz \
  --output ./alice/encrypted_prj1_alice_data.enc

This creates:

  • Encrypted dataset: ./alice/encrypted_prj1_alice_data.enc

  • Public key: ./keys/public.key (to share with Bob)

  • Private key: ./keys/private.key (kept securely by Alice)

Note: As described in Step 5: Encryption, keys are stored by default in the ./keys/ directory.

circle-info

Recommendation: Rename keys to reflect data owner or project ID for clarity in collaboration, e.g.:

public.key → prj1_alice_public.key
private.key → prj1_alice_private.key
2

hashtag
Data Owner Shares Encrypted Data and Public Key with Project Owner

Alice provides Bob with:

  • ./alice/encrypted_prj1_alice_data.enc

  • ./keys/prj1_alice_public.key

3

hashtag
Project Owner Stores Encrypted Data and Public Key

Bob places:

  • Encrypted dataset in ./alice/

  • Public key in ./keys/

4

hashtag
Project Owner Trains Model on Encrypted Data

bash
cifer securetrain train \
  --encrypted-data ./alice/encrypted_prj1_alice_data.enc \
  --public-key ./keys/prj1_alice_public.key \
  --output-model ./bob/prj1_trained_model.h5

Output:

  • Trained model: ./bob/prj1_trained_model.h5

Training accuracy example: 99.93% (0.9993)

hashtag
Scenario 2: Federated Learning with Encrypted Model on Data Owner’s Device

In this scenario, Bob encrypts a model and sends it to Alice, who retrains the model on her encrypted data using Federated Learning principles.

1

hashtag
Project Owner Encrypts Model and Generates Key Pair

bash
cifer securetrain encrypt-model \
  --model ./bob/prj2_model.h5 \
  --output ./bob/encrypted_prj2_model.enc

This creates:

  • Encrypted model: ./bob/encrypted_prj2_model.enc

  • Public key: ./keys/public.key (to share with Alice)

  • Private key: ./keys/private.key (kept securely by Bob)

Note: As described in Step 5: Encryption, keys are stored by default in the ./keys/ directory.

circle-info

Recommendation: Rename keys to reflect model owner or project ID for clarity in collaboration, e.g.:

public.key → prj2_bob_public.key
private.key → prj2_bob_private.key
2

hashtag
Project Owner Shares Encrypted Model and Public Key with Data Owner

Bob provides Alice with:

  • ./bob/encrypted_prj2_model.enc

  • ./keys/prj2_bob_public.key

3

hashtag
Data Owner Stores Encrypted Model and Public Key

Alice places:

  • Encrypted model in ./bob/

  • Public key in ./keys/

4

hashtag
Data Owner Encrypts Own Dataset and Generates Key Pair

bash
cifer securetrain encrypt-dataset \
  --dataset ./alice/prj2_alice_data.npz \
  --output ./alice/encrypted_prj2_alice_data.enc
5

hashtag
Data Owner Trains Model on Encrypted Dataset Using Public Key from Project Owner

bash
cifer securetrain train \
  --encrypted-data ./alice/encrypted_prj2_alice_data.enc \
  --public-key ./keys/prj2_bob_public.key \
  --output-model ./alice/prj2_trained_model.h5

Output:

  • Retrained model: ./alice/prj2_trained_model.h5

Training accuracy example: 99.93% (0.9993)

Alice may send this updated model back to Bob for further refinement.

6

hashtag
Data Owner Encrypts the Updated Model Before Returning

For additional security, Alice encrypts the updated model:

bash
cifer securetrain encrypt-model \
  --model ./alice/prj2_trained_model.h5 \
  --output ./alice/encrypted_prj2_trained_model.enc

Alice sends:

  • Encrypted updated model: encrypted_prj2_trained_model.enc

  • Her private key securely via a separate channel

7

hashtag
Project Owner Decrypts the Final Model

bash
cifer securetrain decrypt-model \
  --input-model ./bob/encrypted_prj2_trained_model.enc \
  --private-key ./keys/alice_private.key \
  --output-model ./bob/final_model_decrypted.h5

The decrypted model is saved as: ./bob/final_model_decrypted.h5 and ready for deployment or further use.

This workflow highlights how Fully Homomorphic Encryption (FHE) enables secure federated learning by allowing computation on encrypted datasets and models without exposing sensitive data. By carefully managing encryption keys and workflow roles, Data Owners can protect privacy while Project Owners can train and tune models effectively.

Using the cifer securetrain CLI, teams can implement these privacy-preserving training workflows in a practical and scalable way. The separation of encrypted data, keys, and model files maintains strong security guarantees while providing flexibility for collaborative machine learning projects.

Previous5. Encryption

Last updated