{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,13]],"date-time":"2025-07-13T16:40:03Z","timestamp":1752424803710,"version":"3.41.2"},"reference-count":0,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["PoPETs"],"abstract":"<jats:p>Federated learning (FL) proposes to train a global machine learning model across distributed datasets. However, the aggregation protocol as the core component in FL is vulnerable to well-studied attacks, such as inference attacks, poisoning attacks [71] and malicious participants who try to deviate from the protocol [24]. Therefore, it is crucial to achieve both malicious security and poisoning resilience from cryptographic and FL perspectives, respectively. Prior works either achieve incomplete malicious security [76], address issues by using expensive cryptographic tools [22, 59] or assume the availability of a clean dataset on the server side [32]. In this work, we propose AlphaFL, a two-server secure aggregation protocol achieving both malicious security in the universal composability (UC) framework [19] and poisoning resilience in FL (thus malicious2) against a dishonest majority. We design maliciously secure multi-party computation (MPC) protocols [24, 26, 48] and introduce an efficient input commitment protocol tolerating server-client collusion (dishonest majority). We also propose an efficient input commitment protocol for the non-collusion case (honest majority), which triples the efficiency in time and quadruples that in communication, compared to the state-of-the-art solution in MP-SPDZ [46]. To achieve poisoning resilience, we carry out \ud835\udc3f\u221e and \ud835\udc3f2-Norm checks with a dynamic L_2-Norm bound by introducing a novel silent select protocol, which improves the runtime by at least two times compared to the classic select protocol. Combining these, AlphaFL achieves malicious2 security at a cost of 25% \u2212 79% more runtime overhead than the state-of-the-art semi-malicious counterpart Elsa [76], with even less communication cost.<\/jats:p>","DOI":"10.56553\/popets-2025-0134","type":"journal-article","created":{"date-parts":[[2025,7,13]],"date-time":"2025-07-13T15:58:27Z","timestamp":1752422307000},"page":"348-368","source":"Crossref","is-referenced-by-count":0,"title":["AlphaFL: Secure Aggregation with Malicious2 Security for Federated Learning against Dishonest Majority"],"prefix":"10.56553","volume":"2025","author":[{"given":"Yufan","family":"Jiang","sequence":"first","affiliation":[{"name":"KASTEL Security Research Labs"}]},{"given":"Maryam","family":"Zarezadeh","sequence":"additional","affiliation":[{"name":"Barkhausen Institut"}]},{"given":"Tianxiang","family":"Dai","sequence":"additional","affiliation":[{"name":"Lancaster University Leipzig"}]},{"given":"Stefan","family":"K\u00f6psell","sequence":"additional","affiliation":[{"name":"Barkhausen Institut"}]}],"member":"35752","published-online":{"date-parts":[[2025,10]]},"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"deposited":{"date-parts":[[2025,7,13]],"date-time":"2025-07-13T15:58:31Z","timestamp":1752422311000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2025\/popets-2025-0134.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10]]},"references-count":0,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,10]]}},"alternative-id":["10.56553\/popets-2025-0134"],"URL":"https:\/\/doi.org\/10.56553\/popets-2025-0134","relation":{},"ISSN":["2299-0984"],"issn-type":[{"type":"electronic","value":"2299-0984"}],"subject":[],"published":{"date-parts":[[2025,10]]}}}