OPSA: Efficient and Verifiable One-Pass Secure Aggregation With TEE for Federated Learning

Federated learning enables collaborative model training while preserving data privacy by keeping data local. To protect user privacy during model aggregation, secure aggregation (SA) protocols are widely adopted to mask models. However, existing SA protocols require at least three round trips per aggregation and lack mechanisms to verify aggregation results. Verifiable SA addresses the verification gap but incurs high communication costs. TEE-based SA minimizes round trips but faces computational bottlenecks due to TEE’s limited physical memory, especially when handling larger models or numerous clients. In this work, we introduce OPSA, an efficient and verifiable one-pass SA protocol based on TEE. By handling client dropouts via server-side TEE, OPSA enables the server to aggregate masked models in a single pass, significantly reducing round trips. To mitigate TEE’s limitations, OPSA offloads tasks like model aggregation and mask elimination outside TEE, with only shared keys processed within TEE. Building on this design, we propose KhPRF-OPSA (single masking) and POT-OPSA (double masking) protocols, both incorporating novel cryptographic primitives. Furthermore, OPSA integrates commitment and signature mechanisms to ensure result verifiability with only <inline-formula><tex-math notation="LaTeX">$O(1)$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>O</mml:mi><mml:mo>(</mml:mo><mml:mn>1</mml:mn><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="wan-ieq1-3565640.gif"/></alternatives></inline-formula> additional communication overhead per client. Compared to state-of-the-art schemes, OPSA achieves a 2<inline-formula><tex-math notation="LaTeX">$\sim 10\times$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>∼</mml:mo><mml:mn>10</mml:mn><mml:mo>×</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="wan-ieq2-3565640.gif"/></alternatives></inline-formula> speedup in multi-round aggregation while guaranteeing result verification.

• Publication year

  2025

• Venue

  IEEE Transactions on Dependable and Secure Computing

• Publication date

  2025-09-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/TDSC.2025.3565640
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Data Enclave: A Data-Centric Trusted Execution Environment

  2024cited by this paper
• HyperTEE: A Decoupled TEE Architecture with Secure Enclave Management

  2024cited by this paper
• Obelix: Mitigating Side-Channels Through Dynamic Obfuscation

  2024cited by this paper
• OPA: One-shot Private Aggregation with Single Client Interaction and its Applications to Federated Learning

  2024cited by this paper
• SoK: SGX.Fail: How Stuff Gets eXposed

  2024cited by this paper
• Intel Software Guard Extensions Applications: A Survey

  2023cited by this paper
• Long-Term Privacy-Preserving Aggregation With User-Dynamics for Federated Learning

  2023cited by this paper
• Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation

  2023cited by this paper
• Loki: Large-scale Data Reconstruction Attack against Federated Learning through Model Manipulation

  2023cited by this paper
• A Survey of Secure Computation Using Trusted Execution Environments

  2023cited by this paper
• Blockchain-Based Federated Learning With Secure Aggregation in Trusted Execution Environment for Internet-of-Things

  2023cited by this paper
• VOSA: Verifiable and Oblivious Secure Aggregation for Privacy-Preserving Federated Learning

  2023cited by this paper
• Efficient Verifiable Protocol for Privacy-Preserving Aggregation in Federated Learning

  2023influential reference
• LERNA: Secure Single-Server Aggregation via Key-Homomorphic Masking

  2023cited by this paper
• An Extensible Orchestration and Protection Framework for Confidential Cloud Computing

  2023cited by this paper
• Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning

  2023influential reference
• VerSA: Verifiable Secure Aggregation for Cross-Device Federated Learning

  2023influential reference
• Designing a Provenance Analysis for SGX Enclaves

  2022cited by this paper
• Fixing Issues and Achieving Maliciously Secure Verifiable Aggregation in "VeriFL: Communication-Efficient and Fast Verifiable Aggregation for Federated Learning"

  2022cited by this paper
• SEAR: Secure and Efficient Aggregation for Byzantine-Robust Federated Learning

  2022influential reference
• Do Gradient Inversion Attacks Make Federated Learning Unsafe?

  2022cited by this paper
• The Fundamental Price of Secure Aggregation in Differentially Private Federated Learning

  2022cited by this paper
• Frequency Throttling Side-Channel Attack

  2022cited by this paper
• MicroFedML: Privacy Preserving Federated Learning for Small Weights

  2022cited by this paper
• ACORN: Input Validation for Secure Aggregation

  2022influential reference
• Olive: Oblivious Federated Learning on Trusted Execution Environment Against the Risk of Sparsification

  2022cited by this paper
• ShuffleFL: gradient-preserving federated learning using trusted execution environment

  2021cited by this paper
• Eluding Secure Aggregation in Federated Learning via Model Inconsistency

  2021cited by this paper
• Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with Errors

  2021cited by this paper
• Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models

  2021cited by this paper
• Securing Secure Aggregation: Mitigating Multi-Round Privacy Leakage in Federated Learning

  2021cited by this paper
• EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider

  2020cited by this paper
• ABIDES: Towards High-Fidelity Multi-Agent Market Simulation

  2020influential reference
• Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning

  2020cited by this paper
• VerifyNet: Secure and Verifiable Federated Learning

  2020cited by this paper
• Secure Single-Server Aggregation with (Poly)Logarithmic Overhead

  2020influential reference
• Elasticlave: An Efficient Memory Model for Enclaves

  2020cited by this paper
• FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

  2020cited by this paper
• A survey of Intel SGX and its applications

  2020cited by this paper
• Advances and Open Problems in Federated Learning

  2019cited by this paper
• The Server

  2018cited by this paper
• cpSGD: Communication-efficient and differentially-private distributed SGD

  2018cited by this paper
• Exploiting Unintended Feature Leakage in Collaborative Learning

  2018cited by this paper
• Formal Abstractions for Attested Execution Secure Processors

  2017cited by this paper
• Practical Secure Aggregation for Privacy-Preserving Machine Learning

  2017influential reference
• On the concrete hardness of Learning with Errors

  2015cited by this paper
• Key Homomorphic PRFs and Their Applications

  2013cited by this paper
• Multi-Client Non-interactive Verifiable Computation

  2013cited by this paper
• Pseudorandom Functions and Lattices

  2012cited by this paper
• Poisoning Attacks against Support Vector Machines

  2012influential reference
• This is hybrid

  2011cited by this paper
• Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing

  1991cited by this paper

• Secure aggregation with verifiability and robustness for privacy-preserving federated learning

  2026cites this paper
• DeSA: Decentralized Secure Aggregation for Federated Learning in Zero-Trust D2D Networks

  2026cites this paper
• Securing Federated Learning in IoT: A Survey of Attacks, Defenses, and Frameworks

  2025cites this paper
• Authentication and Secure Aggregation for Federated Learning with Dual Servers

  2025cites this paper
• Emerging Paradigms for Securing Federated Learning Systems

  2025cites this paper
• Enhancing Federated Learning Security with a Defense Framework Against Adversarial Attacks in Privacy-Sensitive Healthcare Applications

  2025cites this paper
• When Federated Learning Meets Privacy-Preserving Computation

  2024cites this paper