• Computer Science > Cryptography and Security [Submitted on 13 Dec 2024 (v1), last revised 17 Feb 2026 (this version, v4)] Title:VerifiableFL: Verifiable Claims for Federated Learning using Exclaves View PDF HTML (experimental)Abstract:In federated learning (FL), data providers jointly train a machine learning model without sharing their training data. • This makes it challenging to provide verifiable claims about the trained FL model, e.g., related to the employed training data, any data sanitization, or the correct training algorithm-a malicious data provider can simply deviate from the correct training protocol without detection. • While prior FL training systems have explored the use of trusted execution environments (TEEs) to protect the training computation, such approaches rely on the confidentiality and integrity of TEEs. • The confidentiality guarantees of TEEs, however, have been shown to be vulnerable to a wide range of attacks, such as side-channel attacks. • We describe VerifiableFL, a system for training FL models that establishes verifiable claims about trained FL models with the help of fine-grained runtime attestation proofs. • Since these runtime attestation proofs only require integrity protection, VerifiableFL generates them using the new abstraction of exclaves.
Article Summaries:
- VerifiableFL: Verifiable Claims for Federated Learning using Exclaves A new system, VerifiableFL, enables trustworthy federated learning (FL) by generating verifiable claims about the training process without relying on confidential data. Unlike traditional trusted execution environments (TEEs) that protect both confidentiality and integrity, VerifiableFL uses “exclaves” - integrity‑only execution contexts that do not store secrets, thereby avoiding data‑leakage attacks such as side‑channels. The system produces fine‑grained runtime attestation proofs for each data transformation, constructing an attested data‑flow graph that an auditor can verify to confirm correct data sanitization, aggregation, and overall model integrity. Integrated into the NVFlare framework, VerifiableFL adds less than 12 % overhead compared to unprotected FL training.
Sources: