SHE-SFL: An efficient and privacy-preserving heterogeneous federated split learning architecture based on homomorphic encryption

Abstract

Federated Learning (FL) and Split Learning (SL) are distributed methods that enable collaborative model training without sharing raw data. Combining FL and SL leverages the benefits of computational offloading and model privacy while enhancing efficiency through parallel processing. However, both methods risk privacy leaks: FL is vulnerable to model inversion attacks and gradient leaks, whereas SL’s data transmission during training can reveal sensitive information, potentially allowing attackers to reconstruct the original dataset. Current privacy protections often fall short of fully securing these systems and impose substantial computational and communication costs. In this work, we introduce SHE-SFL, an efficient privacy-preserving federated split learning architecture based on fully homomorphic encryption. Specifically, we employ the CKKS scheme to encrypt activation values during forward propagation, gradients during backpropagation, and the model parameters shared at the aggregation stage. This ensures that all data leaving the client domain is encrypted. This architecture includes two key modules: SHE-SL encrypts and transmits ciphertext based on batch packing and adopts a sparsification strategy, reducing system overhead and enabling polymorphic training of the models. SHE-Aggr enhances the efficiency of encrypting model parameters during the aggregation phase and perfectly supports encrypted weighted aggregation. Extensive experimental results demonstrate that the proposed SHE-SFL provides comprehensive protection for the federated split learning architecture with minimal impact on model performance, effectively safeguarding client privacy while significantly reducing system overhead.