Search papers, labs, and topics across Lattice.
CHRONOS is a hardware-assisted federated learning framework that decouples cryptographic setup from the active training phase by performing a server-relayed Diffie-Hellman key exchange in ARM TrustZone enclaves during device idle time. This approach generates ephemeral keypairs and derives PRG keys within the enclave, distributing Shamir secret shares of the ephemeral private key to peers. By masking gradients with a single stream-cipher evaluation and using a hardware-backed round counter, CHRONOS reduces active-phase aggregation latency by up to 74% while resisting OS-level compromise and gradient inversion attacks.
Federated learning can be sped up by 74% without sacrificing security, thanks to a novel hardware-assisted approach that cleverly decouples cryptographic setup from the active training phase.
We propose CHRONOS, a hardware-assisted framework that decouples the cryptographic setup required for private gradient aggregation from the active training phase. CHRONOS executes a once-per-epoch server-relayed Diffie-Hellman key exchange during a device's idle window. It generates ephemeral keypairs and derives PRG keys entirely within an ARM TrustZone enclave, ensuring private keys never exist in Normal World memory. Pairwise secrets are sealed in the enclave, and Shamir secret shares of the ephemeral private key are distributed to peers. During training, clients mask gradients with a single stream-cipher evaluation and transmit them in one communication round. A hardware-backed round counter enforces single-use freshness. If clients drop out mid-round, the server reconstructs their masks from peer-held Shamir shares, preserving correct aggregation without repeating the round. Evaluation on Rock Pi 4 devices using OP-TEE demonstrates that CHRONOS achieves OS-level compromise resistance and thwarts state-of-the-art gradient inversion attacks. It reduces active-phase aggregation latency by up to 74% compared to synchronous secure aggregation for 20 clients. The system maintains a persistent Secure World storage footprint of fewer than 700 bytes per device, scaling independently of model dimension.
