In federated learning (FL), model updates are vulnerable to gradient reconstruction and membership inference attacks, while pure fully homomorphic encryption (FHE)—e.g., BFV—suffers from ciphertext expansion and prohibitive computational overhead, hindering deployment on resource-constrained edge clients. To address this, we propose the first efficient hybrid homomorphic FL framework: lightweight symmetric encryption (PASTA) at clients for fast update encryption, coupled with BFV-based FHE for secure key transmission and server-side aggregation, implemented atop Flower for cross-device secure aggregation. Our design balances communication efficiency and strong privacy: it achieves 97.6% accuracy on MNIST, reduces upload bandwidth by over 2000×, cuts client runtime by 30%, and prevents gradient leakage. The trade-off is increased server-side computation. The core contribution is the first practical, edge-aware hybrid homomorphic FL architecture, overcoming key deployment bottlenecks of FHE in real-world FL systems.

Federated Learning (FL) is a distributed machine learning approach that promises privacy by keeping the data on the device. However, gradient reconstruction and membership-inference attacks show that model updates still leak information. Fully Homomorphic Encryption (FHE) can address those privacy concerns but it suffers from ciphertext expansion and requires prohibitive overhead on resource-constrained devices. We propose the first Hybrid Homomorphic Encryption (HHE) framework for FL that pairs the PASTA symmetric cipher with the BFV FHE scheme. Clients encrypt local model updates with PASTA and send both the lightweight ciphertexts and the PASTA key (itself BFV-encrypted) to the server, which performs a homomorphic evaluation of the decryption circuit of PASTA and aggregates the resulting BFV ciphertexts. A prototype implementation, developed on top of the Flower FL framework, shows that on independently and identically distributed MNIST dataset with 12 clients and 10 training rounds, the proposed HHE system achieves 97.6% accuracy, just 1.3% below plaintext, while reducing client upload bandwidth by over 2,000x and cutting client runtime by 30% compared to a system based solely on the BFV FHE scheme. However, server computational cost increases by roughly 15621x for each client participating in the training phase, a challenge to be addressed in future work.