To address privacy leakage and model inaccuracy caused by gradient inversion and poisoning attacks in federated learning settings without a trusted participant, this paper proposes the first practical secure aggregation framework that requires no trusted third party. Methodologically, it integrates dynamic client grouping, lightweight gradient obfuscation encryption, client-coordinated decryption, gradient-impact-driven malicious client detection, and a model unlearning mechanism—thereby avoiding noise injection and expensive cryptographic operations. Experiments across four benchmark datasets and two model architectures demonstrate: (i) >95% accuracy in identifying malicious clients; (ii) <5% false positive rate for honest clients; and (iii) full recovery of model accuracy to pre-attack levels after unlearning. The core contribution is the first end-to-end, trust-free, low-overhead, and highly robust secure aggregation scheme.

Federated learning is an essential distributed model training technique. However, threats such as gradient inversion attacks and poisoning attacks pose significant risks to the privacy of training data and the model correctness. We propose a novel approach called SMTFL to achieve secure model training in federated learning without relying on trusted participants. To safeguard gradients privacy against gradient inversion attacks, clients are dynamically grouped, allowing one client's gradient to be divided to obfuscate the gradients of other clients within the group. This method incorporates checks and balances to reduce the collusion for inferring specific client data. To detect poisoning attacks from malicious clients, we assess the impact of aggregated gradients on the global model's performance, enabling effective identification and exclusion of malicious clients. Each client's gradients are encrypted and stored, with decryption collectively managed by all clients. The detected poisoning gradients are invalidated from the global model through a unlearning method. To our best knowledge, we present the first practical secure aggregation scheme, which does not require trusted participants, avoids the performance degradation associated with traditional noise-injection, and aviods complex cryptographic operations during gradient aggregation. Evaluation results are encouraging based on four datasets and two models: SMTFL is effective against poisoning attacks and gradient inversion attacks, achieving an accuracy rate of over 95% in locating malicious clients, while keeping the false positive rate for honest clients within 5%. The model accuracy is also nearly restored to its pre-attack state when SMTFL is deployed.