This work addresses a critical vulnerability in existing homomorphic encryption–based federated learning (HHE-FL) systems, which rely on a single key pair and are thus susceptible to privacy breaches by malicious clients. To mitigate this risk, the paper introduces two novel key protection mechanisms—homomorphic masking and RSA-based public-key encapsulation—thereby elevating the security of HHE-FL to a strong threat model resilient against adversarial participants for the first time. The proposed methods are implemented within the Flower framework using the PASTA/BFV hybrid homomorphic encryption scheme. Experimental evaluation on MNIST with 12 clients demonstrates that both mechanisms preserve model accuracy while incurring minimal overhead: homomorphic masking adds negligible computational cost, and RSA encapsulation introduces only modest communication and runtime overhead.

Federated Learning (FL) enables collaborative training while keeping sensitive data on clients' devices, but local model updates can still leak private information. Hybrid Homomorphic Encryption (HHE) has recently been applied to FL to mitigate client overhead while preserving privacy. However, existing HHE-FL systems rely on a single homomorphic key pair shared across all clients, which forces them to assume an unrealistically weak threat model: if a client misbehaves or intercepts another's traffic, private updates can be exposed. We eliminate this weakness by integrating two alternative key protection mechanisms into the HHE-FL workflow. The first is masking, where client keys are blinded before homomorphic encryption and later unblinded homomorphically by the server. The second is RSA encapsulation, where homomorphically encrypted keys are additionally wrapped under the server's RSA public key. These countermeasures prevent key misuse by other clients and extend HHE-FL security to adversarial settings with malicious participants. We implement both approaches on top of the Flower framework using the PASTA/BFV HHE scheme and evaluate them on the MNIST dataset with 12 clients. Results show that both mechanisms preserve model accuracy while adding minimal overhead: masking incurs negligible cost, and RSA encapsulation introduces only modest runtime and communication overhead.