This work addresses the vulnerability of existing secure aggregation schemes in cross-institutional federated learning, where a malicious server may tamper with or drop client updates without compromising aggregation integrity. To this end, the authors propose a lightweight, intrinsically verifiable architecture that uniquely repurposes backdoor mechanisms to embed transient verification signals, leveraging catastrophic forgetting to balance immediate verifiability with final model utility. The design incorporates a randomized single-verifier auditing framework that preserves client anonymity and collision resistance while remaining compatible with standard secure aggregation protocols. Experimental results demonstrate high detection rates on SVHN, CIFAR-10, and CIFAR-100 benchmarks, with over 1000× speedup compared to cryptographic baselines on ResNet-18, thereby significantly facilitating deployment in large-scale models.

While Secure Aggregation (SA) protects update confidentiality in Cross-silo Federated Learning, it fails to guarantee aggregation integrity, allowing malicious servers to silently omit or tamper with updates. Existing verifiable aggregation schemes rely on heavyweight cryptography (e.g., ZKPs, HE), incurring computational costs that scale poorly with model size. In this paper, we propose a lightweight architecture that shifts from extrinsic cryptographic proofs to \textit{Intrinsic Proofs}. We repurpose backdoor injection to embed verification signals directly into model parameters. By harnessing Catastrophic Forgetting, these signals are robust for immediate verification yet ephemeral, naturally decaying to preserve final model utility. We design a randomized, single-verifier auditing framework compatible with SA, ensuring client anonymity and preventing signal collision without trusted third parties. Experiments on SVHN, CIFAR-10, and CIFAR-100 demonstrate high detection probabilities against malicious servers. Notably, our approach achieves over $1000\times$ speedup on ResNet-18 compared to cryptographic baselines, effectively scaling to large models.