SEE MATPROOF ON YOUR STACK — BOOK A 30-MINUTE DEMO
AI_SAFETYarxiv_cscr16 Jul 2026

arXiv: NFSA: Non-Forward Secure Aggregation with One Server via Two Layer Secret Sharing

AI_SAFETY. Sourced from arxiv_cscr, summarised by Matproof.

AI Analysis

What changed and what to do.

This paper, published on arXiv, proposes a new cryptographic protocol called Non-Forward Secure Aggregation (NFSA) that uses a two-layer secret sharing scheme to enable secure data aggregation with only a single server. The core change is a technical shift away from the current standard of forward secrecy in secure aggregation, which ensures that even if a server’s key is later compromised, past data remains protected. NFSA deliberately sacrifices this property to achieve lower computational and communication overhead, making it more practical for large-scale, real-time applications.

The primary affected sectors are those deploying or relying on federated learning systems, particularly in finance, healthcare, and telecommunications, where sensitive user data must be aggregated without central access. Organizations using secure aggregation for model training, such as AI developers, cloud service providers, and research institutions, will need to reassess their risk tolerance. If they adopt NFSA, they accept that a future server breach could expose historical aggregated data, which may conflict with data protection regulations like GDPR or the EU AI Act.

Compliance teams should immediately review their current secure aggregation implementations to determine if they rely on forward secrecy. If so, they must conduct a data protection impact assessment to evaluate whether the reduced security guarantees of NFSA are acceptable for their specific use cases. Teams should also update their data retention and breach notification policies to account for the new risk profile, and ensure any adoption of NFSA is explicitly documented in their AI system’s technical documentation and risk management framework.

This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.

More AI_SAFETY updates

Latest in AI_SAFETY.

Live regulatory monitoring

Never miss a compliance update.

Get weekly digests of DORA, NIS2, GDPR, MaRisk, and ISO 27001 changes — straight to your inbox. Free.

No spam. Weekly digest only. Unsubscribe anytime.

DORANIS2GDPRMaRiskISO 27001

Map this to your controls

Connect regulatory changes to your compliance work.

Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.

arXiv: NFSA: Non-Forward Secure Aggregation with One Serv… — AI_SAFETY | Matproof