This publication introduces a new evaluation framework for AI safety, moving beyond simple success rates to incorporate cost-aware metrics for both offensive and defensive security agents. The paper…
arXiv: NFSA: Non-Forward Secure Aggregation with One Server via Two Layer Secret Sharing
AI_SAFETY. Sourced from arxiv_cscr, summarised by Matproof.
AI Analysis
What changed and what to do.
This paper, published on arXiv, proposes a new cryptographic protocol called Non-Forward Secure Aggregation (NFSA) that uses a two-layer secret sharing scheme to enable secure data aggregation with only a single server. The core change is a technical shift away from the current standard of forward secrecy in secure aggregation, which ensures that even if a server’s key is later compromised, past data remains protected. NFSA deliberately sacrifices this property to achieve lower computational and communication overhead, making it more practical for large-scale, real-time applications.
The primary affected sectors are those deploying or relying on federated learning systems, particularly in finance, healthcare, and telecommunications, where sensitive user data must be aggregated without central access. Organizations using secure aggregation for model training, such as AI developers, cloud service providers, and research institutions, will need to reassess their risk tolerance. If they adopt NFSA, they accept that a future server breach could expose historical aggregated data, which may conflict with data protection regulations like GDPR or the EU AI Act.
Compliance teams should immediately review their current secure aggregation implementations to determine if they rely on forward secrecy. If so, they must conduct a data protection impact assessment to evaluate whether the reduced security guarantees of NFSA are acceptable for their specific use cases. Teams should also update their data retention and breach notification policies to account for the new risk profile, and ensure any adoption of NFSA is explicitly documented in their AI system’s technical documentation and risk management framework.
This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.
More AI_SAFETY updates
Latest in AI_SAFETY.
This paper, published on arXiv, introduces a novel methodology for assessing AI safety that goes beyond traditional text-based content filtering. The authors propose a "hidden-state risk space"…
This paper, published on arXiv on July 16, 2026, details a novel cybersecurity vulnerability targeting AI coding agents. The research demonstrates that malicious actors can embed hidden instructions…
This paper, published on arXiv, introduces a novel method for automatically generating "leakage contracts" for black-box CPUs without relying on pre-defined templates. A leakage contract formally…
Map this to your controls
Connect regulatory changes to your compliance work.
Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.