Existing privacy-preserving federated learning (PPFL) approaches often suffer from accuracy degradation, reliance on key sharing, or collaborative decryption—introducing trust and communication overhead. This paper proposes Homomorphic Adversarial Networks (HANs), the first end-to-end trainable neural architecture that emulates multi-key homomorphic encryption functionality. HANs enable fully localized, privacy-preserving model updates on clients, eliminating the need for key distribution or coordinated decryption. The method integrates an aggregatable hybrid encryption scheme with an adversarial neural network design, supporting secure aggregation directly in the encrypted domain and end-to-end differentiable private training. Experiments across multiple benchmark datasets demonstrate: (i) negligible accuracy loss (≤1.35%); (ii) a 6,075× speedup in encrypted aggregation over conventional homomorphic encryption; and (iii) strong robustness against standard privacy attacks, including membership inference and model inversion.

Privacy-preserving federated learning (PPFL) aims to train a global model for multiple clients while maintaining their data privacy. However, current PPFL protocols exhibit one or more of the following insufficiencies: considerable degradation in accuracy, the requirement for sharing keys, and cooperation during the key generation or decryption processes. As a mitigation, we develop the first protocol that utilizes neural networks to implement PPFL, as well as incorporating an Aggregatable Hybrid Encryption scheme tailored to the needs of PPFL. We name these networks as Homomorphic Adversarial Networks (HANs) which demonstrate that neural networks are capable of performing tasks similar to multi-key homomorphic encryption (MK-HE) while solving the problems of key distribution and collaborative decryption. Our experiments show that HANs are robust against privacy attacks. Compared with non-private federated learning, experiments conducted on multiple datasets demonstrate that HANs exhibit a negligible accuracy loss (at most 1.35%). Compared to traditional MK-HE schemes, HANs increase encryption aggregation speed by 6,075 times while incurring a 29.2 times increase in communication overhead.