PQ-FLCom: Post-quantum secure communication for industrial federated learning

Industrial innovations, driven by technologies such as the Internet of Things (IoT), cloud computing, and Artificial Intelligence (AI), have revolutionized various operational domains, including supply chain management, equipment monitoring, predictive maintenance, and quality control. Deep Learning (DL) has become instrumental in addressing complex, data-driven challenges within industrial settings, relying on large datasets collected from heterogeneous sources. However, centralizing these datasets on cloud platforms poses significant privacy and security risks. Federated Learning (FL) offers a promising solution by enabling distributed model training across multiple nodes while preventing the exchange of raw data. Despite its advantages, FL introduces new vulnerabilities, especially related to the security of communication channels between participating entities. Traditional cryptographic mechanisms, such as digital signatures and model encryption, can mitigate these risks, but the emergence of quantum computing threatens the robustness of conventional solutions. This work explores the integration of Post-Quantum Cryptography (PQC) into FL to enhance security without incurring significant performance degradation. A modular FL architecture with three security levels is proposed: (i) an unprotected baseline; (ii) authenticated communication using ML-DSA digital signatures; and (iii) full protection combining ML-DSA and ML-KEM-512-based key encapsulation. Implemented within the Flower framework, the architecture is evaluated under simulated MitM attacks. Experimental results demonstrate that PQC-enhanced schemes effectively mitigate quantum-resistant threats while maintaining acceptable computational overhead, thereby ensuring model integrity and data confidentiality.