Utilizing Cryptography to Decrease Privacy and Security Risks in Machine Unlearning

Main Article Content

Xun Zhang
School of Data Science and Big Data, Minzu University of China, Beijing

DOI: https://doi.org/10.70267/ic-aimees.20260317325

Keywords

machine unlearning, cryptography, AES-GCM, key destruction, privacy protection

Abstract

Machine Unlearning (MU) aims to remove specific data from trained models without requiring complete retraining, thereby complying with regulations such as the “right to be forgotten.” However, unlearning algorithms alone cannot fully guarantee secure data deletion-even if model performance is restored, information about the deleted objects may still be leaked through avenues such as model differentiation, update artifacts, gradients, or residual traces in the representation space, creating new privacy and security risks. To address this, this paper proposes a cryptographically enhanced machine unlearning framework (Crypto-MU): after the conventional approximate unlearning or hybrid unlearning process, AES-GCM authenticated encryption is employed to encrypt and securely store the artifacts generated during the unlearning process. Additionally, key destruction is implemented to achieve a “computationally irreversible” deletion effect. Experimental results demonstrate that Crypto-MU reduces the leakage risk caused by unlearning artifacts from 0.568 ± 0.031 to 0.183 ± 0.032 (a relative reduction of approximately 67.8%) while maintaining nearly unchanged model accuracy. The encryption process incurs minimal overhead (<0.001 seconds). This study shows that incorporating lightweight cryptographic mechanisms into machine unlearning practices can significantly mitigate the additional privacy risks introduced by the unlearning process, with almost no increase in computational burden.

Abstract 23 | PDF Downloads 10

References

  • [1] Yao, Y., Xu, X. and Liu, Y. Large language model unlearning. In 38th Annual Conference on Neural Information Processing Systems (NeurIPS 2024), Vancouver, BC, Canada, 2024; pp. 105425-105475.
  • [2] Romandini, N., Mora, A., Mazzocca, C., Montanari, R. and Bellavista, P. Federated Unlearning: A Survey on Methods, Design Guidelines, and Evaluation Metrics. IEEE Transactions on Neural Networks and Learning Systems. 2025, 36(7), pp. 11697-11717. https://doi.org/10.1109/TNNLS.2024.3478334.
  • [3] Wang, W., Tian, Z., Zhang, C. and Yu, S. Machine unlearning: A comprehensive survey. arXiv preprint arXiv:2405.07406. 2024. https://doi.org/10.48550/arXiv.2405.07406.
  • [4] Ren, J., Xing, Y., Cui, Y., Aggarwal, C. C. and Liu, H. Sok: Machine unlearning for large language models. arXiv preprint arXiv:2506.09227. 2025. https://doi.org/10.48550/arXiv.2506.09227.
  • [5] Warnecke, A., Pirch, L., Wressnegger, C. and Rieck, K. Machine unlearning of features and labels. In Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2023. https://doi.org/10.14722/ndss.2023.23087.
  • [6] Gu, H., Ong, W., Chan, C. S. and Fan, L. Ferrari: federated feature unlearning via optimizing feature sensitivity. In Advances in Neural Information Processing Systems, Vancouver, BC, Canada, 2024; pp. 24150-24180. https://doi.org/10.52202/079017-0761.
  • [7] Lizzo, T. and Heck, L. UNLEARN efficient removal of knowledge in large language models. In Findings of the Association for Computational Linguistics: NAACL 2025, Albuquerque, New Mexico, USA, 2025; pp. 7257-7268. https://doi.org/10.18653/v1/2025.findings-naacl.405.
  • [8] Che, T., Zhou, Y., Zhang, Z., Lyu, L., Liu, J., Yan, D., Dou, D. and Huan, J. Fast federated machine unlearning with nonlinear functional theory. In International conference on machine learning, Honolulu, HI, USA, 2023; pp. 4241-4268, https://proceedings.mlr.press/v202/che23b.html.
  • [9] Eisenhofer, T., Riepel, D., Chandrasekaran, V., Ghosh, E., Ohrimenko, O. and Papernot, N. Verifiable and Provably Secure Machine Unlearning. In 2025 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), Copenhagen, Denmark, 2025; pp. 479-496. https://doi.org/10.1109/SaTML64287.2025.00033.
  • [10] Li, J., Wei, Q., Zhang, C., Qi, G., Du, M., Chen, Y., Bi, S. and Liu, F. Single image unlearning: Efficient machine unlearning in multimodal large language models. In Advances in Neural Information Processing Systems, Vancouver, BC, Canada, 2024; pp. 35414-35453.
  • [11] Dong, Y., Zhang, B., Lei, Z., Zou, N. and Li, J. Idea: A flexible framework of certified unlearning for graph neural networks. In Proceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Barcelona, Spain, 2024; pp. 621-630. https://doi.org/10.1145/3637528.3671744.
  • [12] Wu, K., Shen, J., Ning, Y., Wang, T. and Wang, W. H. Certified edge unlearning for graph neural networks. In Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Long Beach, California, USA, 2023; pp. 2606-2617. https://doi.org/10.1145/3580305.3599271.
  • [13] Zhang, Z. Y., Nhung, B. T. C., Verma, A., Ding, B. and Low, B. K. H. Achieving Exact Federated Unlearning with Improved Post-Unlearning Performance. In International Conference on Learning Representations (ICLR 2025), Singapore, 2025.
  • [14] George, N., Dasaraju, K. N., Chittepu, R. R. and Mopuri, K. R. The illusion of unlearning: The unstable nature of machine unlearning in text-to-image diffusion models. In Proceedings of the Computer Vision and Pattern Recognition Conference, Nashville, Tennessee, USA, 2025; pp. 13393-13402.

Article Sidebar

PDF
Published
Jun 10, 2026
Conference Proceedings Volume
Vol. 14 (2026): Proceedings of the 2nd International Conference on Artificial Intelligence, Modern Engineering and Environmental Sustainability (IC-AIMEES 2026)
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Zhang, Xun. “Utilizing Cryptography to Decrease Privacy and Security Risks in Machine Unlearning”. Exploring Science Academic Conference Series, vol. 14, June 2026, pp. 317-25, https://doi.org/10.70267/ic-aimees.20260317325.