Federated Learning (FL) is a machine learning paradigm, which enables multiple and decentralized clients to collaboratively train a model under the orchestration of a central aggregator. Traditional FL solutions rely on the trust assumption of the centralized aggregator, which forms cohorts of clients in a fair and honest manner. However, a malicious aggregator, in reality, could abandon and replace the client's training models, or launch Sybil attacks to insert fake clients. Such malicious behaviors give the aggregator more power to control clients in the FL setting and determine the final training results. In this work, we introduce zkFL, which leverages zero-knowledge proofs (ZKPs) to tackle the issue of a malicious aggregator during the training model aggregation process. To guarantee the correct aggregation results, the aggregator needs to provide a proof per round. The proof can demonstrate to the clients that the aggregator executes the intended behavior faithfully. To further reduce the verification cost of clients, we employ a blockchain to handle the proof in a zero-knowledge way, where miners (i.e., the nodes validating and maintaining the blockchain data) can verify the proof without knowing the clients' local and aggregated models. The theoretical analysis and empirical results show that zkFL can achieve better security and privacy than traditional FL, without modifying the underlying FL network structure or heavily compromising the training speed.

翻译：联邦学习（Federated Learning, FL）是一种机器学习范式，允许异构的多个客户端在中央聚合器的协调下协作训练模型。传统联邦学习方案依赖对中心化聚合器的信任假设，要求其以公平诚实的方式组建客户端集群。然而现实中的恶意聚合器可能丢弃或替换客户端的训练模型，或发起女巫攻击（Sybil attack）注入虚假客户端。此类恶意行为使得聚合器在联邦学习框架中获取更高控制权限，并最终左右训练结果。本研究提出zkFL，通过零知识证明（Zero-Knowledge Proofs, ZKPs）解决训练模型聚合过程中恶意聚合器问题。为确保聚合结果的正确性，聚合器需每轮提供证明，向客户端证实其忠实地执行了预期操作。为进一步降低客户端的验证开销，我们采用区块链以零知识方式处理证明——矿工（即验证并维护区块链数据的节点）可在不知晓客户端本地模型及聚合模型的情况下完成验证。理论分析与实验结果表明，与传统联邦学习相比，zkFL无需修改底层联邦学习网络结构，亦不会严重损害训练速度，即可实现更强的安全性与隐私保护。