Federated Learning (FL) is a machine learning paradigm, which enables multiple and decentralized clients to collaboratively train a model under the orchestration of a central aggregator. Traditional FL solutions rely on the trust assumption of the centralized aggregator, which forms cohorts of clients in a fair and honest manner. However, a malicious aggregator, in reality, could abandon and replace the client's training models, or launch Sybil attacks to insert fake clients. Such malicious behaviors give the aggregator more power to control clients in the FL setting and determine the final training results. In this work, we introduce zkFL, which leverages zero-knowledge proofs (ZKPs) to tackle the issue of a malicious aggregator during the training model aggregation process. To guarantee the correct aggregation results, the aggregator needs to provide a proof per round. The proof can demonstrate to the clients that the aggregator executes the intended behavior faithfully. To further reduce the verification cost of clients, we employ a blockchain to handle the proof in a zero-knowledge way, where miners (i.e., the nodes validating and maintaining the blockchain data) can verify the proof without knowing the clients' local and aggregated models. The theoretical analysis and empirical results show that zkFL can achieve better security and privacy than traditional FL, without modifying the underlying FL network structure or heavily compromising the training speed.

翻译：联邦学习（FL）是一种机器学习范式，允许多个分散的客户端在中央聚合器的协调下协同训练模型。传统FL解决方案依赖于对中心化聚合器的信任假设，即其能以公正诚实的方式组建客户端队列。然而现实中的恶意聚合器可能丢弃并替换客户端的训练模型，或发动女巫攻击注入虚假客户端。此类恶意行为使聚合器在FL场景中拥有更大权限控制客户端，并决定最终训练结果。本文提出zkFL，利用零知识证明（ZKP）解决训练模型聚合过程中的恶意聚合器问题。为确保正确聚合结果，聚合器需每轮提供证明，向客户端证明其忠实执行了预期行为。为进一步降低客户端验证开销，我们采用区块链以零知识方式处理证明：矿工（即验证和维护区块链数据的节点）可在无需知晓客户端本地模型及其聚合模型的情况下验证证明。理论分析与实验结果表明，zkFL无需修改底层FL网络结构或严重牺牲训练速度，即可实现优于传统FL的安全性与隐私保护。