Federated Learning (FL) is a machine learning paradigm, which enables multiple and decentralized clients to collaboratively train a model under the orchestration of a central aggregator. Traditional FL solutions rely on the trust assumption of the centralized aggregator, which forms cohorts of clients in a fair and honest manner. However, a malicious aggregator, in reality, could abandon and replace the client's training models, or launch Sybil attacks to insert fake clients. Such malicious behaviors give the aggregator more power to control clients in the FL setting and determine the final training results. In this work, we introduce zkFL, which leverages zero-knowledge proofs (ZKPs) to tackle the issue of a malicious aggregator during the training model aggregation process. To guarantee the correct aggregation results, the aggregator needs to provide a proof per round. The proof can demonstrate to the clients that the aggregator executes the intended behavior faithfully. To further reduce the verification cost of clients, we employ a blockchain to handle the proof in a zero-knowledge way, where miners (i.e., the nodes validating and maintaining the blockchain data) can verify the proof without knowing the clients' local and aggregated models. The theoretical analysis and empirical results show that zkFL can achieve better security and privacy than traditional FL, without modifying the underlying FL network structure or heavily compromising the training speed.

翻译：联邦学习（FL）是一种机器学习范式，它允许多个分散的客户端在中央聚合器的协调下协同训练模型。传统的联邦学习方案依赖于对中心化聚合器的信任假设，即聚合器以公平诚实的方式组建客户端群组。然而在实际场景中，恶意聚合器可能会丢弃或替换客户端的训练模型，或发起女巫攻击以插入虚假客户端。此类恶意行为使聚合器在联邦学习环境中拥有更强的客户端控制能力，并最终决定训练结果。本文提出zkFL方法，利用零知识证明（ZKP）解决训练模型聚合过程中恶意聚合器问题。为确保聚合结果的正确性，聚合器需要为每轮训练提供证明。该证明可向客户端证实聚合器忠实地执行了预期操作。为进一步降低客户端的验证开销，我们采用区块链以零知识方式处理证明，矿工（即验证并维护区块链数据的节点）可在不获知客户端本地模型及聚合模型的情况下验证证明。理论分析与实验结果表明，zkFL在不改变底层联邦学习网络结构且不严重影响训练速度的前提下，能够实现比传统联邦学习更优的安全性与隐私保护。