Virtual Asset Service Providers (VASPs) face a fundamental tension between regulatory compliance and user privacy when detecting cross-institutional money laundering. Current approaches require either sharing sensitive transaction data or operating in isolation, leaving critical cross-chain laundering patterns undetected. We present FedGraph-VASP, a privacy-preserving federated graph learning framework that enables collaborative anti-money laundering (AML) without exposing raw user data. Our key contribution is a Boundary Embedding Exchange protocol that shares only compressed, non-invertible graph neural network representations of boundary accounts. These exchanges are secured using post-quantum cryptography, specifically the NIST-standardized Kyber-512 key encapsulation mechanism combined with AES-256-GCM authenticated encryption. Experiments on the Elliptic Bitcoin dataset with realistic Louvain partitioning show that FedGraph-VASP achieves an F1-score of 0.508, outperforming the state-of-the-art generative baseline FedSage+ (F1 = 0.453) by 12.1 percent on binary fraud detection. We further show robustness under low-connectivity settings where generative imputation degrades performance, while approaching centralized performance (F1 = 0.620) in high-connectivity regimes. We additionally evaluate generalization on an Ethereum fraud detection dataset, where FedGraph-VASP (F1 = 0.635) is less effective under sparse cross-silo connectivity, while FedSage+ excels (F1 = 0.855), outperforming even local training (F1 = 0.785). These results highlight a topology-dependent trade-off: embedding exchange benefits connected transaction graphs, whereas generative imputation can dominate in highly modular sparse graphs. A privacy audit shows embeddings are only partially invertible (R^2 = 0.32), limiting exact feature recovery.

翻译：虚拟资产服务提供商（VASPs）在检测跨机构洗钱活动时面临监管合规与用户隐私之间的根本性矛盾。现有方法要么需要共享敏感交易数据，要么只能孤立运作，导致关键的跨链洗钱模式无法被检测。本文提出FedGraph-VASP，一种隐私保护的联邦图学习框架，能够在无需暴露原始用户数据的情况下实现协同反洗钱（AML）。我们的核心贡献是边界嵌入交换协议，该协议仅共享边界账户的压缩、不可逆图神经网络表示。这些交换过程通过后量子密码技术进行保护，具体采用NIST标准化的Kyber-512密钥封装机制结合AES-256-GCM认证加密。在基于现实Louvain分割的Elliptic比特币数据集上的实验表明，FedGraph-VASP在二元欺诈检测任务中取得了0.508的F1分数，优于当前最先进的生成式基线方法FedSage+（F1 = 0.453）达12.1%。我们进一步证明了其在低连通性场景下的鲁棒性——生成式插补方法在该场景下性能会下降，而FedGraph-VASP在高连通性场景下能接近集中式训练的性能（F1 = 0.620）。此外，我们在以太坊欺诈检测数据集上评估了泛化性能，发现FedGraph-VASP（F1 = 0.635）在稀疏的跨机构连通性下效果较弱，而FedSage+表现优异（F1 = 0.855），甚至优于本地训练（F1 = 0.785）。这些结果揭示了一种拓扑依赖的权衡：嵌入交换对连通性好的交易图有益，而生成式插补在高度模块化的稀疏图中可能占优。隐私审计表明嵌入仅部分可逆（R^2 = 0.32），限制了精确特征恢复的可能性。