End-to-End Verifiable Decentralized Federated Learning
Chaehyeon Lee, Jonathan Heiss, Stefan Tai, James Won-Ki Hong
TL;DR
This work addresses the lack of end-to-end integrity in decentralized federated learning by introducing a two-step proving and verification (2PV) framework that adds non-disclosing authenticity proofs for data sources and certificates of devices. It integrates on-chain verification of aggregates with off-chain zkSNARK-based learning while protecting confidential inputs, enabling end-to-end verifiability from certified edge devices to blockchain storage. The key contributions include the system model with three layers, the 2PV registration and learning workflows, and a ZoKrates-based prototyping implementation demonstrating feasible overheads. The approach enhances resilience against data poisoning and Sybil attacks in IoT/healthcare scenarios, with practical implications for secure, auditable collaborative learning at scale.
Abstract
Verifiable decentralized federated learning (FL) systems combining blockchains and zero-knowledge proofs (ZKP) make the computational integrity of local learning and global aggregation verifiable across workers. However, they are not end-to-end: data can still be corrupted prior to the learning. In this paper, we propose a verifiable decentralized FL system for end-to-end integrity and authenticity of data and computation extending verifiability to the data source. Addressing an inherent conflict of confidentiality and transparency, we introduce a two-step proving and verification (2PV) method that we apply to central system procedures: a registration workflow that enables non-disclosing verification of device certificates and a learning workflow that extends existing blockchain and ZKP-based FL systems through non-disclosing data authenticity proofs. Our evaluation on a prototypical implementation demonstrates the technical feasibility with only marginal overheads to state-of-the-art solutions.