ByzSFL: Achieving Byzantine-Robust Secure Federated Learning with Zero-Knowledge Proofs
Yongming Fan, Rui Zhu, Zihao Wang, Chenghong Wang, Haixu Tang, Ye Dong, Hyunghoon Cho, Lucila Ohno-Machado
TL;DR
ByzSFL addresses the lack of Byzantine robustness in Secure Federated Learning by offloading aggregation weight computations to clients and enforcing correctness with a Zero-Knowledge Proof toolkit within a dual-server DuoAgg architecture. The approach leverages Partially Homomorphic Encryption to keep server-side computations lightweight while enabling secure aggregation, and zk-SNARKs (Groth16) to verify client computations with Circom gadget support. It delivers up to approximately 85x speedups over fully homomorphic baselines and outperforms RoFL variants in both time and bandwidth, making secure, robust FL practical for data-sensitive domains such as healthcare and finance. The framework preserves privacy through encryption and non-colluding server assumptions while maintaining robustness against malicious clients, enabling plaintext publication of the final model without leaking sensitive information.
Abstract
The advancement of AI models, especially those powered by deep learning, faces significant challenges in data-sensitive industries like healthcare and finance due to the distributed and private nature of data. Federated Learning (FL) and Secure Federated Learning (SFL) enable collaborative model training without data sharing, enhancing privacy by encrypting shared intermediate results. However, SFL currently lacks effective Byzantine robustness, a critical property that ensures model performance remains intact even when some participants act maliciously. Existing Byzantine-robust methods in FL are incompatible with SFL due to the inefficiency and limitations of encryption operations in handling complex aggregation calculations. This creates a significant gap in secure and robust model training. To address this gap, we propose ByzSFL, a novel SFL system that achieves Byzantine-robust secure aggregation with high efficiency. Our approach offloads aggregation weight calculations to individual parties and introduces a practical zero-knowledge proof (ZKP) protocol toolkit. This toolkit supports widely used operators for calculating aggregation weights, ensuring correct computations without compromising data privacy. Not only does this method maintain aggregation integrity, but it also significantly boosts computational efficiency, making ByzSFL approximately 100 times faster than existing solutions. Furthermore, our method aligns with open-source AI trends, enabling plaintext publication of the final model without additional information leakage, thereby enhancing the practicality and robustness of SFL in real-world applications.