Table of Contents
Fetching ...

zkFL-Health: Blockchain-Enabled Zero-Knowledge Federated Learning for Medical AI Privacy

Savvy Sharma, George Petrovic, Sarthak Kaushik

TL;DR

zkFL-Health presents a verifiable, privacy-preserving cross-silo federated learning framework for medical AI by embedding zero-knowledge proofs within a TEEs-enabled aggregator and logging cryptographic commitments on a blockchain. The approach delivers strong confidentiality, a tamper-evident audit trail, and end-to-end verifiability of the aggregation process while maintaining diagnostic utility comparable to centralized/federated baselines. It achieves this through Halo2/Nova-based zk-SNARK proofs, KZG commitments, and minimal on-chain data, supported by a healthcare-specific threat model and compliance considerations (HIPAA/GDPR). The work details a practical protocol, security guarantees, and an evaluation methodology using CheXpert and MIMIC-III-inspired tasks, coupled with concrete performance metrics for proof latency and blockchain costs, highlighting the framework’s potential for regulatory-aligned, auditable medical AI deployment.

Abstract

Healthcare AI needs large, diverse datasets, yet strict privacy and governance constraints prevent raw data sharing across institutions. Federated learning (FL) mitigates this by training where data reside and exchanging only model updates, but practical deployments still face two core risks: (1) privacy leakage via gradients or updates (membership inference, gradient inversion) and (2) trust in the aggregator, a single point of failure that can drop, alter, or inject contributions undetected. We present zkFL-Health, an architecture that combines FL with zero-knowledge proofs (ZKPs) and Trusted Execution Environments (TEEs) to deliver privacy-preserving, verifiably correct collaborative training for medical AI. Clients locally train and commit their updates; the aggregator operates within a TEE to compute the global update and produces a succinct ZK proof (via Halo2/Nova) that it used exactly the committed inputs and the correct aggregation rule, without revealing any client update to the host. Verifier nodes validate the proof and record cryptographic commitments on-chain, providing an immutable audit trail and removing the need to trust any single party. We outline system and threat models tailored to healthcare, the zkFL-Health protocol, security/privacy guarantees, and a performance evaluation plan spanning accuracy, privacy risk, latency, and cost. This framework enables multi-institutional medical AI with strong confidentiality, integrity, and auditability, key properties for clinical adoption and regulatory compliance.

zkFL-Health: Blockchain-Enabled Zero-Knowledge Federated Learning for Medical AI Privacy

TL;DR

zkFL-Health presents a verifiable, privacy-preserving cross-silo federated learning framework for medical AI by embedding zero-knowledge proofs within a TEEs-enabled aggregator and logging cryptographic commitments on a blockchain. The approach delivers strong confidentiality, a tamper-evident audit trail, and end-to-end verifiability of the aggregation process while maintaining diagnostic utility comparable to centralized/federated baselines. It achieves this through Halo2/Nova-based zk-SNARK proofs, KZG commitments, and minimal on-chain data, supported by a healthcare-specific threat model and compliance considerations (HIPAA/GDPR). The work details a practical protocol, security guarantees, and an evaluation methodology using CheXpert and MIMIC-III-inspired tasks, coupled with concrete performance metrics for proof latency and blockchain costs, highlighting the framework’s potential for regulatory-aligned, auditable medical AI deployment.

Abstract

Healthcare AI needs large, diverse datasets, yet strict privacy and governance constraints prevent raw data sharing across institutions. Federated learning (FL) mitigates this by training where data reside and exchanging only model updates, but practical deployments still face two core risks: (1) privacy leakage via gradients or updates (membership inference, gradient inversion) and (2) trust in the aggregator, a single point of failure that can drop, alter, or inject contributions undetected. We present zkFL-Health, an architecture that combines FL with zero-knowledge proofs (ZKPs) and Trusted Execution Environments (TEEs) to deliver privacy-preserving, verifiably correct collaborative training for medical AI. Clients locally train and commit their updates; the aggregator operates within a TEE to compute the global update and produces a succinct ZK proof (via Halo2/Nova) that it used exactly the committed inputs and the correct aggregation rule, without revealing any client update to the host. Verifier nodes validate the proof and record cryptographic commitments on-chain, providing an immutable audit trail and removing the need to trust any single party. We outline system and threat models tailored to healthcare, the zkFL-Health protocol, security/privacy guarantees, and a performance evaluation plan spanning accuracy, privacy risk, latency, and cost. This framework enables multi-institutional medical AI with strong confidentiality, integrity, and auditability, key properties for clinical adoption and regulatory compliance.
Paper Structure (33 sections, 1 equation, 1 figure, 7 tables)