Table of Contents
Fetching ...

FedGraph-VASP: Privacy-Preserving Federated Graph Learning with Post-Quantum Security for Cross-Institutional Anti-Money Laundering

Daniel Commey, Matilda Nkoom, Yousef Alsenani, Sena G. Hounsinou, Garth V. Crosby

TL;DR

FedGraph-VASP introduces boundary embedding exchange for privacy-preserving federated graph learning to detect cross-institution AML patterns, secured by a hybrid post-quantum cryptographic tunnel using Kyber-512 and AES-256-GCM. It demonstrates substantial performance gains over isolated and generator-imputation baselines on the Elliptic Bitcoin dataset, while providing robust privacy characteristics (partial embedding invertibility) and practical PQC overhead. The approach highlights a topology-dependent trade-off: embedding exchange excels in connected graphs while generative imputation can perform better in highly modular, sparse graphs, and it shows generalizability to Ethereum with topology considerations. Overall, the framework offers a viable, regulatorily palatable path for cross-institution AML that balances detection effectiveness, data privacy, and long-term security against quantum threats.

Abstract

Virtual Asset Service Providers (VASPs) face a fundamental tension between regulatory compliance and user privacy when detecting cross-institutional money laundering. Current approaches require either sharing sensitive transaction data or operating in isolation, leaving critical cross-chain laundering patterns undetected. We present FedGraph-VASP, a privacy-preserving federated graph learning framework that enables collaborative anti-money laundering (AML) without exposing raw user data. Our key contribution is a Boundary Embedding Exchange protocol that shares only compressed, non-invertible graph neural network representations of boundary accounts. These exchanges are secured using post-quantum cryptography, specifically the NIST-standardized Kyber-512 key encapsulation mechanism combined with AES-256-GCM authenticated encryption. Experiments on the Elliptic Bitcoin dataset with realistic Louvain partitioning show that FedGraph-VASP achieves an F1-score of 0.508, outperforming the state-of-the-art generative baseline FedSage+ (F1 = 0.453) by 12.1 percent on binary fraud detection. We further show robustness under low-connectivity settings where generative imputation degrades performance, while approaching centralized performance (F1 = 0.620) in high-connectivity regimes. We additionally evaluate generalization on an Ethereum fraud detection dataset, where FedGraph-VASP (F1 = 0.635) is less effective under sparse cross-silo connectivity, while FedSage+ excels (F1 = 0.855), outperforming even local training (F1 = 0.785). These results highlight a topology-dependent trade-off: embedding exchange benefits connected transaction graphs, whereas generative imputation can dominate in highly modular sparse graphs. A privacy audit shows embeddings are only partially invertible (R^2 = 0.32), limiting exact feature recovery.

FedGraph-VASP: Privacy-Preserving Federated Graph Learning with Post-Quantum Security for Cross-Institutional Anti-Money Laundering

TL;DR

FedGraph-VASP introduces boundary embedding exchange for privacy-preserving federated graph learning to detect cross-institution AML patterns, secured by a hybrid post-quantum cryptographic tunnel using Kyber-512 and AES-256-GCM. It demonstrates substantial performance gains over isolated and generator-imputation baselines on the Elliptic Bitcoin dataset, while providing robust privacy characteristics (partial embedding invertibility) and practical PQC overhead. The approach highlights a topology-dependent trade-off: embedding exchange excels in connected graphs while generative imputation can perform better in highly modular, sparse graphs, and it shows generalizability to Ethereum with topology considerations. Overall, the framework offers a viable, regulatorily palatable path for cross-institution AML that balances detection effectiveness, data privacy, and long-term security against quantum threats.

Abstract

Virtual Asset Service Providers (VASPs) face a fundamental tension between regulatory compliance and user privacy when detecting cross-institutional money laundering. Current approaches require either sharing sensitive transaction data or operating in isolation, leaving critical cross-chain laundering patterns undetected. We present FedGraph-VASP, a privacy-preserving federated graph learning framework that enables collaborative anti-money laundering (AML) without exposing raw user data. Our key contribution is a Boundary Embedding Exchange protocol that shares only compressed, non-invertible graph neural network representations of boundary accounts. These exchanges are secured using post-quantum cryptography, specifically the NIST-standardized Kyber-512 key encapsulation mechanism combined with AES-256-GCM authenticated encryption. Experiments on the Elliptic Bitcoin dataset with realistic Louvain partitioning show that FedGraph-VASP achieves an F1-score of 0.508, outperforming the state-of-the-art generative baseline FedSage+ (F1 = 0.453) by 12.1 percent on binary fraud detection. We further show robustness under low-connectivity settings where generative imputation degrades performance, while approaching centralized performance (F1 = 0.620) in high-connectivity regimes. We additionally evaluate generalization on an Ethereum fraud detection dataset, where FedGraph-VASP (F1 = 0.635) is less effective under sparse cross-silo connectivity, while FedSage+ excels (F1 = 0.855), outperforming even local training (F1 = 0.785). These results highlight a topology-dependent trade-off: embedding exchange benefits connected transaction graphs, whereas generative imputation can dominate in highly modular sparse graphs. A privacy audit shows embeddings are only partially invertible (R^2 = 0.32), limiting exact feature recovery.
Paper Structure (32 sections, 3 equations, 6 figures, 9 tables, 1 algorithm)

This paper contains 32 sections, 3 equations, 6 figures, 9 tables, 1 algorithm.

Figures (6)

  • Figure 1: FedGraph-VASP architecture. Each VASP maintains a local GNN on its transaction subgraph. Boundary embeddings ($h_v$) for cross-institutional accounts are encrypted using Kyber-512 key encapsulation and AES-256-GCM, then exchanged via the aggregation server. Model weights ($\theta$) are aggregated using FedAvg, and foreign embeddings ($H$) are distributed back to enable boundary alignment loss computation.
  • Figure 2: Ablation study: FedGraph-VASP is robust to $\lambda$ but sensitive to excessive graph fragmentation.
  • Figure 3: Convergence comparison across partitioning strategies. FedGraph-VASP (green) consistently outperforms all baselines.
  • Figure 4: F1-Score comparison across methods and partitioning strategies. FedGraph-VASP achieves highest performance in both regimes.
  • Figure 5: Privacy analysis: Embedding inversion is partially successful ($R^2 = 0.32$) while membership inference succeeds (AUC=0.95).
  • ...and 1 more figures