Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Zero-Knowledge Federated Learning with Lattice-Based Hybrid Encryption for Quantum-Resilient Medical AI

Edouard Lansiaux

TL;DR

ZKFL-PQ is introduced, a three-tiered cryptographic protocol that hybridizes ML-KEM for quantum-resistant key encapsulation, lattice-based Zero-Knowledge Proofs for verifiable \emph{norm-constrained} gradient integrity, and BFV homomorphic encryption for privacy-preserving aggregation.

Abstract

Federated Learning (FL) enables collaborative training of medical AI models across hospitals without centralizing patient data. However, the exchange of model updates exposes critical vulnerabilities: gradient inversion attacks can reconstruct patient information, Byzantine clients can poison the global model, and the \emph{Harvest Now, Decrypt Later} (HNDL) threat renders today's encrypted traffic vulnerable to future quantum adversaries.We introduce \textbf{ZKFL-PQ} (\emph{Zero-Knowledge Federated Learning, Post-Quantum}), a three-tiered cryptographic protocol that hybridizes (i) ML-KEM (FIPS~203) for quantum-resistant key encapsulation, (ii) lattice-based Zero-Knowledge Proofs for verifiable \emph{norm-constrained} gradient integrity, and (iii) BFV homomorphic encryption for privacy-preserving aggregation. We formalize the security model and prove correctness and zero-knowledge properties under the Module-LWE, Ring-LWE, and SIS assumptions \emph{in the classical random oracle model}. We evaluate ZKFL-PQ on synthetic medical imaging data across 5 federated clients over 10 training rounds. Our protocol achieves \textbf{100\% rejection of norm-violating updates} while maintaining model accuracy at 100\%, compared to a catastrophic drop to 23\% under standard FL. The computational overhead (factor $\sim$20$\times$) is analyzed and shown to be compatible with clinical research workflows operating on daily or weekly training cycles. We emphasize that the current defense guarantees rejection of large-norm malicious updates; robustness against subtle low-norm or directional poisoning remains future work.

Zero-Knowledge Federated Learning with Lattice-Based Hybrid Encryption for Quantum-Resilient Medical AI

TL;DR

ZKFL-PQ is introduced, a three-tiered cryptographic protocol that hybridizes ML-KEM for quantum-resistant key encapsulation, lattice-based Zero-Knowledge Proofs for verifiable \emph{norm-constrained} gradient integrity, and BFV homomorphic encryption for privacy-preserving aggregation.

Abstract

Federated Learning (FL) enables collaborative training of medical AI models across hospitals without centralizing patient data. However, the exchange of model updates exposes critical vulnerabilities: gradient inversion attacks can reconstruct patient information, Byzantine clients can poison the global model, and the \emph{Harvest Now, Decrypt Later} (HNDL) threat renders today's encrypted traffic vulnerable to future quantum adversaries.We introduce \textbf{ZKFL-PQ} (\emph{Zero-Knowledge Federated Learning, Post-Quantum}), a three-tiered cryptographic protocol that hybridizes (i) ML-KEM (FIPS~203) for quantum-resistant key encapsulation, (ii) lattice-based Zero-Knowledge Proofs for verifiable \emph{norm-constrained} gradient integrity, and (iii) BFV homomorphic encryption for privacy-preserving aggregation. We formalize the security model and prove correctness and zero-knowledge properties under the Module-LWE, Ring-LWE, and SIS assumptions \emph{in the classical random oracle model}. We evaluate ZKFL-PQ on synthetic medical imaging data across 5 federated clients over 10 training rounds. Our protocol achieves \textbf{100\% rejection of norm-violating updates} while maintaining model accuracy at 100\%, compared to a catastrophic drop to 23\% under standard FL. The computational overhead (factor 20) is analyzed and shown to be compatible with clinical research workflows operating on daily or weekly training cycles. We emphasize that the current defense guarantees rejection of large-norm malicious updates; robustness against subtle low-norm or directional poisoning remains future work.
Paper Structure (39 sections, 4 theorems, 7 equations, 5 figures, 4 tables, 1 algorithm)

This paper contains 39 sections, 4 theorems, 7 equations, 5 figures, 4 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Contributions.
  3. Preliminaries and Notation
  4. Notation
  5. The Module-Learning With Errors Problem
  6. ML-KEM (FIPS 203)
  7. BFV Homomorphic Encryption
  8. Zero-Knowledge Proofs
  9. Threat Model
  10. The ZKFL-PQ Protocol
  11. System Architecture
  12. Detailed Protocol Description
  13. ZKP for Gradient Norm Bounds
  14. Protocol.
  15. Correctness of Homomorphic Aggregation
  16. ...and 24 more sections

Key Result

Proposition 2.3

For any $m_1, m_2 \in R_t$: provided the accumulated noise does not exceed $q/2t$.

Figures (5)

  • Figure 1: Test accuracy over 10 FL rounds. The malicious client activates at round 4. Standard FL and FL+ML-KEM collapse; ZKFL-PQ maintains perfect accuracy by rejecting Byzantine updates.
  • Figure 2: Training loss (log scale). ZKFL-PQ continues converging while other protocols diverge.
  • Figure 3: Per-round computation time breakdown for the ZKFL-PQ hybrid protocol.
  • Figure 4: Security posture comparison across six dimensions. ZKFL-PQ achieves maximum scores across all axes.
  • Figure 5: Ablation study results. (a) Detection rate remains 100% up to 3 malicious clients. (b) False positive rate drops to 0% for $\tau \geq 5$.

Theorems & Definitions (13)

  • Definition 2.1: MLWE Problem langlois2015mlwe
  • Definition 2.2: BFV Encryption
  • Proposition 2.3: Additive Homomorphism
  • Definition 2.4: Zero-Knowledge Proof System
  • Definition 3.1: Security Goals
  • Definition 4.1: Protocol Layers
  • Definition 4.2: Lattice Commitment
  • Theorem 4.3: Security of the ZKP
  • proof
  • Theorem 4.4: Aggregation Correctness
  • ...and 3 more