zkFL-Health: Blockchain-Enabled Zero-Knowledge Federated Learning for Medical AI Privacy

TL;DR

zkFL-Health introduces a blockchain-enabled federated learning framework with zero-knowledge proofs and TEEs, ensuring privacy, correctness, and auditability for collaborative medical AI training across institutions.

Contribution

The paper presents a novel architecture combining FL, ZKPs, and TEEs to enhance privacy, correctness, and trustworthiness in multi-institutional healthcare AI training.

Findings

Provides privacy guarantees without revealing client updates

Ensures correct aggregation through zero-knowledge proofs

Enables immutable audit trails via blockchain recording

Abstract

Healthcare AI needs large, diverse datasets, yet strict privacy and governance constraints prevent raw data sharing across institutions. Federated learning (FL) mitigates this by training where data reside and exchanging only model updates, but practical deployments still face two core risks: (1) privacy leakage via gradients or updates (membership inference, gradient inversion) and (2) trust in the aggregator, a single point of failure that can drop, alter, or inject contributions undetected. We present zkFL-Health, an architecture that combines FL with zero-knowledge proofs (ZKPs) and Trusted Execution Environments (TEEs) to deliver privacy-preserving, verifiably correct collaborative training for medical AI. Clients locally train and commit their updates; the aggregator operates within a TEE to compute the global update and produces a succinct ZK proof (via Halo2/Nova) that it used exactly the committed inputs and the correct aggregation rule, without revealing any client update to the host. Verifier nodes validate the proof and record cryptographic commitments on-chain, providing an immutable audit trail and removing the need to trust any single party. We outline system and threat models tailored to healthcare, the zkFL-Health protocol, security/privacy guarantees, and a performance evaluation plan spanning accuracy, privacy risk, latency, and cost. This framework enables multi-institutional medical AI with strong confidentiality, integrity, and auditability, key properties for clinical adoption and regulatory compliance.