Zero Knowledge Proof for Privacy Preserving for Federated Learning in Healthcare Systems
Main Article Content
Abstract
Federated Learning (FL) enables collaborative model training across hospitals while keeping patient data local, thus aiming to satisfy strict healthcare privacy regulations (e.g. HIPAA, GDPR). However, FL still leaks information via shared model updates, exposing it to membership inference and gradient inversion attacks. In this work, we propose an end-to-end framework that integrates zero-knowledge proofs (ZKPs) with FL to ensure both data privacy and trust in the aggregation process. In our design, each hospital (client) sends encrypted model updates to a central aggregator, which then computes the global model and simultaneously generates a succinct ZKP (e.g. a zk-SNARK) attesting to the correctness of the aggregation. Clients (or a verifier network) can efficiently verify this proof without learning any additional information. We simulate a disease-prediction task on synthetic medical data and evaluate metrics including predictive accuracy, proof generation/verification time, and communication overhead. Our results (see Table 1 and Fig. 3) show that incorporating ZKP maintains almost identical model accuracy compared to standard FL while adding moderate computational and bandwidth overhead. ZKP verification costs scale favorably (often <50% of proof generation time) and can be offloaded to a blockchain network to avoid burdening resource-constrained hospitals. The key contribution is a structured ZK-FL framework combining FL and zk-SNARKs, along with a formal threat model. This approach closes FL’s trust gap in healthcare settings, and suggests future work on scalable proof systems (e.g. post-quantum ZKPs) and integration with blockchain-based verifiers.