In federated learning (FL), a malicious central aggregator may manipulate client models or inject fake clients, compromising model integrity and privacy. To address this, we propose a verifiable gradient aggregation mechanism that synergistically integrates zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) with blockchain. Clients generate zk-SNARK proofs attesting to the correctness of their local updates—without revealing raw model parameters—while the aggregator must submit a complete, compliant proof of the aggregation process, validated via blockchain consensus. This work represents the first deep integration of zk-SNARKs and blockchain to ensure verifiability of FL aggregation. Theoretical analysis and empirical evaluation demonstrate that our mechanism preserves compatibility with standard FL frameworks (e.g., FedAvg) and maintains training efficiency, while significantly enhancing robustness against aggregator-level attacks. It simultaneously achieves strong security guarantees, end-to-end privacy preservation, and lightweight on-chain verification.

Federated learning (FL) is a machine learning paradigm, which enables multiple and decentralized clients to collaboratively train a model under the orchestration of a central aggregator. FL can be a scalable machine learning solution in <italic>Big Data</italic> scenarios. Traditional FL relies on the trust assumption of the central aggregator, which forms cohorts of clients honestly. However, a malicious aggregator, in reality, could abandon and replace the client's training models, or insert fake clients, to manipulate the final training results. In this work, we introduce <inline-formula><tex-math notation="LaTeX">$ t {zkFL}$</tex-math><alternatives><mml:math><mml:mi mathvariant="monospace">zkFL</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq3-3403370.gif"/></alternatives></inline-formula>, which leverages zero-knowledge proofs to tackle the issue of a malicious aggregator during the training model aggregation process. To guarantee the correct aggregation results, the aggregator provides a proof per round, demonstrating to the clients that the aggregator executes the intended behavior faithfully. To further reduce the verification cost of clients, we use blockchain to handle the proof in a zero-knowledge way, where miners (i.e., the participants validating and maintaining the blockchain data) can verify the proof without knowing the clients’ local and aggregated models. The theoretical analysis and empirical results show that <inline-formula><tex-math notation="LaTeX">$ t {zkFL}$</tex-math><alternatives><mml:math><mml:mi mathvariant="monospace">zkFL</mml:mi></mml:math><inline-graphic xlink:href="wang-ieq4-3403370.gif"/></alternatives></inline-formula> achieves better security and privacy than traditional FL, without modifying the underlying FL network structure or heavily compromising the training speed.