Secure federated learning (SFL) in privacy-sensitive domains (e.g., healthcare, finance) suffers from insufficient Byzantine robustness, low aggregation efficiency, and an inherent trade-off between privacy preservation and verifiability of correctness. Method: We propose the first ZKP-embedded SFL framework, integrating zero-knowledge proofs (ZKPs), homomorphic encryption, distributed weighted aggregation verification, and client-side local weight offloading into the secure aggregation pipeline. Contribution/Results: Our approach enables privacy-preserving, cryptographically verified correctness checks for standard aggregation operators under encryption—achieving, for the first time, full compatibility between SFL and Byzantine robustness. Aggregation throughput improves by ≈100× compared to baseline SFL schemes. The framework supports open-sourcing of plaintext models without exposing raw training data. Under adversarial (Byzantine) client attacks, model accuracy remains stable, attaining theoretically optimal robustness bounds.

The advancement of AI models, especially those powered by deep learning, faces significant challenges in data-sensitive industries like healthcare and finance due to the distributed and private nature of data. Federated Learning (FL) and Secure Federated Learning (SFL) enable collaborative model training without data sharing, enhancing privacy by encrypting shared intermediate results. However, SFL currently lacks effective Byzantine robustness, a critical property that ensures model performance remains intact even when some participants act maliciously. Existing Byzantine-robust methods in FL are incompatible with SFL due to the inefficiency and limitations of encryption operations in handling complex aggregation calculations. This creates a significant gap in secure and robust model training. To address this gap, we propose ByzSFL, a novel SFL system that achieves Byzantine-robust secure aggregation with high efficiency. Our approach offloads aggregation weight calculations to individual parties and introduces a practical zero-knowledge proof (ZKP) protocol toolkit. This toolkit supports widely used operators for calculating aggregation weights, ensuring correct computations without compromising data privacy. Not only does this method maintain aggregation integrity, but it also significantly boosts computational efficiency, making ByzSFL approximately 100 times faster than existing solutions. Furthermore, our method aligns with open-source AI trends, enabling plaintext publication of the final model without additional information leakage, thereby enhancing the practicality and robustness of SFL in real-world applications.