zkFL: Verifiable Byzantine-Robust Federated Learning Against Malicious Servers

In low-altitude networks, various aerial platforms such as autonomous aerial vehicles and airships cooperate to provide services including real-time monitoring, emergency response, and data collection. These platforms often operate with limited computing resources, restricted energy supply, and unstable wireless connectivity, making centralized data processing inefficient and prone to privacy risks. Federated Learning (FL) provides a promising solution by enabling multiple platforms to collaboratively train a shared model without exchanging raw data. However, the presence of Byzantine clients and a potentially malicious server poses serious threats to the robustness and trustworthiness of FL in such environments. Existing Byzantine-robust FL methods typically assume a semi-honest server and rely on auxiliary information such as clean datasets or known attacker ratios, which limits their applicability in dynamic and non-IID scenarios. In this paper, we propose zkFL, a Byzantine-robust FL framework that embeds zero-knowledge proofs to ensure verifiable aggregation under a malicious server. ZkFL allows clients to verify the correctness of server-side aggregation and dynamically adjusts client weights based on inference-guided detection, without relying on external datasets. Each round includes a zk-SNARK proof to guarantee aggregation integrity while preserving gradient privacy. Experiments demonstrate that zkFL exhibits strong robustness and verifiability in both IID and non-IID settings, outperforming prior methods, even in the presence of a malicious server.