PQS-BFL: A Post-Quantum Secure Blockchain-based Federated Learning Framework

Federated Learning (FL) enables collaborative model training while preserving data privacy, but its classical cryptographic underpinnings are vulnerable to quantum attacks. This vulnerability is particularly critical in sensitive domains like healthcare. This paper introduces PQS-BFL (Post-Quantum Secure Blockchain-based Federated Learning), a framework integrating post-quantum cryptography (PQC) with blockchain verification to secure FL against quantum adversaries. We employ ML-DSA-65 (a FIPS 204 standard candidate, formerly Dilithium) signatures to authenticate model updates and leverage optimized smart contracts for decentralized validation. Extensive evaluations on diverse datasets (MNIST, SVHN, HAR) demonstrate that PQS-BFL achieves efficient cryptographic operations (average PQC sign time: 0.65 ms, verify time: 0.53 ms) with a fixed signature size of 3309 Bytes. Blockchain integration incurs a manageable overhead, with average transaction times around 4.8 s and gas usage per update averaging 1.72 x 10^6 units for PQC configurations. Crucially, the cryptographic overhead relative to transaction time remains minimal (around 0.01-0.02% for PQC with blockchain), confirming that PQC performance is not the bottleneck in blockchain-based FL. The system maintains competitive model accuracy (e.g., over 98.8% for MNIST with PQC) and scales effectively, with round times showing sublinear growth with increasing client numbers. Our open-source implementation and reproducible benchmarks validate the feasibility of deploying long-term, quantum-resistant security in practical FL systems.

💡 Research Summary

The paper addresses the looming quantum‑computing threat to classical cryptographic primitives (RSA, ECDSA) that underpin most federated learning (FL) systems, especially in high‑sensitivity domains such as healthcare. To future‑proof FL against quantum attacks, the authors propose PQS‑BFL, a Post‑Quantum Secure Blockchain‑based Federated Learning framework that integrates a standardized lattice‑based digital signature scheme, ML‑DSA‑65 (the Dilithium candidate selected for FIPS 204), with a blockchain smart‑contract layer for decentralized verification of model updates.

Algorithm selection and rationale
The authors benchmark three leading NIST PQC signature candidates—ML‑DSA‑65, Falcon‑512, and SPHINCS+‑SHA2‑128s—using liboqs. ML‑DSA‑65 offers the best balance of fast signing (0.656 ms) and verification (0.536 ms), moderate signature size (3309 B), Level 2 security (125‑bit classical, 64‑bit quantum), and strong standardization status. Although Falcon‑512 yields smaller signatures (666 B), its signing latency (3.282 ms) is considerably higher, and SPHINCS+ suffers from both large signatures (7856 B) and prohibitive signing time (131.926 ms). Consequently, ML‑DSA‑65 is chosen for the implementation.

System architecture
In PQS‑BFL, each client locally trains a model, signs the resulting weight update with ML‑DSA‑65, and submits the signed payload to a blockchain network. A custom smart contract validates the signature on‑chain, records the hash of the update, and triggers aggregation logic. By moving verification onto the ledger, the framework eliminates reliance on a trusted central server and provides immutable auditability.

Performance evaluation
Experiments span three datasets (MNIST, SVHN, Human Activity Recognition) and three client scales (3, 10, 30). Key findings include:

• Cryptographic overhead – Average signing time 0.65 ms, verification 0.53 ms, and fixed signature size 3309 B. When combined with blockchain transaction processing, the cryptographic portion accounts for only 0.01–0.02 % of total round time.
• Blockchain overhead – Mean transaction latency ≈ 4.8 s; gas consumption per update ≈ 1.72 × 10⁶ units. Although PQC signatures increase gas relative to ECDSA, the absolute cost remains modest compared with overall network latency.
• Model accuracy – PQS‑BFL matches or exceeds baseline FL performance: MNIST accuracy > 98.8 %, SVHN and HAR results are comparable to ECDSA‑protected runs, demonstrating that PQC integration does not degrade learning quality.
• Scalability – Round time grows sub‑linearly with client count, indicating that on‑chain verification and consensus can be parallelized effectively.

Security analysis
The paper models quantum adversaries capable of breaking RSA/ECDSA via Shor’s algorithm and explores attacks such as signature forgery, replay, and man‑in‑the‑middle. ML‑DSA‑65’s security rests on the hardness of Learning With Errors (LWE) and Module‑SIS problems, which remain resistant to known quantum algorithms. By anchoring both the FL update authentication and the blockchain transaction signing in the same PQC scheme, the entire pipeline achieves end‑to‑end quantum resistance.

Limitations and future work
Current implementation targets an Ethereum‑compatible testnet; real‑world deployment would need to account for fluctuating gas prices, alternative consensus mechanisms, and potential integration with privacy‑preserving techniques (e.g., zero‑knowledge proofs). The authors suggest exploring hybrid signatures (classical + PQC) to reduce gas while preserving security, and extending the framework to permissioned ledgers or edge‑computing environments.

Contribution and impact
PQS‑BFL delivers the first comprehensive, empirically validated integration of a standardized post‑quantum signature scheme with blockchain‑verified federated learning. By open‑sourcing the codebase and providing reproducible benchmarks, the work offers a practical pathway for organizations—particularly those handling regulated, high‑value data—to transition their collaborative AI pipelines to a quantum‑resilient future without sacrificing performance or model quality.