Decentralized, Privacy-Preserving Collaborative Training of AI Model Parameters

The patented ring protocol with obfuscation enables collaborative AI training without data sharing—GDPR-compliant by design, without a central aggregation server. It is designed for regulated, high-risk industries such as banking, healthcare, telecommunications, and autonomous driving.

• No central server or aggregator required – fully decentralized ring protocol (unique compared to existing federated learning solutions).
• No exchange of raw data or sub-models – reverse engineering of training data is structurally prevented.
• GDPR-compliant by design: training data remain entirely with the data owner.
• Model-agnostic: applicable to neural networks, association rules, decision trees, recommender systems, and more.
• Compatible with existing software infrastructure; no specialized hardware required.
• Scalable to an arbitrary number of participants (recommended minimum: 4–5 peers).
• Reduced communication overhead compared to star topologies (n−1 instead of n×(n−1) connections).
• Enables collaborative learning among competitors or across jurisdictions without mutual trust.

Competing banks and insurance companies can collaboratively train models for fraud detection, credit risk assessment, and anti-money laundering without exposing sensitive customer transaction data. For example, SWIFT is piloting collaborative fraud detection using federated learning with Google Cloud and 12 global banks in 2025—yet it still relies on a central server. The present invention provides a more privacy-preserving, serverless alternative.

Network operators may jointly develop models for detecting cyberattacks (e.g., phishing, malware, DDoS) without sharing network or customer data. Additional applications include healthcare institutions and research organizations collaboratively training diagnostic models (e.g., cancer detection, medical imaging, drug discovery) in full compliance with GDPR and HIPAA.

Furthermore, federated learning platform providers could integrate the ring protocol as a privacy-preserving extension to existing aggregator-based solutions.

The application of machine learning and data analytics has become strategically important across nearly all industries. However, the most valuable training data are often distributed across multiple organizations that are unable or unwilling to share raw data due to regulatory constraints or competitive considerations.

Federated learning approaches (e.g., employed by Google, Apple, Tesla) enable distributed model training but typically rely on either a central server as a trusted aggregator or the exchange of local model updates (e.g., gradients or weights). These updates can be exploited through reverse engineering to infer sensitive information about the underlying training data.

The market for privacy-preserving machine learning is growing at an annual rate exceeding 40%, driven further by regulatory frameworks such as the GDPR, the EU AI Act (effective August 2026), DORA, and the EU Data Act. The global federated learning market is projected to grow from approximately USD 138–297 million in 2024 to USD 1.6–1.9 billion by 2030.

Organizations seeking to collaboratively develop improved AI models face a fundamental dilemma:

• Raw data cannot be shared due to legal and competitive restrictions (e.g., trade secrets, GDPR, HIPAA).
• Classical federated learning requires the exchange of local model updates, which may enable reverse engineering of training data and introduce a single point of trust (central server).
• Existing decentralized approaches rely on computationally expensive cryptographic protocols such as secure multi-party computation or on differential privacy, which may degrade model performance.

As a result, many organizations refrain from collaborative model training despite its significant potential benefits.

The invention provides a novel method and system for collaborative, privacy-preserving training of machine learning models within a peer-to-peer network using a ring topology. The core principle, referred to as “additive training with obfuscation,” operates as follows:

• Each node (peer) retains its local training data exclusively on-site and initially receives the same untrained model.
• Each node computes model parameters locally based on its own data.
• The first node obfuscates its computed parameters (e.g., by adding a secret pseudo-random value to each model weight) and forwards the modified parameters to the next node.
• Each subsequent node adds its locally computed parameters to the received values (additive training) and forwards the result, without knowledge of the individual contributions of previous nodes.
• The final node returns the modified parameters to the first node.
• The first node removes the initially added obfuscation, thereby obtaining the collaboratively trained global model parameters, which are then distributed to all nodes.