Skip to main content
Nubint
QUICK REVIEW

[论文解读] Verifiable evaluations of machine learning models using zkSNARKs

Tobin South, Alexander Camuto|arXiv (Cornell University)|Feb 5, 2024
Neural Networks and Applications被引用 6
一句话总结

该论文提出一个基于 zkSNARK 的框架,用于在私有权重的情况下生成可验证的模型评估,能够对公开输入下的性能和公平性提供证明。

ABSTRACT

In a world of increasing closed-source commercial machine learning models, model evaluations from developers must be taken at face value. These benchmark results-whether over task accuracy, bias evaluations, or safety checks-are traditionally impossible to verify by a model end-user without the costly or impossible process of re-performing the benchmark on black-box model outputs. This work presents a method of verifiable model evaluation using model inference through zkSNARKs. The resulting zero-knowledge computational proofs of model outputs over datasets can be packaged into verifiable evaluation attestations showing that models with fixed private weights achieve stated performance or fairness metrics over public inputs. We present a flexible proving system that enables verifiable attestations to be performed on any standard neural network model with varying compute requirements. For the first time, we demonstrate this across a sample of real-world models and highlight key challenges and design solutions. This presents a new transparency paradigm in the verifiable evaluation of private models.

研究动机与目标

  • 在权重私有时,推动对模型性能进行透明验证的需求。
  • 提出一个通用框架,用于为神经网络及其他模型生成可验证的评估认证。
  • 允许最终用户在不重新使用私有权重运行基准测试的情况下,验证模型输出和声明的指标。
  • 实现基于挑战的验证,以确认部署的模型符合性能声明。

提出的方法

  • 将训练好的模型转换为 ONNX,并推导推理电路。
  • 从模型设置 zkSNARK 的证明密钥和验证密钥,以使推理证明成为可能。
  • 为每个数据点 (x,y) 生成 witness 文件和 zkSNARK 证明,以证明输出与指标。
  • 将单独的证明聚合成一个可验证的评估证明,其中 H(W) 与模型权重绑定。
  • 允许事后挑战以验证给定的输入输出对是否能够由具有声称权重哈希的模型产生。
Figure 1: System diagram of verifiable ML evaluation using the zkSNARK ezkl toolkit. A model can be compiled into a proving key ( $pk$ ) and verification key ( $vk$ ) which can be used to generate repeated inference proofs over a dataset ( $\pi$ ), which can then be aggregated into a verifiable eval
Figure 1: System diagram of verifiable ML evaluation using the zkSNARK ezkl toolkit. A model can be compiled into a proving key ( $pk$ ) and verification key ( $vk$ ) which can be used to generate repeated inference proofs over a dataset ( $\pi$ ), which can then be aggregated into a verifiable eval

实验结果

研究问题

  • RQ1如何通过 zkSNARK 构建适用于多种模型架构的可验证认证?
  • RQ2在对不同规模的数据集进行推理证明时,计算成本和可扩展性极限是什么?
  • RQ3可验证评估如何覆盖不同模型类型的性能和公平性(偏见)检查?

主要发现

  • 使用 ezkl 工具包,能够对从 MLP、CNN 到小型变压器的多种模型产生可验证的认证。
  • 证明在大小上具有可扩展性,验证时间保持较小,而证明密钥随模型复杂性增长。
  • 增大模型规模会提高证明时间和资源需求,但仍保持紧凑的证明和验证密钥。
  • 在多种模型类型上展示了一个实用的端到端工作流,包括偏见/公平性检查。
  • 挑战模型以证明推理与权重哈希的一致性,从而在不泄露私有权重的情况下实现去信任化的验证。
Figure 2: Time and storage requirements for model inference proofs for increasing model sizes across multi-layered perceptions (MLP), convolutional neural networks (CNN), and attention-based transformers (Attn). Model requirements scale linearly with the number of constraints in the proof, which is
Figure 2: Time and storage requirements for model inference proofs for increasing model sizes across multi-layered perceptions (MLP), convolutional neural networks (CNN), and attention-based transformers (Attn). Model requirements scale linearly with the number of constraints in the proof, which is

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。