Attesting Distributional Properties and Machine Learning Training using Non-Interactive Zero-Knowledge Proofs

Bachelor Thesis

Motivation

As regulations around Machine Learning ML continue to increase, often with the emphasis on the need for transparency in model development and training data [1], confidentiality becomes a challenge. One critical requirement is verifying that models adhere to specific distributional properties without revealing the underlying training data. The said challenge can be solved performing distributional property attestation on the model, using e.g., trusted execution environments TEEs, or cryptographic protocols, like secure two-party computation and zero knowledge proofs (ZKPs) [2]. We focus solely on Zero-Knowledge Proofs, which enables a party (the prover) to prove the truth of a statement without revealing the associated data to the other party (the verifier), offering a route to ensuring model security.

Goal

The goal of this thesis is to build on existing Non-Interactive Zero-Knowledge Proofs (NIZKPs), which do not require the prover and the verifier to interact with one another. The thesis aims to develop a framework where the prover will verify that the DNN was trained with the claimed dataset [3] and that the distributional properties of the learned model hold in a privacy-preserving manner. The focus will remain on NIZKPs and their performance with respect to sensitive data.

Requirements

  • Good programming skills in Rust, C/C++
  • At least basic knowledge of cryptography
  • Basic knowledge of zero knowledge proofs is beneficial
  • High motivation + ability to work independently
  • Knowledge of the English language, Git, LaTeX, etc.

References

Supervisors