Cryptology ePrint Archive: Report 2020/584

vCNN: Verifiable Convolutional Neural Network

Seunghwa Lee and Hankyung Ko and Jihye Kim and Hyunok Oh

Abstract: Inference using convolutional neural networks (CNNs) is often outsourced to the cloud for various applications. Hence it is crucial to detect the malfunction or manipulation of the inference results. To provide trustful services, the cloud services should prove that the inference results are correctly calculated with valid input data according to a legitimate model. Particularly, a resource-constrained client would prefer a small proof and fast verification. A pairing-based zero-knowledge Succinct Non-interactive ARgument of Knowledge(zk-SNARK) scheme is a useful cryptographic primitive that satisfies both the short-proof and quick-verification requirements with only black-box access to the models, irrespective of the function complexity. However, they require tremendous efforts for the proof generation. It is impractical to build a proof using traditional zk-SNARK approaches due to many (multiplication) operations in CNNs.

This paper proposes a new efficient verifiable convolution neural network (vCNN) framework, which allows a client to verify the correctness of the inference result rapidly with short evidence provided by an untrusted server. Notably, the proposed vCNNs framework is the first practical pairing-based zk-SNARK scheme for CNNs, and it significantly reduces space and time complexities to generate a proof with providing perfect zero-knowledge and computational knowledge soundness. The experimental results validate the practicality of vCNN with improving VGG16 performance and key size by 18000 fold compared with the existing zk-SNARKs approach (reducing the key size from 1400 TB to 80 GB, and proving time from 10 years to 8 hours).

Category / Keywords: Convolutional Neural Networks, Verifiable Computation, zk-SNARKs, zero-knowledge, AI

Date: received 18 May 2020

Contact author: ttyhgo at kookmin ac kr

Available format(s): PDF | BibTeX Citation

Version: 20200522:150215 (All versions of this report)

Short URL: ia.cr/2020/584


[ Cryptology ePrint archive ]