## Cryptology ePrint Archive: Report 2021/087

ZEN: Efficient Zero-Knowledge Proofs for Neural Networks

Boyuan Feng and Lianke Qin and Zhenfei Zhang and Yufei Ding and Shumo Chu

Abstract: In this paper, we present ZEN, a toolchain for producing efficient zero-knowledge proof systems of privacy-preserving verifiable neural network models. Taking an existing neural network as an input, ZEN produces a verifiable computation scheme for a classification task or a recognition task, namely ZEN$_{class}$ and ZEN$_{rec}$. Both ZEN$_{class}$ and ZEN$_{rec}$ ensure the privacy, more precisely, the zero-knowledge property of the input data. In practice, this means removing the personal identifications, such as the facial image or other biometric data, from the attack surface. And thanks to three decades’ consecutive efforts on zkSNARK from our community, the entire process is non-interactive and verifiable. Thus, our schemes potentially enable many important applications, ranging from trustless oracles for decentralized ledgers to privacy-preserving facial identification systems. To our best knowledge, ZEN is the first zero-knowledge neural network scheme that preserves the privacy of input data while delivering verifiable outputs. To build efficient schemes with no additional accuracy loss, ZEN includes two major technical contributions. First, we propose a zkSNARK friendly quantization approach, which is semantically equivalent to the state-of-the-art quantization algorithm, yet brings significant savings in constraint size. Second, we propose a novel encoding scheme, namely stranded encoding, that encodes batched dot products, the workhorse of many matrix operations, using only a fraction of finite field elements. This brings sizable savings in terms of the number of constraints for the matrix operation circuits. Our end-to-end evaluation demonstrates the effectiveness of ZEN: compared with simply combining the state-of-the-art full quantization scheme with zkSNARK (ZEN-vanilla), ZEN has $3.68 \sim 20.99 \times$ ($14.14 \times$ on average) savings in the number of constraints (as a result, in prover time as well) thanks to our zkSNARK friendly quantization and stranded encoding.

Category / Keywords: applications / zero knowledge, neural networks, privacy

Date: received 23 Jan 2021, last revised 26 Jan 2021

Contact author: shumo at cs ucsb edu

Available format(s): PDF | BibTeX Citation

Note: fix abstract and author names

Short URL: ia.cr/2021/087

[ Cryptology ePrint archive ]