Paper 2021/673
zkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy
Abstract
Deep learning techniques with neural networks are developing prominently in recent years and have been deployed in numerous applications. Despite their great success, in many scenarios it is important for the users to validate that the inferences are truly computed by legitimate neural networks with high accuracy, which is referred to as the integrity of machine learning predictions. To address this issue, in this paper, we propose zkCNN, a zero knowledge proof scheme for convolutional neural networks (CNN). The scheme allows the owner of the CNN model to prove to others that the prediction of a data sample is indeed calculated by the model, without leaking any information about the model itself. Our scheme can also be generalized to prove the accuracy of a secret CNN model on a public dataset. Underlying zkCNN is a new sumcheck protocol for proving fast Fourier transforms and convolutions with a linear prover time, which is even faster than computing the result asymptotically. We also introduce several improvements and generalizations on the interactive proofs for CNN predictions, including verifying the convolutional layer, the activation function of ReLU and the max pooling. Our scheme is highly efficient in practice. It can support the large CNN of VGG16 with 15 million parameters and 16 layers. It only takes 88.3 seconds to generate the proof, which is 1264 times faster than existing schemes. The proof size is 341 kilobytes, and the verifier time is only 59.3 milliseconds. Our scheme can further scale to prove the accuracy of the same CNN on 20 images.
Note: Final version accepted by CCS 2021
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. CCS 2021
- Keywords
- Zero knowledge proofsMachine learningConvolutional Neural Networks
- Contact author(s)
-
tianyi @ tamu edu
xiexiangiscas @ gmail com
zhangyp @ tamu edu - History
- 2023-02-18: last of 2 revisions
- 2021-05-25: received
- See all versions
- Short URL
- https://ia.cr/2021/673
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/673, author = {Tianyi Liu and Xiang Xie and Yupeng Zhang}, title = {{zkCNN}: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/673}, year = {2021}, url = {https://eprint.iacr.org/2021/673} }