Paper 2021/673

zkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy

Tianyi Liu
Xiang Xie
Yupeng Zhang
Abstract

Deep learning techniques with neural networks are developing prominently in recent years and have been deployed in numerous applications. Despite their great success, in many scenarios it is important for the users to validate that the inferences are truly computed by legitimate neural networks with high accuracy, which is referred to as the integrity of machine learning predictions. To address this issue, in this paper, we propose zkCNN, a zero knowledge proof scheme for convolutional neural networks (CNN). The scheme allows the owner of the CNN model to prove to others that the prediction of a data sample is indeed calculated by the model, without leaking any information about the model itself. Our scheme can also be generalized to prove the accuracy of a secret CNN model on a public dataset. Underlying zkCNN is a new sumcheck protocol for proving fast Fourier transforms and convolutions with a linear prover time, which is even faster than computing the result asymptotically. We also introduce several improvements and generalizations on the interactive proofs for CNN predictions, including verifying the convolutional layer, the activation function of ReLU and the max pooling. Our scheme is highly efficient in practice. It can support the large CNN of VGG16 with 15 million parameters and 16 layers. It only takes 88.3 seconds to generate the proof, which is 1264 times faster than existing schemes. The proof size is 341 kilobytes, and the verifier time is only 59.3 milliseconds. Our scheme can further scale to prove the accuracy of the same CNN on 20 images.

Note: Final version accepted by CCS 2021

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. CCS 2021
Keywords
Zero knowledge proofsMachine learningConvolutional Neural Networks
Contact author(s)
tianyi @ tamu edu
xiexiangiscas @ gmail com
zhangyp @ tamu edu
History
2023-02-18: last of 2 revisions
2021-05-25: received
See all versions
Short URL
https://ia.cr/2021/673
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/673,
      author = {Tianyi Liu and Xiang Xie and Yupeng Zhang},
      title = {{zkCNN}: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/673},
      year = {2021},
      url = {https://eprint.iacr.org/2021/673}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.