In this paper, we design, develop, and evaluate a ZK system (Mystique) that allows for efficient conversions between arithmetic and Boolean values, between publicly committed and privately authenticated values, and between fixed-point and floating-point numbers. Targeting large-scale neural-network inference, we also present an improved ZK protocol for matrix multiplication that yields a 7× improvement compared to the state-of-the-art. Finally, we incorporate Mystique in Rosetta, a TensorFlow-based privacy-preserving framework.
Mystique is able to prove correctness of an inference on a private image using a committed (private) ResNet-101 model in 28 minutes, and can do the same task when the model is public in 5 minutes, with only a 0.02% decrease in accuracy compared to a non-ZK execution when testing on the CIFAR-10 dataset. Our system is the first to support ZK proofs about neural-network models with over 100 layers with virtually no loss of accuracy.
Category / Keywords: cryptographic protocols / zero-knowledge proofs Original Publication (with minor differences): USENIX Security 2021 Date: received 31 May 2021 Contact author: ckweng at u northwestern edu, yangk at sklc org, xiexiang at matrixelements com, jkatz2 at gmail com, wangxiao at cs northwestern edu Available format(s): PDF | BibTeX Citation Version: 20210602:115212 (All versions of this report) Short URL: ia.cr/2021/730