Zero-knowledge machine learning (zkML): In the age of artificial intelligence, privacy and technology coexist

In this technologically advanced age, the advent of generative artificial intelligence such as ChatGPT and Midjourney has opened up new possibilities for fields such as design and art, software development, publishing, and even finance. Generative AI is a miracle that promises to push the boundaries of human creativity, dramatically increase our productivity, and lead us on a path to higher levels of innovation.

In order to develop software like ChatGPT and Midjourney to where it is today, it took years of research and training with vast amounts of data to cultivate the AI models behind these software. Taking ChatGPT as an example, it needs to be trained with a data set of about 570GB from web pages, books and other sources. Some of this data may come from users who may be completely unaware that their personal data is being used to train AI software. Although most of the data collected and used may be harmless to the user itself, some sensitive or private data may inevitably be mixed in and fed to the model without the user's consent.

Given the privacy concerns raised by such systems, there is a growing awareness and emphasis on data privacy and security issues. Some people call for finding a harmonious balance between the advantages of artificial intelligence and the protection of personal privacy. Fortunately, there is a promising technology that can help bridge this gap - Zero **Knowledge Proofs (ZKP). **

****What is zkML? ****

**** A zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that a certain proposition is true without knowing anything other than the fact that this particular proposition is true disclose any other information. Zero-knowledge (ZK) technology has steadily developed since **2022 and has seen significant growth in the blockchain space. Projects in the field of ****ZK have been working hard and making significant progress in the areas of scalability and privacy protection. ****

****Machine learning is a branch of artificial intelligence that focuses on developing systems that can learn from past data, recognize patterns, and make logical decisions, with less significant involvement of humans. It is a data analysis technique that automatically creates analytical models by utilizing various types of digital information such as numerical data, textual content, user interaction, and visual data. ****

****In supervised machine learning, we provide input to a pre-trained model with preset parameters, and the model produces output that can be used by other systems. However, we must emphasize the importance of maintaining the confidentiality and privacy of input data and model parameters. Input data may contain sensitive personal financial or biometric information, and model parameters may involve sensitive elements such as confidential biometric authentication parameters. ****

****The integration of zero-knowledge technology and artificial intelligence has given birth to zero-knowledge machine learning (zkML), an ethical and powerful new technology, which is expected to completely subvert our Way of working. ****

In a recent paper titled "The Cost of Intelligence", the Modulus Labs team comprehensively benchmarked various existing zero-knowledge proof systems using model ensembles of various sizes. Currently, in the field of on-chain machine learning, the main application of ZK is to verify accurate calculations. However, with time and further development, especially Succinct Non-Interactive Arguments of Knowledge (SNARKs), ZKP**** is expected to develop to the extent that it can ensure the privacy of users from the overly curious by preventing the disclosure of input. Validator Violations. ****

zkML essentially integrates ZK technology into AI software to overcome its limitations in privacy protection and data authenticity verification.

zkML use cases

Although still a nascent technology, zkML has attracted a lot of attention and has many compelling use cases. Some notable applications of zkML include:

• Computational Integrity (Validity ML) Validity proofs such as SNARKs** and** STARKs have the ability to verify computational correctness, which can be extended to machine learning tasks by verifying the ability of a model to infer or confirm that a particular input leads to a particular model output. The ease of proving that an output is the result of a specific combination of models and inputs facilitates off-chain deployment of machine learning models on specialized hardware, while at the same time conveniently validating ZKPs on-chain. For example, Giza is assisting Yearn, a decentralized finance (DeFi) yield aggregator protocol, to demonstrate on-chain the accuracy of leveraging machine learning to execute complex yield strategies.
• FRAUD DETECTION By leveraging smart contract data, anomaly detection models can be trained and subsequently recognized by DAOs (Decentralized Autonomous Organizations) as valuable indicators for automated security programs. This proactive and preventative approach makes it possible to automate actions such as suspending contracts when potentially malicious activity is identified, enhancing their effectiveness.
• Transparency in ML as a Service (MLaaS) In the case of multiple companies providing machine learning models through their APIs, it is difficult for users to determine whether the service provider is actually providing the claimed model due to the opacity of the API. Providing proof of validity alongside the machine learning model API will provide transparency to users, allowing them to verify the specific model they are using.
• Filtering in Web3 Social Media The decentralized nature of Web3 social applications is expected to lead to an increase in spam and malicious content. The ideal approach for social media platforms is to utilize an open-source machine learning model that is mutually agreed upon by the community. Additionally, the platform can provide proof of model inference when choosing to filter posts. Daniel Kang's analysis of the Twitter algorithm's use of zkML digs further into this topic.
• privacy protection The healthcare industry prioritizes the privacy and confidentiality of patient data. By leveraging zkML, medical researchers and institutions are able to develop models using encrypted patient data, ensuring the protection of individual records. This enables collaborative analysis without sharing sensitive information, leading to advances in disease diagnosis, treatment effectiveness, and public health research.

Exploring zkML project overview

Many applications of zkML are in the experimental stage, often appearing in hackathons for innovative new projects. zkML opens up new avenues for designing smart contracts, and there are currently several projects actively exploring its applications.

Image credit @bastian_wetzel

• Modulus Labs: Practical applications and related research through the use of zkML. They demonstrated applications of zkML through demonstrations of projects such as RockyBot (an on-chain trading bot) and Leela vs. the World (a chess game where the entire human population competes against a proven on-chain version of the Leela chess engine).
• Giza: A protocol supported by Starkware that enables the ability to deploy artificial intelligence models on-chain in a completely trustless manner.
• Worldcoin: A proof-of-personality protocol utilizing zkML. Worldcoin utilizes custom hardware to handle detailed iris scans and incorporates this into its Semaphore implementation. These iris scans enable important functions such as proof of membership and voting.

in conclusion

Just like ChatGPT and Midjourney have undergone countless iterations to reach today's state, zkML is still in the process of continuous improvement and optimization, and has gone through iteration after iteration to overcome various challenges from technical to practical aspects:

• Quantization processing to minimize loss of precision
• Manage circuit size, especially in multilayer networks
• Proof of efficient matrix multiplication
• Response to adversarial attacks

In the field of zkML, progress is proceeding at an accelerated rate and is expected to reach a level comparable to that of the broader field of machine learning in the near future, especially as hardware acceleration techniques continue to develop.

Incorporating ZKPs into AI systems can provide a higher level of security and privacy for users and organizations utilizing these systems. Therefore, we eagerly look forward to further product innovations in the zkML field, where the combination of ZKPs and blockchain technology creates a safe and secure environment for AI/ML operations in the permissionless world of Web3.