Go to DBLP homepageValidating the integrity of Convolutional Neural Network predictions based on zero-knowledge proof
Abstract: Machine Learning as a Service can provide outsourced deep learning model prediction services to clients that do not have computing resources. Meanwhile, the integrity of the prediction services cannot be guaranteed due to model theft attacks from the services provider aspect or fake services from client aspect. Therefore, when clients access such deep learning models, it is urgent to verify the integrity of the model prediction process to ensure trusted interaction. For such, we propose a deep learning integrity verification scheme for integrity verification of the model prediction process without leaking information about key or private parameters of the deep learning model. When conducting integrity verification, the zero-knowledge succinct non-interactive knowledge argument is strategically used to construct a zero-knowledge proof. Specifically, we take the basic structure of the common single-layer Convolutional Neural Networks in deep learning as an example, construct Rank-1 Constraint Satisfaction according to the computational logic of each hidden layer in the model prediction process, so then design the proof circuits. We conduct extensive experiments for different scale CNN model inputs to demonstrate the practicality and feasibility of proposed scheme.
Loading