Over the past few months, there have been multiple breakthroughs in the AI industry. Models like GPT4 and Stable Diffusion are changing the way people generate and interact with software and internet.
Despite the impressive capabilities of these new AI models, some individuals are concerned with the unpredictability and alignment issues of AI. For example, there is a lack of transparency in the world of online services, where most of the backend work is run by AI models. It’s challenging to verify if these models are behaving in the desired manner. Furthermore, user privacy is also a concern since all the data we provide to the model API can be used to improve the AI or exploited by hackers.
ZKML could be a novel solution to these problems. By instilling verifiable and trustless attributes into machine learning models, blockchain and ZK technology could form a framework for AI alignment.
What is ZKML
Zero-knowledge machine learning (ZKML) in this article refers to using zkSNARK (a type of zero knowledge proof) to prove the correctness of a machine learning inference without revealing model’s inputs or model parameters. The use cases of ZKML can be categorized into the following types based on what information is private:
Public model + private data:
- Privacy-preserving machine learning: ZKML can be used to train and evaluate machine learning models on sensitive data without revealing the data to anyone else. This can be important for applications such as medical diagnosis and financial fraud detection. We also see some players to use ZKML on biometric data authentication to build proof of humanity service.
- Attestation: In a world where most online contents are generated by AI, cryptography can provide a source of the truth. People are experimenting to use ZKML to fight deepfake issues.
Private model + public data
- Model authenticity: ZKML can be used to ensure that machine learning models are consistent. This can be important for users to make sure model provider is not being lazy to use the less expensive model or been hacked
- Decentralized Kaggle: ZKML allow participants of a data science competition to prove the model accuracy on public test data without revealing the model weights from training
Public model + public data
- Decentralized inference: This method is mainly using ZKML’s succinctness feature to compress the complex AI computations to a proof onchain similar to ZK rollup. This approach can distribute the cost of model service to multiple nodes.
As zkSNARK will be a very important technology for the crypto world, ZKML also has the potential to change the crypto landscape. By adding AI capabilities to smart contracts, ZKML can unlock more complex on-chain applications. This integration is being described as “giving the blockchain eyes” within the ZKML community.
However, ZK-ML comes with several technical challenges that must be addressed at the current time.
- Quantization: ZKPs work over fields but neural networks are trained in floats. That means in order to put a neural network model zk/blockchain friendly, it need to transformed into a fix point arithmetic representation with full computational trace. This could sacrifice the model performance since parameters have lower precision.
- Cross language translation: Neural network AI models are written in python and cpp while ZKP circuits require rust. So we need to have a translation layer to convert models to ZKP based runtime. Normally this type of translation layer is model specific and it’s hard to design a universal one.
- Computational costs of ZKP: Basically the ZKP cost will be much higher than the original ML computations. According to an experiment from Modulus labs, for a model with 20M parameters, it will take more than 1–5 minutes to generate the proof and the memory consumption is around 20–60GB depending on different ZK proving systems.
Even with those challenges, we have seen ZKML has raised quite a lot of interest in the crypto community and there are some great teams exploring this field.
With the main bottleneck of ZKML being converting the AI model in to ZK circuits, several teams are working on the infra layer like ZK model compiler. Starting from logistic regression model or simple CNN model 1 year ago, the space has moving quite fast into more complex models.
- EZKL project are now supporting model up to 100mm parameters. It uses ONNX format and halo2 ZKP system. The library also support only committing a part of a model.
- ZKML library already supports the ZKP of GPT2, Bert and diffusion models!
ZKML compiler has also falls into the domain of some more general zero knowledge virtual machines.
- Risc Zero is a zkVM using the open source RiscV instruction set, so it can support the ZKP of c++ and rust. This zkDTP projects shows how to convert a decision tree ML model to rust and run it on Risc Zero.
- We also see some teams are trying to bring AI models onchain with Startnet(Giza) and Aleo (zero gravity)
Apart from infra initiatives, other teams are starting to explore the applications of ZKML
- One example DeFi use case is AI powered vault where the mechanism is defined by a AI model instead of a fixed strategy. These strategies can take in onchain and offchain data to predict the market trend and execute the trading. ZKML guarantees that the onchain model is consistent. This can enable the whole process to be automatic and trustless. Mondulus Labs is building RockyBot. The team trains an onchain AI model to predict the ETH price and builds a smart contract to trade with the model automatically.
- Other potential DeFi use cases include AI powered DEX and lending protocols. Oracles can also leverage ZKML to provide new kind of data source generated from offchain data.
- Modulus labs has launched a ZKML based chess game Leela where all the users play together against a bot powered by an ZK verified AI model. AI capabilities can bring a lot more interactive functions into existing fully onchain game.
- EIP-7007: this EIP provides an interfaces to use ZKML to verify whether or not the AI generated content for an NFT is indeed from a certain model with certain input (prompt). This standard can enable AI generated NFT collections and even power new type of creator economy.
- The Wordcoin project is providing a proof of humanity solution based on user’s biometric information. The team is exploring using ZKML to let user generate Iris code in a permissionless way. When the algorithm to generate the Iris code is upgraded, users can download the model and generate proof by themselves instead of going to an Orb station.
Key to adoption
Considering the high cost of the zero knowledge proof of AI models. We think the adoption of ZKML could start with some crypto native use cases where the cost of trust is high.
Another market we should consider is the industry where data privacy is very critical like healthcare. There are other solutions like Federated Learning and secure MPC for this purpose but ZKML could have advantage of scalable incentive network with blockchain.
More broad mass adoption of ZKML could depend on people losing trust of existing big AI providers. Would there be some incident that raises the awareness of the whole industry and drives users toconsider verifiable AI technologies?
ZKML is still in its early stage and has many challenges to overcome. But with the improvement of ZK technology, we think people will soon find out several ZKML use cases with strong product market fit. These use cases could look niche at the start. But as the centralized AI gets more and more power and penetrates every industry and even human life, people may find greater value in ZKML.
If you are building ZKML applications or infrastructure, please reach out @alanwwu on Twitter! Would love to chat.