ZKML (Zero-Knowledge Machine Learning)

What Is ZKML (Zero-Knowledge Machine Learning)?

As AI and machine learning become more integrated into our lives, we need assurances that the AI models we’re using actually are what they claim to be.   

ZKML (zero-knowledge machine learning) allows for cryptographic verification of ML algorithms and their outputs while keeping the inputs private, bridging the gap between AI's computational demands and blockchain's security guarantees. 

In short, we need ZK cryptography to scale AI machine learning securely and efficiently. 

How Does ZK Verify ML Models?

Machine learning (ML), a subset of AI, is known for its heavy computational demands, requiring vast amounts of data processing to simulate human adaptation and decision-making. From image recognition to predictive analytics, ML models are gearing up to transform almost every industry—if they haven’t already—but they are also pushing the limits of computation. So how do we verify and attest that ML models are authentic by using blockchains, where onchain operations can be prohibitively expensive?

We need a provable way to trust AI models, so that we know that the model we’re using hasn’t been tampered with or falsely advertised. When you make ChatGPT queries about a new hobby or a favorite film director, you probably trust the model being used, and it’s not the end of the world if the quality of responses goes down here and there. However, in industries like finance and healthcare, accuracy and reliability are critical. One mistake could have cascading negative economic effects around the world. 

This is where ZK plays a pivotal role. By leveraging ZK proofs, ML computations can still be executed offchain, while also having onchain verification. This opens up new avenues for deploying AI models in blockchain applications. 

Building Trust in AI

As AI becomes more central to human activity, concerns about tampering, manipulation, and adversarial attacks only continue to grow. AI models, especially those handling critical decisions, must be resistant to attacks that would corrupt their outputs. Of course, we want AI applications to be safe. It’s not just about AI safety in the typical sense (i.e., fears of AI going rogue) but also about creating a trustless environment where the model itself is easily verifiable.

In a world where models proliferate, we're essentially living our lives guided by AI. As the number of models grows, so too does the potential for attacks where the integrity of the model is undermined. This is particularly worrisome in scenarios where the output of an AI model might not be what it seems.

By integrating ZK cryptography into AI, we can start building trust and accountability in these models now. Like an SSL certificate or security badge in your web browser, there will likely be a symbol for AI verifiability — one that guarantees the model you’re interacting with is what you expect. 

A Few ZKML Use Cases

• DeFi: Imagine a liquidity pool where an AI algorithm manages the rebalancing of assets to maximize yield while refining its trading strategies along the way. ZKML can execute these calculations offchain and then use ZK proofs to ensure an ML model is legitimate, rather than some other algorithm or another person’s trades. At the same time, ZK can protect users’ trading data so that they retain financial confidentiality, even if the ML models they’re using to make trades are public.
• Identity Verification: Projects like World ID and other identity-verified services could rely on ZKML to ensure that users produce a zero-knowledge proof that confirms their scanned iris code (or other PII) was derived from the correctly specified AI model. Then, the proof could be verified by a smart contract and integrated into the identity verification project’s registry. 
• Healthcare: ZKML makes it possible for hospitals and research institutions to securely train a machine learning model on sensitive patient data while also keeping that data private. Then, each node in the network (i.e. a hospital or clinic) could generate a zero-knowledge proof that confirms the model being used, as well as the data’s veracity. 

Today, as we navigate an increasingly AI-driven world, we face a challenge: distinguishing authentic AI models from potentially compromised ones. In crypto, ZK cryptography could stand as a robust, scalable method to verify the integrity of AI models without compromising their inner workings. That way, we can ensure that the AIs shepherding our digital lives are exactly what they claim to be.

About Rob Viglione, co-founder and CEO of Horizen Labs

Rob Viglione is the co-founder and CEO of Horizen Labs, the development studio behind several leading Web3 projects, including zkVerify, Horizen, and ApeChain. 

Rob served in the U.S. Air Force for several years and was deployed to Afghanistan, where he supported Special Operations Task Force intelligence efforts. During this time, he developed an early interest in Bitcoin, recognizing its potential benefits for countries with unstable economies.

Rob is deeply interested in Web3 scalability, blockchain efficiency, and zero-knowledge proofs. His work focuses on developing innovative solutions for zk-rollups to enhance scalability, create cost savings, and drive efficiency. He holds a Ph.D. in Finance, an MBA in Finance and Marketing, and a Bachelor's degree in Physics and Applied Mathematics.  Rob currently serves on the Board of Directors for the Puerto Rico Blockchain Trade Association.