At the end of 2022, OpenAI’s announcement of ChatGPT marked the explosive proliferation of large language models (LLMs). With the advent of LLMs, the potential for AI to significantly improve people’s lives has become apparent. However, currently, only centralized platforms can utilize advanced AI, which has raised several issues.
Firstly, there is the difficulty of using sensitive data related to privacy. Additionally, there is concern about whether the internal logic of AI making critical decisions could be conveniently altered. For example, if AI judges become a reality, how will the fairness of their decisions be ensured?
In practical terms, even on centralized platforms, laws and regulations like GDPR and SOC2 are being established to protect personal data and security. Therefore, considering the value AI brings, there may be cases where users are willing to use it despite certain risks. However, the problem of unclear risks remains, and the structure relies on the goodwill of service providers to comply with these laws and regulations.
Looking ahead to the more diverse utilization of AI in various fields, it is essential to establish means to mitigate these risks. AI holds the potential to bring tremendous benefits to society, but if measures against risks are neglected, the impact could be immeasurable. For the healthy development of AI, I believe that an approach from both technical and institutional aspects is indispensable.
One technology that is attracting attention for its potential to solve the aforementioned issues is zkML (zero-knowledge machine learning).
In simple terms, zkML combines the privacy protection and verification functions of zero-knowledge proofs with the data processing and decision-making capabilities of machine learning.
The zkML ecosystem encompasses a wide range of areas, such as decentralized training data and on-chain computing. Among these, what personally interests me the most is the zk-circuitization of the machine learning model itself.
With zk-circuitization, machine learning models can produce outputs for input data while selecting data to be anonymized. They also gain the ability to verify the correctness of the output results. In other words, it becomes possible to ensure the validity of the model’s decisions while protecting privacy.
To explain in more detail, when there are a machine learning model, input data, and output data, determining whether the output result is correct typically requires tracing the internal processes of the machine learning model. Generally, service providers keep the machine learning model and input data internally, making it possible to operate them as a black box. However, it is difficult for end-users to trace the internal processes.
zk-circuitization addresses this issue by allowing the verification of the correctness of the execution results at a low cost through generated proofs, without the need to trace the internal processes of the machine learning model.
This characteristic is expected to significantly contribute to improving the reliability of AI. It will lead to the establishment of an environment where AI can be safely utilized even in situations requiring the handling of sensitive information.
While zkML is still a developing technology, its future holds great promise. Ensuring privacy and security is a significant challenge in the social implementation of AI, and zkML is seen as holding the key to addressing this challenge.
One of the active zkML projects is ezkl. The ezkl is a library and CLI tool that performs inference on deep learning models and computation graphs using zk-SNARK (Halo2 is used as the zk proof system) and generates proofs.
The ezkl supports ONNX, an exchange format for machine learning models. Since ONNX is widely used across many frameworks and tools, using the ezkl enables existing models to run on zk-SNARK.
Although the ezkl is implemented in Rust, it also provides Python bindings. This allows for the zk-circuitization of models and proof generation in environments like Jupyter Notebook.
Additionally, the proofs generated by the ezkl can produce verifiers in formats such as WebAssembly (WASM) or Solidity. This means that proof verification can be conducted on the browser or on the Ethereum Virtual Machine (EVM). In this way, the ezkl offers flexibility for using zkML in various environments.
To understand how to utilize the ezkl, let’s take a closer look at one of the sample projects provided by the ezkl, called Voice Judgoor.
Voice Judgoor builds a voice emotion recognition model using CNN, which determines the emotion from the user’s voice data. Furthermore, it can generate a zero-knowledge proof of the judgment results. The input voice data is anonymized, and the output results are made public. This sample also demonstrates the verification of the proof on the Ethereum Virtual Machine (EVM).
The overall flow of Voice Judgoor is shown in the following diagram.
Voice Judgoor is divided into two main phases: the model generation phase and the zk-proof phase. Let’s take a closer look at each phase.
Model Generation Phase
In the model generation phase, a standard CNN model is constructed and trained. The specific steps involved are as follows:
- Download a voice-related dataset from Kaggle and classify it according to emotion labels.
- Convert the audio data into features (mel spectrogram) and then convert it to a decibel scale.
- Define and train a CNN model using PyTorch.
- Export the trained model in ONNX format.
A notable aspect here is the preprocessing part, where the emotion labels are quantified. A pleasant surprise is represented as 1, disgust as 0, and other emotions are represented as decimal values between 0 and 1. This is implemented with code similar to the following.
Xdb=pd.DataFrame(Xdb)
Xdb['label'] = df['Emotions']
# convert label to a number between 0 and 1 where 1 is pleasant surprised and 0 is disgust and the rest are floats in betwee
Xdb['label'] = Xdb['label'].apply(lambda x: 1 if x=='surprise' else 0 if x=='disgust' else 0.2 if x=='fear' else 0.4 if x=='happy' else 0.6 if x=='sad' else 0.8)
ZK Proving Phase
Once the ONNX model generation is complete, the next step is the zk-proof phase. The steps involved in this phase are as follows:
- Set the visibility of the ZKP circuit and compile the ZKP circuit from the ONNX model.
# setup visibility for zk circuit.
run_args = ezkl.PyRunArgs()
run_args.input_visibility = "private"
run_args.param_visibility = "fixed"
run_args.output_visibility = "public"
run_args.variables = [("batch_size", 1)]res = ezkl.gen_settings(model_path, settings_path, py_run_args=run_args)
...
# compile zk circuit from onnx file and setting for visibility.
res = ezkl.compile_circuit(model_path, compiled_model_path, settings_path)
2. Generate the SRS suitable for ezkl settings (only for the first time).
In this logic, a polynomial commitment called KZG commitment is used, which requires a trusted setup. The result of this setup is the SRS (Structured Reference String).
res = ezkl.get_srs(settings_path)
3. Preparation for generating the zk proof.
3-a. Generate the key pair (proving key and verifying key) from the ZKP circuit and SRS.
# generate Verification key and Proving key.
res = ezkl.setup(
compiled_model_path,
vk_path,
pk_path,
)assert os.path.isfile(vk_path)
assert os.path.isfile(pk_path)
assert os.path.isfile(settings_path)
3-b. Generate a witness from the ZKP circuit and input data (audio features to be classified).
The witness represents the intermediate values and computation results during proof generation and is used as confidential information to verify the proof’s validity.
# generate witness from compiled circuit and input data.
witness_path = "witness.json"res = ezkl.gen_witness(data_path, compiled_model_path, witness_path)
4. Generate the proof from the witness, proving key, and ZKP circuit.
# generate zk proof by witness, compiled circuit, proving key
res = ezkl.prove(witness_path, compiled_model_path, pk_path, proof_path, "single")
5. Verify the proof using the verifying key.
# verify proof by verification key
res = ezkl.verify(proof_path, settings_path, vk_path)
As shown in the Voice Judgoor example, the ezkl successfully conceals the complex processes related to zk-SNARK, allowing developers to intuitively utilize the zkML.
The zkML is a promising technology for mitigating the risks of centralized side of AI, but there are still challenges that need to be addressed. As mentioned by Ethereum founder Vitalik Buterin, two main issues stand out:
1. Overhead Issues
It is practically difficult to implement large language models (LLMs) like GPT-4 or Claude 3 Opus using zk-SNARKs.
For example, when Modulus Labs realized zk × LLM, they used a model called GPT-2 XL, which is significantly less powerful than GPT-4. Even so, running zkLLM required an enormous amount of time and computing resources.
GPT-2 XL has about 1 billion parameters, whereas GPT-4 is unofficially said to have about 1 trillion. In the case of Modulus Labs, generating a single proof required a 128-core CPU, 1TB of RAM, and more than 200 hours. This is not practical.
With the current zk-SNARK, handling large-scale models like LLMs is difficult. To make zkML practical, more efficient proof systems need to be developed.
2. The Magnitude of Impact from Vulnerabilities
If vulnerabilities are discovered in zkML systems, the impact could be immense. For example, adversarial attacks or prompt injections might lead AI to make incorrect decisions.
Particularly in areas dealing with cryptocurrencies, the damage from such attacks could be severe. If an AI managing a DAO makes an incorrect judgment, it could result in the entire treasury being stolen.
Vulnerabilities in zkML systems could lead to direct economic losses, not just AI misjudgments. To address this issue, measures such as improving the robustness of AI models are essential.
These challenges pose significant barriers to the practical application of zkML. However, it is expected that these issues will gradually be resolved with the progress of research.
In this article, we delved into the technical potential and challenges of zkML (Zero-knowledge Machine Learning). Particularly, there is hope for the development of technology that ensures the validity of AI model decisions while achieving privacy protection and data anonymization. The zkML is expected to play a significant role in mitigating the risks of centralized AI while ensuring privacy and security in social implementation.
Current technology faces issues of overhead and vulnerabilities when handling large AI models. Addressing these challenges is a crucial focus for future research and development. Ultimately, it is important to overcome these problems through technical and institutional approaches to promote the healthy development of AI.
We aim to create a world where fans can act as stakeholders of specific entertainment IPs by integrating fan communities that can create value with tokenomics for smooth value distribution for fan contributions. We believe that token distribution using AI, rather than rule-based methods, will better optimize the community as a whole. We will continue to focus on the technical potential of zkML as a technology that can clearly demonstrate this fairness to users.
Credit: Source link