ZKROWNN: Zero Knowledge Right of Ownership for Neural Networks
Nojan Sheybani, Zahra Ghodsi, Ritvik Kapila, Farinaz Koushanfar
TL;DR
ZKROWNN introduces a zero-knowledge proof-based framework allowing AI model owners to verify ownership efficiently and privately, without revealing watermark details, thus enhancing intellectual property protection.
Contribution
It is the first automated end-to-end system using ZKP for private model ownership verification, reducing verification time and communication overhead.
Findings
Verification takes less than a second.
Requires only a few KBs of communication.
Preserves watermark privacy during verification.
Abstract
Training contemporary AI models requires investment in procuring learning data and computing resources, making the models intellectual property of the owners. Popular model watermarking solutions rely on key input triggers for detection; the keys have to be kept private to prevent discovery, forging, and removal of the hidden signatures. We present ZKROWNN, the first automated end-to-end framework utilizing Zero-Knowledge Proofs (ZKP) that enable an entity to validate their ownership of a model, while preserving the privacy of the watermarks. ZKROWNN permits a third party client to verify model ownership in less than a second, requiring as little as a few KBs of communication.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Cryptography and Data Security