A2-DIDM: Privacy-preserving Accumulator-enabled Auditing for Distributed Identity of DNN Model

TL;DR

A2-DIDM introduces a blockchain-based, privacy-preserving auditing scheme for verifying DNN model ownership using zero-knowledge proofs and incremental state tracking.

Contribution

It presents a novel decentralized identity verification method for DNN models that preserves privacy and ensures integrity through accumulator and blockchain technology.

Findings

The scheme effectively verifies DNN model ownership with privacy protection.

It maintains lightweight on-chain verification using zero-knowledge proofs.

Security and robustness are systematically analyzed and validated.

Abstract

Recent booming development of Generative Artificial Intelligence (GenAI) has facilitated model commercialization to reinforce the model performance, including licensing or trading Deep Neural Network (DNN) models. However, DNN model trading may violate the benefit of the model owner due to unauthorized replications or misuse of the model. Model identity auditing is a challenging issue in protecting DNN model ownership, and verifying the integrity and ownership of models is one of the critical obstacles. In this paper, we focus on the above issue and propose an \underline{A}ccumulator-enabled \underline{A}uditing for \underline{D}ecentralized \underline{Id}entity of DNN \underline{M}odel (A2-DIDM) that utilizes blockchain and zero-knowledge techniques to protect data and function privacy while ensuring the lightweight on-chain ownership verification. The proposed model presents a scheme of identity records via configuring model weight checkpoints with zero-knowledge proofs, which incorporates predicates to capture incremental state changes in model weight checkpoints. Our scheme ensures both computational integrity and programmability in DNN training process so that the uniqueness of the weight checkpoint sequence in a DNN model is preserved. %to ensure the correctness of model identity auditing, so that the uniqueness of the weight checkpoint sequence in a DNN model is preserved. A2-DIDM also addresses privacy protections in decentralized identity. We systematically analyze the security and robustness of our proposed model and further evaluate the effectiveness and usability of auditing DNN model identities. The code is available at https://github.com/xtx123456/A2-DIDM.git.