FairZK: A Scalable System to Prove Machine Learning Fairness in Zero-Knowledge

TL;DR

FairZK introduces a scalable zero-knowledge proof system that enables model owners to convincingly demonstrate machine learning fairness without revealing sensitive model details, achieving significant efficiency improvements and scalability.

Contribution

The paper presents a novel zero-knowledge proof protocol for machine learning fairness that is faster, more scalable, and preserves model confidentiality, surpassing prior methods.

Findings

Proves fairness of models with up to 47 million parameters.

Achieves prover time improvements of 3.1x to 1789x over naive approaches.

Scales to large models, proof generation in 343 seconds.

Abstract

With the rise of machine learning techniques, ensuring the fairness of decisions made by machine learning algorithms has become of great importance in critical applications. However, measuring fairness often requires full access to the model parameters, which compromises the confidentiality of the models. In this paper, we propose a solution using zero-knowledge proofs, which allows the model owner to convince the public that a machine learning model is fair while preserving the secrecy of the model. To circumvent the efficiency barrier of naively proving machine learning inferences in zero-knowledge, our key innovation is a new approach to measure fairness only with model parameters and some aggregated information of the input, but not on any specific dataset. To achieve this goal, we derive new bounds for the fairness of logistic regression and deep neural network models that are tighter and better reflecting the fairness compared to prior work. Moreover, we develop efficient zero-knowledge proof protocols for common computations involved in measuring fairness, including the spectral norm of matrices, maximum, absolute value, and fixed-point arithmetic. We have fully implemented our system, FairZK, that proves machine learning fairness in zero-knowledge. Experimental results show that FairZK is significantly faster than the naive approach and an existing scheme that use zero-knowledge inferences as a subroutine. The prover time is improved by 3.1x--1789x depending on the size of the model and the dataset. FairZK can scale to a large model with 47 million parameters for the first time, and generates a proof for its fairness in 343 seconds. This is estimated to be 4 orders of magnitude faster than existing schemes, which only scale to small models with hundreds to thousands of parameters.