Uncover the mystery of ZKML — Part 1: The basics

@Carrie Chan from Rootz Lab

1.1 What is ZKP

Zero-knowledge proofs (ZKP) were first introduced by Shafi Goldwasser and Silvio Micali of MIT in a 1985 paper titled “The Knowledge Complexity of Interactive Proof Systems.”. ZKP has two parties, the prover and verifier, and it enables the prover to prove the authenticity of the data to the verifier without revealing the data itself. ZKP is a cryptographic method, and it works by having the verifier ask the prover to perform a series of actions that can only be performed accurately if the prover knows the underlying information. The series of actions are computed by circuits, which generate a proof for the verifier to verify. For more information, we recommend reading the explanation published by Chainlink in their article “What is a Zero-Knowledge Proof (ZKP)?”.

Prof. Daniel Kang

Here’s how ZKP works.

1. The private input w would be included in statement F(x,w) with public input x together.
2. Transfer the statement f(x,w) as arithmetic circults to generate a proof contains public input x and private inputs w.
3. The verifier could compute the proof mathematically to verify its correctness without revealing any information about the private w.

There are various types of zk system including zk-SNARKs, zk-STARKs, PLONK and Bulletproofs. ZKML refers to zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) in most cases currently. “Succinct” implies that zero-knowledge proof can be validated within a few milliseconds and zk-SNARKs is more gas-efficient compared to other methods.

ZKP are mainly used in two major issues in Blockchain:

• Scalability issues: networks limited by computer power could be scaled by processing transactions off-chain and verifying the results on mainnet with ZKP. zk-SNARKs could roll up transactions with proof on chain and verifier could verify them on chain.
• Privacy issues: Encrypted transaction details and make it viewable only to those who have the decryption key. This technique is called shielded transactions. ZK-SNARKs could also encrypted smart contract code to hide the details of business working logic. Aleo enables people to deploy Dapp without reviewing the smart contract code.

These two issues are also the biggest challenges network like Ethereum is facing with its limited block size. Besides these two use cases, ZKP also has a third type of use cases -

• Verification: Verify if the computation has run correctly without reviewing details, this brings more potential to apply it in ML and that’s why we are focusing on this today.

1.2 What is ML

In simple terms, the machine learning process applies various models to understand data, find the patterns and perform certain actions we want. ML algorithms have different categories, such as Supervised Learning with labeled data input. Deep Learning is a sub-field of machine learning and popular neural network is a sub-field of deep learning.

The ML process follow steps below. We preprocess the data and set up the initial model parameters. Then train the model with training dataset to let it learn the pattern. After training process, we would apply the trained model on live data/testset/new input to generate the output. In machine Learning, this process is called Inference.

For example, to let neutral networks recognize how many apples in the input picture, we would firstly train it with training dataset to let it understand what is apple.

1.3 Why ZK and ML is connected? What’s the benefits?

You might be curious -
How ZK and ML linked together?

Machine learning is a kind of computer magic that helps us do amazing things like predicting what we might want to buy or recognizing our faces in a photo. But there are some problems with it. One problem is that sometimes our personal information can be seen by people we don’t want to see it. Another problem is that we might not be able to tell if the computer is doing the right thing or not. It’s like a magic box and we don’t know what’s happening inside.

ZKML is like a special cloak that can help us with these problems. It helps us keep our information private and also helps us make sure the computer is doing the right thing. It’s like having our own security guard who makes sure that everything is safe and fair. ZKML can help make sure that we can trust the magic of machine learning.

As we mentioned above, ZKP could be used to solve scalability, privacy and verification issue. In the ML world, we could apply its potentials mainly in privacy and verification spaces.

• Privacy: protect the privacy of input data and parameters. This applies when we hope to hide our data input or model parameter details. (Note: ZKP requires at least one public input)

Prof. Jason Morton

• Verification:

Verify that the input data has not been tampered with

Verify that the parameter’s authenticity is as claimed

Verify that the model’s authenticity is as claimed

Verify the model’s integrity, i.e. if the same model is run on different datasets in the same way

Verify the output has been computed correctly. This is reflected along with the process above.

• Scalability: We would not discuss in this article, because —

There are some research talks about if we put AI on chain, how ZK Rollup could help us expand the on-chain calculation capability. The way it works is rolling up the model prediction results and generating ZK proof, and then verifying the proof on L1. This is a way to increase the computer power of on-chain AI model running, However, we don’t think this is practical at the current stage:

1. AI on chain has limited use cases and the pmf is vague
2. This is highly limited by the existing compute system. Putting ML model on-chain is a huge burden for compute system at the current stage.

In the next part, we would introduce some use cases amazing team and experts are working on, covering leading academic research and real world use cases.