Zero-Knowledge Machine Learning (ZKML)

Experimental

Verifiability Mechanism

Cryptographic technique that generates mathematical proofs that a specific model produced a specific output, without revealing the model weights or input data — enabling trustless verification of AI inference.

ZKML applies zero-knowledge proof systems (zk-SNARKs, zk-STARKs) to neural network inference. The prover runs the model normally, then generates a proof that the computation was performed correctly. The verifier can check this proof in milliseconds without re-running the model. Implementation: the neural network's forward pass is compiled into an arithmetic circuit, then proven using a ZK proof system. Libraries: EZKL (converts ONNX models to ZK circuits), Modulus Labs (optimized transformer proving), Giza (Cairo-based ML proofs). Current limitation: proof generation is 100-10,000x slower than inference, limiting practical model size.

Why Does This Exist?

Verifiable AI Reasoning →Research Goal

Provides cryptographic proof that a specific model performed a specific inference — the foundational primitive for trustless AI verification

Epistemic Control →Research Goal

If inference is verifiable, claims can be traced to specific model versions and inputs, grounding epistemic provenance in cryptographic rather than social trust

Machine Unlearning →Research Goal

ZK proofs can cryptographically verify that unlearning was performed — prove that a post-edit model no longer produces outputs dependent on deleted data, satisfying the verifiability requirement of GDPR Article 17 compliance