ZKROWNN: Zero Knowledge Right of Ownership for Neural Networks

• URL: http://arxiv.org/abs/2309.06779v1
• Date: Wed, 13 Sep 2023 08:06:13 GMT
• Title: ZKROWNN: Zero Knowledge Right of Ownership for Neural Networks
• Authors: Nojan Sheybani, Zahra Ghodsi, Ritvik Kapila, Farinaz Koushanfar,
• Abstract summary: We present ZKROWNN, the first automated end-to-end framework utilizing Zero-Knowledge Proofs (ZKP) ZKROWNN permits a third party client to verify model ownership in less than a second, requiring as little as a few KBs of communication.
• Score: 14.435398248169774
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Training contemporary AI models requires investment in procuring learning data and computing resources, making the models intellectual property of the owners. Popular model watermarking solutions rely on key input triggers for detection; the keys have to be kept private to prevent discovery, forging, and removal of the hidden signatures. We present ZKROWNN, the first automated end-to-end framework utilizing Zero-Knowledge Proofs (ZKP) that enable an entity to validate their ownership of a model, while preserving the privacy of the watermarks. ZKROWNN permits a third party client to verify model ownership in less than a second, requiring as little as a few KBs of communication.

Related papers

• A2-DIDM: Privacy-preserving Accumulator-enabled Auditing for Distributed Identity of DNN Model [43.10692581757967]
  We propose a novel Accumulator-enabled Auditing for Distributed Identity of DNN Model (A2-DIDM) A2-DIDM uses blockchain and zero-knowledge techniques to protect data and function privacy while ensuring the lightweight on-chain ownership verification.
  arXiv  Detail & Related papers  (2024-05-07T08:24:50Z)
• Trustless Audits without Revealing Data or Models [49.23322187919369]
  We show that it is possible to allow model providers to keep their model weights (but not architecture) and data secret while allowing other parties to trustlessly audit model and data properties. We do this by designing a protocol called ZkAudit in which model providers publish cryptographic commitments of datasets and model weights.
  arXiv  Detail & Related papers  (2024-04-06T04:43:06Z)
• Safe and Robust Watermark Injection with a Single OoD Image [90.71804273115585]
  Training a high-performance deep neural network requires large amounts of data and computational resources. We propose a safe and robust backdoor-based watermark injection technique. We induce random perturbation of model parameters during watermark injection to defend against common watermark removal attacks.
  arXiv  Detail & Related papers  (2023-09-04T19:58:35Z)
• FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
  Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
  arXiv  Detail & Related papers  (2023-05-10T12:10:02Z)
• Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection [69.59980270078067]
  We explore the untargeted backdoor watermarking scheme, where the abnormal model behaviors are not deterministic. We also discuss how to use the proposed untargeted backdoor watermark for dataset ownership verification.
  arXiv  Detail & Related papers  (2022-09-27T12:56:56Z)
• PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Models [13.043683635373213]
  Deep neural networks (DNNs) have achieved tremendous success in artificial intelligence (AI) fields. DNN models can be easily illegally copied, redistributed, or abused by criminals.
  arXiv  Detail & Related papers  (2022-06-06T12:12:47Z)
• FedIPR: Ownership Verification for Federated Deep Neural Network Models [31.459374163080994]
  Federated learning models must be protected against plagiarism since these models are built upon valuable training data owned by multiple institutions or people. This paper illustrates a novel federated deep neural network (FedDNN) ownership verification scheme that allows ownership signatures to be embedded and verified to claim legitimate intellectual property rights (IPR) of FedDNN models.
  arXiv  Detail & Related papers  (2021-09-27T12:51:24Z)
• HufuNet: Embedding the Left Piece as Watermark and Keeping the Right Piece for Ownership Verification in Deep Neural Networks [16.388046449021466]
  We propose a novel solution for watermarking deep neural networks (DNNs) HufuNet is highly robust against model fine-tuning/pruning, kernels cutoff/supplement, functionality-equivalent attack, and fraudulent ownership claims.
  arXiv  Detail & Related papers  (2021-03-25T06:55:22Z)
• Automatically Lock Your Neural Networks When You're Away [5.153873824423363]
  We propose Model-Lock (M-LOCK) to realize an end-to-end neural network with local dynamic access control. Three kinds of model training strategy are essential to achieve the tremendous performance divergence between certified and suspect input in one neural network.
  arXiv  Detail & Related papers  (2021-03-15T15:47:54Z)
• Don't Forget to Sign the Gradients! [60.98885980669777]
  GradSigns is a novel watermarking framework for deep neural networks (DNNs) We present GradSigns, a novel watermarking framework for deep neural networks (DNNs)
  arXiv  Detail & Related papers  (2021-03-05T14:24:32Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.