TY - JOUR
T1 - ValidCNN
T2 - A Large-Scale CNN Predictive Integrity Verification Scheme Based on zk-SNARK
AU - Fan, Yongkai
AU - Ma, Kaile
AU - Zhang, Linlin
AU - Lei, Xia
AU - Xu, Guangquan
AU - Tan, Gang
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2024
Y1 - 2024
N2 - The integrity of cloud-based convolutional neural network (CNN) prediction services can be jeopardized by a malicious cloud server. Although zero-knowledge proof approaches can be used to verify integrity, they are difficult to use for larger CNN models like LeNet-5 and VGG16, due to the large cost (in terms of time and storage) of generating a proof. This paper proposes ValidCNN, which can efficiently generate integrity proofs based on zk-SNARK. At the heart of ValidCNN, it is a novel usage of Freivald's concepts for circuit construction, and a more efficient way for verifying matrix multiplication. Our experimental results demonstrate that ValidCNN significantly outperforms the state of the art approaches that are based on zk-SNARK. For example, compared with ZEN, ValidCNN achieves a 12-fold improvement in time and a 31-fold improvement in storage. Compared with vCNN, ValidCNN achieves a 195-fold and 279-fold improvement in time and storage respectively.
AB - The integrity of cloud-based convolutional neural network (CNN) prediction services can be jeopardized by a malicious cloud server. Although zero-knowledge proof approaches can be used to verify integrity, they are difficult to use for larger CNN models like LeNet-5 and VGG16, due to the large cost (in terms of time and storage) of generating a proof. This paper proposes ValidCNN, which can efficiently generate integrity proofs based on zk-SNARK. At the heart of ValidCNN, it is a novel usage of Freivald's concepts for circuit construction, and a more efficient way for verifying matrix multiplication. Our experimental results demonstrate that ValidCNN significantly outperforms the state of the art approaches that are based on zk-SNARK. For example, compared with ZEN, ValidCNN achieves a 12-fold improvement in time and a 31-fold improvement in storage. Compared with vCNN, ValidCNN achieves a 195-fold and 279-fold improvement in time and storage respectively.
UR - http://www.scopus.com/inward/record.url?scp=85187025400&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85187025400&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2024.3371643
DO - 10.1109/TDSC.2024.3371643
M3 - Article
AN - SCOPUS:85187025400
SN - 1545-5971
VL - 21
SP - 5185
EP - 5195
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 6
ER -