Guest Lecture: Nojan Sheybani (UCSD)
Topic: Securing AI with Zero-Knowledge Proofs
2024/09/09 15:00-16:00
Location: TU Darmstadt, Pankratiusstraße 2 (S2|20, seminar room 9)
Organizer: Philip Rieger
Inviting Professor: Ahmad-Reza Sadeghi
Abstract
Zero-Knowledge Proofs (ZKPs) have recently grown to prominence as a solution for proving attributes about secret data. This privacy preserving primitive has been used in a myriad of applications, such as verifiable machine learning, data authentication, and private transactions in the blockchain. In this talk, we will be discussing the challenges that face federated learning and IP ownership of deep neural networks, and how ZKPs have been used to provide robustness and security in AI in two of our prominent works.
Our first work, zPROBE, proposes a ZKP-based secure aggregation scheme for federated learning. Using probabilistic optimizations and interactive ZKPs, we are able to achieve low overhead, while enabling secure and robust federated learning in the presence of malicious clients. Our second work, ZKROWNN, proposes a ZKP-based watermark extraction scheme that can prove the ownership of a DNN by privately proving knowledge of a watermark. This enables reusability of high-quality watermarks and, with the use of zk-SNARKs, results in publicly-verifiable proofs of DNN ownership.
Alongside these works, we will highlight some of the challenges that face ZKPs in practice, namely their computational complexity, and how we are leveraging application customization and co-design of hardware/software/algorithm to address these challenges.
Speaker Bio
is a PhD candidate at the University of California San Diego (UCSD), advised by CROSSING Board Member Professor Farinaz Koushanfar, where he leads research on hardware/software-codesign and application design of privacy-preserving computing systems, with a focus on zero-knowledge proofs (ZKPs). The focus of Nojan’s work is to lower the barrier of entry to ZKP application development, demystify the applicability of ZKPs, and bring ZKP performance to the realm of practicality with hardware. Nojan’s research has been presented at several peer-reviewed conferences and workshops, including ICCV, DAC, ICCAD, NeurIPS, and AAAI. Nojan Sheybani