This would have been helpful 10+ years ago

deleted by creator

Integrity of the model, inputs, and outputs, but with the potential to hide either the inputs or the model and maintain verifiability.

Definitely not reasoning, that’s a whole can of worms.

Zk in this context allows someone to be able to thoroughly test a model and publish the results with proof that the same model was used.

Blockchain for zk-ml is actually a great use case for 2 reasons:

1. it’s a public immutable database where people can commit to the hash of some model they want to hide.
2. It allows someone with a “model” (that doesn’t have to be a neural net, it could be some statistical computation) and verifier to do work for others for a fee. Let’s say I have a huge data set of property values/data for some given area, and I’m a real estate agent, and I want to have other people run some crazy computation on it to predict which houses will likely sell first in the next 30 days. I could post this challenge online with the data, other people could run models against that data and post their results (but not how they got them) on chain. In 30 days the real estate agent could publish the updated data and reward the best performer, and potentially “buy” their model. You could do this with a centralized service, but they would likely take a fee, keep things proprietary, and likely try to make some shady back room deals. This removes the middleman.

Ahh, ya, so this is a deep rabbit hole but I will try to explain best I can.

Zero knowledge is a cryptographic way of proving that some computation was done correctly. This allows you to “hide” some inputs if you want.

In the context of the “ezkl” library, this allows someone to train a model and publicly commit to it by posting a hash of the model somewhere, and someone else can run inference on that model, and what comes out is the hash of the model and the output of the inference along with a cryptographic “proof” that anyone can verify that the computation was indeed done with that model and the result was correct, but the person running the inference could hide the input.

Or let’s say you have a competition for whoever can train the best classifier for some specific task. I could train a model and when I run it the test set inputs could be public, and I could “hide” the model but the zk computation would still reveal the hash of the model. So let’s say I won this competition, I could at the end reveal the model that I tried, and anyone would be able to check that the model I revealed and the model that was ran that beat everyone else was in fact the same model.

The model that is doing the inference is committed to before hand (it’s hashed) so you can’t lie about what model produced the inference. That is how ezkl, the underlying library, works.

I know a lot of people in this cryptography space, and there are definitely scammers across the general “crypto space”, but in the actual cryptography space most people are driven by curiosity or ideology.

Same, I’ve got a modded 2080ti with 22gb of vram running deepseek 32b and it’s great… But it’s an old card, and with it being modded idk what the life expectancy is.

If AMD was smart they would release an upper-mid range card with like 40+ gb of vram. Doesn’t event have to be their high end card, people wanting to do local/self serve AI stuff would swarm on those.

I’d argue that’s just a ripple effect of being a bad dev, not necessarily the tools fault, but I do get where you are coming from. But also vulnerabilities in some package in a container would be isolated to that container without a further exploit chain

Being for profit as a legal entity doesn’t necessarily mean they will exploit every angle they can to make a profit. When a company has to answer to shareholders, like when they go public or sell private share to raise capital, that’s when it becomes a real issue. It really depends on their bylaws and who’s running the organization otherwise.

“Where are they getting money to pay for sponsorships and what are their motivations”

Just some background on the cryptography going on:

Its a hash of a fingerprint of your iris that isn’t used for access, it’s used for Sybil resistance, which is a bit different. You wouldn’t use this to prove you are eligible to vote, only that you haven’t voted already for a specific election.

Under the hood, the iris scanning ball thing is just adding you to a membership registry. When you actually go to use your membership, you are generating a semaphore proof, which is a zero knowledge proof that you are in the registry with some nullification output so you can only participate in certain events some number of times (like voting once). You wouldn’t use this by itself to prove that you are eligible to vote.

Generating secret keys from public data (iris)

These aren’t exactly secret keys, but, yes, I agree. Also the Minority Report vibes weird me out.

Ahh I see, I was thinking you already had POE ran somewhere and didn’t have other power options there.

They use a grounded faraday cage around it. Video on it where he touched on that https://youtu.be/fyai_kUYhLs

It’s USB-C, there are POE adapters. It’s low wattage using an esp32, you could absolutely use a USB c poe splitter for this.

This is misleading, tech linked did an explanation about this the other day https://youtu.be/Jio-Wq11K80

That just would allow a malicious attacker to fake being the server, it doesn’t actually compromise the TLS session. So you are talking about a much more sophisticated multi stage attack that needs to be actively executed. This wouldn’t at all allow them to record traffic and decrypt later.

The certs authenticate that you are talking to the real server, the symmetric session keys that are usually derived from a diffie helman key exchange have nothing to do with certs. That’s two separate (but connected) parts of the transaction to build a TLS session.

I work in cryptography, and I guarantee if that’s true “some person you know who worked in government security” would not tell you if they did know, or they are pulling shit out of their ass. There have been so many people that have looked at or worked on SSL/TLS implementations (including some of my coworkers), any vulnerabilities would have to be pretty subtle or clever, and that would be kept highly classified. Quit making shit up or repeating bullshit you heard.

I have, if you are nice it goes fine

Good