Recent booming development of Generative Artificial Intelligence (GenAI) has facilitated an emerging model commercialization for the purpose of reinforcement on model performance, such as licensing or trading Deep Neural Network (DNN) models. However, DNN model trading may trigger concerns of the unauthorized replications or misuses over the model, so that the benefit of the model ownership will be violated. Model identity auditing is a challenging issue in protecting intellectual property of DNN models and verifying the integrity and ownership of models for guaranteeing trusts in transactions is one of the critical obstacles. In this paper, we focus on the above issue and propose a novel Accumulator-enabled Auditing for Distributed Identity of DNN Model (A2-DIDM) that utilizes blockchain and zero-knowledge techniques to protect data and function privacy while ensuring the lightweight on-chain ownership verification. The proposed model presents a scheme of identity records via configuring model weight checkpoints with corresponding zero-knowledge proofs, which incorporates predicates to capture incremental state changes in model weight checkpoints. Our scheme ensures both computational integrity of DNN training process and programmability, so that the uniqueness of the weight checkpoint sequence in a DNN model is preserved, ensuring the correctness of the model identity auditing. In addition, A2-DIDM also addresses privacy protections in distributed identity via a proposed method of accumulators. We systematically analyze the security and robustness of our proposed model and further evaluate the effectiveness and usability of auditing DNN model identities.

翻译：近年来，生成式人工智能（GenAI）的蓬勃发展推动了新兴模型商业化模式的出现，例如通过许可或交易深度神经网络（DNN）模型来增强模型性能。然而，DNN模型交易可能引发对模型未经授权的复制或滥用的担忧，从而损害模型所有者的权益。模型身份审计是保护DNN模型知识产权的一个具有挑战性的问题，而验证模型交易的完整性和所有权以确保信任是其中的关键障碍之一。本文针对上述问题，提出了一种新颖的基于累加器且保护隐私的DNN模型分布式身份审计方法（A2-DIDM）。该方法利用区块链和零知识技术，在保护数据和功能隐私的同时，实现轻量级的链上所有权验证。所提出的模型通过配置模型权重检查点并辅以相应的零知识证明，构建了一种身份记录方案。该方案融合了谓词以捕获模型权重检查点中的增量状态变化，从而确保了DNN训练过程的计算完整性及可编程性，使得DNN模型中权重检查点序列的唯一性得以保持，保障了模型身份审计的正确性。此外，A2-DIDM还通过一种提出的累加器方法，解决了分布式身份中的隐私保护问题。我们对所提模型的安全性和鲁棒性进行了系统分析，并进一步评估了其对DNN模型身份进行审计的有效性和可用性。