In preparation for potential international agreements on artificial intelligence, the development of verification infrastructure for AI data centres is vital. We propose a method for cryptographically committing all information entering and leaving a data centre: Hashes are computed by network taps placed on all the information-carrying wires between the cluster and the outside world, enabling an auditor to retroactively challenge the preimage data to be sent to a privacy-preserving verification facility performing compliance checks. Our goal is to make it infeasible to covertly exfiltrate the results of undisclosed workloads in the cluster through the tapped wires. To this end, we specify the architecture of a ``Secure Gateway Device'', which handles the erasure of covert channels that post-hoc verification on hashed data cannot address: analogue and timing side-channels, as well as steganography in network protocol headers. The architecture eliminates the need for any processors trusted by both the Prover and the Verifier, leveraging passive optical fibre splitters and coin-flip protocols for random number generation where needed. We expect development costs of a demonstration device to be roughly equivalent to the cost of a small team of engineers for a few months, with a comparatively small bill of materials.

翻译：为应对可能缔结的人工智能国际协议，构建AI数据中心的验证基础设施至关重要。我们提出一种方法，通过密码学手段承诺进出数据中心的所有信息：在集群与外部世界之间承载信息的所有线路上部署网络分路器计算哈希值，使审计员得以事后溯源，将原像数据发送至执行合规检查的隐私保护验证设施。我们的目标是使通过被监控线路隐秘泄露集群中未公开工作负载结果的行为变得不可行。为此，我们设计了“安全网关设备”架构，用于消除基于哈希数据的事后验证无法解决的隐蔽通道：模拟侧信道、时序侧信道以及网络协议头部中的隐写术。该架构无需任何被证明方与验证方共同信任的处理器，在必要时利用无源光纤分路器和抛硬币协议进行随机数生成。我们预计演示设备的开发成本大致相当于一个小型工程师团队数月的工作量，且物料清单成本相对较低。