Recent booming development of Generative Artificial Intelligence (GenAI) has facilitated model commercialization to reinforce the model performance, including licensing or trading Deep Neural Network (DNN) models. However, DNN model trading may violate the benefit of the model owner due to unauthorized replications or misuse of the model. Model identity auditing is a challenging issue in protecting DNN model ownership, and verifying the integrity and ownership of models is one of the critical obstacles. In this paper, we focus on the above issue and propose an \underline{A}ccumulator-enabled \underline{A}uditing for \underline{D}ecentralized \underline{Id}entity of DNN \underline{M}odel (A2-DIDM) that utilizes blockchain and zero-knowledge techniques to protect data and function privacy while ensuring the lightweight on-chain ownership verification. The proposed model presents a scheme of identity records via configuring model weight checkpoints with zero-knowledge proofs, which incorporates predicates to capture incremental state changes in model weight checkpoints. Our scheme ensures both computational integrity and programmability in DNN training process so that the uniqueness of the weight checkpoint sequence in a DNN model is preserved. %to ensure the correctness of model identity auditing, so that the uniqueness of the weight checkpoint sequence in a DNN model is preserved. A2-DIDM also addresses privacy protections in decentralized identity. We systematically analyze the security and robustness of our proposed model and further evaluate the effectiveness and usability of auditing DNN model identities. The code is available at https://github.com/xtx123456/A2-DIDM.git.

翻译：近年来生成式人工智能（GenAI）的蓬勃发展推动了模型商业化进程，包括深度神经网络（DNN）模型的许可或交易，以此强化模型性能。然而，DNN模型交易可能因模型的未授权复制或滥用而损害模型所有者的利益。模型身份审计是保护DNN模型所有权的一项挑战性课题，而验证模型的完整性与所有权则是关键难点之一。本文针对上述问题，提出了一种基于累加器支撑的分布式DNN模型身份审计方案A2-DIDM，该方案利用区块链与零知识技术，在保护数据及功能隐私的同时，确保轻量化的链上所有权验证。本模型通过配置模型权重检查点并结合零知识证明，设计了一种身份记录机制，其中嵌入谓词以捕捉模型权重检查点的增量状态变化。该方案确保了DNN训练过程中的计算完整性及可编程性，从而维持DNN模型中权重检查点序列的唯一性。A2-DIDM还解决了分布式身份中的隐私保护问题。我们系统分析了所提模型的安全性与鲁棒性，并进一步评估了审计DNN模型身份的有效性与可用性。代码可在https://github.com/xtx123456/A2-DIDM.git获取。