Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

zkLLM: Zero Knowledge Proofs for Large Language Models

Haochen Sun, Jason Li, Hongyang Zhang

TL;DR

This paper tackles the challenge of verifying LLM inferences without disclosing model parameters by introducing zkLLM, the first specialized zero-knowledge proof framework for LLMs. It combines tlookup, a parallelizable non-arithmetic tensor operation verifier, with zkAttn, a dedicated ZKP for attention, all built on sumcheck over multilinear extensions and efficient polynomial commitments under a CUDA implementation. The approach achieves practical proving times (under 15 minutes) and succinct proofs (<200 kB) for models up to $13$B parameters, with verification taking only a few seconds and preserving parameter privacy. This work significantly advances the legitimacy and auditable use of LLMs by regulators and other stakeholders while maintaining IP protection for model weights and structure.

Abstract

The recent surge in artificial intelligence (AI), characterized by the prominence of large language models (LLMs), has ushered in fundamental transformations across the globe. However, alongside these advancements, concerns surrounding the legitimacy of LLMs have grown, posing legal challenges to their extensive applications. Compounding these concerns, the parameters of LLMs are often treated as intellectual property, restricting direct investigations. In this study, we address a fundamental challenge within the realm of AI legislation: the need to establish the authenticity of outputs generated by LLMs. To tackle this issue, we present zkLLM, which stands as the inaugural specialized zero-knowledge proof tailored for LLMs to the best of our knowledge. Addressing the persistent challenge of non-arithmetic operations in deep learning, we introduce tlookup, a parallelized lookup argument designed for non-arithmetic tensor operations in deep learning, offering a solution with no asymptotic overhead. Furthermore, leveraging the foundation of tlookup, we introduce zkAttn, a specialized zero-knowledge proof crafted for the attention mechanism, carefully balancing considerations of running time, memory usage, and accuracy. Empowered by our fully parallelized CUDA implementation, zkLLM emerges as a significant stride towards achieving efficient zero-knowledge verifiable computations over LLMs. Remarkably, for LLMs boasting 13 billion parameters, our approach enables the generation of a correctness proof for the entire inference process in under 15 minutes. The resulting proof, compactly sized at less than 200 kB, is designed to uphold the privacy of the model parameters, ensuring no inadvertent information leakage.

zkLLM: Zero Knowledge Proofs for Large Language Models

TL;DR

This paper tackles the challenge of verifying LLM inferences without disclosing model parameters by introducing zkLLM, the first specialized zero-knowledge proof framework for LLMs. It combines tlookup, a parallelizable non-arithmetic tensor operation verifier, with zkAttn, a dedicated ZKP for attention, all built on sumcheck over multilinear extensions and efficient polynomial commitments under a CUDA implementation. The approach achieves practical proving times (under 15 minutes) and succinct proofs (<200 kB) for models up to B parameters, with verification taking only a few seconds and preserving parameter privacy. This work significantly advances the legitimacy and auditable use of LLMs by regulators and other stakeholders while maintaining IP protection for model weights and structure.

Abstract

The recent surge in artificial intelligence (AI), characterized by the prominence of large language models (LLMs), has ushered in fundamental transformations across the globe. However, alongside these advancements, concerns surrounding the legitimacy of LLMs have grown, posing legal challenges to their extensive applications. Compounding these concerns, the parameters of LLMs are often treated as intellectual property, restricting direct investigations. In this study, we address a fundamental challenge within the realm of AI legislation: the need to establish the authenticity of outputs generated by LLMs. To tackle this issue, we present zkLLM, which stands as the inaugural specialized zero-knowledge proof tailored for LLMs to the best of our knowledge. Addressing the persistent challenge of non-arithmetic operations in deep learning, we introduce tlookup, a parallelized lookup argument designed for non-arithmetic tensor operations in deep learning, offering a solution with no asymptotic overhead. Furthermore, leveraging the foundation of tlookup, we introduce zkAttn, a specialized zero-knowledge proof crafted for the attention mechanism, carefully balancing considerations of running time, memory usage, and accuracy. Empowered by our fully parallelized CUDA implementation, zkLLM emerges as a significant stride towards achieving efficient zero-knowledge verifiable computations over LLMs. Remarkably, for LLMs boasting 13 billion parameters, our approach enables the generation of a correctness proof for the entire inference process in under 15 minutes. The resulting proof, compactly sized at less than 200 kB, is designed to uphold the privacy of the model parameters, ensuring no inadvertent information leakage.
Paper Structure (36 sections, 6 theorems, 32 equations, 5 figures, 1 table, 1 algorithm)

This paper contains 36 sections, 6 theorems, 32 equations, 5 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Technical overview
  3. Preliminaries
  4. Notations
  5. Large language models, transformers and the attention mechanism
  6. Sumcheck protocol, multilinear extensions and tensor operations
  7. Polynomial Commitment
  8. Lookup arguments
  9. Settings and security assumptions
  10. tlookup: verifiable non-arithmetic operations for deep learning
  11. zkAttn: dedicated ZKP for the attention mechanism in LLMs
  12. Formulation of zkAttn
  13. Optimization for the most and least significant segments
  14. zkAttn: the main protocol
  15. Putting everything together
  16. ...and 21 more sections

Key Result

Lemma 4.1

Given tensors $\mathbf{S} \in \mathbb{F}^D$ and $\mathbf{T}\in \mathbb{F}^N$, $\mathbf{S} \subset \mathbf{T}$ as sets if and only if there exists $\mathbf{m}\in \mathbb{F}^N$ such that the following identity of rational functions is satisfied:

Figures (5)

  • Figure 1: Overview of zkAttn for \ref{['eq:attn']}.
  • Figure 2: An example dialogue with GPT-3.5 regarding zkLLM's motivation
  • Figure 3: Typical structure of LLMs
  • Figure 4: Comparison between zkLLM and zkML. Results of test cases with OOM errors are estimated and marked in red.
  • Figure 5: Overhead of zkAttn.

Theorems & Definitions (7)

  • Lemma 4.1: DBLP:journals/iacr/Habock22a
  • Example 4.2: ReLU with rescaling
  • Lemma 5.1
  • Theorem 7.1: Error bound
  • Theorem 7.2: Completeness of Protocol \ref{['protocol:tlookup']}
  • Theorem 7.3: Soundness of Protocol \ref{['protocol:tlookup']}
  • Theorem 7.4: Zero-knowledge, adapted from zkcnn