A Framework for Cryptographic Verifiability of End-to-End AI Pipelines

TL;DR

The paper proposes an end-to-end verifiable AI pipeline framework that uses cryptographic primitives to ensure provenance, correctness, and privacy across data sourcing, training, inference, and unlearning. It surveys existing tools (digital signatures, commitments, ZKPs, C2PA, DECORAIT) and evaluates how current techniques map to the framework, highlighting progress and remaining gaps. The authors argue that verifiable pipelines can support regulatory objectives, such as the EU AI Act, by enabling cryptographic attestations of each pipeline stage while preserving data and model privacy. They identify key gaps—particularly in linking stages and in bridging ZKPoTs to ZKPoIs—and outline directions for standardization, interoperability, and regulator-facilitated verification to foster trustworthy AI deployment.

Abstract

The increasing integration of Artificial Intelligence across multiple industry sectors necessitates robust mechanisms for ensuring transparency, trust, and auditability of its development and deployment. This topic is particularly important in light of recent calls in various jurisdictions to introduce regulation and legislation on AI safety. In this paper, we propose a framework for complete verifiable AI pipelines, identifying key components and analyzing existing cryptographic approaches that contribute to verifiability across different stages of the AI lifecycle, from data sourcing to training, inference, and unlearning. This framework could be used to combat misinformation by providing cryptographic proofs alongside AI-generated assets to allow downstream verification of their provenance and correctness. Our findings underscore the importance of ongoing research to develop cryptographic tools that are not only efficient for isolated AI processes, but that are efficiently `linkable' across different processes within the AI pipeline, to support the development of end-to-end verifiable AI technologies.