Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

\texttt{Range-Arithmetic}: Verifiable Deep Learning Inference on an Untrusted Party

Ali Rahimi, Babak H. Khalaj, Mohammad Ali Maddah-Ali

TL;DR

Range-Arithmetic addresses verifiable inference for outsourced neural networks by casting arithmetic and non-arithmetic operations into verifiable arithmetic over finite fields. It fuses sum-check protocols with aggregated range proofs to verify matrix multiplication with rounding and the ReLU activation, avoiding Boolean circuits and large lookup tables. The framework supports modular, layer-wise verification of neural networks, achieving low communication and practical prover/verifier runtimes as demonstrated on MNIST-scale networks. This enables scalable, trustless DNN inference in decentralized or untrusted environments while maintaining rigor and efficiency.

Abstract

Verifiable computing (VC) has gained prominence in decentralized machine learning systems, where resource-intensive tasks like deep neural network (DNN) inference are offloaded to external participants due to blockchain limitations. This creates a need to verify the correctness of outsourced computations without re-execution. We propose \texttt{Range-Arithmetic}, a novel framework for efficient and verifiable DNN inference that transforms non-arithmetic operations, such as rounding after fixed-point matrix multiplication and ReLU, into arithmetic steps verifiable using sum-check protocols and concatenated range proofs. Our approach avoids the complexity of Boolean encoding, high-degree polynomials, and large lookup tables while remaining compatible with finite-field-based proof systems. Experimental results show that our method not only matches the performance of existing approaches, but also reduces the computational cost of verifying the results, the computational effort required from the untrusted party performing the DNN inference, and the communication overhead between the two sides.

\texttt{Range-Arithmetic}: Verifiable Deep Learning Inference on an Untrusted Party

TL;DR

Range-Arithmetic addresses verifiable inference for outsourced neural networks by casting arithmetic and non-arithmetic operations into verifiable arithmetic over finite fields. It fuses sum-check protocols with aggregated range proofs to verify matrix multiplication with rounding and the ReLU activation, avoiding Boolean circuits and large lookup tables. The framework supports modular, layer-wise verification of neural networks, achieving low communication and practical prover/verifier runtimes as demonstrated on MNIST-scale networks. This enables scalable, trustless DNN inference in decentralized or untrusted environments while maintaining rigor and efficiency.

Abstract

Verifiable computing (VC) has gained prominence in decentralized machine learning systems, where resource-intensive tasks like deep neural network (DNN) inference are offloaded to external participants due to blockchain limitations. This creates a need to verify the correctness of outsourced computations without re-execution. We propose \texttt{Range-Arithmetic}, a novel framework for efficient and verifiable DNN inference that transforms non-arithmetic operations, such as rounding after fixed-point matrix multiplication and ReLU, into arithmetic steps verifiable using sum-check protocols and concatenated range proofs. Our approach avoids the complexity of Boolean encoding, high-degree polynomials, and large lookup tables while remaining compatible with finite-field-based proof systems. Experimental results show that our method not only matches the performance of existing approaches, but also reduces the computational cost of verifying the results, the computational effort required from the untrusted party performing the DNN inference, and the communication overhead between the two sides.

Paper Structure

This paper contains 17 sections, 3 theorems, 31 equations, 12 figures, 1 table, 8 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Review of fixed-point arithmetic
  4. Inner-product argument
  5. Polynomial commitment
  6. The sum-check protocol
  7. Aggregated range proof
  8. The Proposed Range-Arithmetic Scheme
  9. Verification of Matrix Multiplication Concatenated with Rounding
  10. Verification of Matrix Multiplication
  11. Verification of Rounding
  12. Concatenation of Matrix Multiplication and Rounding
  13. Verification of ReLU activation function
  14. Verification process of the neural network
  15. Experimental results
  16. ...and 2 more sections

Key Result

Lemma 2.1

(Schwartz–Zippel Lemma schwartz1980fastzippel1979probabilistic) Let $f, g: \mathbb{F}^v \rightarrow \mathbb{F}$ be distinct multilinear polynomials. If $\mathbf{r}$ is sampled uniformly at random from $\mathbb{F}^v$, then the probability that $f(\mathbf{r}) = g(\mathbf{r})$ is at most $\frac{v}{|\ma

Figures (12)

  • Figure 1: A schematic overview of general interactive verifiable computing, where the goal is to compute a function $f(\cdot)$ at input $x$ (e.g., performing inference using model $f(\cdot)$ on input $x$). The prover executes the computation and generates a proof of correctness by responding to challenges posed by the verifier.
  • Figure 2: Comparison of prover and verifier runtimes, as well as communication costs, for verifiable inference on a linear neural network, relative to the state-of-the-art method in dao2024more.
  • Figure 3: Runtime of the arithmetic and non-arithmetic parts for the verifier and the prover in the matrix multiplication.
  • Figure 4: Impact of matrix size on the prover and the verifier runtime, as well as communication load.
  • Figure 5: Lines 1 and 2 depict the fixed-point numbers $a^\prime$ and $b^\prime$. Lines 3 and 4 illustrate the rounding operation applied to their multiplication.
  • ...and 7 more figures

Theorems & Definitions (6)

  • Definition 2.1
  • Definition 2.2
  • Lemma 2.1
  • Theorem 3.1
  • Theorem 1
  • proof