PAC to the Future: Zero-Knowledge Proofs of PAC Private Systems
Guilhem Repetto, Nojan Sheybani, Gabrielle De Micheli, Farinaz Koushanfar
TL;DR
This paper tackles verifiable privacy in outsourced computations by marrying PAC Privacy with zero-knowledge proofs, enabling users to verify both the correct application of privacy-preserving noise and the integrity of outsourced computations. It leverages non-interactive zk-STARKs within the RISC-Zero framework to produce publicly verifiable proofs without revealing private parameters. The authors instantiate the framework on K-means, SVM, and database-statistics tasks, showing predictable proof-generation overhead and near-plaintext utility for small-to-medium workloads. The work advances trust in privacy-preserving cloud services by delivering verifiable privacy guarantees that remain robust in a post-quantum setting and without relying on trusted setups.
Abstract
Privacy concerns in machine learning systems have grown significantly with the increasing reliance on sensitive user data for training large-scale models. This paper introduces a novel framework combining Probably Approximately Correct (PAC) Privacy with zero-knowledge proofs (ZKPs) to provide verifiable privacy guarantees in trustless computing environments. Our approach addresses the limitations of traditional privacy-preserving techniques by enabling users to verify both the correctness of computations and the proper application of privacy-preserving noise, particularly in cloud-based systems. We leverage non-interactive ZKP schemes to generate proofs that attest to the correct implementation of PAC privacy mechanisms while maintaining the confidentiality of proprietary systems. Our results demonstrate the feasibility of achieving verifiable PAC privacy in outsourced computation, offering a practical solution for maintaining trust in privacy-preserving machine learning and database systems while ensuring computational integrity.