Zero-Knowledge Proofs in Blockchain for Secure AI Model Sharing

Abstract

Secure sharing of AI models across organizational boundaries is hard: providers want to protect intellectual property (model weights, architectures, and training data provenance), while consumers want cryptographic assurance that an advertised model was actually used and that a claimed evaluation (or compliance property) is correct. This manuscript proposes and evaluates a blockchain-backed design that uses zero-knowledge proofs (ZKPs) to make AI model sharing verifiable, privacy-preserving, and auditable. We synthesize the state of the art in ZK systems (zk-SNARKs, PLONK, Bulletproofs, zk-STARKs, and recursive schemes) and recent advances in zero-knowledge machine learning (zkML). Building on these, we present a practical architecture: models are registered on-chain by committing to immutable fingerprints; off-chain provers generate ZK proofs of (i) correct inference by a committed model, (ii) basic policy compliance (e.g., license scope; dataset-use attestations), and (iii) optional training process attestations via proof-of-learning artifacts. We report a simulation study comparing Groth16, PLONK, and STARK-style provers for realistic inference circuits and show that Groth16 yields the smallest proofs and fastest verification for moderate circuits, while PLONK offers circuit universality with similar verification costs and STARKs trade larger proofs for transparency and post-quantum assumptions. Across 300 synthetic trials, median verifier time remained sub-25 ms and proof sizes ranged from ~0.2 KB (Groth16) to ~90 KB (STARK) for common inference tasks, enabling economical on-chain verification. We discuss design choices (hashes, recursion, and gas budgeting), limitations (prover cost, model scale, privacy scope), and a roadmap toward policy-aware, privacy-preserving model exchanges for regulated industries.