AI model verification is a pressing concern in the field of artificial intelligence, where ensuring that the actual model being executed matches the one claimed by the provider is crucial. A recent paper by Offchain Labs proposes an innovative solution to this problem, dubbed 'Towards Verifiable AI with Lightweight Cryptographic Proofs of Inference.' This approach leverages the concept of sampling internal paths to verify computations without requiring exhaustive proof.
The existing cryptographic proofs used in zk-rollups can demonstrate that a server executed a computation correctly but have limitations in terms of speed. Current schemes, such as zkLLM, generate an inference proof for a 13-billion-parameter model in approximately 15 minutes, which is incompatible with APIs that must respond within under one second.
The Offchain Labs proposal abandons exhaustive proof and adopts sampling, committing the server to a digital fingerprint of the model weights and internal values generated during a specific query. The client then selects a random path toward the network's output and requests the server to reveal only the values along that path. If the server ran a different model, the values will be inconsistent, leading to verification failure.
The proposed protocol extends the logic used in Optimistic rollups, which operates on the intuition that re-executing every step of a long computation on every machine is expensive while sampling the disputed step is cheap. The bisection procedure narrows the disagreement between two servers in a logarithmic number of rounds, mirroring the dispute resolution structure used to protect Arbitrum One.