Today, we are thrilled to announce our partnership with Giza, a pioneering force in the field of Zero Knowledge Machine Learning (ZKML)!
Through this partnership, we will combine Giza’s cutting-edge tools, such as the Orion Framework and Giza Agents Framework, with Herodotus’ Turbo smart contract interface and Herodotus Data Processor (HDP). This synergy will empower developers to build powerful, secure, and trustless AI applications.
One of the key concepts in ZKML is the separation of model training and inference. While model training happens off-chain and does not require zero-knowledge proofs, the inference process, which involves running the trained model on new inputs, is where ZKML shines. By proving the correctness of the inference process using zero-knowledge proofs and verifying it on-chain, ZKML enables the secure and trustless execution of ML models in a decentralized environment.
Validity ML
Validity ML addresses the growing concern of ensuring the trustworthiness and correctness of machine learning (ML) models, particularly in the context of ML-as-a-service (MLaaS) offerings by major cloud service providers. As these services become more complex and proprietary, it becomes increasingly difficult for consumers to audit and understand the models, leading to concerns about the validity of the predictions they provide.
ZKML emerges as a powerful solution to this problem, leveraging zero-knowledge proofs (ZKPs) to validate the use of private data with public models or to verify private models with public data. This approach allows for the validation of ML model predictions while preserving the privacy of the data or the model itself.
Giza’s Orion framework is at the forefront of this technological advancement, providing the necessary components for building verifiable ML models using STARKs (Scalable Transparent ARguments of Knowledge), a type of ZKP. Orion is designed to support the development of a more transparent AI ecosystem, emphasizing the importance of provable machine learning and fostering a safer and more transparent AI environment.
In the blockchain context, Validity ML and ZKML become even more relevant, as they can be combined with concepts such as account abstraction to enable powerful applications, including:
- Fully autonomous AI agents
- Algorithmic risk assessment
- Automated dispute resolution
- Validating the authenticity of a human Iris, in the case of Worldcoin
While ZKML ensures the validity and integrity of the ML models themselves, it is equally important to ensure the authenticity and provenance of the data fed into these models. This is where Storage Proofs come into play, complementing the capabilities of ZKML and enabling a fully trustless and secure environment for AI applications on the blockchain.
Storage Proofs
Storage proofs allow the cryptographic proving of the provenance of onchain data. This applies to any data available on Ethereum, such as current and historical balances, transactions, user interactions, liquidations, and the number of deposits or withdrawals to a specific L2. Data from arbitrary Ethereum L2s and L3s can also be trustlessly and securely read thanks to Storage Proofs. A Herodotus-defined storage proof is a fusion of:
- Inclusion Proofs: Confirm the presence of specific data within cryptographic data structures, ensuring the data genuinely exists within a dataset.
- Proofs of Computation: Validate the execution of a multi-step workflow, attesting to the validity of elements in extensive datasets and authenticating the transformations or operations applied to that data.
- Zero-Knowledge Proofs: Streamline the amount of data a smart contract needs to interact with, allowing smart contracts to confirm a claim’s validity without processing all of the underlying data.
Herodotus makes Storage Proofs incredibly simple for developers to use with a product called Turbo, which is a smart contract interface that lets developers easily access and use on-chain data. Simply put, developers can now access the benefits of zero-knowledge technology without the technical complexity. Turbo works in conjunction with the Storage Proof API to provide seamless and synchronous transactions. Additionally, Turbo supports another powerful product called Herodotus Data Processor (HDP). HDP is a tool that enables developers to define large sets of on-chain data and run computations over it in a fully sound and proven environment using STARKs and Storage Proofs. It supports various types of computations, from simple average calculations to running ML models in a secure off-chain environment.
Ying and Yang
Solutions such as Giza’s provable ONNX runtime allow you to prove that a specific model has been correctly inferred on some inputs. However, in the context of use cases such as AI agents controlled smart accounts or automatic risk assessment, the verifying smart contract must know that the inference prover did not tamper with the inputs.
In other words, proving only the valid ONNX execution is not enough to ensure full soundness; we also have to ensure the integrity of the data passed to the model.
This is where Storage Proofs and HDP step in. As mentioned earlier, HDP enables developers to define large sets of on-chain data and run computations over it in a fully sound and proven environment using STARKs and Storage Proofs.
HDP comes with a framework for developers to express their own custom computations through compute modules (HDP Modules). These modules can be developed in either Cairo0 or Cairo1, as the Cairo VM allows for scoping and process management, making it compatible with both versions. Developers will be able to interact with HDP through Turbo, ensuring the integrity and authenticity of the data fed into their AI models.
Case Studies
Automated LP Position Management
Imagine a scenario in which someone trained an AI model to efficiently manage a UniswapV3 liquidity position. A client for such a model can, for example, be decentralized automated yield strategies on platforms such as Yearn Finance. Ensuring that the data passed to the inference is as important as the valid execution of the model, as the prover could potentially lie about the actual state of the smart contract, thereby exploiting the system by making it allocate funds very inefficiently and then attacking such position, causing LPs to lose money.
With Storage Proofs, however, in the same proof, we could prove that the model has been executed properly and that the data passed to it is indeed coming from Ethereum or one of its L2s. With such a case, both the inference execution and instantiation are constrained and can’t be tampered with by malicious actors.
Autonomous AI Agents
Imagine an application that combines Account Abstraction, ZKML, and Storage Proofs. That would be autonomous AI agents, where you could delegate the ownership of your account to an AI model or even hire an AI model to make transactions onchain on your behalf.
This is a very delicate use case, as the model would directly manage users’ funds. Thus, the system needs to preserve as much soundness as possible. Imagine a scenario in which we trained such an agent to mimic the onchain behavior of vitalik.eth based on his historical interactions.
Once the model is trained and I want my account to behave like vitalik.eth, how do I make sure that someone fed the model with my transactions and not with someone else’s? This is a problem Storage Proofs solve.
The Stars Align
Both Giza and Herodotus strongly leverage the capabilities of STARKs and Cairo. Thanks to this combination, the integration between Orion and Herodotus HDP is seamless.
It also comes with minimal overhead, as ultimately the runtime is Cairo and the verification target is the same, allowing us to wrap the whole process of inference and data authentication into one STARK proof.
That one STARK proof can later be verified on Starknet using the Integrity Verifier developed by Herodotus and StarkWare.
As part of a joint effort between Giza and Herodotus, we have:
- Wrapped Orion into an HDP module
- Made Cairo1 and Cairo0 interoperable by putting them in the same runtime through bootloading techniques
- Adapted Orion’s data input registers to be able to ingest data injected by HDP
Giza will leverage Turbo to enhance their ZKML solutions by integrating Storage Proofs and HDP tasks into their workflows. This integration will allow Giza’s provable ONNX runtime, Orion, to securely access and utilize on-chain data, ensuring the integrity and authenticity of the data fed into their AI models.
Making the Hard Simple
Leveraging this powerful combination is not simple, as it requires deep knowledge about:
- The Cairo stack
- Storage Proofs
- Zero Knowledge Proofs
- Machine Learning
- What to do with proofs once you have them
This is where Herodotus’ products, Turbo and HDP, come in, simplifying the process and making it accessible to a wider audience of developers. By exposing HDP through Turbo’s ultra-simple and synchronous smart contract interface, developers can focus on building cutting-edge ZKML applications without worrying about the complexities of generating Storage Proofs or handling blockchain data access.
With Turbo, Giza can streamline the integration of Storage Proofs and HDP tasks into their workflows, enabling Orion to securely access and utilize on-chain data with ease. This user-friendly and efficient interface will empower developers to harness the full potential of ZKML while ensuring the integrity and authenticity of the data fed into their AI models.
The potential applications are vast and transformative, ranging from autonomous AI agents to algorithmic risk assessment and automated dispute resolution. The Herodotus-Giza partnership is at the forefront of this exciting new frontier, paving the way for a new generation of secure, efficient, and trustless AI applications on the blockchain.
To stay updated on the latest developments and learn more about this collaboration, follow Giza (@gizatechxyz) and us (@HerodotusDev) on X.
