Verifiable Computation
What is verifiable computation?
Verifiable computation allows a verifier to check a prover's claim about performing a computation via mathematical proofs. Recent progress in this field now allows for verifiability for a wide range of computation in an efficient manner. Efficiency can be measured in terms of:
- The time required to prove a statement (prover time)
- The time required to verify a statement (verifier time)
- Size of the proofs (size)
Why do we need verifiable computation?
Traditionally, credit scores have been done in a black-box manner such that no party other than the scoring organization has any concrete information about the scoring algorithm. Our system aims to provide high-transparency through verifiable proofs.
What scorers should prove:
- No information, other than publicly available blockchain data, was utilized to come up with such a score.
- The model proposed achieves a certain accuracy on a given dataset.
Our approach
Spectral's system relies on scorers (which could be any entity that joins the system) training machine learning models to classify the risk for a party associated to their transaction activity. Once a model is trained, it should be cryptographically committed to and apply the same rules to every user. At the credit score generation stage, the scorer is able to prove that the credit score generated by the model (which is cryptographically committed to, ensuring it is the same for all users that are scored) and no other information other than your public transaction activity was used for this process.
Zero-Knowledge Proofs
With Verifiable Computation, a proof can be produced that a computation was performed properly (i.e. the output of a function is what you would expect it to be). However this does not solve the privacy issue, as the proof could simply be a transcript of the entire computation. The notion of a zero-knowledge proof rose to prominence as early results in the 90s showed any problem in the language NP has a corresponding zero-knowledge proof.
A zero knowledge proof allows a prover to produce a short proof π that can convince any verifier that the result of a public function "f" on the public input "x" and secret input "w" of the prover is y = f (x,w). w is usually referred as the witness or auxiliary input. Zero knowledge proofs guarantee that the verifier rejects with overwhelming probability if the prover cheats on computing the result, while the proof reveals no extra information about the secret "w" beyond the result.
Zero-Knowledge proofs (ZKPs) allow a prover to prove to a verifier that it knows/has computed some function of an input without revealing everything about the computation itself. zk-SNARKs stand for "Succinct Non-Interactive Arguments of Knowledge". Recent progress in the area focuses on the succinctness of the proof (improving snark efficiency). In many applications, the prover is computationally powerful and creates a succinct proof which is efficient to communicate and verify. Using these techniques has given rise to privacy-focused blockchains and improving privacy in existing applications. Various ZKP protocols differ in cryptographic assumptions and efficiency, hence our implementation will leverage the protocols with properties most suitable for our application.