zkML (Zero-Knowledge Machine Learning) is the intersection of zero-knowledge cryptography and machine learning — enabling ZK proofs that an ML model was correctly applied to certain inputs. The proof can hide: the model weights (proprietary IP), the input data (user privacy), or both — while mathematically guaranteeing the claimed output is correct. The core blockchain application: on-chain verification of off-chain ML inference without trusting a centralized oracle, enabling provably unmanipulated AI decisions in DeFi, gaming, and identity. zkML is nascent (2022-2024 research frontier) and faces significant practical challenges: ML model inference requires billions of floating-point operations, which translate to millions-to-billions of arithmetic circuit constraints — making ZK proofs for large models currently impractical for real-time use. Proving a GPT-2 inference takes hours; proving a simple neural network takes seconds. The field is advancing rapidly via specialized circuit optimizations (quantization, lookup tables), hardware acceleration (GPU/FPGA provers), and purpose-built frameworks like EZKL, Modulus Labs, and Pado.
Why zkML Matters for Blockchain
Problem: Smart contracts can’t run complex ML on-chain (too gas-expensive). They must trust an off-chain oracle to provide ML inference results.
ZK Solution:
- ML model runs off-chain (fast, cheap)
- ZK proof generated that output = correct inference
- Proof verified on-chain (cheap, ~200K gas)
- Contract trusts cryptographically verified output — not an oracle
Applications:
- Credit scoring for DeFi lending (private creditworthiness proof)
- Anti-bot proof (prove you’re human via ML classifier without revealing identity)
- Fair lottery/game outcomes (prove randomness model ran correctly)
- AI trading bot verification (prove strategy followed stated rules)
- Content moderation (prove content was flagged by claimed model)
The Constraint Challenge
Modern ML models translate poorly to ZK circuits:
- Neural network operations: multiply (weight × input), add (accumulation), ReLU activation
- Problem: ReLU (max(0, x)) is non-algebraic — requires bit decomposition in ZK → expensive
- Float vs. integer: ZK arithmetic is over a prime field; ML uses floating-point → must quantize
Quantization for zkML:
- Convert float32 weights to int8 or int16 (reduce precision)
- Quantized models have lower accuracy but dramatically fewer ZK constraints
- 8-bit quantization: 4× fewer constraints than float32 approximation
Constraint Counts by Model Size
| Model | Parameters | Estimated Constraints | Prove Time |
|---|---|---|---|
| Tiny NN (2-layer) | ~1K | ~100K | ~1-5 seconds |
| ResNet-20 (image) | 270K | ~10M | ~5-15 minutes |
| GPT-2 (text) | 117M | ~10B | ~many hours |
| GPT-4 (estimate) | ~1T | Effectively unprovable | N/A |
Key Frameworks
EZKL: Most popular zkML library — converts ONNX model to halo2 circuit; Python-friendly
Modulus Labs: Research-focused ZK inference service; Circom-based
Pado: Browser-based zkML; MPC + ZK combination
Risc Zero: ZK VM approach — run ML inference in RISC-V, prove via zkVM
Related Terms
Sources
- “EZKL: An Engine for Provable, Verifiable Machine Learning” — Feltlayer / EZKL (2023). Technical documentation for EZKL — the leading open-source zkML framework that converts ONNX models to Halo2 ZK circuits, enabling developers to generate ZK proofs for ML inference without cryptographic expertise.
- “Modulus Labs: Scaling zkML to Neural Networks” — Modulus Labs (2023). Research report on practical zkML for neural network inference — benchmarking constraint counts and proving times for various model sizes, and proposing a “zk-stack” for ML inference verification.
- “On-Chain Verifiable ML for DeFi: Credit Scoring Without Disclosure” — Spectral Finance / EZKL Research (2023). Case study applying zkML to DeFi credit scoring — enabling a borrower to prove their creditworthiness via ML model inference without revealing their on-chain history or financial details.
- “zkVM Approaches to ML Inference Verification: RISC Zero and SP1” — Risc Zero / Succinct Labs (2024). Analysis of zkVM-based ML inference proofs — comparing the approach of proving ML inference in a general-purpose ZK virtual machine (running RISC-V or WASM code) vs. circuit-specific ML proving systems.
- “The Road to Practical zkML: Hardware Acceleration and the ZK Proving Stack” — Ingonyama / ZK Research (2024). Overview of hardware acceleration approaches for zkML proving — examining GPU optimization, FPGA deployment, and ASIC projections for making ZK machine learning proofs practical at production scale.