Artificial intelligence (AI) has emerged as an incredibly useful tool with wide-ranging applications. This has given rise to numerous companies specializing in the development and training of AI models. Access to these models is often provided via cloud services—an approach referred to as “AI as a service” (AIaaS). An AIaaS provider typically offers limited free access to the service to entice users to buy full access, e.g., a bounded number of queries per month. Such free trial access is useful for users who want to determine whether the functionality and performance of the AI are sufficient for their use case. However, free trial access may also be abused by malicious users who might try to circumvent the trial restrictions e.g., by posing as many different users, in an attempt to gain full access to the AIaaS or potentially to try to mount a model extraction attack. As a first attempt to address this issue, we construct a cryptographic mechanism that enables users to test the performance of an AI while simultaneously preventing abuse caused by granting users full model access. Specifically, using our mechanism, users will be restricted to a pre-specified category of inputs or modifications thereof which prevents users from freely specifying the input while still ensuring input diversity. From a technical perspective, we achieve this by formalizing a new cryptographic primitive, function-hiding homomorphic signatures, and instantiating this via a construction based on non-interactive zero-knowledge proofs.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Abuse-Resistant Evaluation of AI-as-a-Service via Function-Hiding Homomorphic Signatures

  • Nuttapong Attrapadung,
  • Goichiro Hanaoaka,
  • Ryo Hiromasa,
  • Yoshihiro Koseki,
  • Takahiro Matsuda,
  • Yutaro Nishida,
  • Yusuke Sakai,
  • Jacob C. N. Schuldt,
  • Satoshi Yasuda

摘要

Artificial intelligence (AI) has emerged as an incredibly useful tool with wide-ranging applications. This has given rise to numerous companies specializing in the development and training of AI models. Access to these models is often provided via cloud services—an approach referred to as “AI as a service” (AIaaS). An AIaaS provider typically offers limited free access to the service to entice users to buy full access, e.g., a bounded number of queries per month. Such free trial access is useful for users who want to determine whether the functionality and performance of the AI are sufficient for their use case. However, free trial access may also be abused by malicious users who might try to circumvent the trial restrictions e.g., by posing as many different users, in an attempt to gain full access to the AIaaS or potentially to try to mount a model extraction attack. As a first attempt to address this issue, we construct a cryptographic mechanism that enables users to test the performance of an AI while simultaneously preventing abuse caused by granting users full model access. Specifically, using our mechanism, users will be restricted to a pre-specified category of inputs or modifications thereof which prevents users from freely specifying the input while still ensuring input diversity. From a technical perspective, we achieve this by formalizing a new cryptographic primitive, function-hiding homomorphic signatures, and instantiating this via a construction based on non-interactive zero-knowledge proofs.