Abuse-Resistant Evaluation of AI-as-a-Service via Function-Hiding Homomorphic Signatures
摘要
Artificial intelligence (AI) has emerged as an incredibly useful tool with wide-ranging applications. This has given rise to numerous companies specializing in the development and training of AI models. Access to these models is often provided via cloud services—an approach referred to as “AI as a service” (AIaaS). An AIaaS provider typically offers limited free access to the service to entice users to buy full access, e.g., a bounded number of queries per month. Such free trial access is useful for users who want to determine whether the functionality and performance of the AI are sufficient for their use case. However, free trial access may also be abused by malicious users who might try to circumvent the trial restrictions e.g., by posing as many different users, in an attempt to gain full access to the AIaaS or potentially to try to mount a model extraction attack. As a first attempt to address this issue, we construct a cryptographic mechanism that enables users to test the performance of an AI while simultaneously preventing abuse caused by granting users full model access. Specifically, using our mechanism, users will be restricted to a pre-specified category of inputs or modifications thereof which prevents users from freely specifying the input while still ensuring input diversity. From a technical perspective, we achieve this by formalizing a new cryptographic primitive, function-hiding homomorphic signatures, and instantiating this via a construction based on non-interactive zero-knowledge proofs.