Episode 246: Adversarial Machine Learning Research with Florian Tramèr

Zero Knowledge

Is There a Theorem to Encrypt Machine Learning Processes?

4min Snip

00:00

Play full episode

Summary

Transcript

Episode notes

The first machine learning project I ever worked on before starting my PhD was on this very topic, which we call model stealing attacks. So if you have a model that's sitting somewhere behind a cloud API, and you want this model to stay private, maybe because it uses proprietary information or you want to charge people for using it, then the fact that you let people query this model is inherently leaking information. And at some point with enough queries, you can probably reconstruct a local model that's kind of similar to the one that is supposed to be hidden. Whether this is feasible in practice depends a lot on the size of the model. For somewhat simple model sizes, this is usually not particularly expensive

This week, Anna and Tarun chat with Florian Tramèr, Assistant Professor at ETH Zurich. They discuss his earlier work on side channel attacks on privacy blockchains, as well as his academic focus on Machine Learning (ML) and adversarial research. They define some key ML terms, tease out some of the nuances of ML training and models, chat zkML and other privacy environments where ML can be trained, and look at why the security around ML will be important as these models become increasingly used in production.

Here are some additional links for this episode:

ZK Whiteboard Sessions – as part of ZK Hack and powered by Polygon – a new series of educational videos that will help you get onboarded into the concepts and terms that we talk about on the ZK front.

ZK Jobs Board – has a fresh batch of open roles from ZK-focused projects. Find your next opportunity working in ZK!

Today’s episode is sponsored by Mina Protocol.

With Mina’s zero knowledge smart contracts – or zkApps – developers can create apps that offer privacy, security, and verifiability for your users.

Head to minaprotocol.com/zkpodcast to learn about their developer bootcamps and open grants.

If you like what we do:

Find all our links here! @ZeroKnowledge | Linktree
Subscribe to our podcast newsletter
Follow us on Twitter @zeroknowledgefm
Join us on Telegram
Catch us on Youtube
Head to the ZK Community Forum
Support our Gitcoin Grant

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Episode 246: Adversarial Machine Learning Research with Florian Tramèr

Zero Knowledge

Is There a Theorem to Encrypt Machine Learning Processes?

4min Snip

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights