pith. sign in

arxiv: 2510.26576 · v2 · submitted 2025-10-30 · 💻 cs.SE

"Show Me You Comply... Without Showing Me Anything": Zero-Knowledge Software Auditing for AI-Enabled Systems

Filippo Scaramuzza , Renato Cordeiro Ferreira , Giovanni Quattrocchi , Damian Andrew Tamburri , Willem-Jan van den Heuvel This is my paper

Pith reviewed 2026-05-18 03:13 UTC · model grok-4.3

classification 💻 cs.SE
keywords zero-knowledge proofsAI auditingMLOpsregulatory complianceEU AI Actsoftware verificationconfidentialitycryptographic evidence
0
0 comments X

The pith

ZKMLOps integrates zero-knowledge proofs into AI operations to generate verifiable compliance evidence without disclosing models or data.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces ZKMLOps, a framework that embeds zero-knowledge proofs into machine learning operations lifecycles. This lets auditors confirm that an AI model satisfies specific computational statements without seeing the model itself or its training data. Classical auditing approaches either require full transparency, which conflicts with proprietary protection, or rely on expensive manual checks ill-suited to black-box models. By turning well-defined statements about models and inputs into cryptographic proofs, the method supplies evidence that regulators can use directly for compliance decisions under rules such as the EU AI Act. Evaluation results indicate that the added orchestration cost stays bounded and stable when models grow larger or when different zero-knowledge proof systems are used.

Core claim

By integrating ZKP with established software engineering patterns, ZKMLOps provides a modular and repeatable process for generating verifiable cryptographic evidence-proofs of well-defined computational statements about the audited model and its inputs-that auditors can use as input to a regulatory compliance determination.

What carries the argument

ZKMLOps, an MLOps verification framework that operationalizes zero-knowledge proofs within machine-learning operations lifecycles to produce cryptographic proofs of model statements.

If this is right

  • Auditors receive cryptographic proofs that serve as direct input for regulatory compliance determinations.
  • The added orchestration overhead remains bounded and stable when models increase in size or when different zero-knowledge proof backends are substituted.
  • Full zero-knowledge auditing matches the audit-on-demand regime because it supplies confidentiality and integrity guarantees that lighter-weight methods cannot provide.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same modular proof-generation pattern could be reused for verifying other regulated systems that must remain confidential during checks.
  • Advances in zero-knowledge efficiency would directly widen the range of model sizes for which the framework stays practical.
  • Teams already using MLOps pipelines could insert these proof steps as a standard compliance checkpoint without redesigning their entire workflow.

Load-bearing premise

Well-defined computational statements about AI models and inputs can be efficiently encoded as zero-knowledge proofs while keeping overhead bounded and stable across heterogeneous backends and increasing model sizes.

What would settle it

Running the framework on models of steadily increasing size or across several different zero-knowledge proof backends and observing that proof generation time or memory use grows without bound would falsify the viability claim.

Figures

Figures reproduced from arXiv: 2510.26576 by Damian Andrew Tamburri, Filippo Scaramuzza, Giovanni Quattrocchi, Renato Cordeiro Ferreira, Willem-Jan van den Heuvel.

Figure 1
Figure 1. Figure 1: Extended representation of the six trustworthy AI dimensions [ [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Activity Diagram of the four-step approach for this study. [PITH_FULL_IMAGE:figures/full_fig_p007_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: High-Level Overview of the ZKMLOps framework. [PITH_FULL_IMAGE:figures/full_fig_p009_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: ZKP-Enhanced ML applications in the MLOps verification lifecycle [ [PITH_FULL_IMAGE:figures/full_fig_p010_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Component architecture of the ZKMLOps framework showing the implementation for two possible auditing workflows: neural [PITH_FULL_IMAGE:figures/full_fig_p012_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Sequence Diagram of the Neural Network Inference Audit Workflow. [PITH_FULL_IMAGE:figures/full_fig_p014_6.png] view at source ↗
read the original abstract

Classical software verification and validation techniques, such as procedural audits, formal methods, or model documentation, are the traditional mechanisms used to achieve the verifiable accountability now required by regulations like the EU AI Act. These methods are either expensive or heavily manual, and ill-suited for the opaque, "black box" nature of most Artificial Intelligence (AI) models. A conflict arises: high auditability and verifiability are required by law, but such transparency conflicts with the need to protect the assets being audited (e.g., confidential data and proprietary models). This paper introduces ZKMLOps, an \ac{MLOps} verification framework that operationalizes Zero-Knowledge Proofs (ZKPs) within Machine-Learning Operations lifecycles; a ZKP allows a prover to convince a verifier that a statement is true without revealing any information about the statement itself. By integrating ZKP with established software engineering patterns, ZKMLOps provides a modular and repeatable process for generating verifiable cryptographic evidence-proofs of well-defined computational statements about the audited model and its inputs-that auditors can use as input to a regulatory compliance determination. We evaluate the framework along two dimensions. First, framework viability: orchestration overhead is bounded and stable across architecturally heterogeneous ZKP backends and models of increasing size. Second, cost-versus-assurance trade-offs: the audit-on-demand setting is the regime in which full zero-knowledge auditing is the appropriate tool, where it provides confidentiality and integrity guarantees that lighter-weight alternatives cannot match.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. The paper introduces ZKMLOps, an MLOps verification framework that integrates Zero-Knowledge Proofs (ZKPs) with established software engineering patterns to enable generation of verifiable cryptographic proofs of well-defined computational statements about AI models and their inputs. These proofs are positioned as inputs for regulatory compliance determinations (e.g., under the EU AI Act) while preserving confidentiality of proprietary models and data. The evaluation assesses framework viability through bounded and stable orchestration overhead across heterogeneous ZKP backends and models of increasing size, and examines cost-versus-assurance trade-offs, concluding that full zero-knowledge auditing is most appropriate in audit-on-demand settings.

Significance. If the central claims hold, the work offers a practical bridge between required auditability for AI regulations and the need to protect confidential assets, extending ZKP techniques into repeatable MLOps processes. The modular integration with software engineering patterns and the focus on orchestration stability represent strengths that could support adoption in compliance workflows, provided the proofs map effectively to regulatory predicates.

major comments (1)
  1. [Evaluation] The central claim that generated ZK proofs of computational statements can serve as actionable input to regulatory compliance determinations (e.g., EU AI Act) is not supported by the described evaluation. The evaluation addresses only orchestration overhead stability across backends and model sizes plus high-level cost-assurance trade-offs, without providing a concrete example of encoding a compliance-relevant predicate (such as robustness or fairness), a mapping to a specific regulatory clause, or an auditor workflow demonstrating proof consumption in a compliance decision. This utility link remains untested even if the technical encoding succeeds.
minor comments (2)
  1. The abstract states that overhead is 'bounded and stable' but provides no specific quantitative data, error bars, or detailed methodology; the full evaluation section should include these metrics and any statistical analysis to allow verification of the viability claims.
  2. Clarify notation and assumptions for 'well-defined computational statements' early in the framework description, including how they are encoded as ZKP circuits for heterogeneous backends.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their constructive feedback on the manuscript. We address the major comment below and indicate the revisions we will make to strengthen the connection between the technical results and the regulatory utility claim.

read point-by-point responses

  1. Referee: [Evaluation] The central claim that generated ZK proofs of computational statements can serve as actionable input to regulatory compliance determinations (e.g., EU AI Act) is not supported by the described evaluation. The evaluation addresses only orchestration overhead stability across backends and model sizes plus high-level cost-assurance trade-offs, without providing a concrete example of encoding a compliance-relevant predicate (such as robustness or fairness), a mapping to a specific regulatory clause, or an auditor workflow demonstrating proof consumption in a compliance decision. This utility link remains untested even if the technical encoding succeeds.

    Authors: We agree that the evaluation section focuses on demonstrating framework viability through bounded orchestration overhead and cost-assurance trade-offs rather than providing an explicit end-to-end regulatory example. The manuscript positions ZKMLOps as enabling proofs that auditors can use for compliance determinations based on the inherent properties of zero-knowledge proofs, which furnish verifiable evidence of computational statements without disclosure. To more directly support this claim, we will revise the evaluation to include a concrete illustrative example: encoding a robustness predicate for an AI model, mapping it to a specific clause such as Article 15 of the EU AI Act, and outlining a high-level auditor workflow for consuming and verifying the proof in a compliance decision. This addition will be incorporated without changing the core focus on MLOps integration and performance characteristics. revision: yes

Circularity Check

0 steps flagged

No significant circularity; framework claims rest on standard ZKP properties

full rationale

The paper introduces ZKMLOps as an integration of zero-knowledge proofs with MLOps patterns to generate cryptographic evidence for regulatory compliance. No equations, fitted parameters, predictions, or derivations are shown that reduce by construction to inputs or self-referential definitions. Claims rely on established ZKP properties and software engineering patterns without self-citation load-bearing steps, uniqueness theorems from the authors, or ansatz smuggling. The evaluation of orchestration overhead and cost-assurance trade-offs is independent of the core claims. This is a self-contained framework proposal with no circular derivation chain.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the domain assumption that ZKPs can be practically applied to ML model statements; no free parameters or invented entities beyond the framework itself are described in the abstract.

axioms (1)
  • domain assumption Zero-knowledge proofs can be applied to well-defined computational statements about AI models and inputs to produce verifiable evidence without revealing proprietary details.
    This premise is invoked to justify the framework's ability to satisfy both auditability and confidentiality requirements.

pith-pipeline@v0.9.0 · 5825 in / 1244 out tokens · 28207 ms · 2026-05-18T03:13:33.502565+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

75 extracted references · 75 canonical work pages · 2 internal anchors

  1. [1]

    Reconstructing with even less: Amplifying leakage and drawing graphs,

    Kasra Abbaszadeh, Christodoulos Pappas, Jonathan Katz, and Dimitrios Papadopoulos. 2024. Zero-Knowledge Proofs of Training for Deep Neural Networks. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (CCS ’24). Association for Computing Manuscript submitted to ACM “Show Me You Comply... Without Showing Me Anything”:...

    work page doi:10.1145/3658644.3670316 2024

  2. [2]

    Lee Allford and Phillip Carson. 2015. Safety, Health, and Environment audits with selected case histories. | EBSCOhost. https://openurl.ebsco.com/ contentitem/gcd:101416498?sid=ebsco:plink:crawler&id=ebsco:gcd:101416498 ISSN: 0260-9576 Issue: 241 Pages: 7

    work page 2015

  3. [3]

    Saleema Amershi, Andrew Begel, Christian Bird, Robert DeLine, Harald Gall, Ece Kamar, Nachiappan Nagappan, Besmira Nushi, and Thomas Zimmermann. 2019. Software Engineering for Machine Learning: A Case Study. In2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE Press, Montréal, QC, Canada...

    work page doi:10.1109/icse-seip.2019.00042 2019

  4. [4]

    Dario Amodei and Danny Hernandez. 2018. AI and Compute. https://openai.com/blog/ai-and-compute

    work page 2018

  5. [5]

    Raman Arora, Amitabh Basu, Poorya Mianjy, and Anirbit Mukherjee. 2018. Understanding Deep Neural Networks with Rectified Linear Units. doi:10.48550/arXiv.1611.01491 arXiv:1611.01491 [cs]

    work page internal anchor Pith review Pith/arXiv arXiv doi:10.48550/arxiv.1611.01491 2018

  6. [6]

    Mihir Bellare and Phillip Rogaway. 1993. Random oracles are practical: a paradigm for designing efficient protocols. InProceedings of the 1st ACM conference on Computer and communications security (CCS ’93). Association for Computing Machinery, New York, NY, USA, 62–73. doi:10.1145/168588.168596

    work page doi:10.1145/168588.168596 1993

  7. [7]

    Fabien CY Benureau and Nicolas P Rougier. 2018. Re-run, repeat, reproduce, reuse, replicate: transforming code into scientific contributions.Frontiers in neuroinformatics11 (2018), 69

    work page 2018

  8. [8]

    Rothblum, and Prashant Nalini Vasudevan

    Itay Berman, Akshay Degwekar, Ron D. Rothblum, and Prashant Nalini Vasudevan. 2018. Multi-collision resistant hash functions and their applications. InAdvances in Cryptology – EUROCRYPT 2018: 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel A viv, Israel, April 29-May 3, 2018, Proceedings, Part II (Lectu...

    work page doi:10.1007/978-3-319-78375-8_5 2018

  9. [9]

    Miles Brundage, Shahar Avin, Jasmine Wang, Haydn Belfield, Gretchen Krueger, Gillian Hadfield, Heidy Khlaaf, Jingying Yang, Helen Toner, Ruth Fong, Tegan Maharaj, Pang Wei Koh, Sara Hooker, Jade Leung, Andrew Trask, Emma Bluemke, Jonathan Lebensold, Cullen O’Keefe, Mark Koren, Théo Ryffel, J. B. Rubinovitz, Tamay Besiroglu, Federica Carugati, Jack Clark, ...

    work page doi:10.48550/arxiv.2004.07213 2020

  10. [10]

    Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. 2018. Bulletproofs: Short Proofs for Confidential Transactions and More. InProceedings of the 2018 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 315–334. doi:10.1109/ SP.2018.00020 Presented at the 39th IEEE Symposium on Security and P...

    work page arXiv 2018

  11. [11]

    Bohdanowicz, Elizabeth Crosson, Chinmay Nirkhe, and Henry Yuen

    Ran Canetti, Yilei Chen, Justin Holmgren, Alex Lombardi, Guy N. Rothblum, Ron D. Rothblum, and Daniel Wichs. 2019. Fiat-Shamir: from practice to theory. InProceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing (STOC 2019). Association for Computing Machinery, New York, NY, USA, 1082–1090. doi:10.1145/3313276.3316380

    work page doi:10.1145/3313276.3316380 2019

  12. [12]

    Raja Chatila and John C. Havens. 2019. The IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems. InRobotics and Well-Being, Maria Isabel Aldinhas Ferreira, João Silva Sequeira, Gurvinder Singh Virk, Mohammad Osman Tokhi, and Endre E. Kadar (Eds.). Intelligent Systems, Control and Automation: Science and Engineering, Vol. 95. Springer, Ch...

    work page doi:10.1007/978-3-030-12524-0_2 2019

  13. [13]

    Bing-Jyue Chen, Suppakit Waiwitlikhit, Ion Stoica, and Daniel Kang. 2024. ZKML: An Optimizing System for ML Inference in Zero-Knowledge Proofs. InProceedings of the Nineteenth European Conference on Computer Systems (EuroSys ’24). Association for Computing Machinery, New York, NY, USA, 560–574. doi:10.1145/3627703.3650088

    work page doi:10.1145/3627703.3650088 2024

  14. [14]

    Clarke, Orna Grumberg, Daniel Kroening, Doron Peled, and Helmut Veith

    Edmund M. Clarke, Orna Grumberg, Daniel Kroening, Doron Peled, and Helmut Veith. 2018.Model Checking(second ed.). The MIT Press, Cambridge, MA. This is the second edition of the book, first published in 1999. It was published posthumously for Helmut Veith, who passed away in 2016

    work page 2018

  15. [15]

    Ignacio Cofone and Katherine Strandburg. 2019. Strategic Games and Algorithmic Secrecy.McGill Law Journal / Revue de droit de McGill64, 4 (2019), 623–663. doi:10.7202/1074151ar Publisher: McGill Law Journal / Revue de droit de McGill

    work page doi:10.7202/1074151ar 2019

  16. [16]

    Elizabeth Kumar, Aaron Horowitz, and Andrew Selbst

    A. Feder Cooper, Emanuel Moss, Benjamin Laufer, and Helen Nissenbaum. 2022. Accountability in an Algorithmic Society: Relationality, Responsi- bility, and Robustness in Machine Learning. InProceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency (FAccT ’22). Association for Computing Machinery, New York, NY, USA, 864–876. doi:1...

    work page doi:10.1145/3531146.3533150 2022

  17. [17]

    2001.Auditing in the food industry: From safety and quality to environmental and other audits

    Mike Dillon and Chris Griffith (Eds.). 2001.Auditing in the food industry: From safety and quality to environmental and other audits. Woodhead Publishing, Cambridge, England. Also published in North and South America by CRC Press. Provides a guide to standards such as HACCP and TQM, and auditing skills for the food industry

    work page 2001

  18. [18]

    EKZL. 2023. Steps in Hardware, Leaps in Performance. https://blog.ezkl.xyz/post/acceleration/. ezkl Blog, November 27, 2023, accessed July 19, 2025

    work page 2023

  19. [19]

    Electric Coin Company. 2020. Halo2: The Halo2 zero-knowledge proving system. GitHub repository. https://github.com/zcash/halo2 The year refers to the initial announcement of the Halo 2 project

    work page 2020

  20. [20]

    Jens Ernstberger, Stefanos Chaliasos, Liyi Zhou, Philipp Jovanovic, and Arthur Gervais. 2024. Do You Need a Zero Knowledge Proof? https: //eprint.iacr.org/2024/050 Publication info: Published elsewhere. CfC St. Moritz Academic Research Track 2024

    work page 2024

  21. [21]

    Robert Feldt and Ana Magazinius. 2010. Validity threats in empirical software engineering research-an initial survey. 374–379 pages. Manuscript submitted to ACM 20 Scaramuzza et al

    work page 2010

  22. [22]

    Boyuan Feng, Lianke Qin, Zhenfei Zhang, Yufei Ding, and Shumo Chu. 2021. ZEN: An Optimizing Compiler for Verifiable, Zero-Knowledge Neural Network Inferences. https://eprint.iacr.org/2021/087 Publication info: Preprint. MINOR revision

    work page 2021

  23. [23]

    Boyuan Feng, Zheng Wang, Yuke Wang, Shu Yang, and Yufei Ding. 2024. ZENO: A Type-based Optimization Framework for Zero Knowledge Neural Network Inference. InProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 1 (ASPLOS ’24, Vol. 1). Association for Computing Machinery, New Y...

    work page doi:10.1145/3617232.3624852 2024

  24. [24]

    Amos Fiat and Adi Shamir. 1987. How To Prove Yourself: Practical Solutions to Identification and Signature Problems. InAdvances in Cryptology — CRYPTO’ 86, Andrew M. Odlyzko (Ed.). Springer, Berlin, Heidelberg, 186–194. doi:10.1007/3-540-47721-7_12

    work page doi:10.1007/3-540-47721-7_12 1987

  25. [25]

    Future of Life Institute. 2025. EU Artificial Intelligence Act | Up-to-date developments and analyses of the EU AI Act. https://artificialintelligenceact.eu/ Maintained by the Future of Life Institute, providing ongoing analysis of the EU AI Act

    work page 2025

  26. [26]

    Ariel Gabizon, Mary Maller, and Eli Ben-Sasson. 2020. PLONK: Permutations over Lagrange-bases for Oecumenical Non-Interactive Arguments of Knowledge. https://eprint.iacr.org/2020/079

    work page 2020

  27. [27]

    Gang of Four

    Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides. 1994.Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Professional, Reading, MA, USA. The authors are famously known as the "Gang of Four" (GoF)

    work page 1994

  28. [28]

    AS Gay and NH New. 1999. Auditing health and safety management systems: a regulator’s view.Occupational medicine49, 7 (1999), 471–473

    work page 1999

  29. [29]

    Shadan Ghaffaripour and Ali Miri. 2021. Mutually Private Verifiable Machine Learning As-a-service: A Distributed Approach. In2021 IEEE World AI IoT Congress (AIIoT). IEEE, Virtual Conference, 0232–0239. doi:10.1109/AIIoT52608.2021.9454203 Presented at the virtual IEEE World AI IoT Congress, held from May 10-13, 2021

    work page doi:10.1109/aiiot52608.2021.9454203 2021

  30. [30]

    2004.Foundations of Cryptography: Volume 2, Basic Applications

    Oded Goldreich. 2004.Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, Cambridge, UK. This is the second volume of a two-volume work. The first hardcover edition was published in 2004, with a paperback edition following in 2009

    work page 2004

  31. [31]

    Oded Goldreich and Yair Oren. 1994. Definitions and properties of zero-knowledge proof systems.Journal of Cryptology7, 1 (Dec. 1994), 1–32. doi:10.1007/BF00195207

    work page doi:10.1007/bf00195207 1994

  32. [32]

    Jens Groth. 2016. On the Size of Pairing-Based Non-Interactive Arguments. InAdvances in Cryptology – EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I (Lecture Notes in Computer Science, Vol. 9665), Marc Fischlin and Jean-Sébastien Coron (Ed...

    work page doi:10.1007/978-3-662-49890-3_12 2016

  33. [33]

    Chanyang Ju, Hyeonbum Lee, Heewon Chung, Jae Hong Seo, and Sungwook Kim. 2021. Efficient Sum-Check Protocol for Convolution.IEEE Access 9 (2021), 164047–164059. doi:10.1109/ACCESS.2021.3133442

    work page doi:10.1109/access.2021.3133442 2021

  34. [34]

    Jae C Jung and Elizabeth Sharon. 2019. The Volkswagen emissions scandal and its aftermath.Global business and organizational excellence38, 4 (2019), 6–15

    work page 2019

  35. [35]

    Daniel Kang, Tatsunori Hashimoto, Ion Stoica, and Yi Sun. 2022. Scaling up Trustless DNN Inference with Zero-Knowledge Proofs. doi:10.48550/ arXiv.2210.08674 arXiv:2210.08674 [cs]

    work page arXiv 2022

  36. [36]

    Zaverucha, and Ian Goldberg

    Aniket Kate, Gregory M. Zaverucha, and Ian Goldberg. 2010. Constant-Size Commitments to Polynomials and Their Applications. InAdvances in Cryptology - ASIACRYPT 2010, Masayuki Abe (Ed.). Springer, Berlin, Heidelberg, 177–194. doi:10.1007/978-3-642-17373-8_11

    work page doi:10.1007/978-3-642-17373-8_11 2010

  37. [37]

    Pauline T Kim. 2017. Auditing algorithms for discrimination.U. Pa. L. Rev. Online166 (2017), 189

    work page 2017

  38. [38]

    Klinect, Patrick R

    James R. Klinect, Patrick R. Murray, Ashleigh C. Merritt, and Robert L. Helmreich. 2003. Line Operations Safety Audit (LOSA): Definition and Operating Characteristics. InProceedings of the 12th International Symposium on A viation Psychology. The Ohio State University, Dayton, OH, USA, 663–668. The paper provides a foundational description of the LOSA met...

    work page 2003

  39. [39]

    Dominik Kreuzberger, Niklas Kühl, and Sebastian Hirschl. 2023. Machine Learning Operations (MLOps): Overview, Definition, and Architecture. IEEE Access11 (2023), 31866–31879. doi:10.1109/ACCESS.2023.3262138

    work page doi:10.1109/access.2023.3262138 2023

  40. [40]

    Indika Kumara, Rowan Arts, Dario Di Nucci, Willem Jan Van Den Heuvel, and Damian Andrew Tamburri. 2022. Requirements and reference architecture for mlops: insights from industry.TechRxiv[No Volume], [No Number] (2022), 9. doi:10.36227/techrxiv.21397413.v1 Preprint

    work page doi:10.36227/techrxiv.21397413.v1 2022

  41. [41]

    Seunghwa Lee, Hankyung Ko, Jihye Kim, and Hyunok Oh. 2024. vCNN: Verifiable Convolutional Neural Network Based on zk-SNARKs.IEEE Transactions on Dependable and Secure Computing21, 4 (July 2024), 4254–4270. doi:10.1109/TDSC.2023.3348760

    work page doi:10.1109/tdsc.2023.3348760 2024

  42. [42]

    Understanding artificial intelligence ethics and safety

    David Leslie. 2019.Understanding artificial intelligence ethics and safety. Technical Report. The Alan Turing Institute. doi:10.5281/zenodo.3240529 arXiv:1906.05684 [cs]

    work page internal anchor Pith review Pith/arXiv arXiv doi:10.5281/zenodo.3240529 2019

  43. [43]

    Bo Li, Peng Qi, Bo Liu, Shuai Di, Jingen Liu, Jiquan Pei, Jinfeng Yi, and Bowen Zhou. 2023. Trustworthy AI: From Principles to Practices.Comput. Surveys55, 9 (Sept. 2023), 1–46. doi:10.1145/3555803

    work page doi:10.1145/3555803 2023

  44. [44]

    Zachary C. Lipton. 2018. The Mythos of Model Interpretability.Commun. ACM61, 10 (2018), 36–43. doi:10.1145/3233231

    work page doi:10.1145/3233231 2018

  45. [45]

    Haochen Liu, Yiqi Wang, Wenqi Fan, Xiaorui Liu, Yaxin Li, Shaili Jain, Yunhao Liu, Anil Jain, and Jiliang Tang. 2022. Trustworthy AI: A Computational Perspective.ACM Transactions on Intelligent Systems and Technology14, 1 (Nov. 2022), 4:1–4:59. doi:10.1145/3546872

    work page doi:10.1145/3546872 2022

  46. [46]

    Tianyi Liu, Xiang Xie, and Yupeng Zhang. 2021. zkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21). Association for Computing Machinery, New York, NY, USA, 2968–2985. doi:10.1145/3460120.3485379

    work page doi:10.1145/3460120.3485379 2021

  47. [47]

    Show Me You Comply... Without Showing Me Anything

    John F Magee. 1964. Decision trees for decision making.Harvard Business Review42, 4 (1964), 126–138. Manuscript submitted to ACM “Show Me You Comply... Without Showing Me Anything”: Zero-Knowledge Software Auditing for AI-Enabled Systems21

    work page 1964

  48. [48]

    Martin, James Grenning, Simon Brown, and Kevlin Henney

    Robert C. Martin, James Grenning, Simon Brown, and Kevlin Henney. 2018.Clean Architecture: a craftsman’s guide to software structure and design. Prentice Hall, Boston Columbus Indianapolis New York San Francisco Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo

    work page 2018

  49. [49]

    Danaë Metaxa, Joon Sung Park, Ronald E Robertson, Karrie Karahalios, Christo Wilson, Jeff Hancock, Christian Sandvig, et al . 2021. Auditing algorithms: Understanding algorithmic systems from the outside in.Foundations and Trends®in Human–Computer Interaction14, 4 (2021), 272–344

    work page 2021

  50. [50]

    MIT, Shafi Goldwasser, Silvio Micali, MIT, Chales Rackoff, and University of Toronto. 2019. The knowledge complexity of interactive proof-systems. InProviding Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, Weizmann Institute of Science and Oded Goldreich (Eds.). Association for Computing Machinery, New York, NY, USA...

    work page doi:10.1145/3335741.3335750 2019

  51. [51]

    Jakob Mökander. 2023. Auditing of AI: Legal, Ethical and Technical Approaches.Digital Society2, 3 (Dec. 2023), 49. doi:10.1007/s44206-023-00074-y

    work page doi:10.1007/s44206-023-00074-y 2023

  52. [52]

    O’Reilly Media, Inc

    Mark Richards and Neal Ford. 2025.Fundamentals of Software Architecture: A Modern Engineering Approach. "O’Reilly Media, Inc. ", Sebastopol, CA. Google-Books-ID: yClOEQAAQBAJ

    work page 2025

  53. [53]

    2018.Microservices Patterns: With examples in Java

    Chris Richardson. 2018.Microservices Patterns: With examples in Java. Simon and Schuster, New York, NY, USA. Google-Books-ID: QTgzEAAAQBAJ

    work page 2018

  54. [54]

    Cynthia Rudin. 2019. Stop Explaining Black Box Machine Learning Models For High Stakes Decisions and Use Interpretable Models Instead.Nature Machine Intelligence1 (2019), 206–215. doi:10.1038/s42256-019-0048-x

    work page doi:10.1038/s42256-019-0048-x 2019

  55. [55]

    Tamburri

    Filippo Scaramuzza, Giovanni Quattrocchi, and Damian A. Tamburri. 2025. Engineering Trustworthy Machine-Learning Operations with Zero- Knowledge Proofs. https://arxiv.org/abs/2505.20136v1

    work page arXiv 2025

  56. [56]

    Treasury Board of Canada Secretariat. 2024. Directive on Automated Decision-Making. https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32592 Last Modified: 2023-04-25

    work page 2024

  57. [57]

    2012.Dependency injection in

    Mark Seemann. 2012.Dependency injection in. NET. Manning New York, New York, NY, USA. https://sisis.rz.htw-berlin.de/inh2012/12402528.pdf

    work page 2012

  58. [58]

    2017.Enterprise Application Architecture with

    Ganesan Senthilvel, Ovais Mehboob Ahmed Khan, and Habib Ahmed Qureshi. 2017.Enterprise Application Architecture with. NET Core. Packt Publishing Ltd. https://books.google.com/books?hl=en&lr=&id=_UEwDwAAQBAJ&oi=fnd&pg=PP1&ots=WPceLRlmI0&sig= L2D1aiKhpEINnbuKUubLS56sVSo

    work page 2017

  59. [59]

    Nojan Sheybani, Anees Ahmed, Michel Kinsy, and Farinaz Koushanfar. 2025. Zero-Knowledge Proof Frameworks: A Systematic Survey. doi:10. 48550/arXiv.2502.07063 ADS Bibcode: 2025arXiv250207063S

    work page arXiv 2025

  60. [60]

    Nathalie A Smuha. 2019. The EU approach to ethics guidelines for trustworthy artificial intelligence.Computer Law Review International20, 4 (2019), 97–106

    work page 2019

  61. [61]

    Haochen Sun, Tonghe Bai, Jason Li, and Hongyang Zhang. 2025. zkDL: Efficient Zero-Knowledge Proofs of Deep Learning Training.IEEE Transactions on Information Forensics and Security20 (2025), 914–927. doi:10.1109/TIFS.2024.3520863

    work page doi:10.1109/tifs.2024.3520863 2025

  62. [62]

    Haochen Sun, Jason Li, and Hongyang Zhang. 2024. zkLLM: Zero Knowledge Proofs for Large Language Models. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (CCS ’24). Association for Computing Machinery, New York, NY, USA, 4405–4419. doi:10.1145/3658644.3670334

    work page doi:10.1145/3658644.3670334 2024

  63. [63]

    2008.The evolution of auditing: An analysis of the historical development

    Lee Teck-Heang and Azham Md Ali. 2008.The evolution of auditing: An analysis of the historical development. Technical Report. Academic Zone. 1548–6583 pages

    work page 2008

  64. [64]

    Thoughtworks. 2016. Lightweight Architecture Decision Records. Thoughtworks Technology Radar. https://www.thoughtworks.com/radar/ techniques/lightweight-architecture-decision-records The technique was originally proposed by Michael Nygard in 2011 and was featured in the Thoughtworks Technology Radar in November 2016

    work page 2016

  65. [65]

    Ehsan Toreini, Maryam Mehrnezhad, and Aad van Moorsel. 2024. Fairness as a Service (FaaS): verifiable and privacy-preserving fairness auditing of machine learning systems.International Journal of Information Security23, 2 (April 2024), 981–997. doi:10.1007/s10207-023-00774-z

    work page doi:10.1007/s10207-023-00774-z 2024

  66. [66]

    of Calif., Manuel Blum, Paul Feldman, MIT, Silvio Micali, and MIT

    Univ. of Calif., Manuel Blum, Paul Feldman, MIT, Silvio Micali, and MIT. 2019. Non-interactive zero-knowledge and its applications. InProviding Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, Weizmann Institute of Science and Oded Goldreich (Eds.). Association for Computing Machinery, Rehovot, Israel. doi:10.1145/333...

    work page doi:10.1145/3335741.3335757 2019

  67. [67]

    2003.Technology auditing as a means of ensuring business continuity in a manufacturing organisation

    Nico Vlok. 2003.Technology auditing as a means of ensuring business continuity in a manufacturing organisation. Ph. D. Dissertation. Port Elizabeth Technikon

    work page 2003

  68. [68]

    Suppakit Waiwitlikhit, Ion Stoica, Yi Sun, Tatsunori Hashimoto, and Daniel Kang. 2024. Trustless Audits without Revealing Data or Models. doi:10.48550/arXiv.2404.04500 arXiv:2404.04500 [cs]

    work page doi:10.48550/arxiv.2404.04500 2024

  69. [69]

    Haodi Wang, Rongfang Bie, and Thang Hoang. 2025. An Efficient and Zero-Knowledge Classical Machine Learning Inference Pipeline.IEEE Transactions on Dependable and Secure Computing22, 2 (March 2025), 1347–1364. doi:10.1109/TDSC.2024.3435010

    work page doi:10.1109/tdsc.2024.3435010 2025

  70. [70]

    Wright and Richard Sylla

    Robert E. Wright and Richard Sylla. 2004. Joint Stock Companies Act. InThe History of Corporate Finance: Developments of Anglo-American Securities Markets, Financial Practices, Theories and Laws Vol 3. Routledge, United Kingdom, GB. Num Pages: 77

    work page 2004

  71. [71]

    Wenxuan Wu, Soamar Homsi, and Yupeng Zhang. 2024. Confidential and Verifiable Machine Learning Delegations on the Cloud. InComputer Security – ESORICS 2024, Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, and Sokratis Katsikas (Eds.). Springer Nature Switzerland, Cham, 182–201. doi:10.1007/978-3-031-70890-9_10

    work page doi:10.1007/978-3-031-70890-9_10 2024

  72. [72]

    Zhibo Xing, Zijian Zhang, Jiamou Liu, Ziang Zhang, Meng Li, Liehuang Zhu, and Giovanni Russello. 2023. Zero-knowledge proof meets machine learning in verifiability: A survey.arXiv preprint arXiv:2310.14848[No Volume], [No Number] (2023), 24

    work page arXiv 2023

  73. [73]

    Zhibo Xing, Zijian Zhang, Ziang Zhang, Zhen Li, Meng Li, Jiamou Liu, Zongyang Zhang, Yi Zhao, Qi Sun, Liehuang Zhu, et al. 2025. Zero-Knowledge Proof-Based Verifiable Decentralized Machine Learning in Communication Network: A Comprehensive Survey.IEEE Communications Surveys & Manuscript submitted to ACM 22 Scaramuzza et al. Tutorials[No Volume], [No Numbe...

    work page doi:10.1109/comst.2025.3561657 2025

  74. [74]

    Jiaheng Zhang, Zhiyong Fang, Yupeng Zhang, and Dawn Song. 2020. Zero Knowledge Proofs for Decision Tree Predictions and Accuracy. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20). Association for Computing Machinery, New York, NY, USA, 2039–2053. doi:10.1145/3372297.3417278

    work page doi:10.1145/3372297.3417278 2020

  75. [75]

    Lingchen Zhao, Qian Wang, Cong Wang, Qi Li, Chao Shen, and Bo Feng. 2021. VeriML: Enabling Integrity Assurances and Fair Payments for Machine Learning as a Service.IEEE Transactions on Parallel and Distributed Systems32, 10 (Oct. 2021), 2524–2540. doi:10.1109/TPDS.2021.3068195 Received 20 February 2007; revised 12 March 2009; accepted 5 June 2009 Manuscri...

    work page doi:10.1109/tpds.2021.3068195 2021