Verifiable Dropout: Turning Randomness into a Verifiable Claim

Modern cloud-based AI training relies on extensive telemetry and logs to ensure accountability. While these audit trails enable retrospective inspection, they struggle to address the inherent non-determinism of deep learning. Stochastic operations, such as dropout, create an ambiguity surface where attackers can mask malicious manipulations as natural random variance, granting them plausible deniability. Consequently, existing logging mechanisms cannot verify whether stochastic values were generated and applied honestly without exposing sensitive training data. To close this integrity gap, we introduce Verifiable Dropout, a privacy-preserving mechanism based on zero-knowledge proofs. We treat stochasticity not as an excuse but as a verifiable claim. Our approach binds dropout masks to a deterministic, cryptographically verifiable seed and proves the correct execution of the dropout operation. This design enables users to audit the integrity of stochastic training steps post-hoc, ensuring that randomness was neither biased nor cherry-picked, while strictly preserving the confidentiality of the model and data.

Key Contributions

• Formalizes the 'plausible deniability' integrity gap created by stochastic operations in outsourced cloud ML training, identifying dropout as a high-impact, security-relevant attack surface
• Designs a VRF- and ZKP-based protocol that cryptographically binds dropout masks to a verifiable seed commitment and proves correct mask generation and application without revealing training data or model weights
• Implements a prototype and characterizes the trade-offs among proof generation cost, verification latency, and deployment overhead in a modern training workflow

🛡️ Threat Analysis

Details

Similar Papers