A2-DIDM: Privacy-preserving Accumulator-enabled Auditing for Distributed Identity of DNN Model

Researchers propose A2-DIDM, a blockchain-based system using zero-knowledge proofs and cryptographic accumulators to verify DNN model ownership and prevent unauthorized replication in the growing AI model trading market. The scheme enables lightweight on-chain identity verification while preserving data and function privacy through weight checkpoint authentication.

The commercialization of deep neural network models has created a critical security gap in the AI industry. As organizations increasingly license and trade proprietary DNN models, the lack of robust ownership verification mechanisms exposes model creators to intellectual property theft and unauthorized deployment. A2-DIDM addresses this vulnerability by combining blockchain infrastructure with zero-knowledge cryptography to create an immutable audit trail of model development. The system records model identity through weight checkpoints—snapshots of neural network parameters at different training stages—and proves their authenticity without revealing sensitive model architecture or training data. This approach leverages cryptographic accumulators to efficiently verify computational integrity throughout the training process while maintaining a uniquely identifiable sequence that prevents forgery or substitution attacks. The integration of blockchain provides decentralized, tamper-resistant record-keeping that no single entity can alter retroactively. For the AI industry, this innovation addresses a fundamental trust problem in model commercialization. Developers and companies can now prove original authorship and detect unauthorized copies, reducing friction in model licensing agreements and opening new business opportunities. The lightweight on-chain verification aspect is particularly significant, as it balances security needs with practical scalability constraints that have historically limited blockchain adoption in AI applications. As generative AI models become increasingly valuable assets, mechanisms like A2-DIDM will likely become standard infrastructure for IP protection. The open-source availability of this research may accelerate adoption across blockchain and AI communities, establishing new standards for verifiable model ownership in decentralized markets.

• →A2-DIDM combines blockchain and zero-knowledge proofs to create verifiable ownership records for DNN models without exposing sensitive training data.
• →The system uses weight checkpoints with cryptographic accumulators to establish a unique, unforgeable identity sequence for each trained model.
• →Lightweight on-chain verification enables practical scalability for IP protection in AI model trading ecosystems.
• →The approach addresses growing intellectual property risks as generative AI models become increasingly valuable commercial assets.
• →Open-source implementation may establish new industry standards for decentralized identity verification in machine learning.