Dice Question Streamline Icon: https://streamlinehq.com

Fingerprint capacity of OMLized models

Characterize the fingerprint capacity of an AI model used in OML 1.0, defined as the fundamental limit on the number of (key, response) fingerprint pairs that can be embedded and sequentially used for authentication without compromising the model’s utility, under the adversarial host threat model where the host knows the fingerprinting technique but not the specific fingerprint pairs.

Information Square Streamline Icon: https://streamlinehq.com

Background

OML 1.0 relies on embedding many fingerprint (key, response) pairs into a model to authenticate usage and ownership while tracking monetization. The security of this decentralized protocol critically depends on scalability—how many fingerprints can be embedded and later checked without degrading the model’s utility.

The paper informally introduces a minimax notion of fingerprint capacity reflecting competing strategies of an OMLizing platform and adversarial hosts, and emphasizes that determining this limit is central to making decentralized AI secure and practical.

References

Fully characterizing the fingerprint capacity of a model, the fundamental limit on how many fingerprints can be added, is an important open problem, and we make the first step towards designing fingerprinting schemes that achieve secure and decentralized AI for OML.

OML: Open, Monetizable, and Loyal AI (2411.03887 - Cheng et al., 1 Nov 2024) in Chapter 3, Section 3.1 (Sentient Protocol under a Single Trusted Prover)