Ownership verification without leaking fingerprint pairs

Develop a verification procedure for fingerprinted AI models that authenticates ownership without revealing the secret fingerprint (key, response) pairs embedded in the model, thereby preventing adversaries from using leaked fingerprints to remove them and re-release the model.

Background

Existing fingerprinting methods often assume one-shot verification and, in practice, leak the fingerprint pairs during ownership checks. Once the pairs are revealed, adversaries can filter or remove them without harming the model’s utility, undermining persistent ownership claims.

The paper highlights the need for verification protocols that confirm provenance while keeping the specific fingerprint pairs secret, to sustain ownership protection across a model’s lifecycle and subsequent deployments.

References

Verifying the ownership without revealing the secret fingerprint pairs is an important open question.

OML: Open, Monetizable, and Loyal AI (2411.03887 - Cheng et al., 1 Nov 2024) in Chapter 2, Section 2.2 (Fingerprinting), paragraph “Previous work and vulnerability to leakage of fingerprint pairs”