JSTprove: Verifiable AI Inference

• JSTprove is a specialized toolkit that uses zero-knowledge proofs to deliver trustworthy, privacy-preserving, and auditable AI inference across domains like healthcare and finance.
• It abstracts cryptographic complexities behind a streamlined CLI that converts ONNX models into fixed-point arithmetic circuits for reproducible and secure inference.
• The toolkit offers an end-to-end pipeline—model parsing, quantization, circuit compilation, proof and verification—that safeguards sensitive data while ensuring auditability.

JSTprove is a specialized toolkit for verifiable AI inference that leverages Zero-Knowledge Machine Learning (zkML) to enable trustworthy, privacy-preserving, and auditable validation of machine learning predictions. Designed to address challenges of trust, privacy, and accountability in domains such as healthcare, finance, and cybersecurity, JSTprove abstracts cryptographic complexity, making verifiable AI inference accessible to machine learning engineers without deep cryptographic expertise. The system operates by generating zero-knowledge proofs attesting that inference was carried out faithfully by a given model on specific inputs, while safeguarding both sensitive input data and model weights from exposure.

1. System Overview and Design Principles

JSTprove constitutes an end-to-end pipeline for zkML inference, providing reproducible and auditable workflows suitable for production and research environments. Its foundational premise is to enable the verification of AI-driven outcomes without requiring trust in the computational provider or disclosure of underlying data. The toolkit is built upon Polyhedra Network's Expander backend, a Goldwasser-Kalai-Rothblum (GKR)-based SNARK/STARK proving system, and exposes all functionality via a streamlined command-line interface (CLI). A core design goal is to conceal all cryptographic detail from users while still outputting explicit, auditable artifacts at every pipeline stage.

2. Pipeline Architecture and Workflow

The JSTprove pipeline comprises the following sequential stages:

1. Model Import and Parsing: Intake of ONNX-format models exported from frameworks such as PyTorch or TensorFlow, extracting relevant computational graphs and weights.
2. Quantization and Fixed-Point Conversion: Transformation of floating-point values to fixed-point integer representations as a prerequisite for arithmetic circuit compilation.
3. Circuit Compilation: Model translation by the Expander Compiler Collection (ECC) into an arithmetic circuit over a prime field, mapping each neural network operation to circuit "gadgets."
4. Witness Generation: Execution of quantized model inference with the intended user input, yielding outputs and all auxiliary values (the "witness") necessary for circuit satisfaction.
5. Proof Generation: Input of both circuit and witness into the Expander backend, producing a succinct zero-knowledge proof using the sumcheck protocol.
6. Verification: Independent checking of the proof against the public outputs, ensuring inference correctness without exposure of private inputs or weights.
7. CLI Orchestration: Complete pipeline control via CLI commands: jst compile, jst witness, jst prove, and jst verify.

The deterministic character of each stage, along with serialization-compatible artifact generation, ensures reproducibility and auditability.

3. Cryptographic Abstraction and Extensibility

JSTprove is expressly constructed to hide cryptographic mechanisms—including circuit wiring, field arithmetic, constraint generation, and proof construction—behind familiar ML developer workflows. All cryptographic and circuit-level artifacts (proof, witness, and circuit descriptions) are exposed for audit, yet interaction remains at the level of standard ONNX models and CLI invocations.

Extension to new ONNX operations or neural network modules is supported modularly: the system includes open-source blueprints (mathematical formalism, pseudocode, and Rust reference implementations) for each fundamental gadget (e.g., matrix multiplication, convolution, ReLU, max-pooling). Adding support for new operators or architectures involves implementing and specifying new arithmetic gadgets, which are then composable via ECC.

4. Technical Procedures: Quantization, Circuit Constraints, and Proof Generation

Quantized arithmetic is central to JSTprove's pipeline, ensuring compatibility with finite-field circuit representations and ZKP protocols:

• Fixed-Point Quantization: Model and input values are scaled by $\alpha = 2^s$ to yield

$\hat{z} = \lfloor \alpha z \rfloor$

• Range and Rescaling Constraints: For multiplication operations, the verifier ensures

$ab = \alpha q + r, \quad 0 \leq r < \alpha$

where $q$ is the rescaled result and $r$ is the remainder. Range checks and correctness are enforced by bit-decomposition, with

$d_i(d_i - 1) \equiv 0 \pmod{p}$

for each bit $d_i$ and

$$x^\sharp \equiv d_0 + 2d_1 + \cdots + 2^{\kappa-1} d_{\kappa-1} \pmod p$$

• Max and Comparison Constraints: For operators such as max or ReLU, correctness is enforced by

$(x - a)(x - b) \equiv 0 \pmod p$

• Total Circuit Cost: The resource estimate for compiling and proof generation is modeled as

$$\text{totalCost} = n_{\text{inputs}} C_{\text{input}} + n_{\text{gates}} C_{\text{var}} + n_{\text{mul}} C_{\text{mul}} + n_{\text{add}} C_{\text{add}} + n_{\text{cst}} C_{\text{const}}$$

Proofs produced by this process are succinct, reveal nothing about model parameters or private data, and can be independently verified.

5. Artifacts, Auditability, and Reproducibility

Each JSTprove run emits explicit, serialization-compatible artifacts for every pipeline stage:

Artifact	Purpose
circuit.txt	Arithmetic circuit encoding of the quantized model
witness.bin	Private proof witness (inputs, outputs, intermediates)
proof.bin	Succinct zero-knowledge proof
output.json	Public model outputs (predictions)

This design enforces a complete audit trail. Every element of model translation, quantization, and proof construction is surfaceable for independent scrutiny, supporting rigorous reproducibility and enabling external security audits.

6. Benchmarks and Practical Domains of Application

JSTprove's performance was benchmarked using LeNet-style convolutional neural networks, investigating both "depth sweeps" (varying the number of model layers) and "breadth sweeps" (varying input dimensionality). The "total cost" metric, reflecting the number of circuit gates produced by ECC, was empirically shown to reliably predict runtime and memory usage. This empiricism allows practitioners to estimate feasibility for larger or more complex inference models.

Core real-world use cases for JSTprove highlighted include healthcare diagnostics, fraud detection, cybersecurity monitoring, and financial forecasting—scenarios where verifiable, privacy-preserving inference is essential. The system is architected for experimental extension to broader neural architectures.

7. Openness, Blueprinting, and Future Prospects

The toolkit and its underlying gadgets are fully open-source, with comprehensive blueprint documentation (the zkML Blueprints project) providing mathematical proofs, pseudocode, and reference Rust implementations for every supported operation. This repository enables both community review and extension, encouraging the development of new circuit modules and the integration of improved ZKP techniques.

Anticipated future enhancements include optimizations such as lookup-based range checks, randomized verification for large matrix multiplications, and GPU-accelerated proving (e.g., via zkCUDA). Ongoing development is directed toward additional operator support and further simplification of community-driven module extension.

Summary

JSTprove represents a practical realization of end-to-end verifiable AI inference for machine learning practitioners, combining the accessibility of ONNX-based workflows and CLI-based orchestration with the auditability, reproducibility, and cryptographic strength required for privacy-sensitive, high-assurance environments. Its open-source modular architecture and rigorous benchmarking position it as a reproducible foundation for ongoing research and deployment of zkML-powered verifiable AI systems (Gold et al., 23 Oct 2025).