Glossary
ZKML
Zero-knowledge proofs of correct machine-learning inference, letting a prover convince a verifier that a specific model produced a specific output without revealing model or input.
Zero-knowledge proofs of correct inferenceruntimeRunning a trained model to produce outputs (tokens, images, embeddings) from inputs at serving time, as distinct from the gradient updates of training. Open full entry . A prover (running the model) generates a succinct cryptographic proof that, given some specific weights, a specific input produces a specific output. A verifier checks the proof in milliseconds without seeing the inputs or running the inferenceruntimeRunning a trained model to produce outputs (tokens, images, embeddings) from inputs at serving time, as distinct from the gradient updates of training. Open full entry themselves. The model, the input, or both can be private from the verifier.
ZKML matters for on-chain agents, oracle networks, and verifiable content provenance, all of which need to prove off-chain compute without re-running it. The current limitation is performance. Proving correctness of a small CNN takes minutes; proving a transformerruntimeThe neural network architecture that combines self-attention with feed-forward layers, dominant for language modeling since 2017 and the substrate for nearly every modern LLM. Open full entry forward pass at GPT-2 scale takes hours; frontierweightsThe current capability envelope of AI, defined by the most capable models in deployment at any given time; an evolving label rather than a fixed threshold. Open full entry models are still out of reach.
The frameworks in active 2026 development: EZKL (compiles ONNXruntimeAn open interchange format for machine learning models, designed to let a model trained in one framework run in another via a portable graph representation. Open full entry to zkSNARK circuits), Modulus Labs (specialized provers), Risc Zero (general-purpose ZK virtual machine, used for ML workloads). The near-term use cases are small specialized models for content classification, fraud detection, and oracle attestationidentity-trustA cryptographic protocol that lets a remote party verify which code is running inside a TEE, including which model is loaded and which build of the inference engine. Open full entry , not frontierweightsThe current capability envelope of AI, defined by the most capable models in deployment at any given time; an evolving label rather than a fixed threshold. Open full entry LLM inference.