Glossary

A

Activation Function

A function applied elementwise to a layer’s outputs in a neural network to introduce non-linearity. Common examples include ReLU, sigmoid, and softmax. In zkML, activation functions must be implemented with arithmetic constraints that are efficient in a finite field.

Arithmetic Circuit (Circuit)

A low-level representation of a computation built from basic operations over a field, such as additions and multiplications. In zkML, we translate model layers (Conv, GEMM, ReLU, etc.) into arithmetic circuits so that a proof system can check their correctness.

B

C

Circuit Size

A measure of how large an arithmetic circuit is, typically in terms of the number of gates or constraints. Larger circuit sizes generally mean higher proving time and memory usage.

Clip

An elementwise operation that restricts each input value to a specific range [min, max]. Values below min are set to min; values above max are set to max. In zkML circuits, Clip is implemented using comparisons and max/min logic.

Constraint System

A set of equations that must hold for all valid computations. Each gate or operation in a circuit contributes constraints. A proof of correct execution is essentially a proof that all constraints in the system are satisfied by a given witness.

Convolution (Conv)

A layer that slides a learnable kernel over an input tensor (such as an image) to extract local features. In ONNX, Conv nodes represent convolutions. In zkML, Conv becomes a structured arithmetic circuit performing many multiply-add operations.

D

DSperse

A framework for targeted verification in zero-knowledge machine learning (zkML) developed by Inference Labs. DSperse lets developers apply zero-knowledge proofs only to selected “slices” (sub-computations) of a model instead of the entire model, trading off between performance, cost, and assurance. It also facilitates proof aggregation, allowing multiple slice-level proofs to be combined efficiently into a single verifiable artifact. This enables focused verification of the most sensitive or critical parts of an AI pipeline while keeping overall proving cost manageable.

E

Expander

A proving backend developed by Polyhedra Network based on GKR- and sum-check-style protocols. Expander is designed for scalable, memory-efficient verification of large arithmetic circuits. JSTprove uses Expander to generate and verify proofs for compiled ONNX models.

Expander Compiler Collection (ECC)

A Rust-based frontend for building arithmetic circuits that target the Expander prover. ECC provides APIs for defining layers, range checks, and other gadgets, and emits the circuit structure and metadata that Expander needs. JSTprove uses ECC to compile quantized ONNX models into arithmetic circuits.

F

Fiat–Shamir Transformation

A method for converting an interactive proof into a non-interactive one by replacing the verifier’s random challenges with hashes of the transcript. Instead of multiple rounds of back-and-forth messages, the prover derives each challenge deterministically using a cryptographic hash function applied to previous messages. This eliminates interaction while preserving soundness in the random-oracle model. Many practical zk-SNARKs, zk-STARKs, and GKR-based zkML systems rely on the Fiat–Shamir transformation to turn interactive protocols into single-message proofs suitable for offline or on-chain verification.

Fixed-point Representation

A way to encode floating-point numbers as integers by multiplying them by a fixed scaling factor (for example, 2^s) and rounding. All arithmetic is performed on integers, and scaling is tracked explicitly. This is the standard way to represent floating-point ML computations inside arithmetic circuits.

G

GEMM (General Matrix Multiplication)

A standard name for dense matrix multiplication. In ONNX and many ML frameworks, GEMM or MatMul nodes represent linear layers that multiply an input by a weight matrix and add a bias. In zkML, these become matrix-multiplication circuits, often a major contributor to circuit size.

GKR Protocol (Goldwasser–Kalai–Rothblum)

An interactive proof technique for verifying computations over layered arithmetic circuits. It reduces checking an entire circuit to checking a small number of polynomial identities. Many modern zkML stacks, including GKR-based provers, use this protocol (or variants) as a backbone.

Ground Truth

The "true" labels or values used to evaluate a model's predictions. For example, in classification, the ground truth is the correct class for each input. zkML proofs often show that a prediction was computed correctly, given a fixed model and input, but do not guarantee that the model matches ground truth.

GPU (Graphics Processing Unit)

A processor designed for highly parallel workloads. In zkML, GPUs can accelerate both machine learning (training and inference) and cryptographic proving, because they can evaluate many similar arithmetic operations in parallel.

H

HALO2

A proving system based on Plonkish arithmetization that supports features like custom gates and lookup tables. It is widely used in the zk ecosystem (for example, by Zcash and various rollups).

Homomorphic Encryption

A family of encryption schemes that allow computations to be performed directly on encrypted data without decrypting it. The result is still encrypted and can be decrypted later to obtain the final value. Homomorphic encryption is a complementary privacy technology to zkML.

I

Inference

The phase where a trained model is used to make predictions on new inputs. In zkML, we typically prove that an inference was carried out correctly (for example: “running this ONNX model on input x produced output y”) without requiring the verifier to re-run the model.

Interactive Proof

A protocol in which a prover and a verifier exchange multiple messages. The verifier sends challenges; the prover responds. Zero-knowledge proof systems originally started as interactive proofs before non-interactive variants became common.

J

JSTprove

An open-source zero-knowledge machine learning (zkML) toolkit developed by Inference Labs. JSTprove takes an ONNX model as input and provides an end-to-end pipeline: quantization, circuit compilation (via ECC), witness generation, proof creation (via Expander), and verification. It exposes this flow through a developer-friendly CLI (commands like compile, witness, prove, verify), making zkML accessible to ML engineers without requiring deep cryptography expertise.

K

L

Layer (Neural Network Layer)

A building block of a neural network that transforms its inputs into outputs, such as a convolution, fully connected (GEMM) layer, or activation layer (ReLU). In zkML, each layer type is translated into a specific circuit gadget or constraint pattern.

Layer 1 (L1)

A base blockchain that provides core consensus, security, and data availability (for example, Ethereum mainnet). zkML systems often generate proofs off-chain and verify them on an L1 smart contract.

Layer 2 (L2)

A protocol built on top of a Layer 1 blockchain to improve scalability. L2s typically process transactions off-chain and post proofs or compressed data back to L1. zk-rollups are a common L2 design that relies on zero-knowledge proofs.

M

Machine Learning

A family of methods where models learn patterns from data instead of being programmed with explicit rules. ML covers both training (learning parameters) and inference (using the trained model). zkML systems use zero-knowledge proofs to attest that specific ML computations—most commonly inference, but potentially also training steps or metrics—were executed correctly.

Mainnet

The primary network for a blockchain where real-value transactions occur. When we talk about verifying zkML proofs “on mainnet,” we mean verifying proofs on the production chain rather than on test or development networks.

Model

The learned function produced by a training process. It maps inputs (features) to outputs (predictions). In zkML, the model’s structure and weights are part of the computation we encode in a circuit, and often the model (or its hash) is a public input to the proof.

Multi-party Computation (MPC)

A cryptographic technique that lets several parties jointly compute a function over their inputs while keeping those inputs hidden from each other. MPC and zero-knowledge proofs are often used together: zk proofs can attest that an MPC protocol was followed correctly, and MPC can be used inside zk protocols to help construct witnesses or commitments.

N

Neural Network

A model composed of interconnected layers (neurons) that apply linear operations and non-linear activations to data. Neural networks are widely used for tasks like vision, language, and classification. zkML frameworks commonly support neural network architectures exported to ONNX.

Neuron

A basic computational unit in a neural network. It takes one or more inputs, applies a weighted sum and a bias, and then passes the result through an activation function. In circuits, neuron computations are expanded into additions, multiplications, and activation constraints.

Non-interactive Proof

A proof that the prover can generate as a single message, with no back-and-forth with the verifier. zk-SNARKs and many practical zkML systems use non-interactive proofs so verification can be done offline or on-chain without interaction. Many non-interactive schemes are obtained by applying the Fiat–Shamir transform to an underlying interactive protocol, replacing verifier challenges with hash-based challenges.

O

ONNX (Open Neural Network Exchange)

An open standard for representing machine learning models. ONNX defines a common set of operators (Conv, Gemm, Relu, MaxPool, etc.) and a portable file format. zkML systems like JSTprove take ONNX models as input and compile them into arithmetic circuits.

Oracle

A system that feeds off-chain data into a blockchain so it can be used by smart contracts. In zkML, an oracle might provide model hashes, parameters, or other metadata that proofs reference.

Overfitting / Underfitting

Overfitting occurs when a model fits the training data too closely, including noise, and performs poorly on new data. Underfitting occurs when a model is too simple to capture the structure in the data, performing poorly on both training and test sets. zkML does not change these phenomena; it just allows us to prove that a given model’s computation (for example, an inference) was executed correctly.

P

Polynomial Commitment

A cryptographic scheme that lets a prover commit to a polynomial once and later prove its evaluations at specific points. The commitment is short, and verification is efficient. Many modern proof systems use polynomial commitments internally to prove that large arithmetic circuits are satisfied.

Precision

A metric for binary or multi-class classification. Precision measures how many of the examples the model predicted as positive were actually positive.

Proof

The artifact produced by the prover that convinces a verifier that the constraints of the circuit are satisfied for some (possibly hidden) witness. In zkML, a proof typically attests that a specific model computation (often an inference) was executed correctly with respect to an ONNX model and inputs.

Proof Size

The number of bytes in a proof. Many modern proof systems have small, nearly constant proof sizes even for large circuits, which is important for on-chain verification.

Proof System (Proving System)

The combination of algorithms and protocols used to create and verify proofs. Examples include zk-SNARKs, zk-STARKs, and GKR-based systems. A zkML framework chooses one or more proof systems as backends to generate proofs for compiled circuits.

Prover

The party that runs the computation (for example, model inference), constructs the witness, and generates the zero-knowledge proof that all constraints are satisfied.

Proving Time

How long it takes the prover to generate a proof for a given computation. It depends on circuit size, proof system, hardware (CPU/GPU), and implementation details.

Public Inputs

Values that both the prover and verifier know and that are part of the statement being proved. Examples include the model hash, claimed output, or public configuration parameters. Depending on the proving system, public inputs may be encoded directly in the circuit or designated as public components of the witness.

Private Inputs

Values used in the computation that the prover does not want to reveal, such as secret inputs, private model weights, or internal activations. Zero-knowledge guarantees that these remain hidden while still allowing verification of correctness.

Q

Quantization

The process of converting floating-point numbers (weights, activations, inputs) into integers, usually with a fixed scaling factor. In zkML, quantization reduces the cost of arithmetic operations in the circuit while keeping the model’s behavior close to its original floating-point version.

R

Recall

A metric for classification problems. Recall measures how many of the truly positive examples the model correctly identified.

Rectified Linear Unit (ReLU)

A popular activation function defined as ReLU(x) = max(x, 0). It keeps positive values and zeroes out negative ones. ReLU is widely used in modern neural networks and appears directly in zkML circuits.

S

Scaling Factor

The constant used in fixed-point quantization (for example, 2^s). Multiplying a real number by the scaling factor and rounding gives its integer representation. When multiplying quantized values, the scaling factor must be adjusted carefully to keep results in the same scale.

Slice (Model Slice)

A selected sub-computation of a model, typically a contiguous sequence of layers and activations taken from a larger architecture. If a model can be viewed as a composition fₙ ∘ … ∘ f₂ ∘ f₁, a slice might be a sub-composition f₍ᵢ₊ₖ₎ ∘ … ∘ fᵢ. Frameworks like DSperse use slices to apply zero-knowledge proofs only to critical portions of a model.

Smart Contract

A program deployed on a blockchain that runs deterministically on every node. In zkML, smart contracts often verify zero-knowledge proofs to confirm that off-chain ML computations were executed correctly.

Softmax

A function that turns a vector of scores into a probability distribution by exponentiating each score and dividing by the sum. It is often used as the final layer in classification models. Implementing softmax exactly in finite fields is expensive, so zkML systems may use approximations or alternative formulations.

Statement (Claim)

The assertion that a proof is about. For example: “Given model hash H and input x, the output y is the result of running the model encoded by H on x.” A valid proof convinces the verifier that the statement is true without revealing the underlying witness.

Sum-check Protocol

A classical subroutine in interactive proofs used to verify that a sum of polynomial evaluations has a claimed value. It is a core building block inside GKR and related proof systems that underlie many modern zkML stacks.

Supervised Learning

A learning setting where models are trained on labeled examples (input, target output). The goal is to learn a mapping that generalizes to unseen data. Most classification and regression models used in zkML are trained in a supervised way.

Sybil Attack

An attack in which one entity creates many fake identities (nodes or accounts) to gain disproportionate influence in a network. Decentralized proving or validation networks must be designed to resist Sybil attacks, often by tying identities to economic or resource-based costs.

T

Test Data (Test Set)

A subset of data held back during training and used for the final evaluation of a model. It approximates how well the model will perform on unseen data. zkML systems typically prove correctness of specific computations for particular inputs, not statistical performance, but test data is still used upstream during model development.

Testnet

A separate blockchain network used for testing and development, where tokens have no real economic value. zkML projects often first deploy proof verification contracts and run experiments on testnets before moving to mainnet.

Token

A unit of value issued by a blockchain or protocol. In the zkML context, tokens may be used to incentivize provers, pay for verification, or participate in protocol governance, but they are distinct from the proofs and circuits themselves.

Training Data (Training Set)

The data used to train a model. The model adjusts its parameters to minimize a loss function on this data. Most current zkML frameworks operate on the trained model (inference), but in principle training steps or metrics can also be modeled and proved.

U

Unsupervised Learning

A learning setting where models find structure in data without labeled outputs, for example via clustering or dimensionality reduction. It is less commonly used directly in zkML examples, which typically focus on supervised tasks, but the concept appears in broader ML discussions.

V

Validation Data (Validation Set)

A subset of data used during model development to tune hyperparameters and make decisions about model architecture. It differs from test data, which is used only for final evaluation. zkML operates after model selection, but the quality of the model still depends on how validation was done.

Verification

The process of checking a proof. Verification is much cheaper than re-running the original computation and does not require access to the witness. In zkML, verification is what smart contracts or off-chain verifiers do to confirm that a computation (often an inference) was executed correctly.

Verification Time

How long it takes a verifier to check a proof. One key advantage of modern proof systems is that verification time is typically much smaller than the original computation time.

W

Witness

The full set of values that satisfy a circuit’s constraints: inputs, intermediate values, and outputs. In zkML, the witness includes the internal activations of the model for a given input. The prover uses the witness to generate a proof, but the witness itself is typically not revealed.

X

Y

Z

Zero-Knowledge Proof (ZKP)

A proof that lets a prover convince a verifier that a statement is true (for example, “this model inference was executed correctly”) without revealing any additional information about the inputs or intermediate values. ZKPs must be complete (honest proofs are accepted), sound (false statements are rejected with high probability), and zero-knowledge (no extra information beyond the truth of the statement is leaked).

zkML (Zero-Knowledge Machine Learning)

zkML refers to techniques that generate zero-knowledge proofs about machine learning computations. Typical use cases include proving that a model was evaluated correctly on some inputs, without revealing the inputs, model weights, or intermediate activations.

zk-SNARK

Short for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge.” A zk-SNARK is a proof system that is succinct (proofs are very small and fast to verify), non-interactive (a single message from prover to verifier), and an argument of knowledge (the prover cannot generate a valid proof without “knowing” a valid witness). zk-SNARKs are widely used in blockchain and zkML systems to prove large computations with small proofs.