project screenshot 1
project screenshot 2
project screenshot 3
project screenshot 4
project screenshot 5
project screenshot 6

Privacy Avengers

We developed a protocol for verifiable machine unlearning, solving AI privacy issues by securely and efficiently detecting and removing user data. Through backdoor attacks and rigorous validation with hypothesis testing and zero-knowledge proofs, transparency is ensured.

Privacy Avengers

Created At

ETHGlobal Sydney

Winner of


Worldcoin - Pool Prize

Prize Pool

Project Description

This project focuses on addressing the pervasive issue of privacy in artificial intelligence (AI) systems. Here's a detailed breakdown of what the project entails:

  1. Problem Statement: AI users face significant privacy concerns. It's difficult for users to detect if their privacy is compromised, while AI service providers struggle with the laborious task of removing sensitive user data from their datasets.

  2. Inspiration and Methodology: The project draws inspiration from the research paper titled 'Athena: Probabilistic Verification of Machine Unlearning'. It proposes a protocol to achieve verifiable machine unlearning, a process crucial for safeguarding user privacy.

  3. Protocol Overview:

    • Backdoor Attack: The protocol begins by conducting backdoor attacks to verify if the model indeed stores user data. This step provides substantial evidence for prompting model providers to initiate machine unlearning.
    • Machine Unlearning: After verifying the presence of stored user data, model providers are compelled to undergo machine unlearning. This process involves removing certain data from the model without necessitating full retraining, significantly reducing costs.
    • Validation through Inference and Hypothesis Testing: Multiple rounds of inference are conducted to detect any remaining backdoors. Hypothesis testing is then employed to derive convincing conclusions regarding the efficacy of the unlearning process.
    • Zero-Knowledge Proofs (ZKP): To ensure the integrity of inference results, zero-knowledge proofs are utilized to verify that the results indeed originate from the current model state, adding an extra layer of security and trust.
  4. Role of Privacy Avengers: Privacy Avengers are individuals who champion data privacy. They play a crucial role in conducting backdoor attacks, monitoring the model's behavior to verify that the unlearning has indeed occurred, and verifying the integrity of inference results.

  5. Final Outcome: Upon successful completion of the protocol, conclusive evidence is obtained regarding the effectiveness of machine unlearning. Privacy Avengers receive rewards for their contributions, ensuring accountability and incentivizing participation.

  6. Safety Measures:

    • World ID: Implementation of world ID ensures secure data handling.
    • Verifier Smart Contracts on Layer 2 (L2): Deploying verifier smart contracts on Layer 2 ensures affordable transaction fees, enhancing accessibility and scalability.

Overall, this project offers a comprehensive solution to the complex challenge of ensuring privacy in AI systems through a meticulously designed protocol supported by advanced techniques and community participation.

How it's Made

  1. Protocol Design: We began by outlining the protocol based on the principles laid out in the research paper 'Athena: Probabilistic Verification of Machine Unlearning'. This involved conceptualizing the steps involved in verifiable machine unlearning and defining the roles of Privacy Avengers.

  2. Implementation:

    • Backdoor Attack Mechanism: We implemented the backdoor attack mechanism using techniques such as data poisoning and adversarial examples. This involved injecting polluted data into the model to trigger specific behaviors that indicate the presence of stored user data.
    • Machine Unlearning Algorithm: We developed a machine unlearning algorithm inspired by techniques like fine-tuning and regularization. This algorithm selectively removes sensitive user data from the model while preserving its overall performance.
    • Inference and Hypothesis Testing: For the validation process, we utilized statistical inference techniques and hypothesis testing methodologies. This enabled us to analyze the model's behavior post-unlearning and draw statistically significant conclusions about the efficacy of the process.
    • Zero-Knowledge Proofs (ZKP): We integrated ZKPs into the system to ensure the integrity of inference results. This involved implementing cryptographic protocols that allow one party to prove knowledge of certain information without revealing the information itself.
  3. Technologies Used:

    • Integration of world ID to link physical identities securely, enhancing privacy protection.
    • During the challenge period, proof of inferences was obtained to verify the authenticity of model results.
    • Verifier contracts were deployed on Layer 2 solutions such as Mantle, Avail, Base, Polygon, and Cardona, ensuring affordable transaction fees and scalability.
background image mobile

Join the mailing list

Get the latest news and updates