AI Inference with Trusted Execution Environment: HyperGPU and DistMSM Accelerated Zero‑Knowledge Proofs Win 2024 Financial Cipher Cup Innovation Award

On the morning of November 26, the "2024 Financial Cipher Cup" Cipher Application and Technology Innovation Competition Award Ceremony, guided by the National Financial Industry Cipher Application Research Center and Tsinghua University Cipher Theory and Technology Research Center, supported by the China Cryptology Society, and hosted by China Financial Electronic Group Co., Ltd. and Jiangsu Jinfu Digital Co., Ltd., concluded successfully in Suzhou.

Representatives from domestic and foreign enterprises, financial investment institutions, experts, scholars, and contestants gathered to promote the transformation of innovative research results in the financial cipher field, contributing to deep integration of innovation, industry, capital, and talent chains for the region.

Leaders from the National Cipher Administration, Deputy Director of the Digital Currency Research Institute of the People's Bank of China, Deputy Mayor of Suzhou, and an academician of the Chinese Academy of Sciences attended and delivered speeches. Suzhou Municipal Party Committee member and Executive Vice Mayor Gu Haidong attended the award ceremony.

Ant Group's Ant Crypto, together with Ant Financial, MyBank, and Shandong University, proposed the "Zero‑Knowledge Application Proof and Acceleration in AI Inference Scenarios Based on Trusted Execution Environment" solution, which won the "Innovation Competition Team Third Prize" in this contest.

Large model inference scenarios, exemplified by ChatGPT, have attracted widespread attention, but privacy issues are prominent. Among existing privacy computing technologies, only TEE shows good performance in large model inference, yet relying solely on TEE is insufficient to meet all privacy protection needs.

Based on this, the award‑winning solution proposes a GPU‑accelerated TEE framework called HyperGPU suitable for large model inference, and enhances remote proof of applications in confidential VMs using zkSNARK zero‑knowledge proofs, enabling users to directly verify neural network parameters. It also introduces DistMSM, a multi‑GPU accelerated ZKP proof generation scheme to speed up proof generation.

HyperGPU, built on Ant Crypto's open‑source Starburst TEE HyperEnclave, is a GPU TEE framework that minimally modifies AI hardware, enabling secure pass‑through of AI acceleration cards within a TEE environment, balancing AI acceleration and cryptographic computation.

HyperGPU uses confidential VM technology to support trustworthy proof of application images, allowing users to remotely verify image legitimacy. By integrating zkSNARK, users can directly verify model parameter quality without leaking private information.

The multi‑GPU acceleration scheme DistMSM, co‑developed by Ant Group and Shandong University, accelerates the MSM computation dominant in zkSNARK, reducing AI inference quality proof time from over an hour to three minutes, achieving an order‑of‑magnitude improvement.

The "AI inference scenario based on TEE zero‑knowledge application proof and acceleration" solution provides stronger remote proof capabilities for inference service users while reducing the impact of adding ZKP to existing TEE proofs, offering stronger privacy protection and security control for customer data in financial risk control and marketing scenarios.

In the future, Ant Crypto will continue to invest in privacy protection technologies for large model scenarios, extending beyond inference to prediction and fine‑tuning, leveraging its privacy and confidential computing capabilities to protect model and user data, gradually forming a full‑link privacy protection solution for large models.