PK-PoMLO: Public Key Proof of ML Ownership System

Authors

  • Joyeon Park Sogang University, Republic of Korea
  • Jinah Seo Sogang University, Republic of Korea
  • Do. KyoungHwa Sogang University, Republic of Korea
  • Soo Yong Park Sogang University, Republic of Korea

DOI:

https://doi.org/10.13052/jwe1540-9589.2514

Keywords:

Machine Learning, ML Ownership, blockchain, timestamp

Abstract

In this study, we propose an on-chain-based ML ownership proof system (PK-PoMLO), which combines a digital signature and a blockchain timestamp value to generate a certificate of ownership that is publicly disclosed on-chain, enabling strong claim of ML ownership. First, the owner creates a certificate signed with their private key using the hash value of the ML model and a structured message, and includes a timestamp. This is then used to generate an ML ownership certificate and registered on-chain. At this time, the owner uses their private key to create a standard signature value as a 128-bit mark and embeds it in the ML model. Anyone wishing to verify ML ownership then uses the owner’s public key to compare the hash value of the on-chain ML ownership certificate with the timestamp value to verify ML ownership. In other words, we can verify the authenticity of the owner by testing whether the bit error rate (BER) between the mark extracted from the ML ownership certificate and the internally stored mark string satisfies BER ≤τ, and verifying it with the signature value of the ML ownership certificate. To verify the results of this study, we implement and evaluate a prototype on the MNIST MLP and the Ethereum Sepolia test network.

Downloads

Download data is not yet available.

Author Biographies

Joyeon Park, Sogang University, Republic of Korea

Joyeon Park is a last-semester master’s student in computer science at Sogang University. She received her bachelor’s degree in intellectual property from Kyonggi University in 2022. Her research interests are in the convergence of blockchain technology and intellectual property. She is currently working on zero-knowledge machine learning (ZKML) technologies. Also, working on a ITU-T Techical Report related to ZKML.

Jinah Seo, Sogang University, Republic of Korea

Jinah Seo is a 5th semester Ph.D. student in the Department of Computer Science and Engineering at Sogang University. She has over 10 years of experience in communication network deployment and security consulting and received her M.S. degree from the Graduate School of Information and Communication at Sogang University in 2022. Her current research focuses on the security aspects of blockchain technology, and she has contributed to ITU-T SG17 standardization meetings.

Do. KyoungHwa, Sogang University, Republic of Korea

Do. KyoungHwa received her Ph.D. in Computer Communication and Information Security from Soongsil University in 2004. She currently serves as a professor in the College of Engineering at Sogang University. Her research areas include artificial intelligence (AI), blockchain, physical AI, information security, and cloud computing. She has also served as a reviewer for several prominent academic journals. She served as the head of the New Technology Team at the Ministry of the Interior and Safety for 15 years, researching and applying new technologies to e-government.

Soo Yong Park, Sogang University, Republic of Korea

Soo Yong Park received his Ph.D. degree from George Mason University in 1995. He has held several prestigious positions, including serving as a Professor in the Department of Computer Science at Sogang University since March 1998 and as the Dean of the College of Software Convergence at Sogang University since July 2024. He is currently serving as the Chair of the Distributed Ledger Standard Forum and has been the Director of the Web 3.0 Research Center (ITRC) since 2023. Previously, he served as the President and CEO of the National IT Industry Promotion Agency (NIPA) from September 2012 to November 2014. Since January 2019, he has also served as the President of the Korea Society of Blockchain and as the Director of the Intelligent Blockchain Research Center. His accolades include the 10-Year Most Influential Paper Award from the Asia–Pacific Software Engineering Conference (APSEC) in December 2018 and the Minister of Science and ICT Award for Best Project Evaluation in November 2021.

References

F. Tramèr, F. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, “Stealing Machine Learning Models via Prediction APIs”, Proc. USENIX Security, 2016, pp. 601–618.

Y. Uchida, Y. Nagai, S. Sakazawa, and S. Satoh, “Embedding watermarks into deep neural networks,” in Proc. ACM Int. Conf. on Multimedia Retrieval (ICMR), 2017, pp. 269–277.

B. D. Rouhani, H. Chen, and F. Koushanfar, “DeepSigns: An end-to-end watermarking framework for ownership protection of deep neural networks,” in Proc. ASPLOS, 2019, pp. 485–497.

F. Boenisch, “A Systematic Review on Model Watermarking for Neural Networks,” Frontiers in Big Data, vol. 4, Art. no. 729663, 2021, doi: 10.3389/fdata.2021.729663.

Y. Li, H. Wang, B. Wang, and Z. Zhang, “A Survey of Deep Neural Network Watermarking Techniques,” Neurocomputing, vol. 461, pp. 171–193, 2021, doi: 10.1016/j.neucom.2021.07.051.

Y. Adi, C. Baum, M. Cisse, B. Pinkas, and J. Keshet, “Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring,” in Proc. 27th USENIX Security Symp. (USENIX Security ’18), 2018, pp. 1615–1631.

F. Le Merrer, B. Perez, and G. Trédan, “Adversarial Frontier Stitching for Remote Neural Network Watermarking,” Neural Computing and Applications, vol. 32, no. 13, pp. 9233–9244, 2020, doi: 10.1007/s00521-019-04434-z.

Y. Yan et al., “Rethinking White-Box Watermarks on Deep Learning: Are They Robust to Neural Structural Obfuscation,” in Proc. 32nd USENIX Security Symp. (USENIX Security ’23), 2023, pp. 2347–2364.

RorschachChen, DeepSigns-torch (GitHub repository), 2018–. (Accessed: 2026-01-07).

T. Pornin, “RFC 6979: Deterministic Usage of the Digital Signature Algorithm (DSA) and ECDSA,” IETF RFC 6979, 2013.

V. Buterin, “EIP-2: Homestead Hard-fork Changes,” Ethereum Improvement Proposals, no. 2, 2015. (Accessed: 2026-01-07).

Z. Wang, “Blockchain-Assisted Robust Subgroup ECDSA Multisignature for Consensus,” IEEE Internet of Things Journal, vol. 12, no. 4, pp. 4525–4535, 2025, doi: 10.1109/JIOT.2024.3485215.

R. Bloemen, L. Logvinov, and J. Evans, “EIP-712: Typed structured data hashing and signing,” Ethereum Improvement Proposals, no. 712, 2017. (Accessed: 2026-01-07).

S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” White Paper, 2008. (Accessed: 2026-01-07).

G. Wood, “Ethereum: A Secure Decentralised Generalised Transaction Ledger (Yellow Paper),” Technical Report, 2014. (Accessed: 2026-01-07).

X. Lin, L. He, and H. Yu, “Practical Preimage Attacks on 3-Round Keccak-256 and 4-Round Keccak [r=640, c=160],” IACR Trans. Symmetric Cryptology, vol. 2025, no. 1, pp. 328–356, 2025, doi: 10.46586/TOSC.V2025.I1.328-356.

G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “The Keccak Sponge Function Family–Main Document,” Ver. 2.0, Sep. 10, 2009. (Accessed: 2026-01-07).

K. Bak, H. Salin, K. Niczyj, and L. Krzywiecki, “Enhancing Tunnel Safety for Dangerous Goods Vehicles through Blockchain-Based Time-Stamping,” in Proc. IEEE 22nd Int. Conf. on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, pp. 1312–1317, doi: 10.1109/TrustCom60117.2023.00179.

Downloads

Published

2026-01-29

How to Cite

Park, J. ., Seo, J. ., KyoungHwa, D. ., & Park, S. Y. . (2026). PK-PoMLO: Public Key Proof of ML Ownership System. Journal of Web Engineering, 25(01), 51–66. https://doi.org/10.13052/jwe1540-9589.2514

Issue

2026: Vol 25 Iss 1

Section

ICOW3 2025