Inferix Decentralized GPU
  • Getting Started
    • Overview
    • $IFX
    • Resources
    • Brand Kit
    • Frequently asked questions (FAQs)
  • Inferix Whitepaper
    • Introduction
      • Rendering network using crowdsourced GPU
      • Rendering verification problem
    • High-level description of ANGV
      • Noise generation
      • Noise verification
      • Thread model
    • Implementation of ANGV
      • Structure of noise
      • Noise insertion
        • Geometric constraints
        • Distortion region
      • Adaptive noise spreading
      • Verification key generation
      • Noise verification
      • Threat analysis
        • Attacks on verification keys
        • Attacks on noises
        • Attacks on verifiers
      • Performance evaluation
      • Integration
    • Decentralized visual computing
      • Client Apps plugin
      • Client API and SDK
      • Manager node
      • Worker node
      • Decentralized storage
        • Data categories
        • Multi-level 3D polygon data
        • Polygon digester
        • Decentralized storage
        • Decentralized cache
      • Data security with FHE and TEE
        • Verifier data security enhancement with FHE
        • Worker and Manager data security enhancement with FHE
    • Decentralized federated AI
      • Federated learning with TensorOpera
      • Meta LLaMA
      • Stable Diffusion
      • Other AI models
      • Inferix AI
    • Economic model
      • GPU compute market for visual computing and federated AI
      • Inferix vision
      • $IFX token
      • Burn-Mint-Work token issuance model
      • Inferix bench and IBME
        • IB and IBM
        • IBME
      • Price simulation
      • Token metrics and allocation
        • Token allocation
        • Token vesting
      • Governance
      • Node staking and rewards
        • Worker
        • Verifier
        • Manager
        • Penalty pool
      • Node sale and guaranteed node buyback
        • Node sales
        • Guaranteed Node Buyback
    • Future development
      • PoR and NFT minting for graphics creative assets
      • ZKP and PoR communication
      • Inferix RemotePC
      • Rendering professional network
    • References
    • Appendix A: Proofs
    • Appendix B: Price simulation details
    • Appendix C: Hardware requirements for nodes
    • Appendix D: Performance evaluation data
  • Worker Node Guide
    • What is Worker Node
      • How do the Worker Node work
      • Worker Node Rewards
      • How to run Worker Node
      • What is the Worker Node License (NFT)
    • Worker Node Sales
      • Guide to Purchase Worker Nodes
      • Worker Node Sale Timeline
      • Node Supply, Price, Tiers and Purchase Caps
      • Guaranteed Node Buyback
      • How to get Node Whitelisted?
      • Smart Contract Addresses
      • User Discounts & Referral Program
      • Worker Node Purchase FAQ
      • ABKK Collaboration FAQ
  • Verifier Node Guide
    • What is Verifier Node
      • How do the Verifier Node work
      • Verifier Node Rewards
      • How to run Verifier Node
      • What is the Verifier Node License (NFT)
    • Verifier Node Sales
      • Guide to Purchase Verifier Nodes
      • Verifier Node Sale Timeline
      • Node Supply, Price, Tiers and Purchase Caps
      • Guaranteed Node Buyback
      • How to get Node Whitelisted?
      • Smart Contract Addresses
      • User Discounts & Referral Program
      • Verifier Node Purchase FAQ
      • Aethir Node Winners FAQ
  • Inferix MVP
    • Tutorial: MVP for designers & GPU owners
    • PoR MVP
  • Inferix Testnet 2 on Solana & IoTeX [ENDED]
    • Adding GPUs to the Network
      • For GPU providers
      • For GPU providers without funds
      • For users without GPUs
      • For Inferix Node Holders
    • Renting GPU Devices
    • User Revenue Calculation
      • Worker Rewards
      • Rental Revenue
      • Viewing Revenue
      • Claiming Rewards
    • GPU Staking & Unstaking
      • Staking Requirements
      • Unstaking GPUs
    • Guide to get tIFX tokens
    • Why choose Inferix DePIN GPU Solutions?
  • Inferix Testnet 1 on IoTeX [ENDED]
    • Inferix GPU Solutions
    • Adding GPUs to the Network
    • Renting GPU Devices
    • User Revenue Calculation
    • GPU Staking
    • Multiple options to participate in the Staking & Mining Program
    • Special airdrop for Inferix Node Holders! 🎉
    • Guide to get tIFX tokens
    • FAQ
  • Inferix Explorer
  • Team & Achievements
    • Our Story
    • Team
    • Member of Cohort 1 DePINSurf
    • Achievements
  • Community & Events
    • Events
    • Inferix Campaign: "ALLIANCE" (ENDED)
  • Terms of Service
    • Privacy Policy
    • Airdrop Terms of Service
Powered by GitBook
On this page
  1. Inferix Whitepaper
  2. High-level description of ANGV

Thread model

PreviousNoise verificationNextImplementation of ANGV

Last updated 8 months ago

Given rendering tasks each contains basically a watermarked scene G^\hat{G}G^ and some range of frames required to be rendered, the goal of an attacker, namely a malicious worker (or in general a group of maliciously colluding workers ), is to generate rendered frames that pass the noise verification, with computational costs significantly lower than doing render this range by some conventional rendering software.

By Kerckhoff's principle, it is essential that the attackers know the noise generation and verification algorithms, working parameters including trade-offs. But the task identification numbers and the corresponding verification keys are kept secret. Furthermore, we require a strong assumption that the attackers cannot detect the existence of watermarks in scenes. That means attackers can analyze and even modify different watermarked scenes G^\hat{G}G^(s) but they cannot distinguish objects of the noise wrapping vector Ω\OmegaΩ (discussed in detail in the ) embedded in G^\hat{G}G^(s) from original graphical objects of GGG. Otherwise, we assume no constraint on the communication capability of colluding attackers.

Not surprisingly, the security of ANGV can be modeled as the problem of sending steganographic messages over a public communication channel with passive adversaries , . Indeed, let us consider some graphics scene, by repetitively receiving rendering tasks for this scene and sending results (both genuinely rendered and intentionally forged), an attacker (or set of colluding attackers) knows a set of accepted and rejected images. The attacker analyzes these tested images to estimate probability distributions PSP_{\mathcal{S}}PS​ and PCP_{\mathcal{C}}PC​ for respectively images that would pass the noise verification and images that would be rendering results of the scene. We use the traditional notations of the steganography literature: CCC for cover-work and SSS for stego-work .

The information-theoretic security of ANGV is quantified by the Kullback–Leibler divergence (i.e. relative entropy) D(PC∥PS)D\left(P_{\mathcal{C}} \mathrel{\Vert} P_{\mathcal{S}}\right)D(PC​∥PS​) of PCP_{\mathcal{C}}PC​ from PSP_{\mathcal{S}}PS​. Concretely, ANGV is called ϵ\epsilonϵ-secure if

lim⁡n→∞D(PC∥PS)≤ϵ\lim_{n \to \infty} D\left(P_{\mathcal{C}} \mathrel{\Vert} P_{\mathcal{S}}\right) \leq \epsilonn→∞lim​D(PC​∥PS​)≤ϵ

where nnn is the number of tested images. In particular, ϵ=0\epsilon = 0ϵ=0 if and only if PC=PSP_{\mathcal{C}} = P_{\mathcal{S}}PC​=PS​, or the attacker cannot distinguish watermarked images from genuinely rendered ones, in this case we have perfect security.

Remark. The distributions PSP_{\mathcal{S}}PS​ and PCP_{\mathcal{C}}PC​ represent partial knowledge of the attacker obtained by analyzing the set of tested images: the larger this set (or the larger nnn), the more precise estimation for PSP_{\mathcal{S}}PS​ and PCP_{\mathcal{C}}PC​.

noise generation
[12]
[13]
[14]
[15]