This lets you verify the signature on the model. It won’t help you tell that a decision came from that model. If you want to verify the inference that a model makes, check out https://github.com/zkonduit/ezkl (our project).
> Checking the work takes the same resources as doing the work.
> As much as this would be wonderful in a universe where it's possible, it's simply not possible.
We do live in that universe, under some currently believed assumptions. An NP-complete problem is an example of something where checking a solution is (thought to be) easier than finding one.
Zero-knowledge proofs make it such that checking that a computation (such as inference) has been done correctly is easier than doing the computation (even keeping some parts private). A great reference is here: https://people.cs.georgetown.edu/jthaler/ProofsArgsAndZK.pdf
Our project proves AI model execution with cryptography, but without any trusted hardware (using zero-knowledge proofs): https://github.com/zkonduit/ezkl
There are definitely certain scenarios, especially around verifiable compute, in which you can think of ZK as a software alternative to a secure enclave.
Interestingly, if you ask people which they would trust for a rollup, most say ZK is the more trustworthy technology. In part just because it doesn't depend on one vendor (the enclave manufacturer).
Examples include the various zkEVM projects, risc0, and slightly more limited stuff like our effort to compile PyTorch/ONNX to a zk circuit (https://github.com/zkonduit/ezkl).
Not OP, but for me adding or deleting a character in the middle of a paragraph in a latex doc hangs for maybe .5s or more, often. This is a fairly new phenomenon, never happened 2+ years ago.
