In privacy-sensitive domains such as healthcare, verifying the provenance and regulatory compliance of LLM training data faces dual challenges: users must ascertain whether models were trained on authorized datasets, yet cannot access raw data or model parameters due to privacy and regulatory constraints. This paper proposes the first zero-knowledge proof framework for LLM training provenance, innovatively integrating tamper-evident metadata signatures with succinct model parameter commitments—enabling efficient, verifiable data-source authentication without exposing training data or internal parameters. Compared to incremental proof approaches, our method significantly improves proof generation and verification efficiency, supporting large-scale deployment. A formal security analysis establishes computational soundness and zero-knowledge privacy guarantees. Experimental evaluation demonstrates scalability and practicality on real-world LLMs, including BERT and LLaMA variants, with sub-second verification times and linear proof-size growth relative to model size.

As the deployment of large language models (LLMs) grows in sensitive domains, ensuring the integrity of their computational provenance becomes a critical challenge, particularly in regulated sectors such as healthcare, where strict requirements are applied in dataset usage. We introduce ZKPROV, a novel cryptographic framework that enables zero-knowledge proofs of LLM provenance. It allows users to verify that a model is trained on a reliable dataset without revealing sensitive information about it or its parameters. Unlike prior approaches that focus on complete verification of the training process (incurring significant computational cost) or depend on trusted execution environments, ZKPROV offers a distinct balance. Our method cryptographically binds a trained model to its authorized training dataset(s) through zero-knowledge proofs while avoiding proof of every training step. By leveraging dataset-signed metadata and compact model parameter commitments, ZKPROV provides sound and privacy-preserving assurances that the result of the LLM is derived from a model trained on the claimed authorized and relevant dataset. Experimental results demonstrate the efficiency and scalability of the ZKPROV in generating this proof and verifying it, achieving a practical solution for real-world deployments. We also provide formal security guarantees, proving that our approach preserves dataset confidentiality while ensuring trustworthy dataset provenance.