Modern machine learning (ML) systems are increasingly trained on sensitive data, outsourced to untrusted infrastructure, and deployed as opaque black boxes. Companies, users, and regulators all want stronger assurances about how models are trained, whether privacy protections were actually enforced, and whether deployed systems behave reliably under distribution shift or downstream adaptation. Yet existing approaches to auditing and verification are often unsatisfactory: empirical audits provide only partial evidence and often require access to proprietary data, while cryptographic tools such as secure computation and zero-knowledge proofs offer strong guarantees but are too expensive to apply directly to modern large-scale ML. My thesis is motivated by this gap and asks how to make modern ML systems verifiable and provably trustworthy under realistic deployment conditions.

My prior work develops efficient, ML-aware cryptographic frameworks for certifying and improving the trustworthiness of ML models, including (1) certifying privacy guarantees such as differential privacy without revealing the model or training data, (2) securely repairing factual failures and social biases in proprietary generative models, (3) proving meaningful guarantees about a model's final quality without replaying the full training process in zero knowledge, and (4) developing robust post-training certificates of model generalization that remain informative under adversarially perturbed training and are efficient to verify cryptographically. Building on these results, my proposed thesis extends this agenda to larger models and more complex modern ML tasks, including certification of LLM fine-tuning, auditing memorization, and detecting model backdoors. More broadly, the goal is to combine cryptography and machine learning in a scalable way so that more tasks across the ML lifecycle can be efficiently certified without sacrificing privacy.