This dissertation proposes methods for verifying that machine learning models are trustworthy, while keeping sensitive information (such as training data and model parameters) confidential from the verifier via cryptographic techniques. Several previous methods from academic literature are capable of producing models that are trustworthy (i.e. satisfying mathematical metrics of unbiasedness, reliability, privacy, etc.), but in practice violations of user trust from service providers are common. I argue that this disjuncture occurs in part because service providers are materially disincentivized from trustworthy behavior. This problem is compounded by the fact that most machine learning services are provided in a "black-box" model in order to protect intellectual property, which makes it difficult to assess model trustworthiness and thus hold service providers accountable for breaches in trust.

Here we take up the task of ensuring the use of trustworthy models in practice. We do so by designing zero-knowledge proof and secure multiparty computation protocols which verify trustworthiness via controlled releases of information about machine learning models to external parties, leaving the black box intact. Both methods do so by computing a specified set of operations on hidden data with provable correctness and confidentiality even in the presence of adversarial parties. We devote much attention to tailoring our protocols for concrete efficiency, as the computational

overhead of the cryptography we employ would otherwise impose a substantial practical barrier to the use of our methods. The main components of the work are as follows:

1. We design a zero-knowledge proof protocol that verifies the fairness of a decision tree model relative to a set of training data. We design our own "crypto-friendly" decision tree training algorithm, whose assumptions enable highly efficient zero-knowledge proofs of fairness.

2. We expand the scope of zero-knowledge proofs of fairness dramatically by designing a protocol which is modular to model type and training algorithm, and has improved security guarantees. We utilize an efficient probabilistic auditing protocol which enables practical scalability even for neural networks with tens of millions of parameters.

3. We provide a secure multiparty computation protocol that enables many parties to collaboratively train a machine learning model with verified confidentiality and robustness to unhelpful or poisonous training data. We formalize and exploit properties arising from the intersection of Byzantine robust aggregation algorithms and secure computation to make our methods concretely efficient.