Verifiable Model Procurement for Industrial CPS Using Cryptographic Performance Attestation

Integrating third-party Machine Learning (ML) models into industrial Operational Technology (OT) creates a procurement deadlock: operators cannot verify vendor performance claims without exposing sensitive operational data, while vendors refuse to reveal proprietary model weights before purchase, rendering traditional safeguards such as Non-Disclosure Agreements technically unenforceable. This paper introduces a framework combining Zero Knowledge Proofs (ZKPs) with smart contracts to enable trust-minimized, privacy-preserving competitive model procurement in Industrial Cyber-Physical Systems (ICPS). Our framework allows vendors to cryptographically prove that their model outperforms a legacy baseline without disclosing proprietary weights, a process we term cryptographic performance attestation . The on-chain workflow combines escrow-backed procurement, automated proof verification, and best-vendor selection with arbiter-based dispute resolution. We analyze three distinct ZKP workflow variations for industrial suitability and evaluate their performance on consumer-grade hardware, achieving proving times of approximately three seconds and sub-dollar on-chain verification costs under Layer-2 fee assumptions for the recommended single-proof variation. Results demonstrate the feasibility of pre-deployment model verification while identifying computational trade-offs of recursive proof aggregation. The entire verification phase operates offline with no impact on real-time OT control paths, bridging the IT/OT pre-transaction trust gap while deferring artifact deployment to existing OT tooling.