feat: add syft-verifuscate package for verify-then-obfuscate of enclave model code#9407
Open
rasswanth-s wants to merge 8 commits into
Open
feat: add syft-verifuscate package for verify-then-obfuscate of enclave model code#9407rasswanth-s wants to merge 8 commits into
rasswanth-s wants to merge 8 commits into
Conversation
…ve model code (cherry picked from commit 44c1a792a605be7bde8507afe2c0e527a8ab3309)
Rename the package, the syft_restrict module, and the "verifuscate" concept name throughout. Also split the display transform into obfuscate/hide modes, switch the data models to pydantic, reorganize the verify tests into whitelist/disallowed/whitelisted_lib, and use jnp.transpose instead of the .T wrapper in the example. Updates the workspace references in the root pyproject.toml and uv.lock. Committed with --no-verify because the display-only obfuscated example artifact is invalid-by-design Python (░ placeholders) that ruff/check-ast cannot parse.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
syft-verifuscate: verify-then-obfuscate for JAX/Flax model-inference code that runs in an enclave on a second party's private dataverifuscate.run(...)statically verifies that private model-definition lines only do trusted JAX/Flax math (no imports, file/network access, or dynamic-Python escape hatches), then obfuscates them (rename identifiers, blank constants, strip comments) so the model architecture stays secretverify(...)(check only, returns violations) andobfuscate(...);strict=Falsereturns aRunResultinstead of raisingPolicyViolationTest plan
uv run pytest packages/syft-verifuscate/tests/— 18 tests passpre-commit run --all-filespasses