Nesa provides an API for running AI models with end-to-end encryption, offering privacy guarantees comparable to on-premise infrastructure without the associated costs or complexity. It targets developers and enterprises seeking to deploy AI models while protecting sensitive data from cloud providers and third parties.

How It Works

Nesa utilizes a novel security technology called Equivariant Encryption (EE). Unlike traditional methods like Homomorphic Encryption (HE) that struggle with non-linear operations and introduce significant latency, EE is designed to work directly with neural network architectures. It transforms input data into an encrypted domain where model computations can proceed as if on plaintext, preserving the model's structure and accuracy without any performance overhead. This approach avoids retraining and allows existing pipelines to function with minimal modification.

Quick Start & Requirements

• Local Web UI: Follow demo/readme.md for platform-specific setup scripts.
• Manual Python Usage: Requires torch and transformers. Demo code provided for DistilBert and Llama-3.2-1B-Instruct models on Hugging Face.
• Dependencies: Standard Python environment; specific model requirements may vary.

Highlighted Details

• Zero latency overhead for encrypted inference, matching plaintext execution times.
• Supports modern neural network functions including ReLU, GeLU, SiLU, RMS Normalization, and Layer Normalization.
• Offers a ChatGPT-compatible API for seamless integration.
• Claims massive combinatorial complexity for security, exceeding traditional HE assumptions.

Maintenance & Community

• Active development indicated by recent model releases (e.g., Llama-3.2-1B-Instruct-Encrypted).
• Community engagement encouraged via a "Hack EE" contest for security testing.
• Links to GitHub repositories for core functionality and security research.

Licensing & Compatibility

• The README does not explicitly state a license. The project is hosted on GitHub, implying a default open-source license unless otherwise specified. Further clarification is needed for commercial use or closed-source linking.

Limitations & Caveats

• The security model of Equivariant Encryption is novel and relies on "massive combinatorial complexity" rather than standard cryptographic hardness assumptions, requiring independent verification.
• While claiming wide model coverage, specific compatibility for complex or custom architectures is not detailed.
• The "Hack EE" contest suggests that security vulnerabilities may still be under active investigation.