LogoLogo
  • Nesa Docs
    • Introduction to Nesa
    • Overview of the Nesa System
      • AI Models: Repository, Standardization, Uniformity
      • Users: Why Do We Need Private Inference?
      • Node Runners: Doing Inference and Earning $NES
    • Organization of the Documentation
  • Technical Designs
    • Decentralized Inference
      • Overview
      • Model Partitioning and Deep Network Sharding
      • Dynamic Sharding of Arbitrary Neural Networks
      • Cache Optimization to Enhance Efficiency
      • BSNS with Parameter-efficient Fine-tuning via Adapters
      • Enhanced MTPP Slicing of Topological Order
      • Swarm Topology
      • Additional: Free-Riding Prevention
    • Security and Privacy
      • Overview
      • Hardware Side: Trusted Execution Environments (TEEs)
      • Software/algorithm Side: Model Verification
        • Zero-knowledge Machine Learning (ZKML)
        • Consensus-based Distribution Verification (CDV)
      • Software/algorithm Side: Data Encryption
        • Visioning: Homomorphic Encryption
        • Implementation: Split Learning (HE)
      • Additional Info
        • Additional Info: Trusted Execution Environments (TEEs)
        • Additional Info: Software-based Approaches
    • Overview of $NES
      • $NES Utility
    • The First Application on Nesa: DNA X
    • Definitions
    • Additional Information
      • Dynamic Model Versioning and Fork Management
      • Nesa's Utility Suite
      • The AI Kernel Market
      • Privacy Technology
        • Trusted Execution Environment (TEE)
        • Secure Multi-Party Computation (MPC)
        • Verifiable Random Function (VRF)
        • Zero-Knowledge Proof (ZKP)
      • The Integration of Evolutionary AI to Evolve the Nesa Ecosystem
      • Interoperability and Nesa Future Plans
  • Using Nesa
    • Getting Started
      • Wallet Setup
      • Testnet Nesa Faucet
    • Via Web
      • Your Nesa Account
      • Selecting an AI Kernel
      • Submitting a Query
    • Via SDK
    • Via IBC
    • Via NESBridge
      • On Sei
  • Run a Nesa Node
    • Prerequisites
    • Installation
    • Troubleshooting
    • FAQ
  • Links
    • nesa.ai
    • Nesa Discord
    • Nesa Twitter
    • Nesa dApp: dnax.ai
    • Nesa dApp: DNA X Docs
    • Terms of Service
    • Privacy Policy
Powered by GitBook
On this page
  1. Technical Designs
  2. Security and Privacy

Overview

This chapter introduces Nesa's cutting-edge hybrid approach to security and privacy (SP) enhancement. The essence of this hybrid design lies in the thoughtful integration of hardware-based and software/algorithm-based solutions to achieve co-optimization, each selected and optimized for varying scenarios within our ecosystem. Notably, SP concerns may appear in different forms. For instance, users may wish to protect their input data and the inference results, while node owners might seek to protect the confidentiality of their model parameters in certain cases. Meanwhile, the users want to ensure that the models executed by the nodes are verifiable — the designated ML models generate the inference results without unexpected changes.

SP Requirements: In summary, there are two core SP aspects we identify in decentralized inference: (i) model verification to prove the nodes execute the designated models for a user and (ii) data encryption to protect the user's data from being revealed during the inference. Based on these requirements, we develop a suite of solutions to ensure SP in Nesa's system.

Our Hardware-Software Co-Optimization Solution: To address both model verification and data encryption jointly, we design an integrated approach to achieve leading SP performance in our system. Specifically, through the combination of the robust, hardware-centric protections of Trusted Execution Environments (TEEs) and the advanced algorithmic approaches, including Zero-knowledge Machine Learning (ZKML), Consensus-based Distribution Verification (CDV), and Split-Learning (SL), we ensure that security and privacy are foundational pillars of the system.

In a nutshell, TEEs provide a secure area within a processor that ensures the confidentiality and integrity of the code and data loaded within it, thus supplying robustness from the hardware level. Differently, ZKML and CDV are novel algorithms that ensure that the inference nodes execute the correct model by verifying proofs or measuring their output distribution consensus, while SL protects user data by only transferring the intermediate computational embeddings rather than the raw data. Collectively, this hardware-software integrated solution guarantees high SP in Nesa's system.

PreviousSecurity and PrivacyNextHardware Side: Trusted Execution Environments (TEEs)

Last updated 1 year ago