Metadata-Version: 2.4
Name: cryptotensors
Version: 0.2.1
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Education
Classifier: Intended Audience :: Science/Research
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Typing :: Typed
Requires-Dist: cryptotensors[torch] ; extra == 'all'
Requires-Dist: cryptotensors[numpy] ; extra == 'all'
Requires-Dist: cryptotensors[pinned-tf] ; extra == 'all'
Requires-Dist: cryptotensors[jax] ; extra == 'all'
Requires-Dist: cryptotensors[paddlepaddle] ; extra == 'all'
Requires-Dist: cryptotensors[quality] ; extra == 'all'
Requires-Dist: cryptotensors[testing] ; extra == 'all'
Requires-Dist: cryptotensors[all] ; extra == 'dev'
Requires-Dist: cryptotensors[numpy] ; extra == 'jax'
Requires-Dist: flax>=0.6.3 ; extra == 'jax'
Requires-Dist: jax>=0.3.25 ; extra == 'jax'
Requires-Dist: jaxlib>=0.3.25 ; extra == 'jax'
Requires-Dist: mlx>=0.0.9 ; extra == 'mlx'
Requires-Dist: numpy>=1.21.6 ; extra == 'numpy'
Requires-Dist: cryptotensors[numpy] ; extra == 'paddlepaddle'
Requires-Dist: paddlepaddle>=2.4.1 ; extra == 'paddlepaddle'
Requires-Dist: cryptotensors[numpy] ; extra == 'pinned-tf'
Requires-Dist: tensorflow==2.18.0 ; extra == 'pinned-tf'
Requires-Dist: ruff ; extra == 'quality'
Requires-Dist: cryptotensors[numpy] ; extra == 'tensorflow'
Requires-Dist: tensorflow>=2.11.0 ; extra == 'tensorflow'
Requires-Dist: cryptotensors[numpy] ; extra == 'testing'
Requires-Dist: h5py>=3.7.0 ; extra == 'testing'
Requires-Dist: huggingface-hub>=0.12.1 ; extra == 'testing'
Requires-Dist: setuptools-rust>=1.5.2 ; extra == 'testing'
Requires-Dist: pytest>=7.2.0 ; extra == 'testing'
Requires-Dist: pytest-benchmark>=4.0.0 ; extra == 'testing'
Requires-Dist: hypothesis>=6.70.2 ; extra == 'testing'
Requires-Dist: cryptography>=41.0.0 ; extra == 'testing'
Requires-Dist: cryptotensors[numpy] ; extra == 'testingfree'
Requires-Dist: huggingface-hub>=0.12.1 ; extra == 'testingfree'
Requires-Dist: setuptools-rust>=1.5.2 ; extra == 'testingfree'
Requires-Dist: pytest>=7.2.0 ; extra == 'testingfree'
Requires-Dist: pytest-benchmark>=4.0.0 ; extra == 'testingfree'
Requires-Dist: hypothesis>=6.70.2 ; extra == 'testingfree'
Requires-Dist: packaging ; extra == 'torch'
Requires-Dist: cryptotensors[numpy] ; extra == 'torch'
Requires-Dist: torch>=1.10 ; extra == 'torch'
Provides-Extra: all
Provides-Extra: dev
Provides-Extra: jax
Provides-Extra: mlx
Provides-Extra: numpy
Provides-Extra: paddlepaddle
Provides-Extra: pinned-tf
Provides-Extra: quality
Provides-Extra: tensorflow
Provides-Extra: testing
Provides-Extra: testingfree
Provides-Extra: torch
License-File: LICENSE
Summary: CryptoTensors is an extension of safetensors that adds encryption, signing, and access control (Rego-based policy engine) while maintaining full backward compatibility with the safetensors format
Author-email: Aiyah Meloken <aiyah_meloken@protonmail.com>
Requires-Python: >=3.9, <3.14
Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
Project-URL: Documentation, https://aiyah-meloken.github.io/cryptotensors/
Project-URL: Homepage, https://github.com/aiyah-meloken/cryptotensors
Project-URL: Source, https://github.com/aiyah-meloken/cryptotensors

# CryptoTensors Python Package

CryptoTensors is a secure tensor file format that extends [safetensors](https://github.com/huggingface/safetensors) with encryption, signing, and access control capabilities while maintaining full backward compatibility.

## Requirements

- **Python 3.11+** (required for zero-copy buffer protocol support)

## Installation

```bash
pip install cryptotensors
```

### Transparent Loading of Encrypted Models (Compatible Package)

If you want to load encrypted CryptoTensors models without modifying your code, you can use the compatible package released on [GitHub Releases](https://github.com/aiyah-meloken/cryptotensors/releases):

```bash
# Uninstall the original safetensors package
pip uninstall safetensors

# Install the compatible package directly from GitHub release
# Replace {tag} with the release tag (e.g., v0.1.0)
pip install https://github.com/aiyah-meloken/cryptotensors/releases/download/{tag}/safetensors-0.7.0-py3-none-any.whl

# Example for v0.1.0:
# pip install https://github.com/aiyah-meloken/cryptotensors/releases/download/v0.1.0/safetensors-0.7.0-py3-none-any.whl
```

After installation, your existing code using `from safetensors import ...` will transparently support both regular safetensors files and encrypted CryptoTensors files without any code changes. The compatible package uses the `safetensors` namespace but internally depends on `cryptotensors`, enabling seamless encryption support.

## Usage

### Basic Usage (Safetensors Compatible)

CryptoTensors is fully backward compatible with safetensors. You can use it as a drop-in replacement:

#### Numpy

```python
from cryptotensors.numpy import save_file, load_file
import numpy as np

tensors = {
   "a": np.zeros((2, 2)),
   "b": np.zeros((2, 3), dtype=np.uint8)
}

save_file(tensors, "./model.safetensors")

# Now loading
loaded = load_file("./model.safetensors")
```

### Torch

```python
from cryptotensors.torch import save_file, load_file
import torch

tensors = {
   "a": torch.zeros((2, 2)),
   "b": torch.zeros((2, 3), dtype=torch.uint8)
}

save_file(tensors, "./model.safetensors")

# Now loading
loaded = load_file("./model.safetensors")
```

### Encryption Usage
CryptoTensors adds encryption and signing capabilities:

```python
import torch
from cryptotensors.torch import save_file, load_file

tensors = {
   "weight1": torch.zeros((1024, 1024)),
   "weight2": torch.zeros((1024, 1024))
}

# Encrypt and save
config = {
    "enc_key": enc_key,    # JWK format encryption key
    "sign_key": sign_key,  # JWK format signing key
}
save_file(tensors, "model.cryptotensors", config=config)

# Load encrypted file (keys retrieved from key provider)
tensors = load_file("model.cryptotensors")
```

See the [documentation](https://aiyah-meloken.github.io/cryptotensors/) for detailed guides on encryption, key management, and integration examples.

## Features

- 🔐 **Encryption**: AES-GCM and ChaCha20-Poly1305 encryption for tensor data
- ✍️ **Signing**: Ed25519 signature verification for file integrity  
- 🔑 **Key Management**: Flexible key provider system (environment variables, files, programmatic)
- 🛡️ **Access Policy**: Rego-based policy engine for fine-grained access control
- 🔄 **Backward Compatible**: Works seamlessly with existing safetensors code

## Developing

```bash
# Install in development mode
pip install -e .[dev]
```

This should be enough to install this library locally for development.

## Testing

```bash
# Install with testing dependencies
pip install -e .[dev]

# Run tests
pytest -sv tests/
```

## Citation

This implementation is based on the following research paper:

> Zhu, H., Li, S., Li, Q., & Jin, Y. (2025). CryptoTensors: A Light-Weight Large Language Model File Format for Highly-Secure Model Distribution. arXiv:2512.04580. [https://arxiv.org/pdf/2512.04580](https://arxiv.org/pdf/2512.04580)

## License

Apache-2.0 License

