Private Inference¶
Last updated: 2026-06-28
Private inference combines session privacy policy, encryption, miner allowlists, and off-chain payload storage. The roadmap starts with dedicated sessions and evolves toward contract-backed ACLs, ephemeral/private pooled sessions, SDK-native Web3 flows, and eventually TEE-backed confidential execution.
Session privacy state and allowed-miner lists determine who can receive private work.
Encryption metadata includes explicit scope and key version so rotation and task-specific access are possible.
Prompts and results can be stored as encrypted blobs while contracts and queues carry references and hashes.
Dedicated and ACL-backed privacy come first; TEE-backed confidential execution is a later network capability.
flowchart TD
Caller["Application / caller"] --> Router["Router"]
Router --> Privacy["PrivacySettingData<br/>session privacy + allowed miners"]
Router --> Keys["Encryption policy<br/>key access"]
Router --> Storage["Off-chain storage<br/>encrypted payloads"]
Router --> Queue["Session Queue<br/>URN references"]
Privacy --> Queue
Queue --> MinerA["Allowed miner"]
Queue -. blocked .-> MinerB["Unlisted miner"]
MinerA --> Storage
MinerA --> QueueHow It Works¶
| Area | Behavior |
|---|---|
| Privacy policy | PrivacySettingData supports session privacy and allowed-miner state. |
| Encrypted sessions | Router config and privacy helpers include session-level encryption checks. |
| Off-chain payloads | URN-based storage is used for large or private inputs/results. |
| Miner access | Contract-backed allowlists are preferred over environment-only allowlists when active. |
Roadmap Versions¶
| Version | Meaning |
|---|---|
| V0 | Dedicated private sessions with router-managed allowlists and deterministic key derivation. |
| V0.5 | Contract-backed ACL for dedicated private sessions, moving allowlist state on-chain. |
| V1 | Ephemeral/private pooled session support with assignment-aware keys. |
| V2 | Unified key/policy engine across session types. |
| V3 | SDK-native Web3 private inference with wallet authentication and policy. |
| V4 | TEE-backed private inference using confidential execution environments such as Nitro or TDX-style nodes. |
URN Format¶
urn:blob:{version}:{storage_type}:{provider}:{bucket}:{file_name}
Key And Payload Model¶
| Component | Public explanation |
|---|---|
| Auth scope | A caller proves control of an address and signs a session or task scope. |
| Key derivation | Router derives session/task encryption keys from a high-entropy seed and explicit scope. |
| Key version | Encrypted payload metadata includes a key version so rotation is possible. |
| Off-chain payload | Encrypted prompts and results are stored as blobs and referenced by URN/hash. |
| Router visibility | Router routes by metadata such as session ID, task ID, and key version, not plaintext. |
API Notes¶
- Use plural
/api/v2/completionsand/api/v3/completionsfor v2/v3 completion routes. - For encrypted workflows, prefer routes where both input and result can remain off-chain.
- Streaming may be disabled when encrypted payloads are involved.
- Key issuance, rotation, and storage behavior depends on the deployed environment.
Deployment Details¶
| Detail | Why it matters |
|---|---|
| Which privacy contract is deployed? | Address and ABI link. |
| Which storage provider is active? | Provider, bucket policy, retention, deletion. |
| How are keys issued? | API, auth, rotation, recovery, audit behavior. |
| Which sessions are private? | Session IDs, owners, allowed miners, public/private status. |