CryptoTensors is an extension of safetensors that adds encryption, signing, and access control (Rego-based policy engine) while maintaining full backward compatibility with the safetensors format

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

aiyah_meloken

These details have not been verified by PyPI

Project description

CryptoTensors Python Package

CryptoTensors is a secure tensor file format that extends safetensors with encryption, signing, and access control capabilities while maintaining full backward compatibility.

Installation

pip install cryptotensors

Usage

Basic Usage (Safetensors Compatible)

CryptoTensors is fully backward compatible with safetensors. You can use it as a drop-in replacement:

Numpy

from cryptotensors.numpy import save_file, load_file
import numpy as np

tensors = {
   "a": np.zeros((2, 2)),
   "b": np.zeros((2, 3), dtype=np.uint8)
}

save_file(tensors, "./model.safetensors")

# Now loading
loaded = load_file("./model.safetensors")

Torch

from cryptotensors.torch import save_file, load_file
import torch

tensors = {
   "a": torch.zeros((2, 2)),
   "b": torch.zeros((2, 3), dtype=torch.uint8)
}

save_file(tensors, "./model.safetensors")

# Now loading
loaded = load_file("./model.safetensors")

Encryption Usage

CryptoTensors adds encryption and signing capabilities:

import torch
from cryptotensors.torch import save_file, load_file

tensors = {
   "weight1": torch.zeros((1024, 1024)),
   "weight2": torch.zeros((1024, 1024))
}

# Encrypt and save
config = {
    "enc_key": enc_key,    # JWK format encryption key
    "sign_key": sign_key,  # JWK format signing key
}
save_file(tensors, "model.cryptotensors", config=config)

# Load encrypted file (keys retrieved from key provider)
tensors = load_file("model.cryptotensors")

See the documentation for detailed guides on encryption, key management, and integration examples.

Features

🔐 Encryption: AES-GCM and ChaCha20-Poly1305 encryption for tensor data
✍️ Signing: Ed25519 signature verification for file integrity
🔑 Key Management: Flexible key provider system (environment variables, files, programmatic)
🛡️ Access Policy: Rego-based policy engine for fine-grained access control
🔄 Backward Compatible: Works seamlessly with existing safetensors code

Developing

# Install in development mode
pip install -e .[dev]

This should be enough to install this library locally for development.

Testing

# Install with testing dependencies
pip install -e .[dev]

# Run tests
pytest -sv tests/

Citation

This implementation is based on the following research paper:

Zhu, H., Li, S., Li, Q., & Jin, Y. (2025). CryptoTensors: A Light-Weight Large Language Model File Format for Highly-Secure Model Distribution. arXiv:2512.04580. https://arxiv.org/pdf/2512.04580

License

Apache-2.0 License

Project details

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

aiyah_meloken

These details have not been verified by PyPI

Release history Release notifications | RSS feed

0.2.3

Mar 2, 2026

0.2.2

Feb 28, 2026

0.2.1

Feb 27, 2026

0.2.0

Jan 26, 2026

0.1.2

Jan 7, 2026

0.1.1

Jan 6, 2026

This version

0.1.0

Jan 4, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cryptotensors-0.1.0.tar.gz (258.6 kB view details)

Uploaded Jan 4, 2026 Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

cryptotensors-0.1.0-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl (3.6 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ s390x

cryptotensors-0.1.0-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl (3.9 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ ppc64le

cryptotensors-0.1.0-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl (3.3 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ ARMv7l

cryptotensors-0.1.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (3.4 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ ARM64

cryptotensors-0.1.0-pp39-pypy39_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl (3.6 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ s390x

cryptotensors-0.1.0-pp39-pypy39_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl (3.9 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ ppc64le

cryptotensors-0.1.0-pp39-pypy39_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl (3.3 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ ARMv7l

cryptotensors-0.1.0-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (3.4 MB view details)

Uploaded Jan 4, 2026 PyPymanylinux: glibc 2.17+ ARM64

cryptotensors-0.1.0-cp38-abi3-win_amd64.whl (3.1 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+Windows x86-64

cryptotensors-0.1.0-cp38-abi3-win32.whl (2.7 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+Windows x86

cryptotensors-0.1.0-cp38-abi3-musllinux_1_2_x86_64.whl (3.8 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+musllinux: musl 1.2+ x86-64

cryptotensors-0.1.0-cp38-abi3-musllinux_1_2_i686.whl (3.7 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+musllinux: musl 1.2+ i686

cryptotensors-0.1.0-cp38-abi3-musllinux_1_2_armv7l.whl (3.6 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+musllinux: musl 1.2+ ARMv7l

cryptotensors-0.1.0-cp38-abi3-musllinux_1_2_aarch64.whl (3.6 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+musllinux: musl 1.2+ ARM64

cryptotensors-0.1.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.5 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+manylinux: glibc 2.17+ x86-64

cryptotensors-0.1.0-cp38-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl (3.6 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+manylinux: glibc 2.17+ s390x

cryptotensors-0.1.0-cp38-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl (3.9 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+manylinux: glibc 2.17+ ppc64le

cryptotensors-0.1.0-cp38-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl (3.3 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+manylinux: glibc 2.17+ ARMv7l

cryptotensors-0.1.0-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (3.4 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+manylinux: glibc 2.17+ ARM64

cryptotensors-0.1.0-cp38-abi3-manylinux_2_5_i686.manylinux1_i686.whl (3.6 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+manylinux: glibc 2.5+ i686

cryptotensors-0.1.0-cp38-abi3-macosx_11_0_arm64.whl (3.1 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+macOS 11.0+ ARM64

cryptotensors-0.1.0-cp38-abi3-macosx_10_12_x86_64.whl (3.2 MB view details)

Uploaded Jan 4, 2026 CPython 3.8+macOS 10.12+ x86-64

File details

Details for the file cryptotensors-0.1.0.tar.gz.

File metadata

Download URL: cryptotensors-0.1.0.tar.gz
Upload date: Jan 4, 2026
Size: 258.6 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: maturin/1.10.2

File hashes

Hashes for cryptotensors-0.1.0.tar.gz
Algorithm	Hash digest
SHA256	`20813bb8481cc8aa20eafcdd3c61bd9522d1752bcbd461d234127876be17b55f`
MD5	`46944b05adcf12061ce1c7f7730b3750`
BLAKE2b-256	`88d881bc3222afc4b57e62dd90c3fcc8392babed41aaa6cb2d13f3489d8417a4`

Algorithm	Hash digest
SHA256	`1164a6dcbbf90d43ffb6de88e6b0f14a7bff3615a76be065ab0ab80dba11deca`
MD5	`5845b5cb40f8fdc876fcaf1888f2bb7e`
BLAKE2b-256	`f0e289fddf524759cb1c0dd092e5ad9cd03f1ba5128faace65e1733f40dadf31`

Algorithm	Hash digest
SHA256	`19bf7b145cd11f2910d84830fa4e0973d51216bdb8eb40d3d4ae49bd07302d43`
MD5	`898d0da8a7d7829284accd39865d81f5`
BLAKE2b-256	`a1c576a9b4785e849260bf7455ee4604cfc13dde7eb3eb48e18f55d2a80e540f`

Algorithm	Hash digest
SHA256	`c4be2baa149342cef173106fe8cfb913e6e23b792607d692a23252d39083a7e9`
MD5	`39ee68c6828ec325f0d37b4759891f3b`
BLAKE2b-256	`6a17ba87f144c1c98baee839ca8a4c3df2f549cf1edbccc59b93ca3dec18b893`

Algorithm	Hash digest
SHA256	`41cdfdf3f06a8870b7ed67cc16075d2c3a37cb1ce2789f3230fa92e024fb6379`
MD5	`23221ccd9efb10c6c1fed6905a8386ad`
BLAKE2b-256	`0c7845a21d1fc71c10a9551ce5fb0e02ba8aba3f76ae6f972d190f8512832a19`

Algorithm	Hash digest
SHA256	`96e5ebcbe6109893166a363cc5145e85785cd708635814537de206abca57f912`
MD5	`a5f49254c95585b42f82e815f8bf201a`
BLAKE2b-256	`641ff6c02206c6981d897a905c78c35d431820fbef06f1095778fdf4a75c2604`

Algorithm	Hash digest
SHA256	`7cc3c157c2c6fe8994da2cf9cfcc25a916a0fd2871540146c63f33b8fa21f141`
MD5	`9b2463a70a233e92b143bfac5eb956d3`
BLAKE2b-256	`b4fc1035b9944ac20a20054a1df8743273245e636be497a490665933dfc8dbd4`

Algorithm	Hash digest
SHA256	`f1e436e968b174fd153a0da4ebd9ebeb8ae4a15938a77a2db6bb6bd226584cd6`
MD5	`fac35f9d357c03ea4601e218a66035d7`
BLAKE2b-256	`2c0dd9b9198816ccbedeba1e3f57c0e9e40ef6fd99ef93d797515858f7600f5e`

Algorithm	Hash digest
SHA256	`899328e21ceb7cda7f06d7b7be4ad21f5c8b9959db98a4f818e4d701dcd2e3b5`
MD5	`0540b0709f6ca37b526a21a4a84091a0`
BLAKE2b-256	`c725eadab3fd62e0da88fd28e8fc8843789616664bc19bc268d5d37b4179ac6f`

Algorithm	Hash digest
SHA256	`2fae31c8cc658574cbb541bde5e0a860b0a6d8ca77dde689d218150d973a00fd`
MD5	`bc0f7f03367bd027d81df013374c9fb5`
BLAKE2b-256	`1586a46030a78b039595170ca4ad83655e0fec36c5927b5b733c685e334e0f2e`

Algorithm	Hash digest
SHA256	`5c7bb13855819ee541ec68d1104b5d92ea0fed225046982fe2d83b658c4698d8`
MD5	`458bba07e9e2c650aa8a70b5f7a4fd1b`
BLAKE2b-256	`a8b7f894be3d1b2adb2e9bf7edbb8707302f78d49a3cc4bd2823d1dfc3290341`

Algorithm	Hash digest
SHA256	`bf745eae534dcee0783b8daca9487d730de5abe00f2d3e6cb2664fc8555c8733`
MD5	`c81b1fa4b5e179eb9eaa430fd7e0f040`
BLAKE2b-256	`9da389d4e5f4f381fc2fdd03380878e2e0436c25536edbed7a1c9ad596bd355e`

Algorithm	Hash digest
SHA256	`b3b6f071239fc741a5613d7df6ddee642f52fc3777f56acdae2fd2359bc21af6`
MD5	`b1966653d4b2ec1d72da741ce839df65`
BLAKE2b-256	`1ae2536391b2411480f63bc4d14a61a9d4921a9fd50425ab4501980d32b769df`

Algorithm	Hash digest
SHA256	`a60051f6cb8822b1094a07fecefabede1d80a899bd68dee04fdc7ad41203a318`
MD5	`0bd500a1bb59e27d584c59fdc55c2822`
BLAKE2b-256	`f0e969c0ee9e8d7635395698379357f083f0f901f6ebe0f447d366b1683668d4`

Algorithm	Hash digest
SHA256	`3c8d223a36572100af0d403b94355d6a7a7897177171ae9e70118697b0ccc610`
MD5	`a1b17161b760c4a36fe09b863d22c1cd`
BLAKE2b-256	`8b47ef066adbeac63edbe51dd952fadfec405875b1b736e294c8356ef25f6a14`

Algorithm	Hash digest
SHA256	`dff59d5df3ffd6823b5ff17a4b25ac67b65a510db377e180d774f068a0b41acb`
MD5	`0ad82f57599c4b2e90d732cc3117311c`
BLAKE2b-256	`d862d79d8a328df7152d973fd7ff70edd083f269499abec74244cbb674e0698c`

Algorithm	Hash digest
SHA256	`d7249e9259d6691b437efe2152091001888f56e14990d97315047b6b925d2215`
MD5	`7224c4bca8d2a5f2dfd1a8d527f03020`
BLAKE2b-256	`397630451636e95248cf2859f3709cbaf4fc0bc5258db825225e848ebeecafd1`

Algorithm	Hash digest
SHA256	`17e58bd5698cf50d1786628adc4023415685dfc9b8642edc7c67758886c4feff`
MD5	`bddeafe930bbe7b55c468d9005e85e7c`
BLAKE2b-256	`78f81e7c9a935fdb0b426105141f4902a7c4506775effd63e69bb63ead0946a0`

Algorithm	Hash digest
SHA256	`1d961121a88afdd774b053013337867a8a939093adeb31e3ad8fa85c40ba974e`
MD5	`fecd6f5e582984775454a992361e0404`
BLAKE2b-256	`ad13b36ec61381c69d816ccfa1f0fb0e0d17a26cb9b3774610a6f0a4c1d44db4`

Algorithm	Hash digest
SHA256	`56c0f3a4f3d265dc06472203ea4e0511ca7b0f7d8af0978788f4a774e91a9c0e`
MD5	`1002ee9af85527ecda84d16f0d8c1a58`
BLAKE2b-256	`70b1697ee826b6443fc1717a575b83f502c007f5de4128f9fd223e348b21e8e2`

Algorithm	Hash digest
SHA256	`179af573ec514253bcaff25d8ea1352e0ce6b43b006cb8931b6df770a2633ab3`
MD5	`7fe71c69befb68889ee583b59febe223`
BLAKE2b-256	`b2a3c3760e98f5b3b8882328a9d86569746202ab7bd0c846b36d2fbde6927a4f`

cryptotensors 0.1.0

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Meta

Unverified details

Meta

Classifiers

Project description

CryptoTensors Python Package

Installation

Usage

Basic Usage (Safetensors Compatible)

Numpy

Torch

Encryption Usage

Features

Developing

Testing

Citation

License

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Meta

Unverified details

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distributions

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

File hashes

File details

File metadata

Algorithm	Hash digest
SHA256	`515784c2851fc220efef3e2ea90712ae5a939598aa0e58492d81123e8e69e39e`
MD5	`f3d6d1bcd0b094b12cb349476d24b895`
BLAKE2b-256	`c35a08870614b7016a4ce138ce21b71a74da4af076852cdc68a16a6110f917cb`

Algorithm	Hash digest
SHA256	`7caba0e2764588ecdd741e9e046bb24a5aeccecbd10859d2d8f5166dfa9d73a4`
MD5	`886299c2f5c654742757d4d06c233b85`
BLAKE2b-256	`913598841577ec6b2bd6d5d28a7cb194235300017e70b5d5763185697b6485b6`