Layer on top of TensorFlow for doing machine learning on encrypted data
Clone or download
mortendahl Fix for private compare bug (#281)
* make correction optional for performance reasons
Latest commit 5af8584 Nov 12, 2018


Status License PyPI CircleCI Badge Documentation

tf-encrypted is a Python library built on top of TensorFlow for researchers and practitioners to experiment with privacy-preserving machine learning. It provides an interface similar to that of TensorFlow, and aims at making the technology readily available without first becoming an expert in machine learning, cryptography, distributed systems, and high performance computing.

In particular, the library focuses on:

  • Usability: The API and its underlying design philosophy make it easy to get started, use, and integrate privacy-preserving technology into pre-existing machine learning processes.
  • Extensibility: The architecture supports and encourages experimentation and benchmarking of new cryptographic protocols and machine learning algorithms.
  • Performance: Optimizing for tensor-based applications and relying on TensorFlow's backend means runtime performance comparable to that of specialized stand-alone frameworks.
  • Community: With a primary goal of pushing the technology forward the project encourages collaboration and open source over proprietary and closed solutions.
  • Security: Cryptographic protocols are evaluated against strong notions of security and known limitations are highlighted.

See below for more background material or visit the documentation to learn more about how to use the library.

The project has benefitted enormously from the efforts of several contributors following its original implementation, most notably Dropout Labs and members of the OpenMined community. See below for further details.

Installation & Usage

tf-encrypted is available as a package on PyPI supporting Python 3.5+ which can be installed using pip:

$ pip install tf-encrypted

The following is an example of simple matmul on encrypted data using tf-encrypted:

import tensorflow as tf
import tf_encrypted as tfe

def provide_input():
    # local TensorFlow operations can be run locally
    # as part of defining a private input, in this
    # case on the machine of the input provider
    return tf.ones(shape=(5, 10))

# define inputs
w = tfe.define_private_variable(tf.ones(shape=(10,10)))
x = tfe.define_private_input('input-provider', provide_input)

# define computation
y = tfe.matmul(x, w)

with tfe.Session() as sess:
    # initialize variables
    # reveal result
    result =

For more information, check out our full getting started guide in the documentation.

Background & Further Reading

The following texts provide further in-depth presentations of the project:

Project Status

tf-encrypted is experimental software not currently intended for use in production environments. The focus is on building the underlying primitives and techniques, with some practical security issues post-poned for a later stage. However, care is taken to ensure that none of these represent fundamental issues that cannot be fixed as needed.

Known limitations

  • Elements of TensorFlow's networking subsystem does not appear to be sufficiently hardened against malicious users. Proxies or other means of access filtering may be sufficient to mitigate this.
  • The pseudo-random generators provided in TensorFlow are not cryptographically strong. Custom ops could easily be used to remedy this.


Don't hesitate to send a pull request, open an issue, or ask for help!

Several individuals have already had an impact on the development of this library (in alphabetical order):

and several companies have invested significant resources:

  • Dropout Labs continues to sponsor a large amount of both research and engineering
  • OpenMined was the breeding ground for the initial idea and continues to support discussions and guidance


Licensed under Apache License, Version 2.0 (see LICENSE or Copyright as specified in NOTICE.