search

Private / Encrypted Inference v1.0 – Ephemeral Private Sessions (Draft Spec)

Status: Early design draft Scope: Extend private / encrypted inference from dedicated private sessions to ephemeral private sessions Depends on: stability of v0 / v0.5 dedicated-session privacy flow first

hashtag
1. Goal

v1.0 extends Cortensor’s privacy model from:

  • v0 / v0.5

    • private dedicated-node sessions

    • static or semi-static ACL for key access

to:

  • v1.0

    • private ephemeral-node sessions

    • dynamic ACL updates as ephemeral nodes are assigned and released

The core idea is:

Keep the privacy model conceptually similar to dedicated sessions, but make the ACL lifecycle dynamic enough to follow ephemeral node assignment.

hashtag
2. Why v1.0 Is Needed

Dedicated private sessions are comparatively simple:

  • the dedicated miner set is known ahead of time

  • allowlists can be configured once and reused

  • session-scoped encryption works well with static membership

Ephemeral sessions are different:

  • nodes are assigned dynamically

  • nodes may change during the session lifecycle

  • the set of nodes that should be allowed to obtain encryption keys is not fixed up front

So v1.0 needs a privacy model where:

  • encryption remains session-scoped

  • key access remains ACL-based

  • but the ACL is updated automatically as ephemeral nodes enter and leave the session

hashtag
3. Design Direction

hashtag
3.1 Reuse Existing PrivacySettingData

Current direction is to reuse the existing PrivacySettingData module rather than introduce a separate privacy data path for ephemeral sessions.

Why:

  • keeps privacy state in one place

  • avoids two parallel systems for dedicated vs ephemeral privacy

  • lets routers and dashboards check one module for privacy status and allowed nodes

  • reduces mental and implementation complexity

So v1.0 is not a “new privacy store”; it is an extension of the existing privacy module.

hashtag
4. Core Model

hashtag
4.1 Dedicated vs Ephemeral Privacy in One Module

PrivacySettingData should evolve to support both:

  • dedicated private sessions

  • ephemeral private sessions

Conceptually, the module needs to know:

  • whether a session is private

  • what privacy mode the session uses

  • which node addresses are currently allowed to obtain encryption keys for that session

A simple mental model:

  • Dedicated private session

    • ACL changes rarely

    • nodes are manually configured / explicitly allowlisted

  • Ephemeral private session

    • ACL changes automatically

    • nodes are inserted when assigned and removed when released

hashtag
5. Session-Scoped Privacy Remains the Default

Even for ephemeral sessions, the design should stay session-scoped, not task-scoped.

That means:

  • encryption keys are still derived from session scope

  • nodes obtain key access because they are currently assigned to the session

  • we do not create per-task encryption scopes in v1.0

This keeps the mental model aligned with v0.5:

“If you are an allowed node for this private session, you can access that session’s scoped key while you are assigned.”

hashtag
6. Ephemeral Privacy Lifecycle

hashtag
6.1 Enabling Privacy

When a user enables privacy on an ephemeral session:

  1. Session is marked as:

    • private/encrypted

    • ephemeral privacy mode

  2. The Session module becomes responsible for keeping ACL membership in sync with actual node assignment

  3. Any ephemeral node assigned to that session is added to PrivacySettingData so it can request the session encryption key

hashtag
6.2 Node Assignment

When the Session module assigns an ephemeral node to a private session:

  1. Session module performs the normal assignment flow

  2. As part of that same flow, it adds the node address into PrivacySettingData for that session

  3. From that point, the node is allowed to call:

    • session-scoped key issuance endpoint(s)

    • and decrypt session payloads for that private session

hashtag
6.3 Node Release

When an ephemeral node is released from that session:

  1. Session module performs the normal release / cleanup flow

  2. As part of that flow, it removes the node address from PrivacySettingData

  3. From that point, the node should no longer be able to request session encryption keys for that session

This is the main difference from dedicated private sessions:

  • dedicated = mostly static ACL

  • ephemeral = ACL follows the assignment lifecycle

hashtag
7. Session Module Responsibilities

v1.0 requires changes in the Session module, not just in the privacy module.

The Session module must add hooks in the places where ephemeral nodes are:

  • assigned

  • reassigned

  • released

  • force-removed

  • expired / timed out

hashtag
7.1 Add Hook Points

The Session module should identify and instrument all lifecycle points where a node becomes “currently assigned” to a session.

At those points it should:

  • call into PrivacySettingData

  • add the node address to the session ACL if the session is private and ephemeral

hashtag
7.2 Remove Hook Points

Likewise, every place where a node is no longer authorized to serve that session should remove it from the ACL.

This includes:

  • normal release

  • replacement by another node

  • timeout expiry

  • cleanup after failure

  • manual/admin release if supported

hashtag
7.3 Source of Truth

The Session module remains the source of truth for assignment state.

PrivacySettingData should not try to infer ephemeral membership by itself.

Instead:

  • Session module decides who is assigned

  • PrivacySettingData mirrors the allowed key-access set

That separation keeps the design simple:

  • Session module = assignment authority

  • PrivacySettingData = privacy/key ACL store

hashtag
8. PrivacySettingData v1.0 Extension (Conceptual)

The module needs additional state so it can represent both dedicated and ephemeral private sessions.

Conceptually it should track:

  • private flag for a session

  • privacy mode for a session

    • dedicated

    • ephemeral

  • allowed node addresses for that session

  • optional metadata to distinguish:

    • manually added dedicated nodes

    • dynamically assigned ephemeral nodes

A simple conceptual structure:

  • sessionPrivacyEnabled[sessionId] -> bool

  • sessionPrivacyMode[sessionId] -> enum { NONE, DEDICATED, EPHEMERAL }

  • sessionAllowedMiners[sessionId][node] -> bool

Optional future distinction:

  • sessionAllowedMinerSource[sessionId][node] -> enum { MANUAL, EPHEMERAL_ASSIGNMENT }

That distinction is not strictly required for first implementation, but it may help with:

  • debugging

  • dashboards

  • avoiding accidental removal of manually configured entries

hashtag
9. Key Issuance Flow in v1.0

The encryption-key access pattern remains conceptually the same as v0.5:

  1. Node receives an encrypted session payload

  2. Node requests the session key from the router

  3. Router verifies:

    • caller signature

    • session scope

    • ACL membership in PrivacySettingData

  4. If authorized, router returns the session-scoped encryption key

What changes in v1.0 is how the ACL gets populated:

  • dedicated sessions → mostly manual / owner-managed

  • ephemeral sessions → Session module updates it dynamically

So from the router’s point of view, the key issuance path may stay almost the same:

  • check session privacy enabled

  • check node membership in privacy ACL

  • issue session-scoped key if allowed

The complexity is shifted into Session-module lifecycle hooks.

hashtag
10. Dashboard / UX Implications

hashtag
10.1 Private Ephemeral Session Enablement

When users enable privacy on an ephemeral session, the dashboard should clearly communicate:

  • this is a private/encrypted ephemeral session

  • assigned nodes will be dynamically granted temporary key access

  • nodes removed from the session will lose key access

hashtag
10.2 Comparison to Dedicated Privacy

Dashboard should make the distinction visible:

  • Dedicated private session

    • fixed / manually managed node ACL

  • Ephemeral private session

    • dynamic ACL based on live assignment

This helps users understand why the node list can change over time for ephemeral sessions.

hashtag
10.3 Warnings / Constraints

UI should also warn that:

  • privacy for ephemeral sessions may be more operationally complex than dedicated sessions

  • dynamic membership means debugging may require viewing assignment history

  • encryption still disables raw streaming-style flows if full payload encryption is used

hashtag
11. Audit / Observability

Because ephemeral ACL membership is dynamic, observability becomes more important in v1.0.

At minimum, the system should record:

  • when privacy was enabled for a session

  • which nodes were added to ACL due to assignment

  • which nodes were removed due to release

  • why a node was removed:

    • normal release

    • timeout

    • failure

    • manual intervention

This can be implemented via:

  • events in PrivacySettingData

  • session events in the Session module

  • dashboard history views

Without this, ephemeral privacy will be hard to debug.

hashtag
12. Security Model

hashtag
12.1 Principle

A node should only be able to access a private session key if:

  • it is currently assigned to that session, and

  • the Session module has inserted it into the ACL

hashtag
12.2 Removal Matters

The remove path is just as important as the add path.

If removed nodes remain in the ACL too long, then:

  • old nodes may continue to request keys after they should no longer serve the session

So v1.0 security depends on:

  • correct add hooks

  • correct remove hooks

  • reliable cleanup on edge cases

hashtag
12.3 Session-Scoped Simplicity

Not introducing task-based encryption in v1.0 helps reduce security mistakes:

  • no per-task ACL churn

  • no task-by-task router updates

  • less coordination overhead

That is why session scope remains the right design for this phase.

hashtag
13. What Is Not in Scope Yet

This is still rough design work, not final implementation.

Not in scope yet:

  • final storage layout for all new mappings

  • exact function signatures

  • exact event list

  • exact dashboard UI flow

  • full test matrix

  • task-scoped privacy

  • advanced key leasing / expiry policies

  • TEE-backed private ephemeral sessions

Those can come after the dedicated-session path is stable and the ephemeral design is refined further.

hashtag
14. Current Status

What has been done so far:

  • rough design pass over the Session module

  • identification of likely hook points where ephemeral nodes need to be:

    • added to privacy ACL

    • removed from privacy ACL

  • high-level decision to reuse PrivacySettingData rather than create a new privacy path

What has not happened yet:

  • implementation

  • testing

  • finalized storage / interface spec

So this document should be treated as:

an early architectural direction for v1.0, not a final implementation contract

hashtag
15. Summary

v1.0 extends private / encrypted inference from dedicated private sessions to ephemeral private sessions by reusing the existing PrivacySettingData module and making the Session module responsible for dynamic ACL updates.

The key model is:

  • privacy stays session-scoped

  • Session module adds assigned ephemeral nodes into privacy ACL

  • Session module removes them again when released

  • router continues to issue encryption keys based on session-scoped ACL membership

In one sentence:

v1.0 keeps the dedicated-session privacy model intact, but makes it dynamic enough for ephemeral node assignment and release, without introducing a separate privacy data path or task-scoped encryption.

Previousv0.5 – Contract-Backed ACL for Dedicated Private Sessions (Session-Based Only)NextIPFS Integration

Last updated