Introducing PySyft TensorFlow

Jason Mancuso
Oct 24 · 5 min read

Summary: We’ve added support for TensorFlow in PySyft. The integration includes multi-worker remote execution on Tensors, Variables, and Keras Models. Full support for the TensorFlow API and integrations with TF Encrypted, TF Privacy, and TF Federated are on the roadmap. You can try our tutorial at TensorFlow World or follow development on GitHub.

This post has been cross-posted on the OpenMined blog.


As a community, OpenMined builds tools for privacy-preserving machine learning (PPML). Through this, the community can offer developers the opportunity to answer questions about data that they can’t see or own. This calls for a dramatic shift in how we apply algorithms to mine intelligence from that data, but only if developers are willing to use these tools. By baking privacy into the tools that data scientists and machine learning engineers know and love today, we can make data privacy a default instead of a luxury.

The initial PySyft paper from NeurIPS 2018 presents a generic platform for privacy-preserving machine learning (PPML) that leverages the community’s considerable investment into existing machine learning frameworks. Initially, this work focused on building privacy primitives into PyTorch. However, as a primary goal of the community is to make privacy-preserving machine learning accessible for all machine learning practitioners, it is core to our vision to extend all popular data science frameworks with tools for privacy.

At Dropout Labs, we’ve been working hard to bring PPML tools into the TensorFlow community, with the ultimate goal of bringing these tools into production in enterprise settings. We’ve spent a lot of time talking to customers and investigating the use cases that interest companies most. We’ve found remote execution to be a particularly compelling use case for many companies — this involves remotely training a model on data that has restricted access. Since PySyft was built with secure remote execution at its core, it was clear that building on it would help us solve these kinds of problems for our customers.

As OpenMined and PySyft continue to grow, we are participating in a similar movement forming in the TensorFlow community, marked by the release of several privacy-focused, open-source libraries:

  • TF Encrypted: A framework for machine learning on encrypted data
  • TF Privacy: Learning with differential privacy for training data
  • TF Trusted: Running TensorFlow models in secure enclaves
  • TF Federated: Machine learning and other computations on decentralized data

Until now, the PySyft and TensorFlow communities have developed side-by-side, aware of each other and inspiring each other to do better, but never truly working together.

Sitting within both OpenMined and the burgeoning TensorFlow PPML community, we felt we were best positioned to build a bridge. That began to take shape when we exposed TF Encrypted’s Keras interface to PySyft users in the Secure & Private AI course, and today we’re excited to bring these communities even closer together with the release of PySyft TensorFlow.

Today’s release includes the structure on which we’ll build full TensorFlow support, focusing on remote execution of both low-level tensor operations and higher-level Keras models. Our main priority will be bringing full support for the TensorFlow API to PySyft, and we’re already very close! Once this step is complete, we’d love to see better integration with TF Encrypted, as well as future integrations with TF Privacy and TF Federated. Check out the code examples below, star the repo on GitHub if you haven’t yet, and run a demo with a new model or dataset.


PySyft Basics

The basics of PySyft in TensorFlow are nearly identical to what users are already familiar with — in fact, the only changes are dictated by the switch from PyTorch to TensorFlow. For example, we’ll use a the same way we’d use a :

Sending a tensor is as simple as creating it (here as a constant) and sending it to the right worker:

We can do the usual arithmetic and manipulation operations directly on these tensors:

In fact, the only new aspects of PySyft with TensorFlow are the new tools that TensorFlow brings, like tf.Variable:

Support for tf.Module and tf.GradientTape are on the roadmap — if you want them for your use case, please reach out so we can prioritize accordingly!

Training a model with Keras

Moving beyond the basics, we’ve also provided support for all Keras models out of the box. Here, we train a model on a remote version of the classic MNIST dataset.

First, we assume that the worker, , owns the MNIST dataset. In the case of VirtualWorker, we’ll simulate this by sending the data over explicitly.

The next step is to define a model locally, and compile it for training:

You send a model the same way you’d send a tensor:

And finally, you can train the model remotely by passing the dataset pointers to the Keras `fit` method:

We encourage you to keep an eye on this step-by-step tutorial series, which demonstrates additional features and will be continually updated in the future.

Now it’s your turn

If you’re looking forward to building with PySyft for TensorFlow, let us know how we can help. We are actively encouraging requests and contributions from the community — opening issues, creating new demos, and submitting PRs with bug fixes and new features. You can also apply to be a regular contributor on the TensorFlow Team. It will take a village to build a fully privacy-preserving TensorFlow in PySyft!

About Dropout Labs

We’re a team of machine learning engineers, software engineers, and cryptographers spread across the United States, France, and Canada. We’re working on secure computation to enable training, validation, and prediction over encrypted data. We see a near future where individuals and organizations will maintain control over their data, while still benefiting from cloud-based machine intelligence.

Visit our website or blog or product page for more information, or follow us on Twitter for up-to-date announcements.

If you’re passionate about data privacy and AI, we’d love to hear from you.

Dropout Labs

Bringing Cryptography and Machine Learning Together

Thanks to Justin Patriquin

Jason Mancuso

Written by

Research Scientist at Dropout Labs. Working on private ML, but also safety and security. Interested in meaningful and creative uses of AI. @jvmancuso

Dropout Labs

Bringing Cryptography and Machine Learning Together

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade