← Back ◬ AI & Machine Learning Apr 15, 2026

SpanKey: Dynamic Key Space Conditioning for Neural Network Access Control

arXiv Security Archived Apr 15, 2026 ✓ Full text saved

arXiv:2604.12254v1 Announce Type: new Abstract: SpanKey is a lightweight way to gate inference without encrypting weights or chasing leaderboard accuracy on gated inference. The idea is to condition activations on secret keys. A basis matrix $B$ defines a low-dimensional key subspace $Span(B)$; during training we sample coefficients $\alpha$ and form keys $k=\alpha^\top B$, then inject them into intermediate activations with additive or multiplicative maps and strength $\gamma$. Valid keys lie i

Full text archived locally

✦ AI Summary · Claude Sonnet

Computer Science > Cryptography and Security [Submitted on 14 Apr 2026] SpanKey: Dynamic Key Space Conditioning for Neural Network Access Control WenBin Yan SpanKey is a lightweight way to gate inference without encrypting weights or chasing leaderboard accuracy on gated inference. The idea is to condition activations on secret keys. A basis matrix B defines a low-dimensional key subspace Span(B); during training we sample coefficients \alpha and form keys k=\alpha^\top B, then inject them into intermediate activations with additive or multiplicative maps and strength \gamma. Valid keys lie in Span(B); invalid keys are sampled outside that subspace. We make three points. (i) Mechanism: subspace key injection and a multi-layer design space. (ii) Failure mode: key absorption, together with two analytical results (a Beta-energy split and margin-tail diagnostics), explains weak baseline separation in energy and margin terms -- these are not a security theorem. iii) Deny losses and experiments: Modes A--C and extensions, with CIFAR-10 ResNet-18 runs and MNIST ablations for Mode B. We summarize setup and first-order analysis, injectors, absorption, deny losses and ablations, a threat discussion that does not promise cryptography, and closing remarks on scale. Code: \texttt{this https URL} Comments: 15 pages, 1 figure, multiple tables. Preprint (not yet published in a journal). Affiliation: University of Colorado Boulder. Code: this https URL Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI) Cite as: arXiv:2604.12254 [cs.CR] (or arXiv:2604.12254v1 [cs.CR] for this version) https://doi.org/10.48550/arXiv.2604.12254 Focus to learn more Submission history From: WenBin Yan [view email] [v1] Tue, 14 Apr 2026 04:01:34 UTC (159 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev | next > new | recent | 2026-04 Change to browse by: cs cs.AI References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

💬 Team Notes