Can torch.jit.script model be reverse engineered?

As title. The question regards source code security and IP protection. If I torch.jit.script a model and pass it to others, can the model be reverse engineered to python code (to a roughly-equivalent level, something like “the model called Linear(xx, xx) => ReLU() => Conv3d(xx, xx, xx) … in the forward step and the corresponding parameters are yy, zz, …” but not necessarily the exact original model source code) ? In other words, can I use it to encrypt my model so the others can only use it as a blackbox?

Given a torchscripted model anyone can freely get the python code back for it by running loaded = torch.jit.load("path/to/" and then model = loaded.code

I’ve seen a few encrypted ML packages pop up but haven’t personally used any to give a better recomemndation

1 Like