SpanKey: Dynamic Key Space Conditioning for Neural Network Access Control

Abstract

SpanKey is a lightweight way to gate inference without encrypting weights or chasing leaderboard accuracy on gated inference. The idea is to condition activations on secret keys. A basis matrix B defines a low-dimensional key subspace Span(B); during training we sample coefficients α and form keys k=α B, then inject them into intermediate activations with additive or multiplicative maps and strength γ. Valid keys lie in Span(B); invalid keys are sampled outside that subspace. We make three points. (i) Mechanism: subspace key injection and a multi-layer design space. (ii) Failure mode: key absorption, together with two analytical results (a Beta-energy split and margin-tail diagnostics), explains weak baseline separation in energy and margin terms -- these are not a security theorem. iii) Deny losses and experiments: Modes A--C and extensions, with CIFAR-10 ResNet-18 runs and MNIST ablations for Mode B. We summarize setup and first-order analysis, injectors, absorption, deny losses and ablations, a threat discussion that does not promise cryptography, and closing remarks on scale. Code: https://github.com/mindmemory-ai/dksc