Cryptographic Computing
Enabling computation on cryptographically protected data
What is cryptographic computing at AWS?
AWS cryptography tools and services utilize a wide range of encryption and storage technologies that can help you protect your data at rest and in transit. Traditionally, data has to be decrypted before it can be used in a computation. Cryptographic computing is a technology that operates directly on cryptographically protected data so that sensitive data is never exposed.
Cryptographic computing covers a broad range of privacy preserving techniques including secure multi-party computation, homomorphic encryption, privacy preserving federated learning, and searchable encryption. AWS is developing cryptographic computing tools and services, to help you meet your security and compliance goals, while allowing you to take advantage of the flexibility, scalability, performance, and ease of use that AWS offers. For example, you can see cryptographic computing at work in AWS Clean Rooms.
Open source tools
Cryptographic Computing for Clean Rooms (C3R)
This library allows you to collaborate with your data in AWS Clean Rooms using a technique that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. If you have data handling policies that require encryption of sensitive data, you can pre-encrypt your data using a common collaboration-specific encryption key so that data is encrypted even when queries are run.
Privacy Preserving XGBoost Inference
This repository contains a prototype implementation of privacy-preserving XGBoost. The repository adopts several property-preserving encryption schemes to encrypt the XGBoost model so that the privacy-preserving model can predict an encrypted query.
C++ Bindings for the Lattigo Homomorphic Encryption Library
This library provides partial C++ bindings for the Lattigo v2.1.1 homomorphic encryption library written in the Go programming language. This wrapper does not attempt to provide a binding for all public Lattigo APIs, but new bindings are simple to add and PRs are welcome.
Homomorphic Implementor’s Toolkit
The Homomorphic Implementor’s Toolkit (HIT) provides tools to simplify the process of designing homomorphic circuits for the CKKS homomorphic encryption scheme.
Featured resources
Learn about protecting data in use using emerging cryptographic techniques. This AWS Tech Talk describes various techniques in cryptographic computing and how we're applying this in AWS Clean Rooms.
Get an overview of AWS applied research areas, including post-quantum cryptographic algorithms, multi-party secure computation, homomorphic encryption-in-use, and quantum key distribution.
In this talk, Amazon Scholar Joan Feigenbaum presents the AWS model for privacy-preserving machine learning and describes two prototypes that AWS has developed.
Research and insights
AWS researchers regularly contribute papers to help advance the field of cryptographic computing.
A Low-Depth Homomorphic Circuit for Logistic Regression Model Training
This paper describes an approach to machine learning using homomorphic encryption; showing how to build a circuit for logistic regression that can perform twice as many training iterations in the same amount of time as previously published results.
Client-Private Secure Aggregation for Privacy-Preserving Federated Learning
In this work, we introduce novel protocols for privacy-preserving federated learning involving a consortium of clients and a cloud server in which the server computes on encrypted data to aggregate the clients’ locally trained models into an encrypted global model, which can only be decrypted by the clients.
Top-k Query Processing on Encrypted Databases with Strong Security Guarantees
This paper proposes the first efficient and provable secure top-k query processing construction that achieves adaptively Chosen Query Attack security. AWS researchers developed an encrypted data structure called EHL and describe several secure sub-protocols under our security model to answer top-k queries.
Privacy-Preserving XGBoost Inference
One central goal of privacy-preserving machine learning is to enable users to submit encrypted queries to a remote ML service, receive encrypted results, and decrypt them locally. This paper outlines a privacy-preserving XGBoost prediction algorithm implemented and evaluated empirically on AWS SageMaker.
Computational Fuzzy Extractors
In this paper, AWS researchers investigated whether it is possible to construct fuzzy extractors. First, they show that secure sketches are subject to upper bounds from coding theory even when the information-theoretic security requirement is relaxed. Then they present a positive result that the negative result can be avoided by constructing and analyzing a computational fuzzy extractor directly by modifying the code-offset construction to use random linear codes.