Enabling computation on cryptographically protected data
What is cryptographic computing at AWS?
AWS cryptography tools and services utilize a wide range of encryption and storage technologies that can help you protect your data at rest and in transit. Traditionally, data has to be decrypted before it can be used in a computation. Cryptographic computing is a technology that operates directly on cryptographically protected data so that sensitive data is never exposed.
Cryptographic computing covers a broad range of privacy preserving techniques including secure multi-party computation, homomorphic encryption, privacy preserving federated learning, and searchable encryption. AWS is developing cryptographic computing tools and services, to help you meet your security and compliance goals, while allowing you to take advantage of the flexibility, scalability, performance, and ease of use that AWS offers. For example, you can see cryptographic computing at work in AWS Clean Rooms.
Open source tools
This library allows you to collaborate with your data in AWS Clean Rooms using a technique that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. If you have data handling policies that require encryption of sensitive data, you can pre-encrypt your data using a common collaboration-specific encryption key so that data is encrypted even when queries are run.
This repository contains a prototype implementation of privacy-preserving XGBoost. By adopting several property-preserving encryption schemes to encrypt the XGBoost model, the privacy-preserving model can predict an encrypted query.
This library provides partial C++ bindings for the Lattigo v2.1.1 homomorphic encryption library written in the Go programming language. This wrapper does not attempt to provide a binding for all public Lattigo APIs, but new bindings are simple to add and PRs are welcome.
The Homomorphic Implementor’s Toolkit (HIT) provides tools to simplify the process of designing homomorphic circuits for the CKKS homomorphic encryption scheme.
Learn more about AWS open source security.
Computing on private data | 01 June 2023
Both secure multiparty computation and differential privacy protect the privacy of data used in computation, but each has advantages in different contexts.
Share and query encrypted data in AWS Clean Rooms | 16 May 2023
Learn how you can use cryptographic computing with AWS Clean Rooms to work with collaborators to perform joint analyses over pooled data without sharing your “raw” data with each other—or with AWS.
Privacy challenges in extreme gradient boosting | 22 June 2021
Read about how privacy-preserving machine learning can be used to address privacy challenges in XGBoost training and prediction.
Building machine learning models with encrypted data | 05 January 2021
See how a new approach to homomorphic encryption speeds up the training of encrypted machine learning models sixfold.
Cryptographic computing can accelerate the adoption of cloud computing | 11 February 2020
Learn about two cryptographic techniques that are being used to address cloud-computing privacy concerns and accelerate enterprise cloud adoption.
Learn about protecting data in use with emerging cryptographic techniques. This AWS Tech Talk describes various techniques in cryptographic computing and how they are applied in AWS Clean Rooms.
Get an overview of AWS applied research areas, including post-quantum cryptographic algorithms, multi-party secure computation, homomorphic encryption in use, and quantum key distribution.
In this talk, Amazon Scholar Joan Feigenbaum presents the AWS model for privacy-preserving machine learning and describes two prototypes that AWS has developed.
Research and insights
AWS researchers regularly contribute papers to help advance the field of cryptographic computing.
A Low-Depth Homomorphic Circuit for Logistic Regression Model Training
This paper describes an approach to machine learning using homomorphic encryption, showing how to build a circuit for logistic regression that can perform twice as many training iterations in the same amount of time as previously published results.
Client-Private Secure Aggregation for Privacy-Preserving Federated Learning
This work introduces novel protocols for privacy-preserving federated learning involving a consortium of clients and a cloud server in which the server computes on encrypted data to aggregate the clients’ locally trained models into an encrypted global model, which can only be decrypted by the clients.
Top-k Query Processing on Encrypted Databases with Strong Security Guarantees
This paper proposes the first efficient and provable secure top-k query processing construction that achieves adaptively Chosen Query Attack security. AWS researchers developed an encrypted data structure called EHL and describe several secure sub-protocols to answer top-k queries.
Privacy-Preserving XGBoost Inference
One central goal of privacy-preserving machine learning is to enable users to submit encrypted queries to a remote ML service, receive encrypted results, and decrypt them locally. This paper outlines a privacy-preserving XGBoost prediction algorithm implemented and evaluated empirically on Amazon SageMaker.
Computational Fuzzy Extractors
In this paper, AWS researchers investigated whether it is possible to construct fuzzy extractors. First, they show that secure sketches are subject to upper bounds from coding theory even when the information-theoretic security requirement is relaxed. Then they present a positive result that the negative result can be avoided by constructing and analyzing a computational fuzzy extractor directly by modifying the code-offset construction to use random linear codes.