Skip to main content

AWS Cloud Security

Cryptographic Computing

Enabling computation on cryptographically protected data

What is cryptographic computing at AWS?

AWS cryptography tools and services utilize a wide range of encryption and storage technologies that can help you protect your data at rest and in transit. Traditionally, data has to be decrypted before it can be used in a computation. Cryptographic computing is a technology that operates directly on cryptographically protected data so that sensitive data is never exposed.

Cryptographic computing covers a broad range of privacy preserving techniques including secure multi-party computation, homomorphic encryption, privacy preserving federated learning, and searchable encryption. AWS is developing cryptographic computing tools and services, to help you meet your security and compliance goals, while allowing you to take advantage of the flexibility, scalability, performance, and ease of use that AWS offers.

Open source tools

Learn more about AWS open source security

Cryptographic Computing for Clean Rooms (C3R)

This library allows you to collaborate with your data in AWS Clean Rooms using a technique that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. If you have data handling policies that require encryption of sensitive data, you can pre-encrypt your data using a common collaboration-specific encryption key so that data is encrypted even when queries are run.

Learn more

Privacy-Preserving XGBoost Inference

This repository contains a prototype implementation of privacy-preserving XGBoost. By adopting several property-preserving encryption schemes to encrypt the XGBoost model, the privacy-preserving model can predict an encrypted query.

Learn more

C++ Bindings for the Lattigo Homomorphic Encryption Library

This library provides partial C++ bindings for the Lattigo v2.1.1 homomorphic encryption library written in the Go programming language. This wrapper does not attempt to provide a binding for all public Lattigo APIs, but new bindings are simple to add and PRs are welcome.

Learn more

Homomorphic Implementor’s Toolkit

The Homomorphic Implementor’s Toolkit provides tools to help simplify the process of designing homomorphic circuits for the CKKS homomorphic encryption scheme. This library is intended to further research in homomorphic encryption.

Learn more

Research and insights

AWS researchers regularly contribute papers to help advance the field of cryptographic computing

This paper describes an approach to machine learning using homomorphic encryption, showing how to build a circuit for logistic regression that can perform twice as many training iterations in the same amount of time as previously published results.

Learn more

This work introduces novel protocols for privacy-preserving federated learning involving a consortium of clients and a cloud server in which the server computes on encrypted data to aggregate the clients’ locally trained models into an encrypted global model, which can only be decrypted by the clients.

Learn more

This paper proposes the first efficient and provable secure top-k query processing construction that achieves adaptively Chosen Query Attack security. AWS researchers developed an encrypted data structure called EHL and describe several secure sub-protocols to answer top-k queries.

Learn more

One central goal of privacy-preserving machine learning is to enable users to submit encrypted queries to a remote ML service, receive encrypted results, and decrypt them locally. This paper outlines a privacy-preserving XGBoost prediction algorithm implemented and evaluated empirically on Amazon SageMaker.

Learn more

In this paper, AWS researchers investigated whether it is possible to construct fuzzy extractors. First, they show that secure sketches are subject to upper bounds from coding theory even when the information-theoretic security requirement is relaxed. Then they present a positive result that the negative result can be avoided by constructing and analyzing a computational fuzzy extractor directly by modifying the code-offset construction to use random linear codes.

Learn more

Interested?

To learn more about cryptographic computing with AWS

Contact us