The Challenge: Protecting Sensitive Data
Krzysztof Szarek
The Challenge: Protecting Sensitive Data
Sensitive authentication is becoming a cornerstone of modern security, yet protecting sensitive authentication codes poses a significant challenge. Conventional authentication processing methods require storing and decrypting sensitive data during verification, exposing it to potential breaches. This raises a critical question: How can we authenticate users securely without exposing their raw authentication information?
Our Approach: Secure Multi-Party Computation (SMPC) on AWS
To address this challenge, we collaborated with multiple teams to build an ultra cluster utilizing Secure Multi-Party Computation (SMPC) and AWS high-performance computing resources. Our joint effort ensures that authentication verification occurs without ever decrypting the data, mitigating risks associated with centralized storage and potential data leaks.
How Our SMPC-Based System Works
Secure Code Generation – The user’s secure data is scanned and converted into a unique digital representation.
Secret Sharing – The secure code is split into multiple encrypted shares and distributed across three independent AWS accounts, each owned by a different entity. This ensures that no single party has access to the complete authentication code.
Secure Computation – During authentication, SMPC allows a secure comparison of the encrypted shares without revealing the raw data.
Privacy by Design – Once verification is complete, old secure code shares are deleted, ensuring no single party ever possesses the full dataset.
Building the UltraCluster: A Collaborative Effort
Our ultra cluster was made possible through close collaboration with multiple teams, each contributing expertise in security, cloud infrastructure, and high-performance computing.
Cluster Design: Shared VPC with Distributed Nodes
Together, we designed an architecture consisting of one primary AWS account and three independent third-party AWS accounts, each hosting high-performance compute nodes. This setup eliminates centralized data exposure, enhancing security.
Why We Chose Elastic Fabric Adapter (EFA)
Secure multi-party computation requires ultra-low latency and high-speed interconnectivity between nodes. AWS Elastic Fabric Adapter (EFA) delivers:
High-speed inter-node communication – Each p5.48xlarge instance supports up to 32 EFA interfaces, achieving bandwidths up to 3,200 Gbps (400GB/s).
OS Bypass & RDMA Support – EFA enables Remote Direct Memory Access (RDMA), facilitating direct memory transfers between nodes without CPU intervention, reducing latency, and enhancing efficiency.
Optimized for AI/ML & HPC – Seamless integration with NCCL, Open MPI, and Intel MPI ensures optimal performance for privacy-preserving computations.
Harnessing the Power of p5.48xlarge Instances
Our ultra cluster relies on AWS p5.48xlarge instances, which are designed for high-performance workloads. These instances provide:
192 vCPUs & 2,048 GiB memory – Handling extensive SMPC computations.
8 NVIDIA H100 Tensor Core GPUs – With 640 GB of HBM3 GPU memory, optimized for parallel processing.
Ultra-high network bandwidth (3,200 Gbps) – Enabling rapid data exchange across nodes for efficient computation.
In total, the cluster provides 576 vCPUs and 6,144 GiB of memory, ensuring seamless execution of extensive SMPC computations. With 24 NVIDIA H100 Tensor Core GPUs and a combined 1,920 GB of HBM3 GPU memory, the system is optimized for large-scale parallel processing.
Conclusion: A Team Effort for a Scalable, Future-Proof Solution
By integrating SMPC, AWS shared VPC infrastructure, EFA networking, and high-performance computing instances, our teams successfully delivered privacy-preserving authentication without compromising security or speed. This approach eliminates single points of failure, ensures secure authentication, and provides a scalable model for future security solutions.
As digital security evolves, combining privacy-enhancing cryptographic techniques with cloud-based high-performance computing will be crucial in safeguarding sensitive data in an increasingly interconnected world. This achievement was only possible through the dedication and collaboration of all the teams involved.
