←back to thread

Let's talk about AI and end-to-end encryption

(blog.cryptographyengineering.com)
172 points chmaynard | 2 comments | 17 Jan 25 05:50 UTC | HN request time: 0.482s | source
Show context
tonygiorgio ◴[17 Jan 25 17:46 UTC] No.42741055[source]
> Although PCC is currently unique to Apple, we can hope that other privacy-focused services will soon crib the idea.

IMHO, Apple's PCC is a step in the right direction in terms of general AI privacy nightmares where they are at today. It's not a perfect system, since it's not fully transparent and auditable, and I do not like their new opt-out photo scanning feature running on PCC, but there really is a lot to be inspired by it.

My startup is going down this path ourselves, building on top of AWS Nitro and Nvidia Confidential Compute to provide end to end encryption from the AI user to the model running on the enclave side of an H100. It's not very widely known that you can do this with H100s but I really want to see this more in the next few years.

replies(2): >>42741932 #>>42742122 #
1. mnahkies ◴[17 Jan 25 18:55 UTC] No.42741932[source]
I didn't actually realize that AWS supported this, I thought Azure was the only one offering it (https://azure.microsoft.com/en-us/blog/azure-confidential-co...)

Are you speaking of this functionality? https://developer.nvidia.com/blog/confidential-computing-on-... (and am I just failing to find the relevant AWS docs?)

replies(1): >>42742584 #
2. tonygiorgio ◴[17 Jan 25 19:57 UTC] No.42742584[source]
Yes, you're correct on both, though I think Google Cloud recently started supporting it as well. AWS will likely have GPU enclave support with Trainium 2 soon (AFAIK, that feature is not publicly offered yet but could be wrong).

We work with Edgeless Systems who manages the GPU enclave on Azure that we speak to from our AWS Nitro instance. While not ideal, the power of enclaves and the attestation verification process, we at least know that we're not leaking privacy by going with a third party GPU enclave provider.