Parallel encryption of input and output data for HPC applications

Abstract

A methodology for protecting confidential data sets on third-party HPC systems is reported. This is based on the NIST AES algorithm and supports the common ECB, CTR and CBC modes. The methodology is built on a flexible programming model that delegates management of the encryption key to the application code. The methodology also includes a fine-grain control over which arrays on the files are encrypted. All the stages in an encrypted workflow are investigated using an established CFD code. Benchmarks are reported using the UK national supercomputer service (ARCHER) running the CFD code on up to 18,432 cores. Performance benchmarks demonstrate the importance of the way the encryption metadata is treated. Naïve treatments are shown to have a large impact on performance. However, through a more judicious treatment, the time to run the solver with encrypted input and output data is shown to be almost identical to that with plain data. A novel parallel treatment of the block chaining in AES-CBC mode allows users to benefit from the avalanche properties of this mode relative to the CTR mode, with no penalty in run-time.