Skip to main content
Version: 1.4

Encryption and key management

Prompt and reply encryption as well as key management are fundamental to Continuum's security architecture, ensuring that all your data remains confidential along the entire API supply chain. Together with the other security mechanisms, this ensures that data is end-to-end protected throughout its lifecycle. In Continuum, these processes are tightly integrated with the platform's attestation mechanisms, guaranteeing that encryption keys are only accessible to trusted, verified components.

How encryption works in Continuum

Continuum utilizes end-to-end encryption to protect data as it moves between the client and the server-side components, including the Attestation Service (AS) and the AI worker nodes within the GenAI endpoint. Again, we refer to the coninuum-proxy as the client here. The process involves several key steps:

  1. Client-side encryption: Before sending any data to the Continuum platform, the client encrypts the data (referred to as a "prompt") using a symmetric encryption key. This key is generated and securely stored in the client's trusted environment.

  2. Secure key exchange: The client then interacts with the AS to securely exchange encryption secrets. This involves the client verifying the AS's attestation report to ensure that it's interacting with a trusted and verified service. Once the AS is verified, the client securely uploads the encryption key to the AS.

  3. Key distribution to workers: After the AS verifies the AI worker nodes through attestation, it securely distributes the encryption keys to the appropriate GenAI endpoint workers. These workers use the keys to decrypt the prompts, process the data, and then re-encrypt the results before sending them back to the client.

  4. Response encryption: The worker nodes at the GenAI endpoint encrypt the inference results and send them back to the client through the server-side encryption proxy. The client then decrypts the response using its locally stored decryption key.

Key management and attestation integration

Key management in Continuum is deeply integrated with the platform's attestation mechanisms. Here's how this integration works:

  • Attestation-driven key distribution: The AS centrally handles the verification of GenAI worker nodes. Prompt encryption keys are only distributed to GenAI worker nodes after successful attestation. This ensures that keys are only available to trusted environments, preventing unauthorized access.

  • Client verification of AS: Before engaging in key exchange, the client verifies the AS through its attestation report. This step ensures that the AS is operating in a secure and trusted environment, safeguarding the key exchange process.

  • Service provider isolation: The AS and genAI workers in Continuum are designed to operate independently of us as the service provider, meaning that we've by no means access to your encryption keys. This security is reinforced during the remote attestation process, where the client not only verifies the AS's integrity but also its identity. By inspecting the open-source code, clients can confirm that the AS is configured to prevent any unauthorized access by the service provider, ensuring that all encryption keys remain secure and exclusively controlled by the client.

The resulting flow is illustrated below:

Example workflow

Let's walk through a typical encryption and key management workflow in Continuum:

  1. Client initialization: The client generates a symmetric encryption key and encrypts the prompt.

  2. Attestation and key exchange: The client verifies the AS's attestation report and securely uploads the encryption key to the AS.

  3. Worker node verification: The AS verifies the GenAI worker nodes, ensuring they meet the security requirements specified in the manifest.

  4. Key distribution: The AS securely distributes the encryption key to the verified GenAI worker nodes.

  5. Secure processing: The GenAI worker nodes decrypt the prompt, process the data, re-encrypt the results, and send them back to the client.