A methodology for protecting confidential data sets on third-party HPC systems is reported. This is based on the NIST AES algorithm and supports the common ECB, CTR and CBC modes. The methodology is built on a flexible programming model that delegates management of the encryption key to the application code. The methodology also includes a fine-grain control over which arrays on the files are encrypted. All the stages in an encrypted workflow are investigated using an established CFD code. Benchmarks are reported using the UK national supercomputer service (ARCHER) running the CFD code on up to 18,432 cores. Performance benchmarks demonstrate the importance of the way the encryption metadata is treated. Naïve treatments are shown to have a large impact on performance. However, through a more judicious treatment, the time to run the solver with encrypted input and output data is shown to be almost identical to that with plain data. A novel parallel treatment of the block chaining in AES-CBC mode allows users to benefit from the avalanche properties of this mode relative to the CTR mode, with no penalty in run-time.

报告了一种用于保护第三方HPC系统上的机密数据集的方法。这基于NIST AES算法，并支持常见的ECB，CTR和CBC模式。该方法基于灵活的编程模型，该模型将加密密钥的管理委派给应用程序代码。该方法还包括对文件上的哪些阵列进行加密的细粒度控制。使用已建立的CFD代码对加密工作流程中的所有阶段进行调查。使用英国国家超级计算机服务（ARCHER）在多达18,432个内核上运行CFD代码报告基准。性能基准证明了加密元数据处理方式的重要性。朴素的治疗方法对表现有很大影响。但是，通过更明智的处理，显示使用加密的输入和输出数据运行求解器的时间几乎与使用纯数据运行求解器的时间相同。在AES-CBC模式下对区块链进行新颖的并行处理，使用户可以从该模式的雪崩特性（相对于CTR模式）中受益，而不会影响运行时间。