Exploring the Case of Super Protocol with Self-Sovereign AI and NVIDIA Confidential Computing

Originally published at: Exploring the Case of Super Protocol with Self-Sovereign AI and NVIDIA Confidential Computing | NVIDIA Technical Blog

Confidential and self-sovereign AI is a new approach to AI development, training, and inference where the user’s data is decentralized, private, and controlled by the users themselves. This post explores how the capabilities of Confidential Computing (CC) are expanded through decentralization using blockchain technology. The problem being solved is most clearly shown through the use…

Millions of AI startups exchange models and data, but real collaboration often comes with the risk of leaks and information disclosure. Companies are forced to rely on private infrastructure and complex contracts to protect their data. A confidential AI/Data marketplace based on Nvidia GPU TEE confidential computing will enable AI projects to collaborate securely and effortlessly, with setup taking just a few clicks while providing the highest level of security for clients. The response from the authors of popular AI models on Hugging Face (via cold outreach) has been overwhelmingly positive - nearly 100% express a strong need for a “Confidential Version of Hugging Face” to share more valuable data safely.

1 Like

How does the Super Protocol marketplace differ from Hugging Face?

1 Like

Millions of AI startups exchange models and data on Hugging Face, but real collaboration often comes with risks of leaks and information disclosure. Companies are forced to rely on private infrastructure and complex agreements to protect their data.

Super is a ready-to-use AI/Data marketplace and Decentralized Cloud powered by Confidential Computing. The platform enables AI projects to collaborate securely and effortlessly, with everything set up in just a few clicks, ensuring the highest level of security for clients.

2 Likes

I’m not sure I understand the purpose of decentralization. Couldn’t Microsoft Azure Confidential Computing be used for these purposes? Why build a decentralized network? And why is blockchain needed?

1 Like

Imagine you have a Unique Dataset, and want to rent it to other companies for money.

You could store your dataset in a centralized Azure cloud that supports confidential computing, develop the necessary tools, and invite your partners to upload their models into your enclave for training.

However, for 99% of startups, this would be an overly complex and resource-intensive process.

At Super, we’ve already simplified this work for you.

But imagine that you hired people and successfully built this setup - you’ll then need to verify its code with all the Partners.

And will your partners need to audit it? At Super, we are gradually making our codebase fully open-source and ensuring it is audited by the top experts in the field.

Now, suppose you’ve solved these two challenges and established collaborations with multiple companies. How do you ensure fair cooperation for both sides? Specifically:

  • That the models operate within the agreed scenarios.
  • That datasets meet the required parameters.

Who should you entrust with this oversight? The best candidate is a smart contract. Smart contracts can enforce project rules, set operational constraints, and handle payment conditions. We’ve also completed this work for you—deploying such a smart contract on Super is a fully automated process.

Finally, if we’re talking about billions of AI agents interacting in a non-deterministic environment (which is the ultimate goal), the complexity of managing this ecosystem skyrockets. Envisioning a centralized “AI God” overseeing everything is simply unacceptable for our team. That’s why our entire infrastructure operates in a decentralized, self-sovereign manner, managed solely through smart contracts. This allows for limitless interactions between agents, programmed transparently within a blockchain ecosystem.

1 Like

Our project offers an exclusive database of videos and images capturing New York City streets, including areas beyond the reach of Google Street View. We aim to make this data accessible to organizations and developers interested in utilizing it for training their models. However, safeguarding the integrity and security of our data is a top priority. Additionally, we need a reliable mechanism to verify that models were genuinely trained on our datasets. Could you assist us in developing a solution to address these requirements?

1 Like

Super Protocol (Confidential Computing) provides an optimal solution for this challenge:

  1. Secure Data Access
    Data is uploaded into the Super trusted execution environment (TEE), where it remains encrypted. Developers upload their models, which are trained within the TEE, ensuring no access to the original data. No one, including Super developers, has access inside the TEE.
  2. Proof of Data Usage
    Remote attestation generates cryptographic proof that training occurred in a secure environment using your data. Data hashes verify and confirm their usage, ensuring transparency and trust.
  3. Protection of Trained Models
    Trained models remain protected and can only be accessed through an API provided by the TEE.

Result:
Your data stays confidential, while developers receive securely trained models along with proof of proper data usage.

If Super Protocol clients run CUDA applications in Confidential Computing mode, how does the performance compare to non-confidential computing mode?

1 Like

A primary goal of delivering NVIDIA Confidential Computing (CC) to customers is that CUDA applications can run unchanged while maximizing the acceleration potential of the underlying hardware and software. CUDA provides lift and shift benefits to applications that will be run in CC mode. As a result, the NVIDIA GPU CC architecture is compatible with the CPU architectures that also provide application portability from non-confidential to CC environments.

Given the description so far, Super Protocol Confidential Computing workloads on the GPU perform close to non-CC mode when the amount of compute is large compared to the amount of input data. When the amount of compute is low compared to the input data, the overhead of communicating across the non-secure interconnect limits the application throughput. Please refer to the charts below for examples.

You may also want to watch Michael O’Connor, Chief Architect of NVIDIA, presenting NVIDIA CC during a joint talk with Super Protocol. At the 11:05 mark, Michael specifically addresses the performance topic: https://www.youtube.com/watch?v=EL8l7lFam3s

1 Like