Social
Security, privacy, and abuse prevention

Computing on private data

Both secure multiparty computation and differential privacy protect the privacy of data used in computation, but each has advantages in different contexts.

By Joan FeigenbaumMahnush MovahediParker Newton
June 1, 2023
17 min read
Share

Many of today’s most innovative computation-based products and solutions are fueled by data. Where those data are private, it is essential to protect them and to prevent the release of information about data subjects, owners, or users to the wrong parties. How can we perform useful computations on sensitive data while preserving privacy?

DP.CV.jpeg
Related content
A little public data makes privacy-preserving AI models more accurate
Technique that mixes public and private training data can meet differential-privacy criteria while cutting error increase by 60%-70%.

We will revisit two well-studied approaches to this challenge: secure multiparty computation (MPC) and differential privacy (DP). MPC and DP were invented to address different real-world problems and to achieve different technical goals. However, because they are both aimed at using private information without fully revealing it, they are often confused. To help draw a distinction between the two approaches, we will discuss the power and limitations of both and give typical scenarios in which each can be highly effective.

We are interested in scenarios in which multiple individuals (sometimes, society as a whole) can derive substantial utility from a computation on private data but, in order to preserve privacy, cannot simply share all of their data with each other or with an external party.

Secure multiparty computation

MPC methods allow a group of parties to collectively perform a computation that involves all of their private data while revealing only the result of the computation. More formally, an MPC protocol enables n parties, each of whom possesses a private dataset, to compute a function of the union of their datasets in such a way that the only information revealed by the computation is the output of the function. Common situations in which MPC can be used to protect private interests include

  • auctions: the winning bid amount should be made public, but no information about the losing bids should be revealed;
  • voting: the number of votes cast for each option should be made public but not the vote cast by any one individual;
  • machine learning inference: secure two-party computation enables a client to submit a query to a server that holds a proprietary model and receive a response, keeping the query private from the server and the model private from the client.
Diagram of a circuit with a multiplicative depth of two
Related content
Building machine learning models with encrypted data
New approach to homomorphic encryption speeds up the training of encrypted machine learning models sixfold.

Note that the number n of participants can be quite small (e.g., two in the case of machine learning inference), moderate in size, or very large; the latter two size ranges both occur naturally in auctions and votes. Similarly, the participants may be known to each other (as they would be, for example, in a departmental faculty vote) or not (as, for example, in an online auction). MPC protocols mathematically guarantee the secrecy of input values but do not attempt to hide the identities of the participants; if anonymous participation is desired, it can be achieved by combining MPC with an anonymous-communication protocol.

Although MPC may seem like magic, it is implementable and even practical using cryptographic and distributed-computing techniques. For example, suppose that Alice, Bob, Carlos, and David are four engineers who want to compare their annual raises. Alice selects four random numbers that sum to her raise. She keeps one number to herself and gives each of the other three to one of the other engineers. Bob, Carlos, and David do the same with their own raises.

Secure multiparty computation
Four engineers wish to compute their average raise, without revealing any one engineer's raise to the others. Each selects four numbers that sum to his or her raise and sends three of them to the other engineers. Each engineer then sums his or her four numbers — one private number and three received from the others. The sum of all four engineers' sums equals the sum of all four raises.

After everyone has distributed the random numbers, each engineer adds up the numbers he or she is holding and sends the sum to the others. Each engineer adds up these four sums privately (i.e., on his or her local machine) and divides by four to get the average raise. Now they can all compare their raises to the team average.

Amount

Alice’s share

Bob’s share

Carlos’s share

David’s share

Sum of sums

Alice’s raise

3800

-1000

2500

900

1400


Bob’s raise

2514

700

400

650

764


Carlos’s raise

2982

750

-100

832

1500


David’s raise

3390

1500

900

-3000

3990


Sum

12686

1950

3700

-618

7654

12686

Average

3171.5





3171.5

Note that, because Alice (like Bob, Carlos, and David) kept part of her raise private (the bold numbers), no one else learned her actual raise. When she summed the numbers she was holding, the sum didn’t correspond to anyone’s raise. In fact, Bob’s sum was negative, because all that matters is that the four chosen numbers add up to the raise; the sign and magnitude of these four numbers are irrelevant.

Summing all of the engineers’ sums results in the same value as summing the raises directly, namely $12,686. If all of the engineers follow this protocol faithfully, dividing this value by four yields the team average raise of $3,171.50, which allows each person to compare his or her raise against the team average (locally and hence privately) without revealing any salary information.

A highly readable introduction to MPC that emphasizes practical protocols, some of which have been deployed in real-world scenarios, can be found in a monograph by Evans, Kolesnikov, and Rosulek. Examples of real-world applications that have been deployed include analysis of gender-based wage gaps in Boston-area companies, aggregate adoption of cybersecurity measures, and Covid exposure notification. Readers may also wish to read our previous blog post on this and related topics.

Differential privacy

Differential privacy (DP) is a body of statistical and algorithmic techniques for releasing an aggregate function of a dataset without revealing the mapping between data contributors and data items. As in MPC, we have n parties, each of whom possesses a data item. Either the parties themselves or, more often, an external agent wishes to compute an aggregate function of the parties’ input data.

Calibrated noise addition.gif
Related content
Amazon wins best-paper award for protecting privacy of training data
Calibrating noise addition to word density in the embedding space improves utility of privacy-protected text.

If this computation is performed in a differentially private manner, then no information that could be inferred from the output about the ith input, xi, can be associated with the individual party Pi. Typically, the number n of participants is very large, the participants are not known to each other, and the goal is to compute a statistical property of the set {x1, …, xn} while protecting the privacy of individual data contributors {P1, …, Pn}.

In slightly more detail, we say that a randomized algorithm M preserves differential privacy with respect to an aggregation function f if it satisfies two properties. First, for every set of input values, the output of M closely approximates the value of f. Second, for every distinct pair (xi, xi') of possible values for the ith individual input, the distribution of M(x1, …, xi,…, xn) is approximately equivalent to the distribution of M(x1, …, xi′, …, xn). The maximum “distance” between the two distributions is characterized by a parameter, ϵ, called the privacy parameter, and M is called an ϵ-differentially private algorithm.

Note that the output of a differentially private algorithm is a random variable drawn from a distribution on the range of the function f. That is because DP computation requires randomization; in particular, it works by “adding noise.” All known DP techniques introduce a salient trade-off between the privacy parameter and the utility of the output of the computation. Smaller values of ϵ produce better privacy guarantees, but they require more noise and hence produce less-accurate outputs; larger values of ϵ yield worse privacy bounds, but they require less noise and hence deliver better accuracy.

For example, consider a poll, the goal of which is to predict who is going to win an election. The pollster and respondents are willing to sacrifice some accuracy in order to improve privacy. Suppose respondents P1, …, Pn have predictions x1, …, xn, respectively, where each xi is either 0 or 1. The poll is supposed to output a good estimate of p, which we use to denote the fraction of the parties who predict 1. The DP framework allows us to compute an accurate estimate and simultaneously to preserve each respondent’s “plausible deniability” about his or her true prediction by requiring each respondent to add noise before sending a response to the pollster.

PATE for ASR framework.png
Related content
Better differential privacy for end-to-end speech recognition
Private aggregation of teacher ensembles (PATE) leads to word error rate reductions of more than 26% relative to standard differential-privacy techniques.

We now provide a few more details of the polling example. Consider the algorithm m that takes as input a bit xi and flips a fair coin. If the coin comes up tails, then m outputs xi; otherwise m flips another fair coin and outputs 1 if heads and 0 if tails. This m is known as the randomized response mechanism; when the pollster asks Pi for a prediction, Pi responds with m(xi). Simple statistical calculation shows that, in the set of answers that the pollster receives from the respondents, the expected fraction that are 1’s is

Pr[First coin is tails] ⋅ p + Pr[First coin is heads] ⋅ Pr[Second coin is heads] = p/2 + 1/4.

Thus, the expected number of 1’s received is n(p/2 + 1/4). Let N = m(x1) + ⋅⋅⋅ + m(xn) denote the actual number of 1’s received; we approximate p by M(x1, …, xn) = 2N/n − 1/2. In fact, this approximation algorithm, M, is differentially private. Accuracy follows from the statistical calculation, and privacy follows from the “plausible deniability” provided by the fact that M outputs 1 with probability at least 1/4 regardless of the value of xi.

Differential privacy has dominated the study of privacy-preserving statistical computation since it was introduced in 2006 and is widely regarded as a fundamental breakthrough in both theory and practice. An excellent overview of algorithmic techniques in DP can be found in a monograph by Dwork and Roth. DP has been applied in many real-world applications, most notably the 2020 US Census.

The power and limitations of MPC and DP

We now review some of the strengths and weaknesses of these two approaches and highlight some key differences between them.

Secure multiparty computation

MPC has been extensively studied for more than 40 years, and there are powerful, general results showing that it can be done for all functions f using a variety of cryptographic and coding-theoretic techniques, system models, and adversary models.

Despite the existence of fully general, secure protocols, MPC has seen limited real-world deployment. One obstacle is protocol complexity — particularly the communication complexity of the most powerful, general solutions. Much current work on MPC addresses this issue.

A model consisting of two decision trees, one that imposes an age criterion and one that imposes a height criterion.
Related content
Machine learning models that act on encrypted data
A privacy-preserving version of the popular XGBoost machine learning algorithm would let customers feel even more secure about uploading sensitive data to the cloud.

More-fundamental questions that must be answered before MPC can be applied in a given scenario include the nature of the function f being computed and the information environment in which the computation is taking place. In order to explain this point, we first note that the set of participants in the MPC computation is not necessarily the same as the set of parties that receive the result of the computation. The two sets may be identical, one may be a proper subset of the other, they may have some (but not all) elements in common, or they may be entirely disjoint.

Although a secure MPC protocol (provably!) reveals nothing to the recipients about the private inputs except what can be inferred from the result, even that may be too much. For example, if the result is the number of votes for and votes against a proposition in a referendum, and the referendum passes unanimously, then the recipients learn exactly how each participant voted. The referendum authority can avoid revealing private information by using a different f, e.g., one that is “YES” if the number of votes for the proposition is at least half the number of participants and “NO” if it is less than half.

This simple example demonstrates a pervasive trade-off in privacy-preserving computation: participants can compute a function that is more informative if they are willing to reveal private information to the recipients in edge cases; they can achieve more privacy in edge cases if they are willing to compute a less informative function.

In addition to specifying the function f carefully, users of MPC must evaluate the information environment in which MPC is to be deployed and, in particular, must avoid the catastrophic loss of privacy that can occur when the recipients combine the result of the computation with auxiliary information. For example, consider the scenario in which the participants are all of the companies in a given commercial sector and metropolitan area, and they wish to use MPC to compute the total dollar loss that they (collectively) experienced in a given year that was attributable to data breaches; in this example, the recipients of the result are the companies themselves.

Classification and regression trees (CART)
Related content
Privacy challenges in extreme gradient boosting
Scientists describe the use of privacy-preserving machine learning to address privacy challenges in XGBoost training and prediction.

Suppose further that, during that year, one of the companies suffered a severe breach that was covered in the local media, which identified the company by name and reported an approximate dollar figure for the loss that the company suffered as a result of the breach. If that approximate figure is very close to the total loss imposed by data breaches on all the companies that year, then the participants can conclude that all but one of them were barely affected by data breaches that year.

Note that this potentially sensitive information is not leaked by the MPC protocol, which reveals nothing but the aggregate amount lost (i.e., the value of the function f). Rather, it is inferred by combining the result of the computation with information that was already available to the participants before the computation was done. The same risk that input privacy will be destroyed when results are combined with auxiliary information is posed by any computational method that reveals the exact value of the function f.

Differential privacy

The DP framework provides some elegant, simple mechanisms that can be applied to any function f whose output is a vector of real numbers. Essentially, one can independently perturb or “noise up” each component of f(x) by an appropriately defined random value. The amount of noise that must be added in order to hide the contribution (or, indeed, the participation) of any single data subject is determined by the privacy parameter and the maximum amount by which a single input can change the output of f. We explain one such mechanism in slightly more mathematical detail in the following paragraph.

One can apply the Laplace mechanism with privacy parameter ϵ to a function f, whose outputs are k-tuples of real numbers, by returning the value f(x1, …, xn) + (Y1, …, Yk) on input (x1, …, xn), where the Yi are independent random variables drawn from the Laplace distribution with parameter Δ(f)/ϵ. Here Δ(f) denotes the 1sensitivity of the function f, which captures the magnitude by which a single individual’s data can change the output of f in the worst case. The technical definition of the Laplace distribution is beyond the scope of this article, but for our purposes, its important property is that the Yi can be sampled efficiently.

Federated Learning Animation.gif
Related content
Advances in trustworthy machine learning at Alexa AI
The team’s latest research on privacy-preserving machine learning, federated learning, and bias mitigation.

Crucially, DP protects data contributors against privacy loss caused by post-processing computational results or by combining results with auxiliary information. The scenario in which privacy loss occurred when the output of an MPC protocol was combined with information from an existing news story could not occur in a DP application; moreover, no harm could be done by combining the result of a DP computation with auxiliary information in a future news story.

DP techniques also benefit from powerful composition theorems that allow separate differentially private algorithms to be combined in one application. In particular, the independent use of an ϵ1-differentially private algorithm and an ϵ2-differentially private algorithm, when taken together, is (ϵ1 + ϵ2)-differentially private.

One limitation on the applicability of DP is the need to add noise — something that may not be tolerable in some application scenarios. More fundamentally, the ℓ1 sensitivity of a function f, which yields an upper bound on the amount of noise that must be added to the output in order to achieve a given privacy parameter ϵ, also yields a lower bound. If the output of f is strongly influenced by the presence of a single outlier in the input, then it is impossible to achieve strong privacy and high accuracy simultaneously.

For example, consider the simple case in which f is the sum of all of the private inputs, and each input is an arbitrary positive integer. It is easy to see that the ℓ1 sensitivity is unbounded in this case; to hide the contribution or the participation of an individual whose data item strongly dominates those of all other individuals would require enough noise to render the output meaningless. If one can restrict all of the private inputs to a small interval [a,b], however, then the Laplace mechanism can provide meaningful privacy and accuracy.

DP was originally designed to compute statistical aggregates while preserving the privacy of individual data subjects; in particular, it was designed with real-valued functions in mind. Since then, researchers have developed DP techniques for non-numerical computations. For example, the exponential mechanism can be used to solve selection problems, in which both input and output are of arbitrary type.

SPHINCS+ procedure.jpg
Related content
Preparing today for a post-quantum cryptographic future
Amazon is helping develop standards for post-quantum cryptography and deploying promising technologies for customers to experiment with.

In specifying a selection problem, one must define a scoring function that maps input-output pairs to real numbers. For each input x, a solution y is better than a solution y′ if the score of (x,y) is greater than that of (x,y′). The exponential mechanism generally works well (i.e., achieves good privacy and good accuracy simultaneously) for selection problems (e.g., approval voting) that can be defined by scoring functions of low sensitivity but not for those (e.g., set intersection) in which the scoring function must have high sensitivity. In fact, there is no differentially private algorithm that works well for set intersection; by contrast, MPC for set intersection is a mature and practical technology that has seen real-world deployment.

Conclusion

In conclusion, both secure multiparty computation and differential privacy can be used to perform computations on sensitive data while preserving the privacy of those data. Important differences between the bodies of technique include

  • The nature of the privacy guarantee: Use of MPC to compute a function y = f(x1, x2, ..., xn) guarantees that the recipients of the result learn the output y and nothing more. For example, if there are exactly two input vectors that are mapped to y by f, the recipients of the output y gain no information about which of two was the actual input to the MPC computation, regardless of the number of components in which these two input vectors differ or the magnitude of the differences. On the other hand, for any third input vector that does not map to y, the recipient learns with certainty that the real input to the MPC computation was not this third vector, even if it differs from one of the first two in only one component and only by a very small amount. By contrast, computing f with a DP algorithm guarantees that, for any two input vectors that differ in only one component, the (randomized!) results of the computation are approximately indistinguishable, regardless of whether the exact values of f on these two input vectors are equal, nearly equal, or extremely different. Straightforward use of composition yields a privacy guarantee for inputs that differ in c components at the expense of increasing the privacy parameter by a factor of c.
  • Typical use cases: DP techniques are most often used to compute aggregate properties of very large datasets, and typically, the identities of data contributors are not known. None of these conditions is typical of MPC use cases.
  • Exact vs. noisy answers: MPC can be used to compute exact answers for all functions f. DP requires the addition of noise. This is not a problem in many statistical computations, but even small amounts of noise may not be acceptable in some application scenarios. Moreover, if f is extremely sensitive to outliers in the input data, the amount of noise needed to achieve meaningful privacy may preclude meaningful accuracy.
  • Auxiliary information: Combining the result of a DP computation with auxiliary information cannot result in privacy loss. By contrast, any computational method (including MPC) that returns the exact value y of a function f runs the risk that a recipient of y might be able to infer something about the input data that is not implied by y alone, if y is combined with auxiliary information.

Finally, we would like to point out that, in some applications, it is possible to get the benefits of both MPC and DP. If the goal is to compute f, and g is a differentially private approximation of f that achieves good privacy and accuracy simultaneously, then one natural way to proceed is to use MPC to compute g. We expect to see both MPC and DP used to enhance data privacy in Amazon’s products and services.

Research areas
Tags
About the Author
Joan Feigenbaum
Joan Feigenbaum is an Amazon Scholar and the Grace Murray Hopper professor of computer science at Yale University.
Mahnush Movahedi
Mahnush Movahedi is an applied scientist in Amazon Web Services' cryptography group.
Parker Newton
Parker Newton is an applied scientist in Amazon Web Services' cryptography group.

Related content

Work with us

See more jobs See more jobs
Applied Scientist - LLM, Alexa
GB, Cambridge
Alexa is looking for an Applied Scientist with a strong background in Natural Language Processing (NLP) and Large Language Models (LLMs) to help build state-of-the-art conversational systems. In this role, you will collaborate with a large team of scientists training the Large Language Models that power the Alexa stack, as well as software engineers serving them in production systems. You will own solutions end-to-end: from ideation and research through to production deployment, enabling conversational assistants to support external tools, leverage diverse sources of information, and deliver novel reasoning capabilities to millions of Alexa customers. Key job responsibilities As an Applied Scientist, you will develop innovative solutions to complex problems to extend the functionalities of conversational assistants. You will use your technical expertise to research and implement novel algorithms and modelling solutions in collaboration with other scientists and engineers. You will analyze customer behaviors and define metrics to enable the identification of actionable insights and measure improvements in customer experience. You will communicate results and insights to both technical and non-technical audiences through written reports, presentations and external publications. You would be able to bi-modal on science and engineering: someone who combines strong scientific foundations with the execution skills to ship high-quality solutions. A day in the life As an Applied Scientist on the Alexa Science team, you'll drive innovation in evaluating new product experiences while discovering novel approaches to enhance model capabilities and enrich customer interactions. You'll collaborate with cross-functional teams of engineers and scientists to identify root causes of model and system integration issues, continuously improving the end-to-end customer experience. You'll partner closely with scientists developing and fine-tuning large language models, engineers building low-latency inference infrastructure, and product teams defining customer experience metrics. About the team We are a team of applied scientists and engineers building the intelligence layer that powers Alexa+. Our work sits at the intersection of large language models, decision-making under uncertainty, and production ML systems. What we build directly shapes the customer experience: determining which models serve their requests, optimizing response latency, and creating natural, seamless interactions. We're a collaborative team that values rigorous experimentation, clear communication, and delivering solutions that perform at scale in real-world environments.
Applied Scientist II, Perception
US, CA, San Francisco
Amazon is on a mission to redefine the future of automation — and we're looking for exceptional talent to help lead the way. We are building the next generation of advanced robotic systems that seamlessly blend cutting-edge AI, sophisticated control systems, and novel mechanical design to create adaptable, intelligent automation solutions capable of operating safely alongside humans in dynamic, real-world environments. At Amazon, we leverage the power of machine learning, artificial intelligence, and advanced robotics to solve some of the most complex operational challenges at a scale unlike anywhere else in the world. Our fleet of robots spans hundreds of facilities globally, working in sophisticated coordination to deliver on our promise of customer excellence — and we're just getting started. As a Applied Scientist in Robot Perception, you will be at the forefront of this transformation. You will develop and deploy state-of-the-art perception algorithms that enable robots to truly understand and interact with the physical world — bridging the gap between theoretical research and real-world impact. Bringing deep expertise in Computer Vision and a nuanced understanding of the capabilities and limitations of modern Vision-Language Models (VLMs), you will innovate boldly and push the boundaries of what's possible. Our vision for the Perception layer is ambitious: to enable seamless, intelligent interaction between the user, the robot, and its environment. This is a rare opportunity to work at the intersection of deep learning, large language models, and robotics — contributing to research that doesn't just advance the field, but reshapes it. You will collaborate with world-class teams pioneering breakthroughs in dexterous manipulation, locomotion, and human-robot interaction, all at an unprecedented scale. Join us in building intelligent robotic systems that will define the future of automation and human-robot collaboration. Key job responsibilities - Design, develop, and deploy perception algorithms for robotics systems, including object detection, segmentation, tracking, depth estimation, and scene understanding - Lead research initiatives in computer vision, sensor fusion and 3D perception - Collaborate with cross-functional teams including robotics engineers, software engineers, and product managers to define and deliver perception capabilities - Drive end-to-end ownership of ML models — from data collection and labeling strategy to training, evaluation, and deployment - Mentor junior scientists and engineers; contribute to a culture of technical excellence - Define and track key metrics to measure perception system performance in real-world environments - Publish research findings in top-tier venues (CVPR, ICCV, ECCV, ICRA, NeurIPS, etc.) and contribute to patents A day in the life - Train ML models for deployment in simulation and real-world robots, identify and document their limitations post-deployment - Drive technical discussions within your team and with key stakeholders to develop innovative solutions to address identified limitations - Actively contribute to brainstorming sessions on adjacent topics, bringing fresh perspectives that help peers grow and succeed — and in doing so, build lasting trust across the team - Mentor team members while maintaining significant hands-on contribution to technical solutions
Applied Scientist, Machine Learning Accelerator - Annapurna Labs
US, TX, Austin
Our team is involved with pre-silicon design verification for custom IP. A critical requirement of the verification flow is the requirement of legal and realistic stimulus of a custom Machine Learning Accelerator Chip. Content creation is built using formal methods that model legal behavior of the design and then solving the problem to create the specific assembly tests. The entire frame work for creating these custom tests is developed using a SMT solver and custom software code to guide the solution space into templated scenarios. This highly visible and innovative role requires the design of this solving framework and collaborating with design verification engineers, hardware architects and designers to ensure that interesting content can be created for the projects needs. Key job responsibilities Develop an understanding for a custom machine learning instruction set architecture. Model correctness of instruction streams using first order logic. Create custom API's to allow control over scheduling and randomness. Deploy algorithms to ensure concurrent code is safely constructed. Create coverage metrics to ensure solution space coverage. Use novel methods like machine learning to automate content creation. About the team Utility Computing (UC) AWS Utility Computing (UC) provides product innovations — from foundational services such as Amazon’s Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2), to consistently released new product innovations that continue to set AWS’s services and features apart in the industry. As a member of the UC organization, you’ll support the development and management of Compute, Database, Storage, Internet of Things (Iot), Platform, and Productivity Apps services in AWS, including support for customers who require specialized security solutions for customers who require specialized security solutions for their cloud services. Annapurna Labs (our organization within AWS UC) designs silicon and software that accelerates innovation. Customers choose us to create cloud solutions that solve challenges that were unimaginable a short time ago—even yesterday. Our custom chips, accelerators, and software stacks enable us to take on technical challenges that have never been seen before, and deliver results that help our customers change the world.
Member of Technical Staff, Multimodal Agents, AGI Autonomy
US, CA, San Francisco
Amazon AGI Lab is a frontier research and product team combining the speed of a startup with Amazon’s scale and resources. We build agents that can perceive, reason, and take action to complete real-world tasks. The lab is designed to empower AI researchers and engineers to make major breakthroughs with speed and focus toward this goal. Each team in the lab has the autonomy to move fast and the long-term commitment to pursue high-risk, high-payoff research. We're hiring a principal engineer who can take models from prototype to production and build the systems that make them run reliably at scale. The bar is end-to-end ownership: your work can range from working alongside researchers to build novel architectures, to being the person who decides what the agent runtime looks like, where the data lives, and how we know it's delivering value. Key job responsibilities - Set the technical direction for the team - Partner closely with researchers to take emerging VLM and agent ideas from prototype to robust, instrumented systems that can be evaluated, improved, and scaled - Create tooling that accelerates research and engineering velocity - Raise the engineering bar for the team through technical design reviews, mentoring, principled architecture, high-quality code, observability, and operational excellence - Influence the broader AGI organization by identifying reusable primitives, writing clear technical strategy, and creating systems that other teams can build on - Be a thought leader & represent the lab externally by sharing ideas through thoughtful writing, conference talks, research publications, and open-source contributions, helping advance the field while raising the visibility and impact of the team’s work
Applied Scientist, Amazon Precision Match
US, WA, Seattle
We are seeking an Applied Scientist to join the Amazon Precision Match (APM) team within Customer Journey, Network Solutions. APM is a transformative initiative replacing Amazon's legacy queue-based customer service routing with intelligent algorithmic matching — connecting customers with the best available service option based on their needs and Customer Service Associates (CSA) capabilities. This role will drive the science behind a high-scale system with significant projected impact on operational efficiency and customer experience. You will work at the intersection of recommendation systems, real-time ML inference, and large-scale experimentation to redefine how Amazon serves its customers. Key job responsibilities - Design, develop, and optimize ML-based matching algorithms that pair customers with optimal CSAs based on contact complexity, intent, and CSA skill profiles. - Build and iterate on feature engineering pipelines across CSA-level (skills, tenure, sentiment handling), contact-level (intent, complexity, urgency), and customer-level (language, communication style) attributes. - Run offline simulations on large-scale historical contact data and design statistically rigorous A/B experiments to validate matching improvements. - Develop real-time low-latency scoring and inference systems for production contact routing. - Address the cold start problem for new CSAs and build continuous model retraining infrastructure using production feedback. - Partner with CS Economics, Capacity Planning, and Quality teams on experiment design and results interpretation. - Evolve the matching framework from individual CSA ranking to set-based optimization balancing performance and operational sustainability. A day in the life You will spend your days iterating on matching models, analyzing experiment results from live production traffic, and collaborating with engineers and product managers to translate science insights into system improvements. You'll partner with the Customer Service Economics team to design experiments, review simulation outputs, and present findings to senior leadership. You'll also deep-dive into CSA behavioral patterns, contact transcripts, and performance data to identify new matching signals and continuously improve the algorithm. About the team The Amazon Precision Match team is a high-impact, fast-moving science and engineering team within Customer Journey, Network Solutions. Our mission is to ensure every Amazon customer is connected with the right service option at the right time — improving customer experience while driving operational efficiency at scale. We value intellectual curiosity, rigorous experimentation, and a bias for action. We operate with a continuous improvement flywheel: offline simulation, A/B testing, and production rollout. We collaborate closely with Customer Service Operations, Capacity Planning, Quality, and partner science teams across Amazon.
Applied Scientist, Pricing Science
US, WA, Seattle
Amazon's Pricing Science is seeking a driven Applied Scientist to harness planet scale multi-modal datasets, and navigate a continuously evolving competitor landscape, in order to regularly generate fresh customer-relevant prices on billions of Amazon products worldwide. We are looking for a talented, organized, and customer-focused applied researchers to join our Pricing Optimization science group, with a charter to measure, refine, and launch customer-obsessed improvements to our pricing algorithms across all products listed on Amazon. This role requires an individual with exceptional machine learning and predictive modeling skills, causal and experimental evaluation experience, excellent cross-functional collaboration skills and business acumen, and an entrepreneurial spirit. We are looking for an experienced innovator, who is a self-starter, comfortable with ambiguity, demonstrates strong attention to detail, and has the ability to work independently to deliver business impact. Key job responsibilities - See the big picture. Understand and develop science to influence the long term vision for Amazon's science-based competitive, perception-preserving pricing techniques - Build strong collaborations. Partner with product, engineering, and data teams within Pricing & Promotions to deploy models at Amazon scale - Stay informed. Establish mechanisms to stay up to date on latest scientific advancements in machine learning, reinforcement learning, causal ML, and multi-objective optimization techniques. Identify opportunities to apply them to relevant Pricing & Promotions business problems - Keep innovating for our customers. Foster an environment that promotes rapid experimentation, continuous learning, and incremental value delivery. - Successfully execute & deliver. Apply your exceptional technical machine learning expertise to incrementally move the needle on some of our hardest pricing problems. A day in the life We are hiring an applied scientist to drive our pricing optimization initiatives. The Price Optimization science team drives cross-domain and cross-system improvements through: - Invent and deliver price optimization, simulation, and competitiveness tools for Sellers. - Promotion optimization initiatives exploring CX, discount amount, and cross-product optimization opportunities. - Identifying opportunities to optimally price across systems and contexts (marketplaces, request types, event periods) Price is a highly relevant input into many partner-team architectures, and is highly relevant to the customer, therefore this role creates the opportunity to drive extremely large impact (measured in Bs not Ms), but demands careful thought and clear communication. About the team About the team: the Pricing Optimization team within P2 Science owns price quality, discovery and discount optimization initiatives, including criteria for internal price matching, price discovery into search, p13N and SP, pricing bandits, and Promotion type optimization. We leverage planet scale data on billions of Amazon and external competitor products to build advanced optimization models for pricing, elasticity estimation, product substitutability, and optimization. We preserve long term customer trust by ensuring Amazon's prices are always competitive and error free.
Senior Applied Scientist , Sponsored Products
US, NY, New York
The Sponsored Products and Brands team at Amazon Ads is re-imagining the advertising landscape through generative AI technologies, revolutionizing how millions of customers discover products and engage with brands across Amazon.com and beyond. We are at the forefront of re-inventing advertising experiences, bridging human creativity with artificial intelligence to transform every aspect of the advertising lifecycle from ad creation and optimization to performance analysis and customer insights. We are a passionate group of innovators dedicated to developing responsible and intelligent AI technologies that balance the needs of advertisers, enhance the shopping experience, and strengthen the marketplace. If you're energized by solving complex challenges and pushing the boundaries of what's possible with AI, join us in shaping the future of advertising. We are seeking a technical leader for our Supply Science team. This team is within the Sponsored Product team, and works on complex engineering, optimization, econometric, and user-experience problems in order to deliver relevant product ads on Amazon search and detail pages world-wide. The team operates with the dual objective of enhancing the experience of Amazon shoppers and enabling the monetization of our online and mobile page properties. Our work spans ML and Data science across predictive modeling, reinforcement learning (Bandits), adaptive experimentation, causal inference, data engineering. Key job responsibilities Search Supply and Experiences, within Sponsored Products, is seeking a Senior Applied Scientist to join a fast growing team with the mandate of creating new ads experience that elevates the shopping experience for our hundreds of millions customers worldwide. We are looking for a top analytical mind capable of understanding our complex ecosystem of advertisers participating in a pay-per-click model– and leveraging this knowledge to help turn the flywheel of the business. As a Senior Applied Scientist on this team you will: --Act as the technical leader in Machine Learning and drive full life-cycle Machine Learning projects. --Lead technical efforts within this team and across other teams. --Build machine learning models, perform proof-of-concept, experiment, optimize, and deploy your models into production. --Run A/B experiments, gather data, and perform statistical analysis. --Establish scalable, efficient, automated processes for large-scale data analysis, machine-learning model development, model validation and serving. --Work closely with software engineers to assist in productionizing your ML models. --Research new machine learning approaches. --Recruit Applied Scientists to the team and act as a mentor to other scientists on the team. A day in the life The successful candidate will be a self-starter comfortable with ambiguity, with strong attention to detail, and with an ability to work in a fast-paced, high-energy and ever-changing environment. The drive and capability to shape the direction is a must. About the team We are a customer-obsessed team of engineers, technologists, product leaders, and scientists. We are focused on continuous exploration of contexts and creatives where advertising delivers value to customers and advertisers. We specifically work on new ads experiences globally with the goal of helping shoppers make the most informed purchase decision. We obsess about our customers and we are continuously innovating on their behalf to enrich their shopping experience on Amazon
Data Scientist, Seller Fee Science
IN, KA, Bengaluru
The Seller Fee Science Team integrates economic modeling, machine learning, and artificial intelligence to guide fee strategy, quantify its impact, and ensure fees are accurately computed and explained for billions of transactions between Amazon selling partners and customers. We help build the foundations for growing selling partner businesses, bringing the best selection and prices to Amazon customers, and helping Amazon leaders make and implement high impact decisions that optimally balance profitability and growth. Our team brings together world-class economists, physicists, mathematicians, and computer scientists to tackle diverse challenging problems that require theoretical rigor and deliver real-world impact. As an data scientist on our team, this role will focus on the application of data analysis, econometrics, machine learning, and artificial intelligence to measure and predict Amazon's P&L, with emphasis on fee revenue. This blends the tools of data science, statistics, and ML/AI. Your work will shape not only how fees are decided, but how they are interpreted and planned. We are seeking scientists who are motivated by first principles, disciplined experimentation, and the technical challenge of deploying ideas at global scale. This is an opportunity to work on consequential problems where analytic rigor meets real-world complexity, and where your analysis, models, algorithms, and systems will directly influence the experience of millions of sellers. If you are driven to build elegant solutions to hard problems—and to see them operate in production at meaningful scale—we would welcome the opportunity to build with you. Key job responsibilities ** Translate ambiguous business challenges into well-defined scientific problems with measurable impact. ** Identify opportunities to improve fee revenue measurement, prediction, planning, structure, and level. ** Identify opportunities to improve measurement, and prediction of other items of the P&L, at appropriate levels of granularity. ** Design, develop, and deploy econometric or AI/ML models that improve our understanding of the relationship between fees and costs, or predict fee revenue, and other elements of the P&L. ** Partner closely with finance and fee strategy teams to formulate scientific questions, communicate results, and productionalize solutions. **Apply rigorous simulation methods to validate models and quantify business impact at scale. **Communicate scientific innovations and results clearly to cross-functional stakeholders and contribute to the broader internal and external scientific community through publications, talks, and technical artifacts. About the team Amazon’s third-party marketplace is a multibillion-dollar global service, connecting customers and sellers across through billions of transactions annually. The Seller Fee Science Team integrates economic modeling, machine learning, and artificial intelligence to guide business fee strategy, ensure fees are accurately computed for millions of products, and improve the seller experience with AI tools that support any fee related contact (understanding, audit, and dispute). We build the scientific foundation that empowers sellers to grow their businesses with clarity and confidence. Our team brings together world-class economists, physicists, mathematicians, and computer scientists to tackle diverse challenging problems that require theoretical rigor and deliver real-world impact.
Director, Applied Science, Full Funnel Advertising (FAIM)
US, CA, Palo Alto
We're seeking an Applied Science leader to build AI/ML-powered agentic systems that operate across the full advertising funnel, from awareness through conversion, autonomously optimizing advertiser outcomes at scale. You'll lead a world-class science and engineering team that ships production systems leveraging models and multi-agent architectures, transforming how millions of customers discover products and how advertisers engage with Amazon Ads powered by AI. You'll set the bar for technical excellence and high-velocity innovation: attract and retain top talent, maintain operational excellence, and ensure research translates into measurable, customer-centric impact. Key job responsibilities * Lead the development and implementation of generative AI strategies for Full funnel campaigns and New product campaigns * Drive technical strategy and roadmap decisions that balance innovation, scalability, and customer impact * Drive the architecture and delivery of production-grade multi-agent systems, including planning agents, bidding agents, creative agents, and measurement agents * Collaborate with cross-functional teams to integrate advanced AI technologies into existing advertising platforms * Spearhead research and innovation in AI-powered advertising solutions * Build and develop cross-functional teams of applied scientists and engineers * Make critical build-vs-buy and architectural tradeoff decisions across the agentic stack A day in the life Your day will be a dynamic blend of strategic leadership, technical innovation, and collaborative problem-solving. You'll work closely with cross-functional teams to design and implement advanced AI technologies that enhance advertising experiences, driving meaningful connections between brands and customers. About the team We are a passionate group of innovators dedicated to developing AI powered advertiser products that balance the needs of advertisers and enhance the user experience. If you're energized by solving complex challenges and pushing the boundaries of what's possible with AI, join us in shaping the future of advertising.
Quantum Applied Scientist, Processor Test & Measurement, Amazon Center for Quantum Computing
US, CA, Pasadena
The Amazon Center for Quantum Computing in Pasadena, CA, is looking to hire an Applied Scientist in the Processor Test and Measurement group. You will join a multi-disciplinary team of theoretical and experimental physicists, materials scientists, and hardware and software engineers working at the forefront of quantum computing. This role focuses on the verification and validation of the circuit components that make up a quantum error correction (QEC) code — such as gates, reset, and readout — and on understanding how the performance of those components contributes to overall QEC performance. We are looking for someone who enjoys connecting component-level measurements to integrated system behavior, and who is motivated by working across teams to understand it. Much of the work involves partnering with processor design, theory, and QEC colleagues to validate that new devices behave as their Hamiltonians predict, and to explore the gaps when they don't. A comfort with error budgeting — reasoning about where component performance comes from and what limits it — is central to the role. Candidates with a track record of original scientific contributions will be preferred. We value strong engineering principles, resourcefulness, problem solving, and clear communication, along with the ability to work effectively within a team. As an Applied Scientist you will have the opportunity to pursue new ideas and stay abreast of the field of experimental quantum computation. Key job responsibilities We are looking to hire an Applied Scientist to help verify and validate the circuit components of our error-corrected quantum processors and to understand how their performance maps to QEC requirements. Depending on background and interest, the work may include: - Collaborating with theory and processor design teams to develop experimental test plans that validate new processor designs and check that fabricated devices meet their intent. - Characterizing the building blocks of a QEC code and building error budgets that explain and bound their performance. - Designing experiments that help separate effects such as crosstalk and spectator interactions from intrinsic component performance. - Prototyping calibration and measurement approaches that can later be matured for automated, large-scale processor bring-up and QEC demonstrations. - Investigating discrepancies between measured and expected behavior, and feeding what you learn back into design and theory. You will have the opportunity to take part in high-impact research projects that intersect with our engineering roadmap, working closely with processor, theory, and QEC stakeholders so that component-level decisions are informed by overall system performance. A day in the life About the team Why AWS? Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses. AWS Utility Computing (UC) provides product innovations — from foundational services such as Amazon’s Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2), to consistently released new product innovations that continue to set AWS’s services and features apart in the industry. As a member of the UC organization, you’ll support the development and management of Compute, Database, Storage, Internet of Things (Iot), Platform, and Productivity Apps services in AWS. Within AWS UC, Amazon Dedicated Cloud (ADC) roles engage with AWS customers who require specialized security solutions for their cloud services. Inclusive Team Culture AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do. Diverse Experiences AWS values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Mentorship & Career Growth We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. Export Control Requirement: Due to applicable export control laws and regulations, candidates must be either a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum, or be able to obtain a US export license. If you are unsure if you meet these requirements, please apply and Amazon will review your application for eligibility.
See more jobs
View from space of a connected network around planet Earth representing the Internet of Things.
Get more from Amazon Science
Subscribe to our newsletter

Amazon.com | Conditions of Use | Privacy | © 1996-2026 Amazon.com, Inc. or its affiliates

Social