Abstract
Copyright © 2019 Inderscience Enterprises Ltd. The architecture of an encrypted high-performance microprocessor designed on the principle that a nonstandard arithmetic generates encrypted processor states is described here. Data in registers, in memory and on buses exists in encrypted form. Any block encryption is feasible, in principle. The processor is (initially) intended for cloud-based remote computation. An encrypted version of the standard OpenRISC instruction set is understood by the processor. It is proved here, for programs written in a minimal subset of instructions, that the platform is secure against ‘Iago’ attacks by the privileged operator or a subverted operating system, which cannot decrypt the program output, nor change the program’s output to a particular value of their choosing. Performance measures from cycle-accurate behavioural simulation of the platform are given for 64-bit RC2 (symmetric, keyed) and 72-bit Paillier (asymmetric, additively homomorphic, no key in-processor) encryptions. Measurements are centred on a nominal 1 GHz clock with 3 ns cache and 15 ns memory latency, which is conservative with respect to available technology.
Highlights
If the arithmetic embedded in a conventional processor is modified appropriately, given three technical provisos summarised in Section 4, the processor continues to operate correctly, but all its states are one-to-many encryptions of those obtained in an unmodified processor running the same program (Breuer and Bowen, 2013)
Breuer and Bowen (2014b, 2015) elaborated compilation strategies for the encrypted computing environment and in 2016 we reported first results of prototyping with a pipelined implementation based on OpenRISC, and a formal proof that the hardware protocol in the pipeline preserves the separation of user mode and supervisor mode data (Breuer et al, 2016)
In further work since this paper was submitted, we have extended the theory in Section 6, introducing in Breuer et al (2017a) a modified RISC instruction set that covers the full range of conventional RISC instruction forms
Summary
If the arithmetic embedded in a conventional processor is modified appropriately, given three technical provisos summarised in Section 4, the processor continues to operate correctly, but all its states are one-to-many encryptions of those obtained in an unmodified processor running the same program (Breuer and Bowen, 2013). This paper summarises the state of research and development and gives performance measures on a single pipeline processor that works encrypted (our latest models achieve numbers equivalent to a fast classic pentium) with the aim of challenging the hardware and computer engineering community to apply the same approach with equal success in the context of more state-of-the-art computer architectures. It reports on architectural design, development and testing of the idea set out in the first paragraph of this section, via processor models run in simulation.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
