On the Security of a Universal Cryptocomputer: the Chosen Instruction Attack

Raß, Stefan; Schartner, Peter

doi:10.1109/access.2016.2622724

Cited by 11 publications

(8 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The modifications are needed because, in the context of encrypted computing, conventional instruction sets have recently been shown by Rass and Schartner (2016) to be vulnerable to a 'chosen instruction' attack. That is, an attacker can generate an encrypted 1 by forcing encrypted division of any encrypted x by itself, then construct any encrypted K via encrypted self addition K -1 times over; then finally, branch on encrypted comparison with each K in turn allows any encrypted number to be deciphered.…”

Section: Recent Developmentsmentioning

confidence: 99%

Fully encrypted high-speed microprocessor architecture: the secret computer in simulation

Breuer¹,

Bowen

2019

IJCCBS

View full text Add to dashboard Cite

The architecture of an encrypted high-performance microprocessor designed on the principle that a nonstandard arithmetic generates encrypted processor states is described here. Data in registers, in memory and on buses exists in encrypted form. Any block encryption is feasible, in principle. The processor is (initially) intended for cloud-based remote computation. An encrypted version of the standard OpenRISC instruction set is understood by the processor. It is proved here, for programs written in a minimal subset of instructions, that the platform is secure against 'Iago' attacks by the privileged operator or a subverted operating system, which cannot decrypt the program output, nor change the program's output to a particular value of their choosing. Performance measures from cycle-accurate behavioural simulation of the platform are given for 64-bit RC2 (symmetric, keyed) and 72-bit Paillier (asymmetric, additively homomorphic, no key in-processor) encryptions. Measurements are centred on a nominal 1 GHz clock with 3 ns cache and 15 ns memory latency, which is conservative with respect to available technology.Reference to this paper should be made as follows: Breuer, P.T. and Bowen, J.P. (xxxx) 'Fully encrypted high-speed microprocessor architecture: the secret computer in simulation', Int.

show abstract

Section: Recent Developmentsmentioning

confidence: 99%

Fully encrypted high-speed microprocessor architecture: the secret computer in simulation

Breuer¹,

Bowen

2019

IJCCBS

View full text Add to dashboard Cite

show abstract

“…The key idea to solve the problem mentioned above is to directly run encrypted instructions [3]. In other words, the client of the cloud service sends the encrypted instructions which represent the function to be evaluated and the encrypted inputs to the cloud sever.…”

Section: Introductionmentioning

confidence: 99%

Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHE

Matsuoka,

Banno,

Matsumoto

et al. 2020

Preprint

View full text Add to dashboard Cite

We present Virtual Secure Platform (VSP), the first comprehensive platform that implements a multi-opcode generalpurpose sequential processor over Fully Homomorphic Encryption (FHE) for Secure Multi-Party Computation (SMPC). VSP protects both the data and functions on which the data are evaluated from the adversary in a secure computation offloading situation like cloud computing. We proposed a complete processor architecture with a five-stage pipeline, which improves the performance of the VSP by providing more parallelism in circuit evaluation. In addition, we also designed a custom Instruction Set Architecture (ISA) to reduce the gate count of our processor, along with an entire set of toolchains to ensure that arbitrary C programs can be compiled into our custom ISA. In order to speed up instruction evaluation over VSP, CMUX Memory based ROM and RAM constructions over FHE are also proposed. Our experiments show that both the pipelined architecture and the CMUX Memory technique are effective in improving the performance of the proposed processor. We provide an open-source implementation of VSP which achieves a per-instruction latency of less than 1 second. We demonstrate that compared to the best existing processor over FHE, our implementation runs nearly 1,600× faster.

show abstract

“…on an encrypted z and subtracting on branch, z may be obtained efficiently bitwise. That is a chosen instruction attack (CIA) [21]. The instruction set has to resist such attacks, but the compiler must be involved too, else there would be known plaintext attacks (KPAs) [22] based on the idea that not only do instructions like x−x predictably favour one value over others (the result there is always x−x=0), but human programmers intrinsically use values like 0, 1 more often.…”

Section: Introductionmentioning

confidence: 99%

Compiled Obfuscation for Data Structures in Encrypted Computing

Breuer

2019

Preprint

View full text Add to dashboard Cite

Encrypted computing is an emerging technology based on a processor that 'works encrypted', taking encrypted inputs to encrypted outputs while data remains in encrypted form throughout. It aims to secure user data against possible insider attacks by the operator and operating system (who do not know the user's encryption key and cannot access it in the processor). Formally 'obfuscating' compilation for encrypted computing is such that on each recompilation of the source code, machine code of the same structure is emitted for which runtime traces also all have the same structure but each word beneath the encryption differs from nominal with maximal possible entropy across recompilations. That generates classic cryptographic semantic security for data, relative to the security of the encryption, but it guarantees only single words and an adversary has more than that on which to base decryption attempts. This paper extends the existing integer-based technology to doubles, floats, arrays, structs and unions as data structures, covering ANSI C. A single principle drives compiler design and improves the existing security theory to quantitative results: every arithmetic instruction that writes must vary to the maximal extent possible.

show abstract

On the Security of a Universal Cryptocomputer: the Chosen Instruction Attack

Cited by 11 publications

References 17 publications

Fully encrypted high-speed microprocessor architecture: the secret computer in simulation

Fully encrypted high-speed microprocessor architecture: the secret computer in simulation

Virtual Secure Platform: A Five-Stage Pipeline Processor over TFHE

Compiled Obfuscation for Data Structures in Encrypted Computing

Contact Info

Product

Resources

About