E3X: Encrypt-Everything-Everywhere ISA eXtensions for Private Computation

Eduardo Chielle, Nektarios Georgios Tsoutsos, Oleg Mazonka, Michail Maniatakos

Research output: Contribution to journalArticlepeer-review

Abstract

The rapid increase of recent privacy attacks has significantly decreased trust on behalf of the users. A root cause to these problems is that modern computer architectures have always been designed for performance, while security protections are traditionally addressed reactively. Practical security protections, such as Intel SGX, rely on processing unencrypted data in the architectural state, which leaves them exposed to software attacks (e.g., SGXpectre). This work revisits the traditional computation stack and introduces a novel computation paradigm, where data is never decrypted in the architectural state. Through our architecture, data are protected with symmetric or asymmetric encryption and the programmer manipulates them directly in the encrypted domain. To increase performance, we exploit data locality by introducing decryption caches in the microarchitectural state. Our proposal addresses all abstraction levels in the computation stack: from microarchitecture to library support for high-level programming. The proposed architecture is instantiated through new assembly instructions, registers and functional units operating on large integers. In our evaluation, we extend the OpenRISC 1000 architecture and develop open-source libraries for C++. As a case study, we employ data-oblivious benchmarks and observe that for benchmarks with high temporal locality, our architecture can achieve comparable performance to processing unencrypted data.

Original languageEnglish (US)
Pages (from-to)848-861
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume19
Issue number2
DOIs
StatePublished - 2022

Keywords

  • Data privacy
  • ISA extensions
  • homomorphic encryption
  • privacy-preserving computation
  • secure outsourcing

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'E3X: Encrypt-Everything-Everywhere ISA eXtensions for Private Computation'. Together they form a unique fingerprint.

Cite this