Researchers at NYU Abu Dhabi (NYUAD) have designed a co-processor that relies on partially homomorphic encrypted (PHE) execution, enabling it to perform computations directly on encrypted data.
Processors in PCs and smartphones currently compute on ordinary, unencrypted data only. The new processor, CoPHEE, mitigates data leakage and limits threats and vulnerabilities from hackers, by computing directly using encrypted data without decryption.
The project is led by NYUAD assistant professor of electrical and computer engineering Michail Maniatakos, with contributors including research engineers at NYUAD’s center for cyber security (NYUAD CCS) Mohammed Nabeel and Mohammed Ashraf, NYUAD CCS post-doctoral associate Eduardo Chielle, and NYU alumni and assistant professor of electrical and computer engineering at the University of Delaware, Nektarios Tsoutsos. The project is funded by GlobalFoundries, which is owned by Mubadala, an investment firm based in Abu Dhabi.
In a paper presented earlier this year at the IEEE International Symposium on Hardware Oriented Security and Trust (HOST), the NYUAD researchers said ASIC designs for encrypted execution impose unique challenges. They include the the need for non-traditional arithmetic units (modular inverse, greatest common divisor), very wide datapaths (2048 bits), and the requirement for secure multiplexer units enabling general-purpose execution on encrypted values. Even solutions like Intel SGX require the data to be processed as plaintext, which renders the entire microprocessor core and cache memories vulnerable to hardware Trojans and side channel attacks.
To address this, the CoPHEE processor enables PHE encryption execution. It is a fully functional co-processor chip, and communicates to a main processor via UART. It was fabricated at GlobalFoundries in a 65nm CMOS process. Specifically, the designers used the multi-project wafer (MPW) fabrication service from MOSIS. The IC has a die area of 9mm2 and a target frequency of 100 Mhz (constrained by the maximum speed of the provided I/O pads).
The researchers said that if a system-on-chip approach is taken where CoPHEE is also located on the same bus, the communication with the main CPU would clearly be much faster than this experimental off-chip set-up. Assuming a 32-bit ARM architecture, on-chip communication on AHB-Lite would accelerate communication to around 9.65E-08 seconds per operation.
The processor is instantiated using 2048-bit encrypted operands and can be readily used to accelerate a broad range of secure applications, such as voting protocols, threshold cryptosystems, watermarking and secret sharing schemes, as well as server-aided polynomial evaluation protocols. For this it incorporates special arithmetic units for modular multiplication (ModMul), exponentiation (ModExp), inversion (ModInv) and greatest common divisor (GCD). In addition, to extend support for ciphertext-based control flow decisions in PHE-protected algorithms, it adopts the Cryptoleq blueprint and instantiates a secure multiplexer in trusted hardware, effectively minimizing the required trust surface to a single operation.
The CoPHEE processor architecture (Image: NYU Abu Dhabi)
The arithmetic units for modular multiplication, exponentiation, inversion, and GCD accelerate the computation of very wide datapaths, while its secure multiplexer and true random number generator enables universal computation in the encrypted domain. In their paper, the team conclude, “To the best of our knowledge, CoPHEE is the first academic effort towards constructing a fast and reliable processor capable of processing encrypted data. This paper presents all required steps for a fully functional silicon, from the RTL design to fabrication and validation. Given the silicon, future work will explore side-channel analysis and information extraction through power, timing, and electromagnetic emissions.”
Maniatakos adds, “Existing data protection solutions protect data at rest in our hard disks and data in transit over the internet, similar to Whatsapp’s end-to-end encryption. These solutions are not suitable to manipulate encrypted data i.e. perform operations directly on the encrypted domain. With this new processor, non-trivial encrypted data manipulation is a reality and anyone stealing our data from our computers can do nothing with it since everything is encrypted. We are confident that any smart technology using data can benefit from the new processor including PCs, personal tablets, and smartphones.”