Abstract

A KPU is a replacement for a standard CPU that natively runs encrypted machine code on encrypted data in registers and memory – a ‘crypto-processor unit’, in other words. Its computations are opaque to an observer with physical access to the processor but remain meaningful to the owner of the computation. In theory, a KPU can be run in simulation and remain as secure (or otherwise) as in hardware. Any block cipher with a block-size of about a word is compatible with this developing technology, the long-term aim of which is to make it safe to entrust data-oriented computation to a remote environment.

Hardware is arranged in a KPU to make the chosen cipher behave as a mathematical homomorphism with respect to computer arithmetic. We describe the architecture formally here and show that ‘type-safe’ programs run correctly when encrypted.