CoPHEE: Co-processor for Partially Homomorphic Encrypted Execution

The recent disclosure of the Spectre and Meltdown side-channel vulnerabilities offers yet another example of modern computer architectures prioritizing performance optimizations over security and privacy. The devastating impact of data leakage, however, emphasizes the need for new processor designs that provide native support for data privacy using cryptography. In this paper, we report on a year-long effort to design, implement, fabricate, and validate CoPHEE: a novel co-processor design that mitigates data leakage risks using partially homomorphic encrypted execution. ASIC designs for encrypted execution impose unique challenges, such as the need for non-traditional arithmetic units (modular inverse, greatest common divisor), very wide datapaths (2048 bits), and the requirement for secure multiplexer units enabling general-purpose execution on encrypted values. Our fully-functional co-processor chip is fabricated in 65nm CMOS technology, and communicates to a main processor via UART. This paper offers an elaborate overview of all steps and design techniques in the ASIC development process, ranging from RTL design to fabrication and validation. We evaluate our co-processor using data-oblivious C++ benchmarks, while our RTL files are available in an open-source repository.