Abstract: In one example an apparatus comprises an input state register, and a first round secure hash algorithm (SHA) datapath circuit communicatively coupled to the input state register and a second round secure hash algorithm (SHA) datapath circuit communicatively coupled to the first round secure hash datapath circuit, the first round secure has algorithm (SHA) datapath circuit and the second round secure hash algorithm (SHA) datapath circuit each comprising a first section to perform a ? step of a SHA calculation, a second section to perform a ? step calculation, a third section to perform a ? step of the SHA calculation, a fourth section to perform a ? step of the SHA calculation, and a fifth section to perform a ? step of the SHA calculation.

Abstract: Methods, systems, and apparatuses associated with hardware mechanisms for link encryption are disclosed. In various embodiments, an interconnect interface is coupled to a processor core to interconnect a peripheral device to the processor core via a link established between the peripheral device and the interconnect interface. The interconnect interface is to select a cryptographic engine of a plurality of cryptographic engines instantiated in the interconnect interface for the link. The cryptographic engine is to symmetrically encrypt data to be transmitted through the link. In more specific embodiments, each of the plurality of cryptographic engines is instantiated for one of a request type on the link, a virtual channel on the link, or a request type within a virtual channel on the link.

Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first block cipher pipeline to encrypt a count using a key; a first exclusive-OR (XOR) to generate a first XOR result of the encrypted count and a length multiplied by an authentication key; a second block cipher pipeline to encrypt (count+1) using the key; a second XOR to generate a second XOR result of plaintext data and the encrypted (count+1); a plurality of Galois field multipliers (GFMs) to perform Galois field multiplication on additional authenticated data (AAD), powers of the authentication key, and ciphertext data; and a plurality of exclusive-ORs (XORs) to combine results of the GFMs and the first XOR result to generate an authentication tag. Other embodiments are described and claimed.

Abstract: In one embodiment, an apparatus includes a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include a multiplier circuit comprising a parallel combinatorial multiplier, and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.

Abstract: A method comprises receiving an image of an update for a software module, a rate parameter, an index parameter, and a public key, generating a 32-byte aligned string, computing a state parameter using the 32-byte aligned string, generating a modified message representative, computing a Merkle Tree root node, and in response to a determination that the Merkle Tree root node matches the public key, forwarding, to a remote device, the image of the update for a software module, the state parameter; and the modified message representative.

Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.

Abstract: An apparatus comprises an input register to receive a transport layer data packet, an encryption/decryption pipeline communicatively coupled to the input register, comprising a first section comprising a set of advanced encryption standard (AES) engines including at least a first AES engine to perform encryption and/or decryption operations on input data from the at least a portion of a transport layer data packet, a second AES engine to determine an authentication key, and a third AES engine to determine an authentication tag mask, a second section comprising a first set of Galois field multipliers comprising at least a first Galois field multiplier to compute a first multiple of the authentication key, a third section comprising a second set of Galois field multipliers to compute a first partial authentication tag, and a fourth section comprising a processing circuitry to compute a second partial authentication tag and a final authentication tag.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS verification manager logic to manage XMSS verification functions, a one-time signature and public key generator logic, a chain function logic to implement chain function algorithms, a low latency SHA3 hardware engine, and a register bank communicatively coupled to the XMSS verification manager logic. Other examples may be described.

Abstract: Embodiments are directed to homomorphic encryption for machine learning and neural networks using high-throughput Chinese remainder theorem (CRT) evaluation. An embodiment of an apparatus includes a hardware accelerator to receive a ciphertext generated by homomorphic encryption (HE) for evaluation, decompose coefficients of the ciphertext into a set of decomposed coefficients, multiply the decomposed coefficients using a set of smaller modulus determined based on a larger modulus, and convert results of the multiplying back to an original form corresponding to the larger modulus by performing a reverse Chinese remainder theorem (CRT) transform on the results of multiplying the decomposed coefficients.

Abstract: A mechanism is described for facilitating unified accelerator for classical and post-quantum digital signature schemes in computing environments. A method includes unifying classical cryptography and post-quantum cryptography through a unified hardware accelerator hosted by a trusted platform of the computing device. The method may further include facilitating unification of a first finite state machine associated with the classical cryptography and a second finite state machine associated with the post-quantum cryptography though one or more of a single the hash engine, a set of register file banks, and a modular exponentiation engine.

Abstract: A system and method of enhancing the trustworthiness of an artificial intelligence system include detecting whether a data element includes an existing data domain tag, processing the data element into a transformed data element, generating a data domain tag, where the data domain tag includes at least a data domain identifier and a timestamp, appending the data domain tag to the transformed data element, creating a signature for the transformed data element and the appended data domain tag using a private key, and creating another signature for the data domain tag using the private key.

Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.

Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to compute a plurality of hash functions that combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein each of the plurality of hash functions differs in one of the additions, the bit-level reordering, the wide substitutions, or the bit-linear mixing; and access a hash table utilizing results of the plurality of hash functions.

Abstract: Embodiments are directed to countermeasures for side-channel attacks on protected sign and key exchange operations. An embodiment of storage mediums includes instructions for commencing a process including an elliptic curve scalar multiplication (ESM) operation including application of a secret scalar value; splitting the secret scalar value into two random scalar values; counting a number of leading ‘0’ bits in the scalar value and skipping the number of leading ‘0’ bits in processing; performing an ESM iteration for each bit of the secret scalar value beginning with a most significant ‘1’ bit of the scalar value including a Point Addition operation and a Point Double operation for each bit on randomized points; performing ESM operation dummy iterations equal to the number of leading ‘0’ bits; and returning an output result for the ESM operation.

Abstract: Embodiments are directed to a digital signature verification engine for reconfigurable circuit devices. An embodiment of an apparatus includes one or more processors; and a reconfigurable circuit device, the reconfigurable circuit device including digital signal processing (DSP) blocks and logic elements (LEs), wherein the one or more processors are to configure the reconfigurable circuit device to operate as a signature verification engine for a bit stream, the signature verification engine including a hybrid multiplication unit, the hybrid multiplication unit combining a set of LEs and a set of the DSPs to multiply operands for signature verification.

Abstract: A method comprises fetching, by fetch circuitry, an encoded butterfly instruction comprising an opcode, a first source identifier, a second source identifier, a third source identifier, and two destination identifiers, decoding, by decode circuitry, the decoded butterfly instruction to generate a decoded butterfly instruction, and executing, by execution circuitry, the decoded butterfly instruction to retrieve operands representing a first input polynomial-coefficient from the first source, a second input polynomial-coefficient from the second source, and a primitive nth root of unity from the third source, perform, in an atomic fashion, a butterfly operation to generate a first output polynomial-coefficient and a second output polynomial-coefficient, and store the first output coefficient and the second output coefficient in a register file accessible to the execution circuitry.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS verification manager logic to manage XMSS verification functions, a one-time signature and public key generator logic, a chain function logic to implement chain function algorithms, a low latency SHA3 hardware engine, and a register bank communicatively coupled to the XMSS verification manager logic. Other examples may be described.

Abstract: Embodiments are directed to homomorphic encryption for machine learning and neural networks using high-throughput Chinese remainder theorem (CRT) evaluation. An embodiment of an apparatus includes a hardware accelerator to receive a ciphertext generated by homomorphic encryption (HE) for evaluation, decompose coefficients of the ciphertext into a set of decomposed coefficients, multiply the decomposed coefficients using a set of smaller modulus determined based on a larger modulus, and convert results of the multiplying back to an original form corresponding to the larger modulus.

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS operations logic to manage XMSS functions, a chain function controller to manage chain function algorithms, a secure hash algorithm-2 (SHA2) accelerator, a secure hash algorithm-3 (SHA3) accelerator, and a register bank shared between the SHA2 accelerator and the SHA3 accelerator. Other examples may be described.

Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.