Abstract: A network device includes a hardware pipeline to process a network packet to be encrypted. A portion of the hardware pipeline retrieves information from the network packet and generates a command based on the information. A block cipher circuit is coupled inline within the hardware pipeline. The hardware pipeline includes hardware engines coupled between the portion of the hardware pipeline and the block cipher circuit. The hardware engines parse and execute the command to determine a set of inputs and input the set of inputs and portions of the network packet to the block cipher circuit. The block cipher circuit encrypts a payload data of the network packet based on the set of inputs.

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

Abstract: A network adapter includes a network interface controller and a processor. The network interface controller is to communicate over a peripheral bus with a host, and over a network with a remote storage device. The processor is to expose on the peripheral bus a peripheral-bus device that communicates with the host using a bus storage protocol, to receive first I/O transactions of the bus storage protocol from the host, via the exposed peripheral-bus device, and to complete the first I/O transactions in the remote storage device by (i) translating between the first I/O transactions and second I/O transactions of a network storage protocol, and (ii) executing the second I/O transactions in the remote storage device. For receiving and completing the first I/O transactions, the processor is to cause the network interface controller to transfer data directly between the remote storage device and a memory of the host using zero-copy.

Abstract: A network adapter includes a network interface controller and a processor. The network interface controller is to communicate over a peripheral bus with a host, and over a network with a remote storage device. The processor is to expose on the peripheral bus a peripheral-bus device that communicates with the host using a bus storage protocol, to receive first I/O transactions of the bus storage protocol from the host, via the exposed peripheral-bus device, and to complete the first I/O transactions in the remote storage device by (i) translating between the first I/O transactions and second I/O transactions of a network storage protocol, and (ii) executing the second I/O transactions in the remote storage device. For receiving and completing the first I/O transactions, the processor is to cause the network interface controller to transfer data directly between the remote storage device and a memory of the host using zero-copy.

Abstract: An Integrated Montgomery Calculation Engine (IMCE), for multiplying two multiplicands modulo a predefined number, includes a Carry Save Adder (CSA) circuit and control circuitry. The CSA circuit has multiple inputs, and has outputs including a sum output and a carry output. The control circuitry is coupled to the inputs and the outputs of the CSA circuit and is configured to operate the CSA circuit in at least (i) a first setting that calculates a Montgomery precompute value and (ii) a second setting that calculates a Montgomery multiplication of the two multiplicands.

Abstract: A Montgomery multiplication apparatus (MMA), for multiplying two multiplicands modulo a predefined number, includes a pre-compute circuit and a Montgomery multiplication circuit. The pre-compute circuit is configured to compute a Montgomery pre-compute value by performing a series of iterations. In a given iteration, the pre-compute circuit is configured to modify one or more intermediate values by performing bit-wise operations on the intermediate values calculated in a preceding iteration. The Montgomery multiplication circuit is configured to multiply the two multiplicands, modulo the predefined number, by performing a plurality of Montgomery reduction operations using the Montgomery pre-compute value computed by the pre-compute circuit.

Abstract: Instruction code is executed in a central processing unit of a network computing device. Besides the central processing unit the device is provided with a code sequencer operative to execute predefined instruction sequences. The code sequencer is invoked by a trigger instruction in the instruction code, which is encountered by the central processing unit. Responsively to its invocations the code sequencer executes the predefined instruction sequences.

Abstract: A method for designing a logic circuit includes providing an initial design of the logic circuit, including at least first and second logic stages, and a sequential component, which is inserted between the first and second logic stages and comprises a flip-flop or a latch. Timing delays of multiple paths in the initial design, including at least one path in which the sequential component is bypassed, are estimated. Based on the timing delays, a decision is made whether the paths in which the sequential component is bypassed meet a timing constraint set for the logic circuit. A final design of the logic circuit is then generated, in which the sequential component is either bypassed or not bypassed, depending on the decision.

Abstract: A method for designing a logic circuit includes providing an initial design of the logic circuit, including at least first and second logic stages, and a sequential component, which is inserted between the first and second logic stages and comprises a flip-flop or a latch. Timing delays of multiple paths in the initial design, including at least one path in which the sequential component is bypassed, are estimated. Based on the timing delays, a decision is made whether the paths in which the sequential component is bypassed meet a timing constraint set for the logic circuit. A final design of the logic circuit is then generated, in which the sequential component is either bypassed or not bypassed, depending on the decision.

Abstract: Instruction code is executed in a central processing unit of a network computing device. Besides the central processing unit the device is provided with a code sequencer operative to execute predefined instruction sequences. The code sequencer is invoked by a trigger instruction in the instruction code, which is encountered by the central processing unit. Responsively to its invocations the code sequencer executes the predefined instruction sequences.