CHERI-Crypt: Transparent Memory Encryption on Capability Architectures | IACR Transactions on Cryptographic Hardware and Embedded Systems

<!DOCTYPE html> <html lang="en" xml:lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> CHERI-Crypt: Transparent Memory Encryption on Capability Architectures | IACR Transactions on Cryptographic Hardware and Embedded Systems </title> <meta name="generator" content="Open Journal Systems 3.4.0.5"> <link rel="schema.DC" href="http://purl.org/dc/elements/1.1/" /> <meta name="DC.Creator.PersonalName" content="Jennifer Jackson"/> <meta name="DC.Creator.PersonalName" content="Minmin Jiang"/> <meta name="DC.Creator.PersonalName" content="David Oswald"/> <meta name="DC.Date.created" scheme="ISO8601" content="2025-03-04"/> <meta name="DC.Date.dateSubmitted" scheme="ISO8601" content="2025-03-03"/> <meta name="DC.Date.issued" scheme="ISO8601" content="2025-03-04"/> <meta name="DC.Date.modified" scheme="ISO8601" content="2025-03-04"/> <meta name="DC.Description" xml:lang="en" content="Capability architectures such as CHERI (Capability Hardware Enhanced RISC Instructions) are an emerging technology designed to provide memory safety protection at the hardware level and are equipped to eradicate approximately 70% of the current software vulnerability attack surface. CHERI is an instruction set architecture extension and has been applied to a small number of processors, including various versions of RISC-V. One of the benefits of CHERI is that it inherently provides segregation or compartmentalisation of software, making it suitable for supporting other types of applications such as Trusted Execution Environments, where sensitive data and computation is conducted inside a secure enclave, away from the rest of the untrusted operating system and services. To prevent untrusted software from accessing these compartments or secure regions of memory CHERI uses the mechanism of sealed capabilities. Trusted execution environments however, have been proven vulnerable to not just software-based attacks, but hardware attacks as well. In this paper we present our CHERI-Crypt design, an encryption engine extension to a CHERI-RISC-V 32-bit processor, for transparent memory encryption of sealed CHERI capabilities to additionally protect sensitive data in memory against physical hardware attacks. We show that our CHERI-Crypt design can run an enclave test program within an encrypted CHERI seal and invoke process, requiring 626 additional clock cycles with a batch size of 32 bytes. Adding CHERI-Crypt reduces the maximum frequency of the base CPU by only 6 MHz, and requires approximately 3.5x more flip flops and LUTs."/> <meta name="DC.Format" scheme="IMT" content="application/pdf"/> <meta name="DC.Identifier" content="12048"/> <meta name="DC.Identifier.pageNumber" content="268-292"/> <meta name="DC.Identifier.DOI" content="10.46586/tches.v2025.i2.268-292"/> <meta name="DC.Identifier.URI" content="https://tches.iacr.org/index.php/TCHES/article/view/12048"/> <meta name="DC.Language" scheme="ISO639-1" content="en"/> <meta name="DC.Rights" content="Copyright (c) 2025 Jennifer Jackson, Minmin Jiang, David Oswald"/> <meta name="DC.Rights" content="https://creativecommons.org/licenses/by/4.0"/> <meta name="DC.Source" content="IACR Transactions on Cryptographic Hardware and Embedded Systems"/> <meta name="DC.Source.ISSN" content="2569-2925"/> <meta name="DC.Source.Issue" content="2"/> <meta name="DC.Source.Volume" content="2025"/> <meta name="DC.Source.URI" content="https://tches.iacr.org/index.php/TCHES"/> <meta name="DC.Subject" xml:lang="en" content="Memory Encryption"/> <meta name="DC.Subject" xml:lang="en" content="CHERI"/> <meta name="DC.Subject" xml:lang="en" content="RISC-V"/> <meta name="DC.Subject" xml:lang="en" content="Capability Architectures"/> <meta name="DC.Subject" xml:lang="en" content="Confidential Computing"/> <meta name="DC.Subject" xml:lang="en" content="Trusted Execution Environments"/> <meta name="DC.Title" content="CHERI-Crypt: Transparent Memory Encryption on Capability Architectures"/> <meta name="DC.Type" content="Text.Serial.Journal"/> <meta name="DC.Type.articleType" content="Articles"/> <meta name="gs_meta_revision" content="1.1"/> <meta name="citation_journal_title" content="IACR Transactions on Cryptographic Hardware and Embedded Systems"/> <meta name="citation_journal_abbrev" content="TCHES"/> <meta name="citation_issn" content="2569-2925"/> <meta name="citation_author" content="Jennifer Jackson"/> <meta name="citation_author_institution" content="University of Birmingham, Birmingham, UK"/> <meta name="citation_author" content="Minmin Jiang"/> <meta name="citation_author_institution" content="University of Birmingham, Birmingham, UK"/> <meta name="citation_author" content="David Oswald"/> <meta name="citation_author_institution" content="University of Birmingham, Birmingham, UK"/> <meta name="citation_title" content="CHERI-Crypt: Transparent Memory Encryption on Capability Architectures"/> <meta name="citation_language" content="en"/> <meta name="citation_date" content="2025/03/04"/> <meta name="citation_volume" content="2025"/> <meta name="citation_issue" content="2"/> <meta name="citation_firstpage" content="268"/> <meta name="citation_lastpage" content="292"/> <meta name="citation_doi" content="10.46586/tches.v2025.i2.268-292"/> <meta name="citation_abstract_html_url" content="https://tches.iacr.org/index.php/TCHES/article/view/12048"/> <meta name="citation_abstract" xml:lang="en" content="Capability architectures such as CHERI (Capability Hardware Enhanced RISC Instructions) are an emerging technology designed to provide memory safety protection at the hardware level and are equipped to eradicate approximately 70% of the current software vulnerability attack surface. CHERI is an instruction set architecture extension and has been applied to a small number of processors, including various versions of RISC-V. One of the benefits of CHERI is that it inherently provides segregation or compartmentalisation of software, making it suitable for supporting other types of applications such as Trusted Execution Environments, where sensitive data and computation is conducted inside a secure enclave, away from the rest of the untrusted operating system and services. To prevent untrusted software from accessing these compartments or secure regions of memory CHERI uses the mechanism of sealed capabilities. Trusted execution environments however, have been proven vulnerable to not just software-based attacks, but hardware attacks as well. In this paper we present our CHERI-Crypt design, an encryption engine extension to a CHERI-RISC-V 32-bit processor, for transparent memory encryption of sealed CHERI capabilities to additionally protect sensitive data in memory against physical hardware attacks. We show that our CHERI-Crypt design can run an enclave test program within an encrypted CHERI seal and invoke process, requiring 626 additional clock cycles with a batch size of 32 bytes. Adding CHERI-Crypt reduces the maximum frequency of the base CPU by only 6 MHz, and requires approximately 3.5x more flip flops and LUTs."/> <meta name="citation_keywords" xml:lang="en" content="Memory Encryption"/> <meta name="citation_keywords" xml:lang="en" content="CHERI"/> <meta name="citation_keywords" xml:lang="en" content="RISC-V"/> <meta name="citation_keywords" xml:lang="en" content="Capability Architectures"/> <meta name="citation_keywords" xml:lang="en" content="Confidential Computing"/> <meta name="citation_keywords" xml:lang="en" content="Trusted Execution Environments"/> <meta name="citation_pdf_url" content="https://tches.iacr.org/index.php/TCHES/article/download/12048/11892"/> <link rel="stylesheet" href="https://tches.iacr.org/index.php/TCHES/$$$call$$$/page/page/css?name=stylesheet" type="text/css" /><link rel="stylesheet" href="https://tches.iacr.org/index.php/TCHES/$$$call$$$/page/page/css?name=font" type="text/css" /><link rel="stylesheet" href="https://tches.iacr.org/lib/pkp/styles/fontawesome/fontawesome.css?v=3.4.0.5" type="text/css" /><link rel="stylesheet" href="https://tches.iacr.org/plugins/generic/citationStyleLanguage/css/citationStyleLanguagePlugin.css?v=3.4.0.5" type="text/css" /> </head> <body class="pkp_page_article pkp_op_view has_site_logo" dir="ltr"> <div class="pkp_structure_page"> <header class="pkp_structure_head" id="headerNavigationContainer" role="banner"> <nav class="cmp_skip_to_content" aria-label="Jump to content links"> <a href="#pkp_content_main">Skip to main content</a> <a href="#siteNav">Skip to main navigation menu</a> <a href="#pkp_content_footer">Skip to site footer</a> </nav> <div class="pkp_head_wrapper"> <div class="pkp_site_name_wrapper"> <button class="pkp_site_nav_toggle"> <span>Open Menu</span> </button> <div class="pkp_site_name"> <a href=" https://tches.iacr.org/index.php/TCHES/index " class="is_img"> <img src="https://tches.iacr.org/public/journals/7/pageHeaderLogoImage_en_US.png" width="200" height="38" alt="Ruhr-Universit盲t Bochum" /> </a> </div> </div> <nav class="pkp_site_nav_menu" aria-label="Site Navigation"> <a id="siteNav"></a> <div class="pkp_navigation_primary_row"> <div class="pkp_navigation_primary_wrapper"> <ul id="navigationPrimary" class="pkp_navigation_primary pkp_nav_list"> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/index"> Home </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/issue/current"> Current </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/issue/archive"> Archives </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/submissions1"> Submissions </a> <ul> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/cfp"> Call for Papers </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/submission"> Paper Submission </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/camera-ready"> Camera-ready Submission </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/ethics"> Publication Ethics </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/retractions"> Retraction Policy </a> </li> </ul> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/faq"> FAQ </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/editorial"> Editorial Board </a> </li> <li class=""> <a href="https://tches.iacr.org/index.php/TCHES/contact"> Contact </a> </li> <li class=""> <a href="https://ches.iacr.org/"> CHES </a> </li> </ul> <div class="pkp_navigation_search_wrapper"> <a href="https://tches.iacr.org/index.php/TCHES/search" class="pkp_search pkp_search_desktop"> <span class="fa fa-search" aria-hidden="true"></span> Search </a> </div> </div> </div> <div class="pkp_navigation_user_wrapper" id="navigationUserWrapper"> <ul id="navigationUser" class="pkp_navigation_user pkp_nav_list"> <li class="profile"> <a href="https://tches.iacr.org/index.php/TCHES/login"> Login </a> </li> </ul> </div> </nav> </div> </header> <div class="pkp_structure_content has_sidebar"> <div class="pkp_structure_main" role="main"> <a id="pkp_content_main"></a> <div class="page page_article"> <nav class="cmp_breadcrumbs" role="navigation" aria-label="You are here:"> <ol> <li> <a href="https://tches.iacr.org/index.php/TCHES/index"> Home </a> <span class="separator">/</span> </li> <li> <a href="https://tches.iacr.org/index.php/TCHES/issue/archive"> Archives </a> <span class="separator">/</span> </li> <li> <a href="https://tches.iacr.org/index.php/TCHES/issue/view/378"> Vol. 2025 No. 2 </a> <span class="separator">/</span> </li> <li class="current" aria-current="page"> <span aria-current="page"> Articles </span> </li> </ol> </nav> <article class="obj_article_details"> <h1 class="page_title"> CHERI-Crypt: Transparent Memory Encryption on Capability Architectures </h1> <div class="row"> <div class="main_entry"> <section class="item authors"> <h2 class="pkp_screen_reader">Authors</h2> <ul class="authors"> <li> <span class="name"> Jennifer Jackson </span> <span class="affiliation"> University of Birmingham, Birmingham, UK </span> </li> <li> <span class="name"> Minmin Jiang </span> <span class="affiliation"> University of Birmingham, Birmingham, UK </span> </li> <li> <span class="name"> David Oswald </span> <span class="affiliation"> University of Birmingham, Birmingham, UK </span> </li> </ul> </section> <section class="item doi"> <h2 class="label"> DOI: </h2> <span class="value"> <a href="https://doi.org/10.46586/tches.v2025.i2.268-292"> https://doi.org/10.46586/tches.v2025.i2.268-292 </a> </span> </section> <section class="item keywords"> <h2 class="label"> Keywords: </h2> <span class="value"> Memory Encryption, CHERI, RISC-V, Capability Architectures, Confidential Computing, Trusted Execution Environments </span> </section> <section class="item abstract"> <h2 class="label">Abstract</h2> <p>Capability architectures such as CHERI (Capability Hardware Enhanced RISC Instructions) are an emerging technology designed to provide memory safety protection at the hardware level and are equipped to eradicate approximately 70% of the current software vulnerability attack surface. CHERI is an instruction set architecture extension and has been applied to a small number of processors, including various versions of RISC-V. One of the benefits of CHERI is that it inherently provides segregation or compartmentalisation of software, making it suitable for supporting other types of applications such as Trusted Execution Environments, where sensitive data and computation is conducted inside a secure enclave, away from the rest of the untrusted operating system and services. To prevent untrusted software from accessing these compartments or secure regions of memory CHERI uses the mechanism of sealed capabilities. Trusted execution environments however, have been proven vulnerable to not just software-based attacks, but hardware attacks as well. In this paper we present our CHERI-Crypt design, an encryption engine extension to a CHERI-RISC-V 32-bit processor, for transparent memory encryption of sealed CHERI capabilities to additionally protect sensitive data in memory against physical hardware attacks. We show that our CHERI-Crypt design can run an enclave test program within an encrypted CHERI seal and invoke process, requiring 626 additional clock cycles with a batch size of 32 bytes. Adding CHERI-Crypt reduces the maximum frequency of the base CPU by only 6 MHz, and requires approximately 3.5x more flip flops and LUTs.</p> </section> </div> <div class="entry_details"> <div class="item galleys"> <h2 class="pkp_screen_reader"> Downloads </h2> <ul class="value galleys_links"> <li> <a class="obj_galley_link pdf" href="https://tches.iacr.org/index.php/TCHES/article/view/12048/11892"> PDF </a> </li> </ul> </div> <div class="item published"> <section class="sub_item"> <h2 class="label"> Published </h2> <div class="value"> <span>2025-03-04</span> </div> </section> </div> <div class="item issue"> <section class="sub_item"> <h2 class="label"> Issue </h2> <div class="value"> <a class="title" href="https://tches.iacr.org/index.php/TCHES/issue/view/378"> Vol. 2025 No. 2 </a> </div> </section> <section class="sub_item"> <h2 class="label"> Section </h2> <div class="value"> Articles </div> </section> </div> <div class="item copyright"> <h2 class="label"> License </h2> <p>Copyright (c) 2025 Jennifer Jackson, Minmin Jiang, David Oswald</p> <a rel="license" href="https://creativecommons.org/licenses/by/4.0/"><img alt="Creative Commons License" src="//i.creativecommons.org/l/by/4.0/88x31.png" /></a><p>This work is licensed under a <a rel="license" href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.</p> </div> <div class="item citation"> <section class="sub_item citation_display"> <h2 class="label"> How to Cite </h2> <div class="value"> <div id="citationOutput" role="region" aria-live="polite"> <div class="csl-bib-body"> <div class="csl-entry">Jackson, J., Jiang, M., & Oswald, D. (2025). CHERI-Crypt: Transparent Memory Encryption on Capability Architectures. <i>IACR Transactions on Cryptographic Hardware and Embedded Systems</i>, <i>2025</i>(2), 268-292. <a href="https://doi.org/10.46586/tches.v2025.i2.268-292">https://doi.org/10.46586/tches.v2025.i2.268-292</a></div> </div> </div> <div class="citation_formats"> <button class="citation_formats_button label" aria-controls="cslCitationFormats" aria-expanded="false" data-csl-dropdown="true"> More Citation Formats </button> <div id="cslCitationFormats" class="citation_formats_list" aria-hidden="true"> <ul class="citation_formats_styles"> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/acm-sig-proceedings?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/acm-sig-proceedings?submissionId=12048&publicationId=5599&issueId=378&return=json" > ACM </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/acs-nano?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/acs-nano?submissionId=12048&publicationId=5599&issueId=378&return=json" > ACS </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/apa?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/apa?submissionId=12048&publicationId=5599&issueId=378&return=json" > APA </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/associacao-brasileira-de-normas-tecnicas?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/associacao-brasileira-de-normas-tecnicas?submissionId=12048&publicationId=5599&issueId=378&return=json" > ABNT </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/chicago-author-date?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/chicago-author-date?submissionId=12048&publicationId=5599&issueId=378&return=json" > Chicago </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/harvard-cite-them-right?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/harvard-cite-them-right?submissionId=12048&publicationId=5599&issueId=378&return=json" > Harvard </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/ieee?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/ieee?submissionId=12048&publicationId=5599&issueId=378&return=json" > IEEE </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/modern-language-association?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/modern-language-association?submissionId=12048&publicationId=5599&issueId=378&return=json" > MLA </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/turabian-fullnote-bibliography?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/turabian-fullnote-bibliography?submissionId=12048&publicationId=5599&issueId=378&return=json" > Turabian </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/vancouver?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/vancouver?submissionId=12048&publicationId=5599&issueId=378&return=json" > Vancouver </a> </li> <li> <a aria-controls="citationOutput" href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/ama?submissionId=12048&publicationId=5599&issueId=378" data-load-citation data-json-href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/get/ama?submissionId=12048&publicationId=5599&issueId=378&return=json" > AMA </a> </li> </ul> <div class="label"> Download Citation </div> <ul class="citation_formats_styles"> <li> <a href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/download/ris?submissionId=12048&publicationId=5599&issueId=378"> <span class="fa fa-download"></span> Endnote/Zotero/Mendeley (RIS) </a> </li> <li> <a href="https://tches.iacr.org/index.php/TCHES/citationstylelanguage/download/bibtex?submissionId=12048&publicationId=5599&issueId=378"> <span class="fa fa-download"></span> BibTeX </a> </li> </ul> </div> </div> </div> </section> </div> </div> </div> </article> </div> </div> <div class="pkp_structure_sidebar left" role="complementary"> <div class="pkp_block block_custom" id="customblock-iacr-logo"> <h2 class="title pkp_screen_reader">iacr-logo</h2> <div class="content"> <p><a title="IACR logo" href="https://www.iacr.org"><img src="/public/site/images/jwloka/iacrlogo_trans.png" width="100" height="100"></a></p> </div> </div> </div> </div> <div class="pkp_structure_footer_wrapper" role="contentinfo"> <a id="pkp_content_footer"></a> <div class="pkp_structure_footer"> <div class="pkp_footer_content"> <p><a title="Imprint" href="/index.php/TCHES/impressum">Imprint</a> | <a title="Personal Data Notice" href="https://ojs.ub.rub.de/index.php/index/PDN">Personal Data Notice</a></p> </div> <div class="pkp_brand_footer"> <a href="https://tches.iacr.org/index.php/TCHES/about/aboutThisPublishingSystem"> <img alt="More information about the publishing system, Platform and Workflow by OJS/PKP." src="https://tches.iacr.org/templates/images/ojs_brand.png"> </a> </div> </div> </div> </div> <script src="https://tches.iacr.org/lib/pkp/lib/vendor/components/jquery/jquery.min.js?v=3.4.0.5" type="text/javascript"></script><script src="https://tches.iacr.org/lib/pkp/lib/vendor/components/jqueryui/jquery-ui.min.js?v=3.4.0.5" type="text/javascript"></script><script src="https://tches.iacr.org/plugins/themes/default/js/lib/popper/popper.js?v=3.4.0.5" type="text/javascript"></script><script src="https://tches.iacr.org/plugins/themes/default/js/lib/bootstrap/util.js?v=3.4.0.5" type="text/javascript"></script><script src="https://tches.iacr.org/plugins/themes/default/js/lib/bootstrap/dropdown.js?v=3.4.0.5" type="text/javascript"></script><script src="https://tches.iacr.org/plugins/themes/default/js/main.js?v=3.4.0.5" type="text/javascript"></script><script src="https://tches.iacr.org/plugins/generic/citationStyleLanguage/js/articleCitation.js?v=3.4.0.5" type="text/javascript"></script> </body> </html>

CINXE.COM

CHERI-Crypt: Transparent Memory Encryption on Capability Architectures | IACR Transactions on Cryptographic Hardware and Embedded Systems