[mtgx]

> Titan M's CPU is an ARM Cortex-M3 microprocessor specially hardened against side-channel attacks and augmented with defensive features to detect and respond to abnormal conditions.

It would be nice to see this being replaced by an an open-source RISC-V processor in the future, too.

[kbumsik]

I think it would be replaced by Cortex-M33, which has much higher security feature with TrustZone for microcontroller.

I personally don't see the benefit for us of using open-source processors by companies like Google. They are not going to open-source the design to the public anyway.

[Symmetry]

Something I've been worried a bit about with RISC-V, hopefully someone can tell me why I'm wrong. If I were implementing some cryptography in assembly on x86 or ARM I would make every effort to avoid branches and use conditional moves instead so as to be more resistant to timing attacks. Is this actually a common technique in computer security? And does RISC-V suffer from not having conditional moves?

[BooneJS]

RISC-V is technically an ISA with a reference implementation. In theory and practice, it can be implemented as a low-power micro controller or augmented with additional instructions to play in the supercomputer space. Processors simply cannot avoid conditional moves, but they can choose not to speculatively execute after a jump before it knows the result of the jump condition.

[monocasa]

It'd be better to implement it with accumulation rather than conditional moves on all of those other platforms anyway.

You can have branches, you just need to take the same branches regardless of the input.

[nickik]

You are in luck. That's pretty much what Keystone is. See: https://keystone-enclave.org/

Google is helping with this effort and it will be RISC-V enclave.