Bibliography

[1] RISC-V ELF psABI Specification, \urlhttps://github.com/riscv/riscv-elf-psabi-doc/.

[2] The RISC-V Instruction Set Manual, Volume I: Base User-Level ISA Version 2.0, UCB/EECS-2014-54, EECS Department, University of California, Berkeley, May 2014.

[3] The RISC-V Instruction Set Manual, Volume I: Base User-Level ISA, UCB/EECS-2011-62, EECS Department, University of California, Berkeley, May 2011.

[4] ANSI/IEEE Std 754-2008, IEEE standard for floating-point arithmetic, 2008.

[5] D. A. Patterson and C. H. S'equin, "RISC I: A Reduced Instruction Set VLSI Computer" in ISCA. 1981, pp. 443-458.

[6] K. M. G.H. and S. R. W. and P. D. A. and S. C. H., "The RISC II micro-architecture" in Proceedings VLSI 83 Conference. August 1983.

[7] D. Ungar and R. Blau and P. Foley and D. Samples and D. Patterson, "Architecture of SOAR: Smalltalk on a RISC" in ISCA. Ann Arbor, MI:, 1984, pp. 188—​197.

[8] D. D. Lee and S. I. Kong and M. D. H. a. . . . . . . . . . . . . . . . . . G. S. Taylor and D. A. Hodges and R. . . . . . . . . . . . . . . . . . H. Katz and D. A. Patterson, "A VLSI Chip Set for a Multiprocessor Workstation—​Part I: An RISC Microprocessor with Coprocessor Interface and Support for Symbolic Processing", IEEE JSSC, vol. 24, no. 6, December 1989. pp. 1688—​1698.

[9] H. Pan and B. Hindman and K. Asanovi'c, "Lithe: Enabling Efficient Composition of Parallel Libraries" in Proceedings of the 1st USENIX Workshop on Hot Topics in Parallelism (HotPar~'09). Berkeley, CA:, March 2009.

[10] H. Pan and B. Hindman and K. Asanovi'c, "Composing Parallel Software Efficiently with Lithe" in 31st Conference on Programming Language Design and Implementation. Toronto, Canada:, June 2010.

[11] RISC-V Assembly Programmer’s Manual, \urlhttps://github.com/riscv/riscv-asm-manual.

[12] J. Tseng and K. Asanovi'c, "Energy-Efficient Register Access" in Proc. of the 13th Symposium on Integrated Circuits and Systems Design. Manaus, Brazil:, September 2000, pp. 377—​384.

[13] Selective Dual Path Execution, University of Wisconsin - Madison, November 1996.

[14] K. A. and A. T. and G. D. and C. B., "Dynamic Hammock Predication for Non-Predicated Instruction Set Architectures" in Proceedings of the 1998 International Conference on Parallel Architectures and Compilation Techniques, PACT '98. Washington, DC, USA:, 1998.

[15] K. Hyesoon and M. Onur and S. Jared and P. Y. N., "Wish Branches: Combining Conditional Branching and Predication for Adaptive Predicated Execution" in Proceedings of the 38th annual IEEE/ACM International Symposium on Microarchitecture, MICRO 38. 2005, pp. 43—​54.

[16] S. Balaram et al., "IBM POWER7 multicore server processor", IBM Journal of Research and Development, vol. 55, no. 3, 2011. pp. 1—​1.

[17] T. Marc and C. Jeffrey and C. Shailender and C. A. W. and T. S. Sheung, "The MAJC Architecture: A Synthesis of Parallelism and Scalability", IEEE Micro, vol. 20, no. 6, November 2000. pp. 12—​25.

[18] K. Gharachorloo and D. Lenoski and J. Laudon and P. Gibbons and A. Gupta and J. . . . . . . . . . . . . . . . . . Hennessy, "Memory Consistency and Event Ordering in Scalable Shared-Memory Multiprocessors" in In Proceedings of the 17th Annual International Symposium on Computer Architecture. 1990, pp. 15—​26.

[19] R. Ravi and G. J. R., "Speculative lock elision: enabling highly concurrent multithreaded execution" in Proceedings of the 34th annual ACM/IEEE International Symposium on Microarchitecture, MICRO 34. IEEE Computer Society, 2001, pp. 294—​305.

[20] M. M. M. and S. M. L., "Simple, Fast, and Practical Non-Blocking and Blocking Concurrent Queue Algorithms" in Proceedings of the Fifteenth Annual ACM Symposium on Principles of Distributed Computing, PODC '96. New York, NY, USA:, Association for Computing Machinery, 1996, pp. 267–275, Available: https://doi.org/10.1145/248052.248106.

[21] Roux and Pierre, "Innocuous Double Rounding of Basic Arithmetic Operations", Journal of Formalized Reasoning, vol. 7, no. 1, Nov 2014. pp. 131-142, [Online]. Available: https://hal.archives-ouvertes.fr/hal-01091186.

[22] W. Buchholz, Planning a computer system: Project Stretch. McGraw-Hill Book Company, 1962.

[23] G. M. Amdahl and G. A. Blaauw and F. P. B. Jr., "Architecture of the IBM System/360", IBM Journal of R. \& D., vol. 8, no. 2, 1964.

[24] Thornton and J. E., "Parallel Operation in the Control Data 6600" in Proceedings of the October 27-29, 1964, Fall Joint Computer Conference, Part II: Very High Speed Computer Systems, AFIPS '64 (Fall, part II). 1965, pp. 33—​40.

[25] .

[26] .

[27] SAIL ISA Specification Language. [Online]. Available: https://github.com/rems-project/sail

[28] L. R. B and S. ZJ and Y. Y. Lisa and R. R. L and R. M. JB, "On permutation operations in cipher design" in International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004., vol. 2. IEEE, 2004, pp. 569—​577.

[29] NIST, Secure Hash Standard (SHS), Federal Information Processing Standards Publication FIPS 180-4, August 2015. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.180-4

[30] NIST, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication FIPS 197, November 2001. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.197

[31] GBT 32905-2016: SM3 Cryptographic Hash Algorithm, Also GM/T 0004-2012. Standardization Administration of China, August 2016. [Online]. Available: http://www.gmbz.org.cn/upload/2018-07-24/1532401392982079700.pdf

[32] ISO/IEC, IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions, ISO/IEC Standard 10118-3:2018, 2018.

[33] M. O. Saarinen, Lightweight SHA ISA, \urlhttps://github.com/mjosaarinen/lwsha_isa, 03 2020.

[34] GB/T 32907-2016: SM4 Block Cipher Algorithm, Also GM/T 0002-2012. Standardization Administration of China, August 2016. [Online]. Available: http://www.gmbz.org.cn/upload/2018-04-04/1522788048733065000.pdf

[35] M. S. Turan and E. Barker and J. K. a. . . . K. A. McKay and M. L. Baish and M. Boyle, Recommendation for the Entropy Sources Used for Random Bit Generation, NIST Special Publication SP 800-90B, January 2018.

[36] W. Killmann and W. Schindler, A Proposal for: Functionality classes for random number generators, AIS 20 / AIS 31, Version 2.0, English Translation, BSI, September 2011. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.html

[37] E. Barker and J. Kelsey, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, NIST Special Publication SP 800-90A Revision 1, June 2015.

[38] E. Barker and J. Kelsey and A. R. a. . . . M. S. Turan and D. Buller and A. Kaufer, Recommendation for Random Bit Generator (RBG) Constructions, Draft NIST Special Publication SP 800-90C, March 2021.

[39] NIST, Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process, Official Call for Proposals, National Institute for Standards and Technology, December 2016. [Online]. Available: http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/call-for-proposals-final-dec-2016.pdf

[40] Information technology — Security techniques — Testing methods for the mitigation of non-invasive attack classes against cryptographic modules, ISO/IEC 17825:2016, International Organization for Standardization, 2016.

[41] M. O. Saarinen, Lightweight AES ISA, \urlhttps://github.com/mjosaarinen/lwaes_isa, 01 2020.

[42] M. Ben and N. G. Richard and P. Dan and S. M. O. and W. Claire, "The design of scalar AES Instruction Set Extensions for RISC-V", IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 1, Dec. 2020. pp. 109-136, [Online]. Available: https://tches.iacr.org/index.php/TCHES/article/view/8729.

[43] XCrypto: a cryptographic ISE for RISC-V, 1.0.0, 2019. [Online]. Available: https://github.com/scarv/xcrypto

[44] M. Dworkin, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication SP 800-38D, November 2007. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-38D

[45] NIST, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, Federal Information Processing Standards Publication FIPS 202, August 2015. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.202

[46] B. Andrey et al., "PRESENT: An ultra-lightweight block cipher" in International workshop on cryptographic hardware and embedded systems. Springer, 2007, pp. 450—​466.

[47] Z. Wentao and B. Zhenzhen and L. Dongdai and R. Vincent and Y. Bohan and V. Ingrid, "RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms", Science China Information Sciences, vol. 58, no. 12, 2015. pp. 1—​15.

[48] B. Subhadeep and P. S. Kumar and P. Thomas and S. Yu and S. S. Meng and T. Yosuke, "GIFT: a small present" in International Conference on Cryptographic Hardware and Embedded Systems. Springer, 2017, pp. 321—​345.

[49] S. Tomoyasu and M. Kazuhiko and M. Sumio and K. Eita, "TWINE: A Lightweight Block Cipher for Multiple Platforms" in International Conference on Selected Areas in Cryptography. Springer, 2012, pp. 339—​354.

[50] B. Christof et al., "The SKINNY family of block ciphers and its low-latency variant MANTIS" in Annual International Cryptology Conference. Springer, 2016, pp. 123—​153.

[51] B. Subhadeep et al., "Midori: A block cipher for low energy" in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2015, pp. 411—​436.

[52] A. Kazumaro et al., "Camellia: A 128-bit block cipher suitable for multiple platforms—design andanalysis" in International Workshop on Selected Areas in Cryptography. Springer, 2000, pp. 39—​56.

[53] K. Daesung et al., "New block cipher: ARIA" in International Conference on Information Security and Cryptology. Springer, 2003, pp. 432—​445.

[54] M. O. Saarinen, On Entropy and Bit Patterns of Ring Oscillator Jitter, Preprint, February 2021. [Online]. Available: https://arxiv.org/abs/2102.02196

[55] NIST and CCCS, Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, CMVP, May 2021. [Online]. Available: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

[56] NIST, Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication FIPS 140-3, March 2019. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.140-3

[57] C. Criteria, Common Methodology for Information Technology Security Evaluation: Evaluation methodology, Specification: Version 3.1 Revision 5, April 2017. [Online]. Available: https://commoncriteriaportal.org/cc/

[58] W. Killmann and W. Schindler, A Proposal for: Functionality classes and evaluation methodology for true (physical) random number generators, AIS 31, Version 3.1, English Translation, BSI, September 2001. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_evaluation_methodology_for_true_RNG_e.html

[59]

[60] NSA/CSS, Commercial National Security Algorithm Suite, August 2015. [Online]. Available: https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm

[61] R. Bardou and R. Focardi and Y. K. a. . . . L. Simionato and G. Steel and J. Tsay, "Efficient Padding Oracle Attacks on Cryptographic Hardware" in Advances in Cryptology - CRYPTO 2012 - 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2012. Proceedings. 2012, pp. 608—​625.

[62] D. Moghimi and B. Sunar and T. E. a. . . . N. Heninger, "TPM-FAIL: TPM meets Timing and Lattice Attacks" in 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, August 2020, pp. To appear, Available: https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi-tpm

[63] R. J. Anderson, Security engineering - a guide to building dependable distributed systems (3. ed.). Wiley, December 2020, Available: https://www.cl.cam.ac.uk/~rja14/book.html

[64] D. Karaklajic and J. Schmidt and I. . . . Verbauwhede, "Hardware Designer’s Guide to Fault Attacks", IEEE Trans. Very Large Scale Integr. Syst., vol. 21, no. 12, 2013. pp. 2295—​2306.

[65] D. Evtyushkin and D. V. Ponomarev, "Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations" in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. 2016, pp. 843—​857.

[66] M. Baudet and D. Lubicz and J. M. a. . . . A. Tassiaux, "On the Security of Oscillator-Based Random Number Generators", J. Cryptology, vol. 24, no. 2, 2011. pp. 398—​425.

[67] AMD, AMD Random Number Generator, AMD TechDocs, June 2017. [Online]. Available: https://www.amd.com/system/files/TechDocs/amd-random-number-generator.pdf

[68] ARM, ARM TrustZone True Random Number Generator: Technical Reference Manual, ARM 100976\_0000\_00\_en (rev. r0p0), May 2017. [Online]. Available: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.100976_0000_00_en

[69] J. S. Liberty et al., "True hardware random number generation implemented in the 32-nm SOI POWER7+ processor", IBM J. Res. Dev., vol. 57, no. 6, 2013.

[70] M. Varchola and M. Drutarovsk'y, "New High Entropy Element for FPGA Based True Random Number Generators" in Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings. 2010, pp. 351—​365.

[71] M. Hamburg and P. Kocher and M. E. Marson, Analysis of Intel’s Ivy Bridge Digital Random Number Generator, Technical Report, Cryptography Research (Prepared for Intel), March 2012.

[72] B. Valtchanov and V. Fischer and A. A. a. . . . F. Bernard, "Characterization of randomness sources in ring oscillator-based true random number generators in FPGAs" in 13th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems, DDECS 2010, Vienna, Austria, April 14-16, 2010. 2010, pp. 48—​53.

[73] A. Hajimiri and T. H. Lee, "A general theory of phase noise in electrical oscillators", IEEE Journal of Solid-State Circuits, vol. 33, no. 2, 1998. pp. 179—​194.

[74] A. Hajimiri and S. Limotyrakis and T. H. Lee, "Jitter and phase noise in ring oscillators", IEEE Journal of Solid-State Circuits, vol. 34, no. 6, June 1999. pp. 790—​804, [Online]. Available: https://authors.library.caltech.edu/4916/1/HAJieeejssc99a.pdf.

[75] P. Bak, "The Devil’s Staircase", Phys. Today, vol. 39, no. 12, December 1986. pp. 38—​45.

[76] A. T. Markettos and S. W. Moore, "The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators" in Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings. 2009, pp. 317—​331.

[77] Rambus, TRNG-IP-76 / EIP-76 Family of FIPS Approved True Random Generators, Commercial Crypto IP. Formerly (2017) available from Inside Secure., 2020. [Online]. Available: https://www.rambus.com/security/crypto-accelerator-hardware-cores/basic-crypto-blocks/trng-ip-76/

[78] M. Blum, "Independent unbiased coin flips from a correlated biased source — A finite state Markov chain", Combinatorica, vol. 6, no. 2, 1986. pp. 97—​108.

[79] P. Lacharme, "Post-Processing Functions for a Biased Physical Random Number Generator" in Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers. 2008, pp. 334—​342.

[80] J. P. Mechalas, Intel Digital Random Number Generator (DRNG) Software Implementation Guide, Intel Technical Report, Version 2.1, October 2018. [Online]. Available: https://software.intel.com/content/www/us/en/develop/articles/intel-digital-random-number-generator-drng-software-implementation-guide.html

[81] S. M\"uller, Documentation and Analysis of the Linux Random Number Generator, Version 3.6, Prepared for BSI by atsec information security GmbH, April 2020. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf

[82] ITU, Quantum noise random number generator architecture, Recommendation ITU-T X.1702, November 2019. [Online]. Available: https://www.itu.int/rec/T-REC-X.1702-201911-I/en

[83] D. Hurley-Smith and J. C. Hern'andez-Castro, "Quantum Leap and Crash: Searching and Finding Bias in Quantum Random Number Generators", ACM Transactions on Privacy and Security, vol. 23, no. 3, June 2020. pp. 1—​25.

[84] P. W. Shor, "Algorithms for quantum computation: Discrete logarithms and factoring" in 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20-22 November 1994. IEEE, 1994, pp. 124—​134, Available: https://arxiv.org/abs/quant-ph/9508027.

[85] L. Blum and M. Blum and M. Shub, "A Simple Unpredictable Pseudo-Random Number Generator", SIAM J. Comput., vol. 15, no. 2, 1986. pp. 364—​383.

[86] L. K. Grover, "A Fast Quantum Mechanical Algorithm for Database Search" in Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC '96. ACM, 1996, pp. 212—​219, Available: http://arxiv.org/pdf/quant-ph/9605043.

[87] S. Jaques and M. Naehrig and M. R. a. . . . F. Virdia, "Implementing Grover Oracles for Quantum Key Search on AES and LowMC" in Advances in Cryptology - EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10-14, 2020, Proceedings, Part II. 2020, pp. 280—​310, Available: https://arxiv.org/pdf/1910.01700.pdf.

[88] NIST, Digital Signature Standard (DSS), Federal Information Processing Standards Publication FIPS 186-4, July 2013. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.186-4

[89] IEEE Standard for a 32-bit microprocessor, IEEE Std. 1754-1994, 1994.

[90] OpenCores, OpenRISC 1000 Architecture Manual, Architecture Version 1.0, December 2012.

[91] Goldberg and R. P., "Survey of virtual machine research", Computer, vol. 7, no. 6, June 1974. pp. 34-45.

[92]

[93] N. Juan and I. Sitaram and D. Peter and C. Alan, "Practical, Transparent Operating System Support for Superpages", SIGOPS Oper. Syst. Rev., vol. 36, no. SI, dec 2002. pp. 89—​104, [Online]. Available: https://doi.org/10.1145/844128.844138.

[94] K. S. a. . . . . . . . . . . . . . . . . . E. S. a. . . . . . . . . . . . . . . . . . A. S. a. . . . . . . . . . . . . . . . . . V. T. a. . . . . . . . . . . . . . . . . . D. Vyukov, "Memory Tagging and how it improves C/C++ memory safety", CoRR, vol. abs/1802.09517, 2018. [Online]. Available: http://arxiv.org/abs/1802.09517