Bibliography

[1] RISC-V ELF psABI Specification, \urlhttps://github.com/riscv/riscv-elf-psabi-doc/.

[2] The RISC-V Instruction Set Manual, Volume I: Base User-Level ISA Version 2.0, UCB/EECS-2014-54, EECS Department, University of California, Berkeley, May 2014.

[3] The RISC-V Instruction Set Manual, Volume I: Base User-Level ISA, UCB/EECS-2011-62, EECS Department, University of California, Berkeley, May 2011.

[4] ANSI/IEEE Std 754-2008, IEEE standard for floating-point arithmetic, 2008.

[5] "RISC I: A Reduced Instruction Set VLSI Computer" in ISCA. 1981, pp. 443-458.

[6] "The RISC II micro-architecture" in Proceedings VLSI 83 Conference. August 1983.

[7] "Architecture of SOAR: Smalltalk on a RISC" in ISCA. Ann Arbor, MI:, 1984, pp. 188—​197.

[8] D. D. Lee and S. I. Kong and M. D. H. a. . . . . . . . . . . . . . . . . . G. S. Taylor and D. A. Hodges and R. . . . . . . . . . . . . . . . . . H. Katz and D. A. Patterson, "A VLSI Chip Set for a Multiprocessor Workstation—​Part I: An RISC Microprocessor with Coprocessor Interface and Support for Symbolic Processing", IEEE JSSC, vol. 24, no. 6, December 1989. pp. 1688—​1698.

[9] "Lithe: Enabling Efficient Composition of Parallel Libraries" in Proceedings of the 1st USENIX Workshop on Hot Topics in Parallelism (HotPar~'09). Berkeley, CA:, March 2009.

[10] "Composing Parallel Software Efficiently with Lithe" in 31st Conference on Programming Language Design and Implementation. Toronto, Canada:, June 2010.

[11] T. Marc and C. Jeffrey and C. Shailender and C. A. W. and T. S. Sheung, "The MAJC Architecture: A Synthesis of Parallelism and Scalability", IEEE Micro, vol. 20, no. 6, November 2000. pp. 12—​25.

[12] "Memory Consistency and Event Ordering in Scalable Shared-Memory Multiprocessors" in In Proceedings of the 17th Annual International Symposium on Computer Architecture. 1990, pp. 15—​26.

[13] "Speculative lock elision: enabling highly concurrent multithreaded execution" in Proceedings of the 34th annual ACM/IEEE International Symposium on Microarchitecture, MICRO 34. IEEE Computer Society, 2001, pp. 294—​305.

[14]

[15] "Simple, Fast, and Practical Non-Blocking and Blocking Concurrent Queue Algorithms" in Proceedings of the Fifteenth Annual ACM Symposium on Principles of Distributed Computing, PODC '96. New York, NY, USA:, Association for Computing Machinery, 1996, pp. 267–275, Available: https://doi.org/10.1145/248052.248106.

[16] Roux and Pierre, "Innocuous Double Rounding of Basic Arithmetic Operations", Journal of Formalized Reasoning, vol. 7, no. 1, Nov 2014. pp. 131-142, [Online]. Available: https://hal.archives-ouvertes.fr/hal-01091186.

[17] W. Buchholz, Planning a computer system: Project Stretch. McGraw-Hill Book Company, 1962.

[18] G. M. Amdahl and G. A. Blaauw and F. P. B. Jr., "Architecture of the IBM System/360", IBM Journal of R. \& D., vol. 8, no. 2, 1964.

[19] "Parallel Operation in the Control Data 6600" in Proceedings of the October 27-29, 1964, Fall Joint Computer Conference, Part II: Very High Speed Computer Systems, AFIPS '64 (Fall, part II). 1965, pp. 33—​40.

[20] .

[21] .

[22] SAIL ISA Specification Language. [Online]. Available: https://github.com/rems-project/sail

[23] "On permutation operations in cipher design" in International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004., vol. 2. IEEE, 2004, pp. 569—​577.

[24] NIST, Secure Hash Standard (SHS), Federal Information Processing Standards Publication FIPS 180-4, August 2015. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.180-4

[25] NIST, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication FIPS 197, November 2001. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.197

[26] GBT 32905-2016: SM3 Cryptographic Hash Algorithm, Also GM/T 0004-2012. Standardization Administration of China, August 2016. [Online]. Available: http://www.gmbz.org.cn/upload/2018-07-24/1532401392982079700.pdf

[27] ISO/IEC, IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions, ISO/IEC Standard 10118-3:2018, 2018.

[28] M. O. Saarinen, Lightweight SHA ISA, \urlhttps://github.com/mjosaarinen/lwsha_isa, 03 2020.

[29] GBT 32907-2016: SM4 Block Cipher Algorithm, Also GM/T 0002-2012. Standardization Administration of China, August 2016. [Online]. Available: http://www.gmbz.org.cn/upload/2018-04-04/1522788048733065000.pdf

[30] ISO/IEC, Information technology — Security techniques —  Encryption algorithms — Part 3: Block ciphers. Amendment 2: SM4, ISO/IEC Standard 18033-3:2010/DAmd 2 (en), 2018.

[31] M. S. Turan and E. Barker and J. K. a. . K. A. McKay and M. L. Baish and M. Boyle, Recommendation for the Entropy Sources Used for Random Bit Generation, NIST Special Publication SP 800-90B, January 2018.

[32] W. Killmann and W. Schindler, A Proposal for: Functionality classes for random number generators, AIS 20 / AIS 31, Version 2.0, English Translation, BSI, September 2011. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.html

[33] E. Barker and J. Kelsey, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, NIST Special Publication SP 800-90A Revision 1, June 2015.

[34] E. Barker and J. Kelsey and A. R. a. . M. S. Turan and D. Buller and A. Kaufer, Recommendation for Random Bit Generator (RBG) Constructions, Draft NIST Special Publication SP 800-90C, March 2021.

[35] NIST, Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process, Official Call for Proposals, National Institute for Standards and Technology, December 2016. [Online]. Available: http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/call-for-proposals-final-dec-2016.pdf

[36] Information technology — Security techniques — Testing methods for the mitigation of non-invasive attack classes against cryptographic modules, ISO/IEC 17825:2016, International Organization for Standardization, 2016.

[37] M. O. Saarinen, Lightweight AES ISA, \urlhttps://github.com/mjosaarinen/lwaes_isa, 01 2020.

[38] M. Ben and N. G. Richard and P. Dan and S. M. O. and W. Claire, "The design of scalar AES Instruction Set Extensions for RISC-V", IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 1, Dec. 2020. pp. 109-136, [Online]. Available: https://tches.iacr.org/index.php/TCHES/article/view/8729.

[39] XCrypto: a cryptographic ISE for RISC-V, 1.0.0, 2019. [Online]. Available: https://github.com/scarv/xcrypto

[40] RISC-V Bit manipulation extension repository. [Online]. Available: https://github.com/riscv/riscv-bitmanip

[41] RISC-V Bit manipulation extension draft proposal. [Online]. Available: https://github.com/riscv/riscv-bitmanip/blob/master/bitmanip-draft.pdf

[42] M. Dworkin, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST Special Publication SP 800-38D, November 2007. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-38D

[43] NIST, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, Federal Information Processing Standards Publication FIPS 202, August 2015. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.202

[44] "PRESENT: An ultra-lightweight block cipher" in International workshop on cryptographic hardware and embedded systems. Springer, 2007, pp. 450—​466.

[45] Z. Wentao and B. Zhenzhen and L. Dongdai and R. Vincent and Y. Bohan and V. Ingrid, "RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms", Science China Information Sciences, vol. 58, no. 12, 2015. pp. 1—​15.

[46] "GIFT: a small present" in International Conference on Cryptographic Hardware and Embedded Systems. Springer, 2017, pp. 321—​345.

[47] "TWINE: A Lightweight Block Cipher for Multiple Platforms" in International Conference on Selected Areas in Cryptography. Springer, 2012, pp. 339—​354.

[48] "The SKINNY family of block ciphers and its low-latency variant MANTIS" in Annual International Cryptology Conference. Springer, 2016, pp. 123—​153.

[49] "Midori: A block cipher for low energy" in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2015, pp. 411—​436.

[50] "Camellia: A 128-bit block cipher suitable for multiple platforms—design andanalysis" in International Workshop on Selected Areas in Cryptography. Springer, 2000, pp. 39—​56.

[51] "New block cipher: ARIA" in International Conference on Information Security and Cryptology. Springer, 2003, pp. 432—​445.

[52] M. O. Saarinen, On Entropy and Bit Patterns of Ring Oscillator Jitter, Preprint, February 2021. [Online]. Available: https://arxiv.org/abs/2102.02196

[53] NIST and CCCS, Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, CMVP, May 2021. [Online]. Available: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

[54] NIST, Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication FIPS 140-3, March 2019. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.140-3

[55] C. Criteria, Common Methodology for Information Technology Security Evaluation: Evaluation methodology, Specification: Version 3.1 Revision 5, April 2017. [Online]. Available: https://commoncriteriaportal.org/cc/

[56] W. Killmann and W. Schindler, A Proposal for: Functionality classes and evaluation methodology for true (physical) random number generators, AIS 31, Version 3.1, English Translation, BSI, September 2001. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_evaluation_methodology_for_true_RNG_e.html

[57]

[58] NSA/CSS, Commercial National Security Algorithm Suite, August 2015. [Online]. Available: https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm

[59] "Efficient Padding Oracle Attacks on Cryptographic Hardware" in Advances in Cryptology - CRYPTO 2012 - 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2012. Proceedings. 2012, pp. 608—​625.

[60] "TPM-FAIL: TPM meets Timing and Lattice Attacks" in 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, August 2020, pp. To appear, Available: https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi-tpm

[61] R. J. Anderson, Security engineering - a guide to building dependable distributed systems (3. ed.). Wiley, December 2020, Available: https://www.cl.cam.ac.uk/~rja14/book.html

[62] D. Karaklajic and J. Schmidt and I. . Verbauwhede, "Hardware Designer’s Guide to Fault Attacks", IEEE Trans. Very Large Scale Integr. Syst., vol. 21, no. 12, 2013. pp. 2295—​2306.

[63] "Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations" in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. 2016, pp. 843—​857.

[64] M. Baudet and D. Lubicz and J. M. a. . A. Tassiaux, "On the Security of Oscillator-Based Random Number Generators", J. Cryptology, vol. 24, no. 2, 2011. pp. 398—​425.

[65] AMD, AMD Random Number Generator, AMD TechDocs, June 2017. [Online]. Available: https://www.amd.com/system/files/TechDocs/amd-random-number-generator.pdf

[66] ARM, ARM TrustZone True Random Number Generator: Technical Reference Manual, ARM 100976\_0000\_00\_en (rev. r0p0), May 2017. [Online]. Available: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.100976_0000_00_en

[67] J. S. Liberty et al., "True hardware random number generation implemented in the 32-nm SOI POWER7+ processor", IBM J. Res. Dev., vol. 57, no. 6, 2013.

[68] "New High Entropy Element for FPGA Based True Random Number Generators" in Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings. 2010, pp. 351—​365.

[69] M. Hamburg and P. Kocher and M. E. Marson, Analysis of Intel’s Ivy Bridge Digital Random Number Generator, Technical Report, Cryptography Research (Prepared for Intel), March 2012.

[70] "Characterization of randomness sources in ring oscillator-based true random number generators in FPGAs" in 13th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems, DDECS 2010, Vienna, Austria, April 14-16, 2010. 2010, pp. 48—​53.

[71] P. Bak, "The Devil’s Staircase", Phys. Today, vol. 39, no. 12, December 1986. pp. 38—​45.

[72] "The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators" in Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings. 2009, pp. 317—​331.

[73] Rambus, TRNG-IP-76 / EIP-76 Family of FIPS Approved True Random Generators, Commercial Crypto IP. Formerly (2017) available from Inside Secure., 2020. [Online]. Available: https://www.rambus.com/security/crypto-accelerator-hardware-cores/basic-crypto-blocks/trng-ip-76/

[74] M. Blum, "Independent unbiased coin flips from a correlated biased source — A finite state Markov chain", Combinatorica, vol. 6, no. 2, 1986. pp. 97—​108.

[75] "Post-Processing Functions for a Biased Physical Random Number Generator" in Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers. 2008, pp. 334—​342.

[76] J. P. Mechalas, Intel Digital Random Number Generator (DRNG) Software Implementation Guide, Intel Technical Report, Version 2.1, October 2018. [Online]. Available: https://software.intel.com/content/www/us/en/develop/articles/intel-digital-random-number-generator-drng-software-implementation-guide.html

[77] S. M\"uller, Documentation and Analysis of the Linux Random Number Generator, Version 3.6, Prepared for BSI by atsec information security GmbH, April 2020. [Online]. Available: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf

[78] ITU, Quantum noise random number generator architecture, Recommendation ITU-T X.1702, November 2019. [Online]. Available: https://www.itu.int/rec/T-REC-X.1702-201911-I/en

[79] D. Hurley-Smith and J. C. Hern'andez-Castro, "Quantum Leap and Crash: Searching and Finding Bias in Quantum Random Number Generators", ACM Transactions on Privacy and Security, vol. 23, no. 3, June 2020. pp. 1—​25.

[80] "Algorithms for quantum computation: Discrete logarithms and factoring" in 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20-22 November 1994. IEEE, 1994, pp. 124—​134, Available: https://arxiv.org/abs/quant-ph/9508027.

[81] L. Blum and M. Blum and M. Shub, "A Simple Unpredictable Pseudo-Random Number Generator", SIAM J. Comput., vol. 15, no. 2, 1986. pp. 364—​383.

[82] "A Fast Quantum Mechanical Algorithm for Database Search" in Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC '96. ACM, 1996, pp. 212—​219, Available: http://arxiv.org/pdf/quant-ph/9605043.

[83] "Implementing Grover Oracles for Quantum Key Search on AES and LowMC" in Advances in Cryptology - EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10-14, 2020, Proceedings, Part II. 2020, pp. 280—​310, Available: https://arxiv.org/pdf/1910.01700.pdf.

[84] NIST, Digital Signature Standard (DSS), Federal Information Processing Standards Publication FIPS 186-4, July 2013. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.186-4

[85] IEEE Standard for a 32-bit microprocessor, IEEE Std. 1754-1994, 1994.

[86] OpenCores, OpenRISC 1000 Architecture Manual, Architecture Version 1.0, December 2012.

[87] Goldberg and R. P., "Survey of virtual machine research", Computer, vol. 7, no. 6, June 1974. pp. 34-45.

[88] N. Juan and I. Sitaram and D. Peter and C. Alan, "Practical, Transparent Operating System Support for Superpages", SIGOPS Oper. Syst. Rev., vol. 36, no. SI, dec 2002. pp. 89—​104, [Online]. Available: https://doi.org/10.1145/844128.844138.

[89] RISC-V Assembly Programmer’s Manual, \urlhttps://github.com/riscv/riscv-asm-manual.

[90] "Energy-Efficient Register Access" in Proc. of the 13th Symposium on Integrated Circuits and Systems Design. Manaus, Brazil:, September 2000, pp. 377—​384.

[91] Selective Dual Path Execution, University of Wisconsin - Madison, November 1996.

[92] "Dynamic Hammock Predication for Non-Predicated Instruction Set Architectures" in Proceedings of the 1998 International Conference on Parallel Architectures and Compilation Techniques, PACT '98. Washington, DC, USA:, 1998.

[93] "Wish Branches: Combining Conditional Branching and Predication for Adaptive Predicated Execution" in Proceedings of the 38th annual IEEE/ACM International Symposium on Microarchitecture, MICRO 38. 2005, pp. 43—​54.

[94] S. Balaram et al., "IBM POWER7 multicore server processor", IBM Journal of Research and Development, vol. 55, no. 3, 2011. pp. 1—​1.