Ascend considers cases where the program is supplied by the server, the user or a third party and can be either public or private (encrypted). The program is not trusted by the user in all cases. In this context to be “trusted,” a program must not be intentionally malicious and must be provably free of any bugs that have the potential to leak information about the program data. Data from the user is always considered private.
Ascend guarantees privacy by employing obfuscated instruction execution; the processor does not disclose what instruction is being run at any given time, be it an arithmetic instruction or a memory instruction. Ascend obfuscates the instructions that it executes to make forward progress in the program, which in turn obfuscates all external input-output (I/O) and power pins. Each pin carries a digital or analog signal at a given time and these signals change over time in program dependent ways. To obfuscate when the value on each pin changes, Ascend performs a program data-independent amount of work to evaluate each instruction. All processor circuits must fire on each instruction fetch to give off the impression that any instruction could have been executed and on/off-chip memories must be accessed only at public time intervals. To obfuscate the bits and memory access pattern on the I/O pins, external memory requests must be made using oblivious RAM (ORAM) techniques. The adversary learns an estimate of the number of cycles required to complete the computation, which can be shown to be the least amount of leakage possible.