Hardware-based encryption is the use of computer hardware to assist software, or replace software, in the process of data encryption . Typically, this is implemented as part of the processor’s set statement. For example, the AES encryption algorithm (a modern cipher ) can be implemented using the AES instruction set on the ubiquitous x86 architecture . Such instructions also exist on the ARM architecture .  However, more unusual systems exist where the cryptography module is separate from the central processor, instead being implemented as acoprocessor , in particular a secure cryptoprocessor , of which an example is the IBM 4758 , or its successor, the IBM 4764 .  Hardware implementations can be faster than traditional software implementations, and more can be protected against tampering.  However, hardware implementations can not be solved with software update , and any security vulnerability (such as Spectrum ) can not be solved with a software update. 
Hardware-based encryption arguably began in 1987 with the ABYSS (A Basic Yorktown Security System) project.   The aim of this project was to protect against Piracy Software . However, the application of computers to cryptography in general dates back to the 1940s and Bletchley Park , where the Colossus computer was used to break the encryption used by German High Command during World War 2 . The use of computers to encrypt , however, cam later. In particular, until the development of the Intergrated Circuit , of which the first was produced in 1960, computers were impractical for encryption, since, in comparison to the portableform factor of the Enigma machine ,  Computers of the era took the space of an entire building. It was only possible with the development of the microcomputer that computer encryption became possible, outside of niche applications. The development of the World Wide Web is leading to the need for consumers to have access to encryption, as Online Shopping has become prevalent.  The key concerns for consumers were security and speed.  This led to the eventual inclusion of the key algorithms into processes of increasing speed and security. 
In the instruction set
The X86 architecture , as CISC (Complex Instruction Set Computer) Architecture, typically implements complex algorithms in hardware.  Cryptographic algorithms are no exception. The x86 architecture implements significant components of the Advanced Encryption Standard (AES) algorithm,  which can be used by the NSA for Top Secret information.  The architecture also includes support for the SHA Hashing Algorithms through the Intel SHA extensions . AES is a cipher, which is useful for encrypting documents, Hashing is used for verification, such as passwords (see PBKDF2 ).
ARM processors can optionally support Security Extensions. Although ARM is a RISC (Reduced Instruction Set Computer) architecture, there are several optional extensions specified by ARM Holdings .  
As a coprocessor
- IBM 4758 – The predecessor to the IBM 4764 .  This includes its own specialized processor, memory and a Random Number Generator . 
- IBM 4764 and IBM 4765 , identical except for the connection used.  The former uses PCI- X , while the latter uses PCI-e .  Both are peripheral devices that plug into the motherboard .
Advanced Micro Devices (AMD) processors are also x86 devices, and have supported the AES instructions since the 2011 Bulldozer processor iteration.  Due to the existence of encryption instructions are provided by modern processors Both Intel and AMD, the instructions are present On Most modern computers.  They also exist on many tablets and smartphones due to their implementation in ARM processors . 
Implementing cryptography in hardware means that part of the processor is dedicated to the task. This can lead to a large increase in speed.  In particular, modern processor architectures that support pipelining can often perform other instructions competing with the execution of the encryption instruction. Furthermore, hardware can have methods of protecting data from software. Therefore, even if the operating system is compromised, the data may still be secure (see Software Guard Extensions ). 
If, however, the hardware implementation is compromised, major issues arise. Malicious software can retrieve the data from the (supposedly) secure hardware – a broad class of method used is the timing attack .  This is far more problematic than a software bug, even within the operating system . Microsoft regularly deals with security issues through Windows Update . Similarly, regular security updates are released for Mac OS X and Linux , as well as mobile operating systems like iOS , Android , and Windows Phone. However, hardware is a different issue. Sometimes, the issue will be fixed by updates to the processor’s microcode (a low level type of software). However, other issues may be resolved by replacing the hardware, or a workaround in the operating system which mitigates the performance of the hardware implementation, such as in the Spectrum . 
- ^ Jump up to:a b c Intel® 64 and IA-32 Architectures Software Developer’s Manual(PDF) . Intel. December 2017. pp. 303 to 309.410.
- ^ Jump up to:a b ARM® Cortex®-A57 MPCore Processor Cryptography Extension(PDF) . ARM Holdings. 17 December 2017.
- ^ Jump up to:a b “4764 Cryptographic Coprocessor” . IBM . Retrieved 20 January 2018.
- ^ Jump up to:a b c P. Schmid and A. Roos (2010). “AES-NI Performance Analyzed” . Tom’s Hardware . Retrieved 20 January 2018 .
- Jump up^ Staff (2018). “Meltdown and Specter” . Graz University of Technology . Archived from the original on 3 January 2018 . Retrieved 20 January 2018.
- Jump up^ “ABYSS: A Trusted Architecture for Software Protection” (PDF) . Retrieved 20 January 2018 .
- Jump up^ “Building the IBM 4758 Secure Coprocessor” (PDF) . IBM . Retrieved 20 January 2018 .
- Jump up^ “Enigma-E case” (PDF) . Crypto Museum . Retrieved 20 January 2018 .
- ^ Jump up to:a b “Consumers and Their online shopping expectations – Ecommerce News” . February 20, 2015 . Retrieved 29 August 2016 .
- Jump up^ “x86-64 Instruction Set” (PDF) . University of Oxford . 18 April 2017. p. 1. Retrieved 24 January 2018 .
- Jump up^ Lynn Hathaway (June 2003). “National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information” (PDF) . Retrieved 15 February 2011 .
- Jump up^ “Cryptographic Hardware Accelerators” . OpenWRT.org. May 17, 2016 . Retrieved 25 January 2018 .
- ^ Jump up to:a b “IBM 4765 Cryptographic Coprocessor Security Module” (PDF) . National Institute of Standards and Technology . December 10, 2012 . Retrieved 20 January 2018 .
- Jump up^ “IBM 4758 Models 2 and 23 PCI Cryptographic Coprocessor” (PDF) . IBM . May 2004 . Retrieved 24 January 2018 .
- Jump up^ Brent Hollingsworth ( AMD ) (October 2012). “New” Bulldozer “and” Piledriver “Instructions” (PDF) . Arecibo Observatory . Retrieved 25 January 2018 .
- ^ Jump up to:a b Shay Gueron ( University of Haifa & Intel ) and Nicky Mouha ( KULeuven & NIST ) (9 November 2016). “Simpira v2: A Family of Efficient Permutations Using the AES Round Function” (PDF) . Retrieved 25 January 2018 .
- Jump up^ “Intel SGX for Dummies (Intel SGX Design Objectives)” . intel.com . 2013-09-26.
- Jump up^ “BearSSL – Constant-Time Crypto” . www.bearssl.org . Retrieved 2017-01-10 .
- Jump up^ Hachman, Mark (January 9, 2018). “Microsoft tests show Specs Patches Drag Down Performance on older PCs” . PC World . Retrieved 2018-01-09.