Mojo-V: Secret Computation for Risc-V
Postedabout 2 months agoActiveabout 1 month ago
github.comTechstory
calmneutral
Debate
0/100
Risc-VHardware SecurityOpen-Source
Key topics
Risc-V
Hardware Security
Open-Source
The post introduces Mojo-V, an open-source project for secret computation on RISC-V architecture, but receives no comments or discussion.
Snapshot generated from the HN discussion
Discussion Activity
Moderate engagementFirst comment
7d
Peak period
10
156-168h
Avg / period
7.3
Comment distribution22 data points
Loading chart...
Based on 22 loaded comments
Key moments
- 01Story posted
Nov 12, 2025 at 6:57 AM EST
about 2 months ago
Step 01 - 02First comment
Nov 19, 2025 at 1:28 AM EST
7d after posting
Step 02 - 03Peak activity
10 comments in 156-168h
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 19, 2025 at 8:53 PM EST
about 1 month ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45899074Type: storyLast synced: 11/20/2025, 5:33:17 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Great for security - Being able to safely compute secrets is a very difficult problem.
Fucking awful for security - More OEM secret controls and "analytics" that devolve into backdoors after someone yet again post keys online.
In other hardware there is an OEM secret because the manufacturer is trying to keep users out of "their hardware", in this case we're trying to keep everyone except the data owner out.
There's no back doors, but there's no integrity checking either, so a Mojo-V voting machine could take an encrypted vote and throw it away and add +1 to the attacker's favorite candidate.
A computational integrity checking mechanism will appear soon that will add a concise proof to every encrypted Mojo-V value, that will prove to the data owner that their requested computation was faithfully performed. And the mechanism also supports safe disclosures, too.
This should give data owners strong controls over what can be done with their data
Consumers are finding out the issue with cloud computing when their heating system can't turn on because Cloudflare is down. A cheaper and more reliable solution is still on-premises computing.
Large social network and content platforms don't have any incentive to keep your data safe because they want to monitor and own everything.
Maybe this is for something like a government running a public service?
Besides, the specific extension we're talking about protect registers and computation and not shared memory.
Who is this we you speak of?
I for one much prefer my cloud services and would love TEE I can control.
> A cheaper and more reliable solution is still on-premises computing.
I assure you that my use of Cloudflare services ($0 in nearly 10 years) is much more reliable and much cheaper than hardware I run.
My point about Cloudflare was more about them taking down essential services that could run just as well on-premises like a heating controller.
[1] https://en.wikipedia.org/wiki/Trusted_execution_environment
It’s still not FHE but it’s about as good as you can get otherwise.
Yes exactly, because it is a privacy tech, the key/control channel tunnels through all software into the Mojo-V trusted H/W.
In the spec, I've been working on new Appendices comparing Mojo-V to TEEs, FHE, CHERI, and other high security tech. Mojo-V is a new thing, so absorbing it will take a while! :-)
I see it as a new design point between TEEs and FHE but much closer to FHE. TEEs are fast but they are not good at establishing trust with untrustworthy service providers, FHE is the ultimate in zero trust as all trust is in the math. Mojo-V eliminates all software, programmer, IT staff, attacker, malware trust with trusted hardware, and it runs near native speed.
And yeah, my mission is to snuggle as close to FHE as hardware can get!
Since the threat assessment is important for deciding the strength of countermeasures, let me just add that this isn't as uncommon as you may believe. A company that I worked for had a decent capability to do this, and they were using it just to investigate the failures of electronic subsystems in their projects. Imagine what a more dedicated entity could achieve. This is why standards like FIPS 140-2/3 level-3/4 are very relevant in a significant number of corporate cases.
Talking about chip surgeries, I wish our distinguished expert Ken Shirrif could throw some light on the process. His work on legacy chips is one of the most noteworthy in the field.
For me, I see Mojo-V more like FHE than a TEE, for three primary reasons: 1) Like FHE, the tech is applied to variables and computation that doesn't touch protected variables is not affected. TEEs protect processes. 2) Like FHE, Mojo-V lacks software, timing, and microarchitectural side channels. TEEs are riddled with side channels. 3) Like FHE, no trust is extended to software because it cannot see the data it is processing. TEEs require that clients trust that the attested software has their best interests in mind.
Public key signing is like SGX, the vendor signs the public to certify that it is from real Mojo-V hardware.
4 more comments available on Hacker News