Branch predictors are vulnerable to conflict-based side-channel attacks (e.g., Spectre variants), and existing defenses incur substantial performance overhead. To address this, we propose the Conflict-Invisible Branch Predictor Unit (CIBPU), a secure branch prediction architecture. Our method introduces three key innovations: (1) a redundant storage architecture to eliminate conflict signatures; (2) a load-aware hash indexing scheme to dynamically distribute predictions without observable collision patterns; and (3) a static-key-binding encryption mechanism that requires no per-cycle key updates, ensuring strong confidentiality throughout the predictor’s lifetime. Evaluated on gem5/RISC-V, CIBPU incurs only 1.12–2.20% average performance overhead; FPGA implementation on SonicBOOM shows merely 2.01% degradation—the lowest among state-of-the-art secure BPUs. Hardware storage overhead remains moderate, achieving an unprecedented balance between high security assurance and minimal performance cost.

Previous schemes for designing secure branch prediction unit (SBPU) based on physical isolation can only offer limited security and significantly affect BPU's prediction capability, leading to prominent performance degradation. Moreover, encryption-based SBPU schemes based on periodic key re-randomization have the risk of being compromised by advanced attack algorithms, and the performance overhead is also considerable. To this end, this paper proposes a conflict-invisible SBPU (CIBPU). CIBPU employs redundant storage design, load-aware indexing, and replacement design, as well as an encryption mechanism without requiring periodic key updates, to prevent attackers' perception of branch conflicts. We provide a thorough security analysis, which shows that CIBPU achieves strong security throughout the BPU's lifecycle. We implement CIBPU in a RISC-V core model in gem5. The experimental results show that CIBPU causes an average performance overhead of only 1.12%-2.20% with acceptable hardware storage overhead, which is the lowest among the state-of-the-art SBPU schemes. CIBPU has also been implemented in the open-source RISC-V core, SonicBOOM, which is then burned onto an FPGA board. The evaluation based on the board shows an average performance degradation of 2.01%, which is approximately consistent with the result obtained in gem5.