Heracles: Chosen Plaintext Attack on AMD SEV-SNP

Confidential computing needs hardware support that stops privileged software from learning secrets of a guest virtual machine. AMD offers such hardware support in the form of SEV-SNP to create confidential virtual machines, such that hardware encrypts all the VM memory. Specifically, SEV-SNP uses the XEX encryption mode with address-dependent tweak values such that the same plaintext at different memory addresses yields different ciphertexts.