Efficient cryptographically secure control flow integrity protection

What is claimed is: 1. A system for computing processor control flow enforcement, the system comprising: a block cipher encryption circuit to execute a block cipher encryption on a first number including an identifier to produce a first encrypted result and execute a block cipher encryption on a second number including a return address, a stack location pointer, a code segment register value, and a stack segment register value to produce a second encrypted result, wherein the block cipher encryption circuit comprises a second number partitioning circuit to partition the second number into multiple blocks of bits, the block cipher encryption circuit executing the block cipher encryption on each of the multiple blocks of bits independently to produce a separate encrypted result for each of the multiple blocks of bits; an exclusive-OR (XOR) circuit to perform an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code (MAC) tag, wherein the XOR circuit comprises a multi-term XOR circuit to perform the XOR operation on the first encrypted result and each of the separate encrypted results for each of the multiple blocks of bits to produce the MAC tag; and a MAC tag comparator circuit to compare the MAC tag with a stored MAC tag retrieved from a call-stack. 2. The system of claim 1 , further comprising a MAC tag storing circuit to store the MAC tag on a call-stack. 3. The system of claim 1 , further comprising: an identifier generator circuit to generate the identifier based on a random number; an identifier storing circuit to store the identifier in an identifier storage memory location when processing a call or interrupt; and an identifier retrieving circuit to retrieve the identifier from the identifier storage memory location when processing a call-return or interrupt-return. 4. The system of claim 1 , further comprising: an identifier generator circuit including a counter circuit to generate the identifier based on a counter value; a counter incrementing circuit to increment the counter when processing a call or interrupt; and a counter decrementing circuit to decrement the counter when processing a call-return or interrupt-return. 5. The system of claim 1 , wherein the block cipher encryption circuit includes a secure PRINCE block cipher circuit. 6. The system of claim 1 , wherein the block cipher encryption circuit includes a single-clock-cycle cryptographic circuit. 7. The system of claim 1 , further comprising a second number generator circuit to generate the second number by concatenating binary representations of the return address and the stack location pointer together. 8. The system of claim 1 , wherein the block cipher encryption circuit executes the block cipher encryption on each of the multiple blocks of bits separately using a same cryptographic circuit in turn. 9. The system of claim 1 , wherein the block cipher encryption circuit comprises a plurality of separate cryptographic circuits, the plurality of separate cryptographic circuits executing the block cipher encryption on a respective different one of the multiple blocks of bits in parallel with one another. 10. A method of control flow enforcement for a computing processor, the method comprising: executing a block cipher encryption on a first number including an identifier to produce a first encrypted result; executing a block cipher encryption on a second number including a return address, a stack location pointer, a code segment register value, and a stack segment register value to produce a second encrypted result, including: partitioning the second number including the return address and the stack location pointer into multiple blocks of bits; and executing the block cipher encryption on each of the multiple blocks of bits independently to produce a separate encrypted result for each of the multiple blocks of bits; performing an exclusive-OR (XOR) operation on the first encrypted result and the second encrypted result to produce a message authentication code (MAC) tag, including performing the XOR operation on each of the separate encrypted results for each of the multiple blocks of bits to produce the MAC tag; and comparing the MAC tag with a stored MAC tag retrieved from a call-stack. 11. The method of claim 10 , further comprising storing the MAC tag on a call-stack. 12. The method of claim 10 , further comprising performing a call-return or interrupt-return, wherein the comparing is performed during the performing of the call-return or interrupt-return. 13. The method of claim 12 , further comprising generating an exception if the MAC tag does not match the stored MAC tag as a result of the comparing. 14. The method of claim 10 , wherein the identifier includes a random number, and the method further comprises: storing the identifier in an identifier storage memory location when processing a call or interrupt; and retrieving the identifier from the identifier storage memory location when processing a call-return or interrupt-return. 15. The method of claim 10 , wherein the identifier includes a counter value, and the method further comprises: incrementing the counter when processing a call or interrupt; and decrementing the counter when processing a call-return or interrupt-return. 16. The method of claim 10 , wherein the block cipher encryption includes a secure PRINCE block cipher. 17. The method of claim 10 , wherein a plurality of executions of the block cipher encryption is performed separately using a same cryptographic circuit in turn. 18. The method of claim 10 , wherein executing the block cipher encryption on each of the multiple blocks of bits independently comprises executing the block cipher encryption on a respective different one of the multiple blocks of bits by a plurality of separate cryptographic circuits in parallel with one another. 19. A non-transitory machine-readable medium including instructions that, when executed by a machine, cause the machine to perform the following operations: executing a block cipher encryption on a first number including an identifier to produce a first encrypted result; executing a block cipher encryption on a second number including a return address, a stack location pointer, a code segment register value, and a stack segment register value to produce a second encrypted result, including: partitioning the second number including the return address and the stack location pointer into multiple blocks of bits; and executing the block cipher encryption on each of the multiple blocks of bits independently to produce a separate encrypted result for each of the multiple blocks of bits; performing an exclusive-OR (XOR) operation on the first encrypted result and the second encrypted result to produce a message authentication code (MAC) tag, including performing the XOR operation on each of the separate encrypted results for each of the multiple blocks of bits to produce the MAC tag; and comparing the MAC tag with a stored MAC tag retrieved from a call-stack. 20. The non-transitory machine-readable medium of claim 19 , wherein the block cipher encryption includes a secure PRINCE block cipher.