a core to write data to and read data from a plurality of memory regions, each of the plurality of memory regions to be identified by a corresponding address;

an encryption unit to encrypt data to be written and decrypt data to be read, wherein the encryption unit is to use a plurality of encryption keys;

key identification hardware to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure, wherein, the corresponding key identifier is one of a plurality of key identifiers, and the corresponding key identifier is to identify one of the plurality of encryption keys to be used to encrypt and decrypt the data; and

an instruction decoder to decode a first instruction to write to the key information data structure, wherein the first instruction is the only way for software to write to the key information data structure and is to write only to the key information structure;

wherein the key information data structure is to include a first indicator corresponding to the corresponding key identifier, the first indicator to indicate whether a memory location identified by the corresponding address is private, the first indicator to be compared to a second indicator provided with the corresponding address for the look up.