[Cryptography] Construction of cryptographic software.

[Henry Baker]

At 01:44 PM 12/2/2014, Ray Dillinger wrote:
>AFAIK no other language allows me to
>absolutely control when and whether copies are made, when and whether
>writes to variables actually happen, etc, as well.

Well, actually there are higher-level languages which can control
copies & copying.

The concept of "linear variables" (from the ideas of "linear
logic") is what you want.

Linear ("use-once"; actually "use-exactly-once") variables can't
be copied, although their contents can -- but the copying must
be explicit.  Furthermore, linear variables _must_ be referenced
at least once and at most once, so you can't just ignore them. 
In particular, if you "consume" such a variable in one arm of a
conditional, you must also "consume" that variable in the other
arm.

Note that typical faulting instructions like divide-by-zero which
occur in one arm of a conditional must be caught in such a way
that any linear variables consumed in the other arm are also
consumed in the fault handler.  Thus, dealing with linear variables
often requires some sort of transaction block mechanism.

"Exchange" instructions -- e.g., PDP-10 EXCH -- work quite well
with these linear variables.  Stacks also work, so long as the
memory cells "above the stack" are properly zeroed out.  (Check
out some of the classic Burroughs architectures.)

If these linear variables sound suspiciously like non-cloneable
quantum states and/or transactional QM, then you have begun to
grok them correctly.

I have some examples of how to program with such _linear variables_
in some papers in my paper repository:

http://home.pipeline.com/~hbaker1/