[Cryptography] Speculation considered harmful?
Howard Chu
hyc at symas.com
Sat Jan 6 00:49:06 EST 2018
Henry Baker wrote:
> So-called "two phase commit protocols" attempt to gather all the information and resources necessary to *complete* a transaction prior to "committing" the transaction. If the transaction can't be completed, than it must need to be "rolled back" -- a process of *undoing* any actions that were done during the gathering phase.
>
> There's only one slight problem: you can't unring a bell: you can't "unlearn"/"forget" a bit that you learned during the gathering phase. Or more precisely, you can't force a party to the transaction to forget such bits.
>
> I don't have a clean solution to this "forgetting" problem, and I doubt that anyone else does, either.
Eh. In the context of Spectre, the CPU knows which cachelines it loaded in a
speculative fetch. It should simply mark them invalid when unrolling the
speculation.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list