[Cryptography] Spectre -- would an L0 for speculation-only help?
Tom Mitchell
mitch at niftyegg.com
Thu Jan 11 21:35:01 EST 2018
On Thu, Jan 11, 2018 at 11:20 AM, Nico Williams <nico at cryptonector.com>
wrote:
>
> Suppose speculative execution never evicted cache lines in any cache,
> except a special, _small_ (say, 8 cache lines) cache only used during
> speculation. Call this cache L0.
>
> When a speculated thread is committed
>
......
>
> Is this crazy? Workable?
Neither crazy or ....
One example of L0 cache in place now is the register set.
If nothing else the register set differences between 32bit ABI programs
and 64bit API programs is the set of registers. The more registers
the greater the context time. However register sets like the Z80 might
help.
More than the two sets of the Z80 but how many is a question.
> If so, would there still be timing side-
> channel attacks on speculative execution left unadressed? Perhaps there
> might be timing leaks via cache coherency effects?
>
Cache line impact depends on associativity and the memory subsystem.
The speed differences are LARGE...
from https://gist.github.com/jboner/2841832
Latency Comparison Numbers
--------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180111/4091499f/attachment.html>
More information about the cryptography
mailing list