[Cryptography] Better cache replacement policy for CPU caches
33389 at protonmail.com
Sat Jun 15 10:26:48 EDT 2019
Based on available information, CPUs use least-recently used as a cache replacement algorithm. This is excessively deterministic and leads to numerous side channel attacks. I propose a new cache replacement policy that would fix and prevent some categories of AES software timing attacks noticed since 2005.
All cache lines in the L1 cache will have a bitfield dedicated to each thread. When a cache line is loaded or read, a bit is set for all hardware threads except for the one requesting the data. When replacing a cache line, the first cache line with an unset bit is replaced. This is done by incrementing through each cache line and inspecting the bitfield, if the bit is set, it will be unset, and then the next cache line is inspected.
This will prioritize replacing cache lines used by the current hardware thread over cache lines used by other threads.
In the worst case, a thread will end up loading data to the L2 cache before it can load data into the L1 cache.
I call it the Canadian replacement algorithm because they are known for excessive politeness. This can be considered an inversion of the second-chance algorithm.
I won't touch upon the issue of context switches and software threads.
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography