The curious tendency among cryptographers to believe that they need to make any OOB access the attacker suggests in order to be “constant-time”.
-
-
You forget that add (with pc as a possible operand) is Turing complete. :-)
-
So instead you’re leaking into the caches and ITLB, since they’re now functioning as your branch predictor =)
-
(Also, add-to-PC is a branch that can be predicted)
-
Not host pc. Virtual machine pc.
-
Yeah, in that case see previous comment. The caches hold your branch history.
-
But you also write your code that runs in the vm such that its branch history is worthless.
-
in that case why do you have the vm?
-
To mitigate variable insn timing (if you can write host asm) or lack of timing model in C (portable code only).
End of conversation
New conversation -
-
-
your interpreter is going to have a dispatch loop. it is going to have some conditional branches to implement the semantics of your abstract machine. it is going to leak information into the branch predictor.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.