Hacker News

Favorites Setup
Comment by cperciva | original | For first time, a cell built from scratch grows and divides
[−]cperciva · 2026-07-01 Wed 17:49 UTC · link
My paper demonstrating a side channel attack on RSA via hyperthreading was rejected from the crypto preprint archive on the basis that it was "not cryptography".

(Reviewers at J.Crypto subsequently sat on it for a year and then suggested I submit it to a journal on CPU microarchitecture instead.)

Novel research is uniquely susceptible to "cool but it's not part of our field", because that critique is entirely correct until the research gets published!

[−]oalae5niMiel7qu · 2026-07-01 Wed 18:41 UTC · link
Submit it as a CVE.
[−]cperciva · 2026-07-02 Thu 00:47 UTC · link
This was CVE-2005-0109.
[−]psyphy2 · 2026-07-01 Wed 18:43 UTC · link
I'm not familiar with your work, but a more arch venue does sound like more appropriate to me as someone from arch?
[−]cperciva · 2026-07-02 Thu 00:45 UTC · link
Frankly, there's no way any arch venue at the time would have done anything beyond rejecting it with "caches make RSA fast, what's the problem?"

Security wasn't something CPU designers paid much attention to, and cryptography wasn't something they were even particularly aware of. Even seven years ago, when an Intel VP was giving a talk at re:Invent about "processor technologies for improving security in virtual machines", my question to him about cache collision side channel attacks was met with "what's a side channel attack?"

[−]_zoltan_ · 2026-07-01 Wed 19:21 UTC · link
our paper to a database venue about bringing GPU support to Presto was rejected. one of the reviewers wrote, and I quote verbatim: "the topic of the paper is too practical". I just couldn't help but laughed at it.
[−]hoppp · 2026-07-01 Wed 19:34 UTC · link
Too practical haha Maybe they just wanted hype?
[−]hilbertseries · 2026-07-01 Wed 22:06 UTC · link
Looking over Journal of Cryptology, they appear to be a theory journal. So an attack on an implementation, based on hardware probably doesn't interest them as much.
[−]paulddraper · 2026-07-02 Thu 00:19 UTC · link
> a forum for publication of original results in all areas of modern information security [1]

Seems like info sec to me.

[1] https://www.iacr.org/jofc/

[−]cperciva · 2026-07-02 Thu 00:39 UTC · link
They publish lots of papers about side channel attacks, including very hardware based ones like power consumption analysis.

It just happened that "leak information into microarchitectural state and then retrieve it" didn't exist as a subfield until my work (and the OST work a few weeks behind mine).