I am going to share a thought here which is inappropriate for the birdsite simply because it would be RT’d endlessly without any understanding of its meaning.
What struck me in a particularly harsh way yesterday at Real World Crypto is the “fashionable research” syndrome.
Allow me to elaborate: the papers presented all had “side-channel” in them. Side-channel is the fashionable security of the ‘10s.
Indeed, very exciting, but now that is literally all that is being looked into!
There is no concept of the underlying (overlaying?) issue, i.e. assuming the CPU is trustworthy is now considered a mistake.
I would posit that the above has been known for a long time in reliability scenarios: a fabled controversy of the ‘90s had Europe vs. USA on avionics. European companies (Airbus) insisted that “majority consensus”
over three different computer architectures & independently developed software was a key requirement.The US (Boeing) behind Dartmouth said “one suffices”.
The Airbus reliability and dependability team was adamant about the “majority consensus” and Boeing similarly on “one suffices”. In the end they went their own ways but, big but, in my mind there is always the LaudaAir flight over India where the computer turned on the thrust inverters at 35k feet. It was a Boeing. I feared the AirFrance crash off Brasil was a similar issue until the reports came out and it was, unfortunately, human error.
What Airbus is doing is saying: I trust nobody.
What I strongly suspect is that getting these side-channel attacks to work even across two architectures would be a phenomenal challenge.
Please excuse the rant but I hope that, unlike the birdsite, you understand that I am looking for a real solution not a whack a’ mole oneZ