← Back to context

Comment by cperciva

19 hours ago

My paper demonstrating a side channel attack on RSA via hyperthreading was rejected from the crypto preprint archive on the basis that it was "not cryptography".

(Reviewers at J.Crypto subsequently sat on it for a year and then suggested I submit it to a journal on CPU microarchitecture instead.)

Novel research is uniquely susceptible to "cool but it's not part of our field", because that critique is entirely correct until the research gets published!

our paper to a database venue about bringing GPU support to Presto was rejected. one of the reviewers wrote, and I quote verbatim: "the topic of the paper is too practical". I just couldn't help but laughed at it.

  • Too practical haha Maybe they just wanted hype?

    • Or perhaps they wanted something theoritical that advances the state of the art in database design and architecture (which is the whole purpose of academic reasearch/conference/etc) - not merely some report describing doing something that's already been done for a different DB.

Looking over Journal of Cryptology, they appear to be a theory journal. So an attack on an implementation, based on hardware probably doesn't interest them as much.

  • They publish lots of papers about side channel attacks, including very hardware based ones like power consumption analysis.

    It just happened that "leak information into microarchitectural state and then retrieve it" didn't exist as a subfield until my work (and the OST work a few weeks behind mine).

I'm not familiar with your work, but a more arch venue does sound like more appropriate to me as someone from arch?

  • Frankly, there's no way any arch venue at the time would have done anything beyond rejecting it with "caches make RSA fast, what's the problem?"

    Security wasn't something CPU designers paid much attention to, and cryptography wasn't something they were even particularly aware of. Even seven years ago, when an Intel VP was giving a talk at re:Invent about "processor technologies for improving security in virtual machines", my question to him about cache collision side channel attacks was met with "what's a side channel attack?"