cperciva, if you're around, I'd be really curious to hear a bit more about the details behind your attempts to get "Cache Missing for Fun and Profit". I'm really surprised that it was so hard to find a home for it! Maybe a more general security venue like USENIX Sec, ACM CCS, or IEEE S&P would have been a better fit for something that was neither fish nor fowl? Just a couple years later in 2008 USENIX Sec published "Reverse-Engineering a Cryptographic RFID Tag" which is a personal favorite and similarly is a mix of low-level hardware architecture and cryptography.
There were two other shared CPU cache side channel attacks on cryptography in 2005 (DJB's "Cache-timing attacks on AES" [2] and Osvik/Shamir/Tromer's "Cache Attacks and Countermeasures: the Case of AES" [3]) so in some ways it feels like the time was right for the community to start finding these attacks -- which makes it all the more baffling to me that your work got rejected.
I'm also a bit dismayed at the advice not to work on anything too novel. I guess it's true in some ways (our Chaff Bugs [4] paper and an associated grant proposal got rejected for four years straight with comments like "the panel was uniformly skeptical that anyone would ever be willing to use this" [5]), but it feels from the inside that it just takes more work to convince people to take a chance on new ideas, and that the larger issue is just how much inherent randomness there is in the peer review system [6] (my advisor used to say it wasn't worth paying attention to the first rejection, and not to worry until it was rejected a second time -- and I think it's only gotten worse since then). Good work gets rejected all the time, and it sucks :(
Anyway, you clearly seem pretty happy with how things ended up, so perhaps I'm just saying that I'm disappointed that we in academic security missed out on the opportunity to have you as a colleague ;)
There were two other shared CPU cache side channel attacks on cryptography in 2005 (DJB's "Cache-timing attacks on AES" [2] and Osvik/Shamir/Tromer's "Cache Attacks and Countermeasures: the Case of AES" [3]) so in some ways it feels like the time was right for the community to start finding these attacks -- which makes it all the more baffling to me that your work got rejected.
I'm also a bit dismayed at the advice not to work on anything too novel. I guess it's true in some ways (our Chaff Bugs [4] paper and an associated grant proposal got rejected for four years straight with comments like "the panel was uniformly skeptical that anyone would ever be willing to use this" [5]), but it feels from the inside that it just takes more work to convince people to take a chance on new ideas, and that the larger issue is just how much inherent randomness there is in the peer review system [6] (my advisor used to say it wasn't worth paying attention to the first rejection, and not to worry until it was rejected a second time -- and I think it's only gotten worse since then). Good work gets rejected all the time, and it sucks :(
Anyway, you clearly seem pretty happy with how things ended up, so perhaps I'm just saying that I'm disappointed that we in academic security missed out on the opportunity to have you as a colleague ;)
[1] https://www.usenix.org/legacy/event/sec08/tech/full_papers/n...
[2] http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
[3] https://eprint.iacr.org/2005/271.pdf
[4] https://arxiv.org/abs/1808.00659
[5] Possibly this is true, I admit.
[6] See e.g. the NeurIPS 2014 and 2021 consistency experiments: https://arxiv.org/abs/2109.09774, https://blog.neurips.cc/2021/12/08/the-neurips-2021-consiste...