Explaining the “Spectre-2” Attack for Non-Experts

By Ava McKinneyOnline Safety

Explaining the “Spectre-2” Attack for Non-Experts

This is an attempt to explain the “Spectre-2” attack (the most elegant and dangerous of the three recently published attacks on modern microprocessors: Meltdown, Spectre 1, and Spectre 2) in a way that non-specialists can understand. The explanation is long because the attack is complex, but I hope it will make sense to some extent.

The Witch’s Cottage: An Analogy

Imagine a powerful witch living in a cottage on the edge of town. She makes all sorts of potions and elixirs for her visitors, following very complicated instructions—so complicated that they don’t fit in a single book. If you could watch her work (but you can’t, as she always works behind closed doors), you’d see her desk covered with many open books. She constantly refers to them, writes mysterious letters and words on scraps of paper, searches through the books again, pours something from a vial into a bowl, adds a pinch of something else, and checks the books once more.

Some elixirs are so complex that, for example, the Green Rabbit Book might say: “Check what to do next in the Yellow Monkey Book, page 22, according to the letter on the paper in front of you.” On page 22 of the Yellow Monkey Book, it might say: “If the paper says A, go to this book and page; if B, go there; if C, go elsewhere; otherwise, check the Dirty Trickster Book.” Or it might say: “Open the book named on the left paper, on the page number from the right paper, and write down the third letter on the paper in front of you.” And so on.

Managing Limited Resources

The witch’s job is made harder by the fact that her desk, though large, can only hold so many books. Some elixirs require instructions from dozens or even hundreds of different books! She keeps many books in her cottage’s bookshelf, but even that isn’t enough. Sometimes, the book she needs isn’t on her desk or in the cottage, so she sends her assistant to the city library. The assistant brings the book back, and it stays on the desk or shelf for a while, but if it’s not needed for long, it’s eventually returned to the library to make room for others. Of course, this only applies to books that anyone is allowed to read—recipes that are well-known (though people still order them from the witch because they lack the ingredients or are afraid to mess up). The witch keeps her secret books to herself; they never go to the library.

The witch gets annoyed when she has to send her assistant to the library, as all work stops until the assistant returns. Making an elixir already takes a lot of time, even if all the books are at hand, and waiting makes it worse. So, she often relies on her memory but always double-checks. For example, if the Green Rabbit Book, page 5, says to check the Yellow Monkey Book, page 22, according to the letter on the paper, but the Yellow Monkey Book is at the library, the witch remembers that usually, at this point, the Yellow Monkey Book sends her to the Mongoose Book, page 3. She sends her assistant for the Yellow Monkey Book but, in the meantime, checks the Mongoose Book (which is handy) and does what it says—but only the things that definitely won’t ruin the potion. If the Mongoose Book says to prepare a new vial, crush something on the side, or order another book from the library, she does it to avoid wasting time. When the assistant returns with the Yellow Monkey Book, the witch carefully checks if she did the right thing. If yes, great; if not, she discards the new vial, throws away the crushed stuff, returns the book, and acts as if nothing happened. She continues with what actually needs to be done. The witch has an excellent memory, so she usually remembers the next steps correctly, saving a lot of time while the assistant is at the library.

The Secret Book of Death

I really want to know what’s written in the Book of Death, which the witch keeps in her cottage—it contains the recipe for the elixir of eternal youth! But the witch never makes this elixir for visitors. She uses it only for herself, and none of the recipes she prepares for clients ever mention the Book of Death. It’s not in the library, of course. This secret book is kept in the witch’s family and passed down through generations. I’m not the only one who wants to find out what’s in it. Many alchemists have spent years trying, and sometimes they’ve managed to learn a little.

For example, sometimes there are mistakes in the witch’s books, and these mistakes can be exploited to learn something about the Book of Death. A hundred years ago, there was a famous case with the then-witch (the great-grandmother of the current one), when an alchemist discovered a mistake in a love potion recipe: it told the witch to “look in the book named on the left paper and write down the letter at the number on the right paper,” but sometimes, depending on the client’s zodiac sign, the left paper was still blank at that point. The alchemist brought a Capricorn client, and during price negotiations, the client slipped a paper onto the left spot with “Book of Death” written on it. The witch didn’t notice and, following the recipe, wrote down the letter from the Book of Death at position 108 (which happened to be on the right paper at that moment)! When the love potion was ready, the alchemist, through analysis, figured out which letter it was. It was a laborious process, but now he knew one letter from the Book of Death—a huge achievement! He repeated this a few times and learned letters 78 and 23, but then the witch noticed the mistake and fixed the recipe. Now, when the client is a Capricorn, she always writes the correct book name on the left paper. Such mistakes are still occasionally found by lucky alchemists, but witches usually fix them quickly. No one has managed to read the entire Book of Death this way.

A Devilish New Plan

I have a new, devilish plan—one that no one has thought of before. Unlike all previous plans, it doesn’t rely on any mistakes in the recipe books. Even if there are no errors in the witch’s recipes, my plan will still work.

Not everyone knows this, but the witch has plenty of days off. Her recipes are expensive, so she doesn’t have many clients, and the Witch Guild’s rules prevent her from charging less. As a result, she only works on recipes 3-4 days a week; her income is more than enough, but her hardworking nature doesn’t let her rest. So, on her days off, she disguises herself as a young woman and sneaks to the city bakery at dawn, where she works all day as a baker’s assistant, one of many. I tracked her and know this secret. Moreover, I secretly bought the bakery and replaced the baker with my own person. Now, on the days she works at the bakery, she has to do what I say, though this doesn’t seem to help me learn her book secrets. The cottage is enchanted—no one can enter while she’s away, and you can’t affect the witch herself with magic.

Setting the Trap

Remember how I told you that in one of the witch’s recipes, the Green Rabbit Book, page 5, says to check the Yellow Monkey Book, page 22, and do what it says? I learned this by looking at these books in the library—they’re not secret. I also searched through many library books until I found the Cunning Fox Book, page 50, which, at the top of the page, says exactly what I was looking for: “Look in the book named on the left-1 paper, at the letter number on that paper, and if it’s the letter on the left-2 paper, then check what to do next in the book on the left-3 paper.” Some of the witch’s recipes are so complex that they require so many intermediate papers that their positions are numbered on her desk. This instruction is part of a very complicated recipe for a fly-repelling potion, but I’m not interested in the recipe itself—just this instruction in the middle. I remembered it’s on page 50 of the Cunning Fox Book.

I want the witch to follow this instruction—not as part of the whole fly-repelling recipe (that wouldn’t help me, as the left-1, left-2, and left-3 papers would have their own recipe-related notes), but so I can slip something about the Book of Death onto those papers and have her check a letter from the Book of Death for me. But I don’t have a ready-made recipe mistake to make her do this. My devilish plan is more cunning.

Gradually, I change the way things work at the bakery. The recipes for buns and pretzels become more and more complicated, so they can’t be memorized, and I introduce a system of recipe books similar to the ones the witch uses, but only about baking. I deliberately give these books the same names: Green Rabbit Book, Yellow Monkey Book, Cunning Fox Book. The witch doesn’t notice anything odd, as she’s used to following recipes automatically. I make it so that in “my” Green Rabbit Book, page 5, it also says to check the Yellow Monkey Book, page 22, and do what it says. In “my” Yellow Monkey Book, page 22, it always says: “see Cunning Fox Book, page 50.” I have the witch, while working as a baker’s assistant, make a bun by this recipe once, ten times, fifty times in a row. At the same time, on her witch days, I order her to make labor-intensive recipes unrelated to these books. My goal is to make her order many other books from the library, so the Yellow Monkey Book is definitely not in her cottage (since she hasn’t needed it for a while).

The Main Experiment

After several weeks of preparation, I’m ready for the main test. I go to the witch and order an innocent blue-light elixir, which requires the Green Rabbit Book, etc. Secretly, I place a paper labeled “Book of Death, letter number 1” in the left-1 position, “letter A” in left-2, and “Lotus Book” in left-3. The witch notices nothing, accepts the order, and sends me out—she never works on recipes in front of clients!

Then the witch starts making the elixir. When she gets to the part in the Green Rabbit Book that requires checking the Yellow Monkey Book, page 22, she finds the Yellow Monkey Book isn’t in the cottage and sends her assistant to the library. Meanwhile, she tries to remember what she usually does next. But just yesterday, she followed the same instructions fifty times in the bakery, and there, the Yellow Monkey Book sent her to the Cunning Fox Book, page 50. She remembers this and follows her memory. She opens the Cunning Fox Book, which says: “Look in the book named on the left-1 paper, at the letter number on that paper, and if it’s the letter on the left-2 paper, then check what to do next in the book on the left-3 paper.” The witch follows these instructions without much concern—if the assistant returns and the Yellow Monkey Book says something else, she’ll just discard what she did in the meantime—nothing irreversible. She sees that the left papers say to check the Book of Death, letter number 1, and if it’s A, go to the Lotus Book. She checks the Book of Death, sees that letter 1 is indeed A, but the Lotus Book isn’t handy. She sends another assistant to the library for the Lotus Book.

Meanwhile, the first assistant returns with the Yellow Monkey Book, which says something completely different. No problem. The witch starts doing that instead, and when the second assistant returns with the Lotus Book, she sends her back to return it to the library.

How the Plan Works

So how did this help me? After all, all these tricks didn’t affect the blue-light elixir at all! Maybe you think I tried to bribe the librarian to find out if the Lotus Book was ordered today? Or tried to order it myself, and if it wasn’t available, figured the witch had it? No, it’s not that simple! The library has many copies of every book, and librarians are strictly forbidden to tell visitors whether a book has been ordered. They’re incorruptible.

I use a feature of the library system the witch doesn’t know or has forgotten. The librarian has rheumatism and tries to avoid walking to the far shelves. If a book is ordered and returned, and it’s likely to be ordered again soon, she keeps it on a nearby shelf, especially if it’s from the far shelves. I specifically chose the Lotus Book—a book almost no one needs, usually kept on a distant shelf. After my elixir is ready, I go to the library and order the Lotus Book. I can’t see where the librarian goes, but I know—if she returns quickly, the book was on the nearby shelf, meaning the witch probably ordered it (there’s a small chance someone else did, but it’s unlikely), so the first letter in the Book of Death is “A”! If the librarian takes a long time, the witch didn’t order the Lotus Book, so the first letter in the Book of Death is something else.

Today I got lucky. On the first try, I learned that the first letter in the Book of Death is “A.” Now I need to prepare for the next attempt. First, I have to order several boring, labor-intensive recipes from the witch so she has no room for the Yellow Monkey Book and returns it to the library—otherwise, my plan won’t work. Meanwhile, on her bakery days, I keep training her to go to “Cunning Fox Book, page 50” after the Green Rabbit Book instructions, so she doesn’t forget. Meanwhile, the librarian returns the Lotus Book to its proper place on the far shelf, since no one asks for it for several days—this is also important. Finally, after a week, I’m ready to try again, and this time I check the second letter in the Book of Death—maybe it’s also “A”? (Unlikely, of course; “AA” at the start of a book is odd, but I’m thorough and methodical to a fault.) This time, the librarian takes a long time to return with the Lotus Book, so I know the second letter in the Book of Death isn’t “A.” Well, next week I’ll try again and see if it’s “B.” And so on, and so on, and so on. Sooner or later, I’ll read the entire Book of Death this way and learn the recipe for the elixir of youth. Maybe it’ll take 60 or 70 years…

Author: Anatoly Vorobey

Leave a Reply