This write-up clarifies our recent stands on the two papers:
1. Anirban Chakraborty, Nimish Mishra, Sayandeep Saha, and Debdeep Mukhopadhyay, "Systematic Evaluation of Randomized Cache Designs against Cache Occupancy" USENIX Security 2025
2. Anubhav Bhatla, Hari Rohit Bhavsar, Sayandeep Saha, and Biswabandan Panda, “So, You Think You Know All About Secure Randomized Caches?” USENIX Security 2025
Recently, in [1], it has been claimed that the attack on Mirage design we performed was an artifact of some modeling choices during simulation, and the attack does not work in practice.
However, after a thorough evaluation of all the conflicting claims, especially those from the IITKGP team in the last week, we maintain our stand that, as noted in an observation in [1], (1) increased L1d cache size; and (2) randomizing global eviction mapping is not self-sufficient to prevent AES leakage from Mirage. This is because we still observe t-test leakage from the updated design proposed in [1], which is a representative of leakage.
We would like to point out that the leakage we observed comes from Mirage at 50% occupancy level, and, therefore, it is different from previous works like CacheFX, which targeted 100% cache occupancy. Indeed, at 100% cache occupancy, occupancy attacks become easier, but it still remains a non-trivial observation at any lower occupancy level.
While performing a simulated attack in any of such conditions takes days or months due to the complexity of architectural simulators, in real hardware, where thousands of encryptions can be performed in seconds, the leakages would become fatal.
Our consolidated observations are presented in:
https://github.com/SEAL-IIT-KGP/randomized_caches/tree/main/addendum
[1] Chris Cao and Gururaj Saileshwar. Yet another mirage of breaking mirage: Debunking occupancy-based side-channel attacks on fully associative randomized caches. arXiv preprint arXiv:2508.10431, 2025.