Describe the risk of exposing additional hardware clocks

[jyasskin]

Clock Around the Clock: Time-Based Device Fingerprinting (https://doi.org/10.1145/3243734.3243796) discusses fingerprinting particular chips based on tiny variations in their quartz clock crystals. This can distinguish different copies of the same model of chip, not just different models of chip. They describe their attack as comparing the frequency of two different crystals in the same machine, but I think they're actually extracting NTP's precise measurement of a single clock crystal's frequency (by comparing with clocks over the network).

As we allow code to run on new processors like GPUs, we naturally expose additional clock crystals that can be compared against each other, which makes the fingerprint more precise. This is probably unavoidable and not something HR-Time can address. But there's currently a proposal to read timestamps on a GPU. If that's based on a new hardware crystal, it'll improve the fingerprint. If it's just calibrated against the same NTP measurement as the CPU, it won't. I think HR-Time should say something about that.