add TODO european dimension

src/SUMMARY.md

@@ -1,6 +1,8 @@
 * [Libre-Chip](README.md)
     * [Proposal for Libre-Chip's First CPU Architecture](first_arch/index.md)
         * [Register Renaming](first_arch/register_renaming.md)
+    * [Grants](grants/index.md)
+        * [First NLNet Grant Proposal](grants/nlnet-first.md)
 * [Conduct](Conduct.md)
 * [License](LICENSE.md)
     * [GPL 3.0](gpl-3.0.md)

src/grants/index.md

@@ -0,0 +1 @@
+# Grants

src/grants/nlnet-first.md

@@ -0,0 +1,64 @@
+# First NLNet Grant Proposal -- First CPU Architecture And Formal Proof of No Spectre bugs
+
+Project Name: Libre-Chip's First CPU Architecture And Formal Proof of No Spectre bugs
+
+Website/Wiki: <https://libre-chip.org/>
+
+# Abstract
+
+Modern CPUs suffer from a [constant stream of new speculative-execution security flaws](https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability#Timeline) ([Spectre](https://meltdownattack.com/)-style bugs), additionally software has to constantly add more convoluted and slow mitigations to properly inforce security boundaries, such as a WebAssembly VM needing to add code to prevent leaking data from outside the VM to whatever programs are running inside the VM, or a web browser needing to stop JavaScript code from seeing memory that it should not have access to.
+
+To address this major category of CPU flaws, Jacob Lifshay invented a way to formally prove that a CPU with speculative execution doesn't suffer from any speculative-execution data leaks -- this should work for nearly any kind of CPU design.
+
+We are working towards building a high-performance superscalar CPU with speculative execution and working on proving that it doesn't suffer from any speculative-execution data leaks, thereby demonstrating that this major category of CPU flaws can be fixed once and for all without crippling CPU performance.
+
+## Relevant Previous Involvement
+
+* Jacob Lifshay -- TODO
+
+* Others... TODO
+
+# Requested support
+
+Requested Amount &euro;50000
+
+## Cost Explanation
+
+Nearly all of the cost is for labor, with some amount set aside for general project management (e.g. tracking funding, server maintenance, etc.), and for hardware costs such as buying bigger FPGAs so the CPU design will fit.
+
+TODO, come up with estimated budgets.
+
+## Compare with existing/historical efforts
+
+# UPEC, as described in "An Exhaustive Approach to Detecting Transient Execution Side Channels in RTL Designs of Processors"
+
+<https://arxiv.org/pdf/2108.01979>
+
+According to <https://arxiv.org/pdf/2407.12232>, UPEC is limited in that it only works on a specific conservative mechanism (preventing speculative load instructions from executing untill all prior branches are resolved). Jacob Lifshay's idea, by contrast, should work even if the CPU runs speculative loads before resolving branches, with much less stringient conditions on those loads.
+
+# "RTL Verification for Secure Speculation Using Contract Shadow Logic"
+
+<https://arxiv.org/pdf/2407.12232>
+
+TODO
+
+## Technical challenges we expect to solve during the project
+
+We expect to solve 2 technical challenges:
+
+* To create a working OoO Superscalar CPU with Speculative Execution.
+* To make substantial progress on creating a formal proof that the CPU doesn't have any Spectre-style vulnerabilities. This is complex enough and has enough potential problems we may run into that we may not finish by the end of this grant, and may need additional grants afterward to finish, hence why the goal is making substantial progress instead of having the proof 100% complete and working.
+
+To address this general category of CPU flaws, I (Jacob Lifshay) invented a way to formally prove that a CPU with speculative execution doesn't suffer from any speculative-execution data leaks:
+
+1. Assume that to leak data, you must be able to observe some change in the digital signals going from/to the CPU core that depends on the results (defined to include any side-effects that change any state, such as cache state changes or branch predictor changes) of some transient instructions (instructions that were speculatively executed and then canceled).
+2. Take the concrete cycle-accurate CPU design, and construct a theoretical equivalent that has the additional feature of looking into the future to determine which instructions will be canceled and preemptively forces their results to be zeros (or any other value that doesn't depend on transient instructions' data; since we're doing math here, we don't have to limit ourselves to physically possible designs that respect time flow). The reasoning is that if all transient instructions' results are always zeros, they can't possibly be leaking any useful data, therefore the theoretical equivalent CPU design doesn't have any speculative-execution data leaks.
+3. Formally prove that all digital signals from/to the concrete CPU core always exactly match the timing and data in all respects of the theoretical equivalent CPU design. This proves that the concrete CPU core can't have any speculative-execution data leaks.
+
+It is expected that automated formal proof software (stuff like SMT solvers such as Z3) will probably be too slow to be usable for the formal correctness proof, therefore the plan is to use Fayalite to generate a translation of the CPU design to Coq or some other similar language for writing formal proofs. Fayalite is a HDL software library that we have been developing since around April 2024 that targets the FIRRTL intermediate language (used by the Chisel ecosystem for generating Verilog; firtool, the FIRRTL to Verilog translator, is part of LLVM Circt, so is well maintained).
+
+## Ecosystem
+
+TODO
+
+TODO European dimension? benefits people everywhere by having CPUs with better security, including Europeans.