CryptoDB
Cryptanalysis of Full SCARF
| Authors: |
|
|---|---|
| Download: | |
| Presentation: | Slides |
| Conference: | EUROCRYPT 2025 |
| Abstract: | SCARF is a tweakable block cipher dedicated to cache address randomization, proposed at the USENIX Security conference. It has a 10-bit block, 48-bit tweak, and 240-bit key. SCARF is aggressively optimized to meet the harsh latency constraints of cache address randomization, and uses a dedicated model for its security claim. The full version of SCARF has 8 rounds, and its designers claim security up to $2^{40}$ queries and $2^{80}$ computations. In this work we present a distinguisher against 6-round SCARF under the collision model with complexity $2^{30}$, and a key-recovery attack against the full 8-round SCARF under the encryption-decryption model with $2^{39}$ queries and time $2^{76.2}$. |
BibTeX
@inproceedings{eurocrypt-2025-35068,
title={Cryptanalysis of Full SCARF},
publisher={Springer-Verlag},
author={Michiel Verbauwhede and Tyge Tiessen and Håvard Raddum and Antonio Flórez-Gutiérrez and Eran Lambooij and Gaetan Leurent},
year=2025
}