International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Cryptanalysis of Full SCARF

Authors:
Michiel Verbauwhede , Cosic, KU Leuven
Tyge Tiessen , Technical University of Denmark
Håvard Raddum , Simula UiB
Antonio Flórez-Gutiérrez , NTT, Tokyo, Japan
Eran Lambooij , Bar-Ilan University
Gaetan Leurent , Inria, Paris
Download:
Search ePrint
Search Google
Conference: EUROCRYPT 2025
Abstract: SCARF is a tweakable block cipher dedicated to cache address randomization, proposed at the USENIX Security conference. It has a 10-bit block, 48-bit tweak, and 240-bit key. SCARF is aggressively optimized to meet the harsh latency constraints of cache address randomization, and uses a dedicated model for its security claim. The full version of SCARF has 8 rounds, and its designers claim security up to $2^{40}$ queries and $2^{80}$ computations. In this work we present a distinguisher against 6-round SCARF under the collision model with complexity $2^{30}$, and a key-recovery attack against the full 8-round SCARF under the encryption-decryption model with $2^{39}$ queries and time $2^{76.2}$.
BibTeX
@inproceedings{eurocrypt-2025-35068,
  title={Cryptanalysis of Full SCARF},
  publisher={Springer-Verlag},
  author={Michiel Verbauwhede and Tyge Tiessen and Håvard Raddum and Antonio Flórez-Gutiérrez and Eran Lambooij and Gaetan Leurent},
  year=2025
}