Permutation-Based Cryptanalysis of the SCARF Block Cipher and Its Randomness Evaluation
摘要
SCARF (Secure CAche Randomization Function) is the first dedicated cache cipher proposed at the USENIX Security Symposium 2023. Its block length is merely 10-bit, which enters new territory in the field of block ciphers. Due to the particularity of SCARF, which is similar to a black box, the attacker cannot see the ciphertext and can only obtain information from collisions. In this paper, we take the SCARF block cipher as a Boolean permutation on \(F^{10}_{2}\) . We scrutinize the methods for constructing collision pairs under different keys and tweaks. We propose the corresponding conditions on the tweaks and secret keys of two SCARF ciphers, ensuring that the two ciphers collide at 1024, 512, and 256 elements of \(F^{10}_2\) , respectively. Moreover, we give an example that two SCARF ciphers are identical 11 elements of \(F^{10}_2\) under the related-tweak scenario. In addition, we study the conditions for the message that can lead to internal state collision under the related-tweak scenario, and construct a full (8+8)-round differential trail. We further present a differential trail for a pair of plaintexts that collide in (4+4)-round SCARF. Finally, we test the randomness of SCARF by the rules proposed in NIST standard SP800-22. Our results show that SCARF has some critical vulnerabilities.