Paper 2022/1228

SCARF: A Low-Latency Block Cipher for Secure Cache-Randomization

Federico Canale, Ruhr University Bochum
Tim Güneysu, Ruhr University Bochum, German Research Centre for Artificial Intelligence
Gregor Leander, Ruhr University Bochum
Jan Philipp Thoma
Yosuke Todo, NTT (Japan)
Rei Ueno, Tohoku University
Abstract

Randomized cache architectures have proven to significantly increase the complexity of contention-based cache side channel attacks and therefore pre\-sent an important building block for side channel secure microarchitectures. By randomizing the address-to-cache-index mapping, attackers can no longer trivially construct minimal eviction sets which are fundamental for contention-based cache attacks. At the same time, randomized caches maintain the flexibility of traditional caches, making them broadly applicable across various CPU-types. This is a major advantage over cache partitioning approaches. A large variety of randomized cache architectures has been proposed. However, the actual randomization function received little attention and is often neglected in these proposals. Since the randomization operates directly on the critical path of the cache lookup, the function needs to have extremely low latency. At the same time, attackers must not be able to bypass the randomization which would nullify the security benefit of the randomized mapping. In this paper we propose \cipher (\underline{S}ecure \underline{CA}che \underline{R}andomization \underline{F}unction), the first dedicated cache randomization cipher which achieves low latency and is cryptographically secure in the cache attacker model. The design methodology for this dedicated cache cipher enters new territory in the field of block ciphers with a small 10-bit block length and heavy key-dependency in few rounds.

Note: Minor update for Camera-Ready version.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. USENIX Security 2023
Keywords
Side channel attacksCache attacksRandomized cacheTweakable Block CipherLow latency
Contact author(s)
federico canale @ rub de
tim gueneysu @ rub de
gregor leander @ rub de
jan thoma @ rub de
yosuke todo xt @ hco ntt co jp
rei ueno a8 @ tohoku ac jp
History
2023-05-15: last of 2 revisions
2022-09-16: received
See all versions
Short URL
https://ia.cr/2022/1228
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX

@misc{cryptoeprint:2022/1228,
      author = {Federico Canale and Tim Güneysu and Gregor Leander and Jan Philipp Thoma and Yosuke Todo and Rei Ueno},
      title = {{SCARF}: A Low-Latency Block Cipher for Secure Cache-Randomization},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1228},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1228}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.