This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: "Scream" cipher – news · newspapers · books · scholar · JSTOR (August 2016) (Learn how and when to remove this template message)

The **Scream** cipher is a word-based stream cipher developed by Shai Halevi, Don Coppersmith and Charanjit Jutla from IBM.

The cipher is designed as a software efficient stream cipher. The authors describe the goal of the cipher to be a more secure version of the SEAL cipher.

The general design of Scream is close to the design of SEAL with block cipher-like round functions. There are two versions of Scream. One of them, *Scream-F*, reuses the S-boxes from the Advanced Encryption Standard (AES) block cipher, while the other, *Scream*, internally generates new, key-dependent S-boxes as part of the initialization phase. The round function is also based on the AES-round function, but is narrower, 64 bits instead of 128 bits.

The cipher uses a 128-bit key and a 128-bit nonce. It is efficient in software, running at 4-5 cycles per byte on modern processors.

The cipher was presented at the Fast Software Encryption (FSE) conference in 2002.