Design of Symmetric-Key Primitives for Advanced Cryptographic Protocols

Abstract: While traditional symmetric algorithms like AES and SHA-3 are optimized for efficient hardware and software implementations, a range of emerging applications using advanced cryptographic protocols such as multi-party computation and zero knowledge proofs require optimization with respect to a different metric: arithmetic complexity.In this paper we study the design of secure cryptographic algorithms optimized to minimize this metric. We begin by identifying the differences in the design space between such arit… Show more

“…Our analysis of STARK-friendly primitives clearly shows that the concrete instances of GMiMC and HadesMiMC proposed in the StarkWare challenges present several major weaknesses, independently from the choice of the underlying finite field. At a first glance, the third contender involved in the challenges, namely Vision for the binary field and Rescue for the prime fields [7], seems more resistant to the cryptanalytic techniques we have used against the other two primitives. This seems rather expected since Vision and Rescue follow a more classical SPN construction with full Sbox layers; for similar parameters, they include a larger number of Sboxes which may prevent them from the unsuitable behaviours we have exhibited on the other primitives.…”

“…One example of such a use case is the zero-knowledge proof system deployed in the Zcash cryptocurrency. Another very interesting example is the ZK-STARK protocol [13], which is expected to be deployed on top of the Ethereum blockchain within the next year: it uses as a building-block a collision-resistant hash function, and the performance of the proof system highly depends on the number of arithmetic operations required for describing the hash function (see [7] for details).…”

“…Therefore, several new ciphers and hash functions have been proposed in the last five years for these advanced protocols. They include several FHE-friendly symmetric encryption schemes such as LowMC [6], FLIP [31], Kreyvium [20] and Rasta [22], some MPC-friendly block ciphers such as MiMC [5] and its variants [3,24], and some primitives dedicated to proof systems such as the functions from the Marvellous family, including Jarvis, Friday [8], Vision and Rescue [7].…”

Out of Oddity – New Cryptanalytic Techniques Against Symmetric Primitives Optimized for Integrity Proof Systems

“…Our analysis of STARK-friendly primitives clearly shows that the concrete instances of GMiMC and HadesMiMC proposed in the StarkWare challenges present several major weaknesses, independently from the choice of the underlying finite field. At a first glance, the third contender involved in the challenges, namely Vision for the binary field and Rescue for the prime fields [7], seems more resistant to the cryptanalytic techniques we have used against the other two primitives. This seems rather expected since Vision and Rescue follow a more classical SPN construction with full Sbox layers; for similar parameters, they include a larger number of Sboxes which may prevent them from the unsuitable behaviours we have exhibited on the other primitives.…”

“…One example of such a use case is the zero-knowledge proof system deployed in the Zcash cryptocurrency. Another very interesting example is the ZK-STARK protocol [13], which is expected to be deployed on top of the Ethereum blockchain within the next year: it uses as a building-block a collision-resistant hash function, and the performance of the proof system highly depends on the number of arithmetic operations required for describing the hash function (see [7] for details).…”

“…Therefore, several new ciphers and hash functions have been proposed in the last five years for these advanced protocols. They include several FHE-friendly symmetric encryption schemes such as LowMC [6], FLIP [31], Kreyvium [20] and Rasta [22], some MPC-friendly block ciphers such as MiMC [5] and its variants [3,24], and some primitives dedicated to proof systems such as the functions from the Marvellous family, including Jarvis, Friday [8], Vision and Rescue [7].…”

Out of Oddity – New Cryptanalytic Techniques Against Symmetric Primitives Optimized for Integrity Proof Systems

“…Considering that the inversion operation over is acausal computation [16], we will use zero‐knowledge proof to perform the inversion operation. In this case of zero‐knowledge proofs, the particular variant of acausal computation is known as non‐determinism.…”

“…There are two ways to find the inverse of the Galois field , one is to find its inverse element in a pre‐designed table, the other is to use power operation. In [16], the authors use the principle of zero‐knowledge proof to carry out the inverse operation, which reduces the number of times of multiplication calculation to 2. In this study, a high‐order mask based on zero‐knowledge proof is designed to mask the inversion process.…”

Research on a high‐order AES mask anti‐power attack

New Fields in Symmetric Cryptography