Invertible Quadratic Non-Linear Layers for MPC-/FHE-/ZK-Friendly Schemes over Fnp

Abstract: Motivated by new applications such as secure Multi-Party Computation (MPC), Fully Homomorphic Encryption (FHE), and Zero-Knowledge proofs (ZK), many MPC-, FHE- and ZK-friendly symmetric-key primitives that minimize the number of multiplications over Fp for a large prime p have been recently proposed in the literature. This goal is often achieved by instantiating the non-linear layer via power maps x↦xd. In this paper, we start an analysis of new non-linear permutation functions over Fnp that can be used as bui… Show more

“…Even if the analysis proposed in the following and the one proposed in [GOPS22] are very similar, we point out the following. In [GOPS22], authors proved that any SIlifting function S F over F n p for n ≥ 3 induced by F : F 2 p → F p of degree 2 is not invertible by finding (at least) one collision for S F . In our current work, we aim to estimate the probability that a collision occurs, which requires to find all possible collisions of S F .…”

“…As it is well known, no quadratic function F over F p is invertible, which (obviously) implies that no SI-lifting function S F over F n p induced by F (x) = x 2 + α 1 • x + α 0 can be invertible as well. Recently, at FSE/ToSC 2022, Grassi et al [GOPS22] proved that, given any p quadratic function F : F 2 p → F p , the corresponding SI-lifting function S F over F n p for n ≥ 3 as defined in Def. 1 is never invertible.…”

“…Our starting point for setting up a l-bound surjective function with l smaller than 2 n are the recent results proposed by Grassi et al [GOPS22] at FSE/ToSC 2022 regarding the case of SI-lifting functions.…”

“…In [GOPS22], authors proved that, given any quadratic function F : F 2 p → F p , the corresponding function S F over F n p for n ≥ 3 as defined in Def. 1 is never invertible.…”

“…For comparing the performances of MiMC and of MiMC++, we first recall that evaluating x → x d costs ⌊log 2 (d)⌋ + hw(d) − 1 F p -multiplications, as shown e.g. in [GOPS22]. Based on this, the number of multiplications required for evaluating MiMC corresponds to…”

Bounded Surjective Quadratic Functions over Fnp for MPC-/ZK-/FHE-Friendly Symmetric Primitives

“…Even if the analysis proposed in the following and the one proposed in [GOPS22] are very similar, we point out the following. In [GOPS22], authors proved that any SIlifting function S F over F n p for n ≥ 3 induced by F : F 2 p → F p of degree 2 is not invertible by finding (at least) one collision for S F . In our current work, we aim to estimate the probability that a collision occurs, which requires to find all possible collisions of S F .…”

“…As it is well known, no quadratic function F over F p is invertible, which (obviously) implies that no SI-lifting function S F over F n p induced by F (x) = x 2 + α 1 • x + α 0 can be invertible as well. Recently, at FSE/ToSC 2022, Grassi et al [GOPS22] proved that, given any p quadratic function F : F 2 p → F p , the corresponding SI-lifting function S F over F n p for n ≥ 3 as defined in Def. 1 is never invertible.…”

“…Our starting point for setting up a l-bound surjective function with l smaller than 2 n are the recent results proposed by Grassi et al [GOPS22] at FSE/ToSC 2022 regarding the case of SI-lifting functions.…”

“…In [GOPS22], authors proved that, given any quadratic function F : F 2 p → F p , the corresponding function S F over F n p for n ≥ 3 as defined in Def. 1 is never invertible.…”

“…For comparing the performances of MiMC and of MiMC++, we first recall that evaluating x → x d costs ⌊log 2 (d)⌋ + hw(d) − 1 F p -multiplications, as shown e.g. in [GOPS22]. Based on this, the number of multiplications required for evaluating MiMC corresponds to…”

Bounded Surjective Quadratic Functions over Fnp for MPC-/ZK-/FHE-Friendly Symmetric Primitives

From Farfalle to Megafono via Ciminion: The PRF Hydra for MPC Applications

Invertible Quadratic Non-linear Functions over $$\mathbb {F}_p^n$$ via Multiple Local Maps