[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2024/250

Exploring the Six Worlds of Gröbner Basis Cryptanalysis: Application to Anemoi

Katharina Koschatko, Graz University of Technology
Reinhard Lüftenegger, Graz University of Technology
Christian Rechberger, Graz University of Technology
Abstract

Gröbner basis cryptanalysis of hash functions and ciphers, and their underlying permutations, has seen renewed interest recently. Anemoi (Crypto'23) is a permutation-based hash function that is efficient for a variety of arithmetizations used in zero-knowledge proofs. In this paper, exploring both theoretical bounds as well as experimental validation, we present new complexity estimates for Gröbner basis attacks on the Anemoi permutation over prime fields. We cast our findings in what we call the six worlds of Gröbner basis cryptanalysis. As an example, keeping the same security arguments of the design, we conclude that at least 41 instead of 37 rounds would need to be used for 256-bit security, whereby our suggestion does not yet include a security margin.

Note: https://github.com/IAIK/six-worlds-anemoi

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in TOSC 2024
Keywords
Algebraic CryptanalysisArithmetization-Friendly Hash FunctionsGröbner Basis AttackAnemoiMultihomogeneous Bézout
Contact author(s)
katharina koschatko @ tugraz at
reinluft mark @ gmail com
christian rechberger @ tugraz at
History
2024-11-23: revised
2024-02-15: received
See all versions
Short URL
https://ia.cr/2024/250
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/250,
      author = {Katharina Koschatko and Reinhard Lüftenegger and Christian Rechberger},
      title = {Exploring the Six Worlds of Gröbner Basis Cryptanalysis: Application to Anemoi},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/250},
      year = {2024},
      url = {https://eprint.iacr.org/2024/250}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.