Generalized Triangular Dynamical System: An Algebraic System for Constructing Cryptographic Permutations over Finite Fields

In recent years a new class of symmetric-key primitives over $\mathbb{F}_p$ that are essential to Multi-Party Computation and Zero-Knowledge Proofs based protocols have emerged. Towards improving the efficiency of such primitives, a number of new block ciphers and hash functions over $\mathbb{F}_p$ were proposed. These new primitives also showed that following alternative design strategies to the classical Substitution-Permutation Network (SPN) and Feistel Networks leads to more efficient cipher and hash function designs over $\mathbb{F}_p$ specifically for large odd primes $p$. In view of these efforts, in this work we build an \emph{algebraic framework} that allows the systematic exploration of viable and efficient design strategies for constructing symmetric-key (iterative) permutations over $\mathbb{F}_p$. We first identify iterative polynomial dynamical systems over finite fields as the central building block of almost all block cipher design strategies. We propose a generalized triangular polynomial dynamical system (GTDS), and based on the GTDS we provide a generic definition of an iterative (keyed) permutation over $\mathbb{F}_p^n$. Our GTDS-based generic definition is able to describe the three most well-known design strategies, namely SPNs, Feistel networks and Lai--Massey. Consequently, the block ciphers that are constructed following these design strategies can also be instantiated from our generic definition. Moreover, we find that the recently proposed \texttt{Griffin} design, which neither follows the Feistel nor the SPN design, can be described using the generic GTDS-based definition. We also show that a new generalized Lai--Massey construction can be instantiated from the GTDS-based definition. We further provide generic analysis of the GTDS including an upper bound on the differential uniformity and the correlation.

[1]  Arnab Roy,et al.  Arion: Arithmetization-Oriented Permutation and Hashing from Generalized Triangular Dynamical Systems , 2023, ArXiv.

[2]  D. Khovratovich,et al.  Reinforced Concrete: A Fast Hash Function for Verifiable Computation , 2022, CCS.

[3]  Lorenzo Grassi,et al.  Invertible Quadratic Non-Linear Layers for MPC-/FHE-/ZK-Friendly Schemes over Fnp Application to Poseidon , 2022, IACR Trans. Symmetric Cryptol..

[4]  Christian Rechberger,et al.  Influence of the Linear Layer on the Algebraic Degree in SP-Networks , 2022, IACR Trans. Symmetric Cryptol..

[5]  Eli Ben-Sasson,et al.  Design of Symmetric-Key Primitives for Advanced Cryptographic Protocols , 2020, IACR Trans. Symmetric Cryptol..

[6]  Qingju Wang,et al.  An Algebraic Attack on Ciphers with Low-Degree Round Functions: Application to Full MiMC , 2020, IACR Cryptol. ePrint Arch..

[7]  Dragos Rotaru,et al.  On a Generalization of Substitution-Permutation Networks: The HADES Design Strategy , 2020, IACR Cryptol. ePrint Arch..

[8]  Martin R. Albrecht,et al.  Algebraic Cryptanalysis of STARK-Friendly Designs: Application to MARVELlous and MiMC , 2019, IACR Cryptol. ePrint Arch..

[9]  Dragos Rotaru,et al.  Feistel Structures for MPC, and More , 2019, IACR Cryptol. ePrint Arch..

[10]  K. Conrad,et al.  Finite Fields , 2018, Series and Products in the Development of Mathematics.

[11]  Martin R. Albrecht,et al.  MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity , 2016, ASIACRYPT.

[12]  Stefano Tessaro,et al.  Provably Robust Sponge-Based PRNGs and KDFs , 2016, EUROCRYPT.

[13]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[14]  Benoit Cogliati,et al.  On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks , 2015, EUROCRYPT.

[15]  Bart Mennink,et al.  Security of Keyed Sponge Constructions Using a Modular Proof Approach , 2015, FSE.

[16]  Pooya Farshim,et al.  The Related-Key Security of Iterated Even-Mansour Ciphers , 2015, FSE.

[17]  Eli Biham,et al.  Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys , 2014, IACR Cryptol. ePrint Arch..

[18]  Y. Seurin,et al.  Minimizing the Two-Round Even-Mansour Cipher , 2014, IACR Cryptol. ePrint Arch..

[19]  Yannick Seurin,et al.  An Asymptotically Tight Security Analysis of the Iterated Even-Mansour Cipher , 2012, ASIACRYPT.

[20]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[21]  Anne Canteaut,et al.  Higher-Order Differential Properties of Keccak and Luffa , 2011, FSE.

[22]  Gregory V. Bard,et al.  Algebraic Cryptanalysis , 2009 .

[23]  Igor E. Shparlinski,et al.  On the degree growth in some polynomial dynamical systems and nonlinear pseudorandom number generators , 2009, Math. Comput..

[24]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[25]  Jacques Stern,et al.  Linear Cryptanalysis of Non Binary Ciphers , 2007, Selected Areas in Cryptography.

[26]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[27]  Jonathan D. H. Smith An Introduction to Quasigroups and Their Representations , 2006 .

[28]  Johannes A. Buchmann,et al.  A Zero-Dimensional Gröbner Basis for AES-128 , 2006, FSE.

[29]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[30]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[31]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[32]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[33]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[34]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[35]  Qingju Wang,et al.  Horst Meets Fluid-SPN: Griffin for Zero-Knowledge Applications , 2023, CRYPTO.

[36]  P. Briaud,et al.  New Design Techniques for Efficient Arithmetization-Oriented Hash Functions: ttAnemoi Permutations and ttJive Compression Mode , 2023, CRYPTO.

[37]  Qingju Wang,et al.  A New Feistel Approach Meets Fluid-SPN: Griffin for Zero-Knowledge Applications , 2022, IACR Cryptol. ePrint Arch..

[38]  Ilan Komargodski,et al.  Time-Space Tradeoffs for Sponge Hashing: Attacks and Limitations for Short Collisions , 2022, IACR Cryptol. ePrint Arch..

[39]  Arnab Roy,et al.  Poseidon: A New Hash Function for Zero-Knowledge Proof Systems , 2021, USENIX Security Symposium.

[40]  Roman Walch,et al.  Reinforced Concrete: Fast Hash Function for Zero Knowledge Proofs and Verifiable Computation , 2021, IACR Cryptol. ePrint Arch..

[41]  Elena Andreeva,et al.  Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions , 2021, IACR Cryptol. ePrint Arch..

[42]  Lorenzo Grassi,et al.  Invertible Quadratic Non-Linear Layers for MPC-/FHE-/ZK-Friendly Schemes over 픽pn , 2021, IACR Cryptol. ePrint Arch..

[43]  Vinod Vaikuntanathan,et al.  The t-wise Independence of Substitution-Permutation Networks , 2021, IACR Cryptol. ePrint Arch..

[44]  Avijit Dutta,et al.  Minimizing the Two-Round Tweakable Even-Mansour Cipher , 2020, IACR Cryptol. ePrint Arch..

[45]  Je Hong Park,et al.  On Lai–Massey and quasi-Feistel ciphers , 2011, Des. Codes Cryptogr..

[46]  Luca Trevisan,et al.  Introduction to Modern Cryptography , 2000 .

[47]  Dirk Fox Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[48]  Xuejia Lai,et al.  On the design and security of block ciphers , 1992 .