Reinforced Concrete: Fast Hash Function for Zero Knowledge Proofs and Verifiable Computation

We propose a new hash function Reinforced Concrete for the proof systems that support lookup tables, concretely Plookup based on KZG commitments or FRI. It has two solid advantages over predecessors: (a) Table lookups instead of (big) modular reductions are much faster both in ZK and plain computations thus making verifiable computation protocols based on recursive proofs (current trend) much more efficient; (b) the security is no longer solely based on (high) algebraic degree but rather on more traditional AES-like components inheriting decades of public scrutiny. Our design also employs a novel and fast field-to-tables conversion, which is of independent interest and can be used in other Plookup-friendly constructions. The new hash function is suitable for a wide range of applications like privacy-preserving cryptocurrencies, verifiable encryption, protocols with state membership proofs, or verifiable computation. It may serve as a drop-in replacement for various prime-field hashes such as variants of MiMC, Poseidon, Pedersen hash, and others.

[1]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[2]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[3]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[4]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[5]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[6]  Eli Ben-Sasson,et al.  Fast Reed-Solomon Interactive Oracle Proofs of Proximity , 2017, Electron. Colloquium Comput. Complex..

[7]  Dragos Rotaru,et al.  On a Generalization of Substitution-Permutation Networks: The HADES Design Strategy , 2020, IACR Cryptol. ePrint Arch..

[8]  B. Salvy,et al.  Asymptotic Behaviour of the Index of Regularity of Quadratic Semi-Regular Polynomial Systems , 2022 .

[9]  Eli Ben-Sasson,et al.  Design of Symmetric-Key Primitives for Advanced Cryptographic Protocols , 2020, IACR Trans. Symmetric Cryptol..

[10]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[11]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[12]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[13]  Gaëtan Leurent,et al.  An Analysis of the XSL Algorithm , 2005, ASIACRYPT.

[14]  Eli Ben-Sasson,et al.  Aurora: Transparent Succinct Arguments for R1CS , 2019, IACR Cryptol. ePrint Arch..

[15]  Jacques Stern,et al.  Linear Cryptanalysis of Non Binary Ciphers , 2007, Selected Areas in Cryptography.

[16]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[17]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[18]  Ariel Gabizon,et al.  plookup: A simplified polynomial protocol for lookup tables , 2020, IACR Cryptol. ePrint Arch..

[19]  Andrey Bogdanov,et al.  Zero Correlation Linear Cryptanalysis with Reduced Data Complexity , 2012, FSE.

[20]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[21]  Martin R. Albrecht,et al.  MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity , 2016, ASIACRYPT.

[22]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[23]  Tomer Ashur,et al.  MARVELlous: a STARK-Friendly Family of Cryptographic Primitives , 2018, IACR Cryptol. ePrint Arch..

[24]  Christian Rechberger,et al.  Proving Resistance Against Infinitely Long Subspace Trails: How to Choose the Linear Layer , 2021, IACR Trans. Symmetric Cryptol..

[25]  Nathan Keller,et al.  Mind the Middle Layer: The HADES Design Strategy Revisited , 2020, IACR Cryptol. ePrint Arch..

[26]  Giulio Genovese Improving the algorithms of Berlekamp and Niederreiter for factoring polynomials over finite fields , 2007, J. Symb. Comput..

[27]  Lorenzo Grassi,et al.  Mixture Differential Cryptanalysis: New Approaches for Distinguishers and Attacks on round-reduced AES , 2018, IACR Cryptol. ePrint Arch..

[28]  Christian Rechberger,et al.  Subspace Trail Cryptanalysis and its Applications to AES , 2017, IACR Trans. Symmetric Cryptol..

[29]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[30]  Brice Minaud,et al.  A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro , 2015, EUROCRYPT.

[31]  Dan Boneh,et al.  Halo Infinite: Recursive zk-SNARKs from any Additive Polynomial Commitment Scheme , 2020, IACR Cryptol. ePrint Arch..

[32]  Qingju Wang,et al.  An Algebraic Attack on Ciphers with Low-Degree Round Functions: Application to Full MiMC , 2020, IACR Cryptol. ePrint Arch..

[33]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[34]  Arnab Roy,et al.  Poseidon: A New Hash Function for Zero-Knowledge Proof Systems , 2021, USENIX Security Symposium.

[35]  Vincent Rijmen,et al.  Rebound Distinguishers: Results on the Full Whirlpool Compression Function , 2009, ASIACRYPT.

[36]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[37]  Ariel Gabizon,et al.  PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge , 2019, IACR Cryptol. ePrint Arch..

[38]  J. Massey,et al.  Communications and Cryptography: Two Sides of One Tapestry , 1994 .

[39]  Yu Sasaki,et al.  Out of Oddity - New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems , 2020, IACR Cryptol. ePrint Arch..

[40]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[41]  Tomer Ashur,et al.  Rescue-Prime: a Standard Specification (SoK) , 2020, IACR Cryptol. ePrint Arch..

[42]  Christian Rechberger,et al.  A New Structural-Differential Property of 5-Round AES , 2017, EUROCRYPT.

[43]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.

[44]  Martin R. Albrecht,et al.  Algebraic Cryptanalysis of STARK-Friendly Designs: Application to MARVELlous and MiMC , 2019, IACR Cryptol. ePrint Arch..

[45]  Anne Canteaut,et al.  Higher-Order Differential Properties of Keccak and Luffa , 2011, FSE.