On the Use of the Legendre Symbol in Symmetric Cipher Design

This paper proposes the use of Legendre symbols as component gates in the design of ciphers tailored for use in cryptographic proof systems. Legendre symbols correspond to high-degree maps, but can be evaluated much faster. As a result, a cipher that uses Legendre symbols can offer the same security as one that uses high-degree maps but without incurring the penalty of a comparatively slow evaluation time. After discussing the design considerations induced by the use of Legendre symbol gates, we present a concrete design that follows this strategy, along with an elaborate security analysis thereof. This cipher is called Grendel.

[1]  Martin R. Albrecht,et al.  MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity , 2016, ASIACRYPT.

[2]  Alan Szepieniec,et al.  SoK: Gröbner Basis Algorithms for Arithmetization Oriented Ciphers , 2021, IACR Cryptol. ePrint Arch..

[3]  Aleksei Udovenko,et al.  Cryptanalysis of the Legendre PRF and generalizations , 2020, IACR Cryptol. ePrint Arch..

[4]  Cryptanalysis of the generalised Legendre pseudorandom function , 2020, Open Book Series.

[5]  Eli Ben-Sasson,et al.  Design of Symmetric-Key Primitives for Advanced Cryptographic Protocols , 2020, IACR Trans. Symmetric Cryptol..

[6]  Tomer Ashur,et al.  Rescue-Prime: a Standard Specification (SoK) , 2020, IACR Cryptol. ePrint Arch..

[7]  Dmitry Khovratovich,et al.  The Legendre Symbol and the Modulo-2 Operator in Symmetric Schemes over (F_p)^n , 2021, IACR Cryptol. ePrint Arch..

[8]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[9]  Bart Preneel,et al.  Improved Interpolation Attacks on Cryptographic Primitives of Low Algebraic Degree , 2019, IACR Cryptol. ePrint Arch..

[10]  Jintai Ding,et al.  MutantXL: Solving Multivariate Polynomial Equations for Cryptanalysis , 2009, Symmetric Cryptography.

[11]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[12]  Alexander Russell,et al.  Classical and Quantum Polynomial Reconstruction via Legendre Symbol Evaluation , 2002 .

[13]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[14]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[15]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[16]  María Naya-Plasencia,et al.  On Quantum Slide Attacks , 2019, IACR Cryptol. ePrint Arch..

[17]  Chenqi Mou,et al.  Sparse FGLM algorithms , 2013, J. Symb. Comput..

[18]  Arnab Roy,et al.  Poseidon: A New Hash Function for Zero-Knowledge Proof Systems , 2021, USENIX Security Symposium.

[19]  Ivan Damgård,et al.  On the Randomness of Legendre and Jacobi Sequences , 1990, CRYPTO.

[20]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[21]  Alexander May,et al.  Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing , 2021, IACR Cryptol. ePrint Arch..

[22]  Elena Andreeva,et al.  Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions , 2021, IACR Cryptol. ePrint Arch..

[23]  Dragos Rotaru,et al.  MPC-Friendly Symmetric Key Primitives , 2016, CCS.

[24]  Yu Sasaki,et al.  Out of Oddity - New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems , 2020, IACR Cryptol. ePrint Arch..

[25]  Dmitry Khovratovich Key recovery attacks on the Legendre PRFs within the birthday bound , 2019, IACR Cryptol. ePrint Arch..

[26]  Xavier Bonnetain,et al.  Collisions on Feistel-MiMC and univariate GMiMC , 2019, IACR Cryptol. ePrint Arch..

[27]  Jean-Charles Faugère,et al.  Efficient Computation of Zero-Dimensional Gröbner Bases by Change of Ordering , 1993, J. Symb. Comput..

[28]  Vincent Rijmen,et al.  The Cipher SHARK , 1996, FSE.

[29]  René C. Peralta,et al.  A simple and fast probabilistic algorithm for computing square roots modulo a prime number , 1986, IEEE Trans. Inf. Theory.

[30]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.