Troika: a ternary cryptographic hash function

Linear codes over finite fields are one of the most well-studied areas in coding theory. While codes over finite fields of characteristic two are of particular practical interest due to their good implementation properties, ternary codes have been extensively studied as well. By contrast, there has been essentially no research into ternary cryptographic algorithms. The only exception to date is a cryptocurrency and distributed ledger technology called IOTA which is ternary and has been designed primarily for use in the Internet of Things. Its security depends on using a secure cryptographic hash function over $$\mathbb {F}_{3}$$ F 3 . With all existing hash designs being binary, a ternary prototype called Curl-P had been developed, however was found to admit practical collision attacks. A ternary adaption of SHA-3 called Kerl is currently used instead, but comparatively inefficient. In this paper, we propose a new ternary hash function called Troika which is tailored for use in IOTA’s ternary distributed ledger and can be used as a drop-in replacement for Kerl. The design of Troika leverages elements from the well-established Keccak and Rijndael design philosophies, while being designed for efficiency in terms of basic $$\mathbb {F}_{3}$$ F 3 operations. In particular, it features a novel 3-trit S-box which is differentially 3-uniform while being implementable in only 7 additions and multiplications over $$\mathbb {F}_{3}$$ F 3 . Troika is designed to offer a security level comparable to SHA-3. It is expected that Troika, as part of IOTA’s distributed ledger, will find widespread commercial real-world use in the near- to mid-term future. We believe that not the least due to its unorthodox ternary design, it will provide both a practically relevant and interesting target for further cryptanalysis.

[1]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[2]  Ko Stoffelen,et al.  Column Parity Mixers , 2018, IACR Trans. Symmetric Cryptol..

[3]  Vincent Rijmen,et al.  Linear Frameworks for Block Ciphers , 2001, Des. Codes Cryptogr..

[4]  Anne Canteaut,et al.  Proving Resistance Against Invariant Attacks: How to Choose the Round Constants , 2017, CRYPTO.

[5]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[6]  Gang Chen,et al.  Ternary self-orthogonal codes of dual distance three and ternary quantum codes of distance three , 2013, Des. Codes Cryptogr..

[7]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[8]  Joan Daemen,et al.  New techniques for trail bounds and application to differential trails in Keccak , 2017, IACR Trans. Symmetric Cryptol..

[9]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.

[10]  Éric Levieil,et al.  Pseudorandom Permutation Families over Abelian Groups , 2006, FSE.

[11]  Tao Ye,et al.  Generalized Nonlinear Invariant Attack and a New Design Criterion for Round Constants , 2018, IACR Trans. Symmetric Cryptol..

[12]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[13]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[14]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[15]  David Ellis Newton,et al.  Optimal ternary linear codes , 1992, Des. Codes Cryptogr..

[16]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[17]  Zhengchun Zhou Three-weight ternary linear codes from a family of cyclic difference sets , 2018, Des. Codes Cryptogr..

[18]  Tor Helleseth,et al.  A New Family of Ternary Almost Perfect Nonlinear Mappings , 2007, IEEE Transactions on Information Theory.

[19]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[20]  Tor Helleseth,et al.  New ternary binomial bent functions , 2016, 2016 IEEE International Symposium on Information Theory (ISIT).

[21]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[22]  Harald Niederreiter,et al.  Introduction to finite fields and their applications: List of Symbols , 1986 .

[23]  Pulak Mishra,et al.  Mergers, Acquisitions and Export Competitive- ness: Experience of Indian Manufacturing Sector , 2012 .

[24]  Guido Bertoni,et al.  Keccak sponge function family main document , 2009 .

[25]  R. Hill,et al.  Optimal ternary quasi-cyclic codes , 1992, Des. Codes Cryptogr..

[26]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[27]  Daesung Kwon,et al.  LEA: A 128-Bit Block Cipher for Fast Encryption on Common Processors , 2013, WISA.

[28]  Kent E. Morrison Random Maps and Permutations , 2014 .

[29]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.