MARVELlous: a STARK-Friendly Family of Cryptographic Primitives

The ZK-STARK technology, published by Ben-Sasson et al. in ePrint 2018/046 is hailed by many as being a viable, efficient solution to the scaling problem of cryptocurrencies. In essence, a ZK-STARK proof uses a Merkle-tree to compress the data that needs to be verified, thus greatly reduces the communication overhead between the prover and the verifier. We propose MARVELlous—a family of cryptographic algorithms specifically designed for STARK efficiency. The family currently includes the block cipher Jarvis and the hash function Friday. The design of Jarvis is inspired by the design of Rijndael, better known as the AES. By doing so we create a cipher with similar properties to those of Rijndael which allows us to reuse the wide trail strategy to argue the resistance of the design against differential and linear cryptanalysis and focus our efforts on resistance against algebraic attacks. Friday is a Merkle-Dåmgard based hash function instantiated with Jarvis as its compression function thus it inherits its security properties up to the birthday bound. Jarvis and Friday have been suggested to be used in the Ethereum protocol by Ben-Sasson in Ethereum’s Devcon IV. In this paper, we instantiate versions of Jarvis offering 128, 160, 192 and 256-bit security (both stateand key-size) which are used to implement Friday. We warmly invite the community to study and assess the security of the designs.

[1]  Eli Ben-Sasson,et al.  Scalable, transparent, and post-quantum secure computational integrity , 2018, IACR Cryptol. ePrint Arch..

[2]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[3]  K. Conrad,et al.  Finite Fields , 2018, Series and Products in the Development of Mathematics.

[4]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[5]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[6]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[7]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[8]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[9]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[10]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[11]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[12]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[13]  Stefan Lucks The Saturation Attack - A Bait for Twofish , 2000, FSE.

[14]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[15]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[16]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .