These hash functions often look very different from more classical designs such as AES or SHA-2. For example, they work natively with integer objects rather than bits. At the same time, for example Poseidon and Rescue share some common features, such as being SPN schemes and instantiating the nonlinear layer with invertible power maps. While this allows the designers to provide simple and strong arguments for establishing their security, it also introduces some crucial limitations in the design, which affects the performance in the target applications.
To overcome these limitations, we propose the Horst mode of operation, in which the addition in a Feistel scheme $(x,y) \mapsto (y+F(x), x)$ is replaced by a multiplication, i.e., $(x,y) \mapsto (y \times G(x), x)$.
By carefully analyzing the relevant performance metrics in SNARK and STARK protocols, we show how to combine an expanding Horst scheme and the strong points of existing schemes in order to provide security and better efficiency in the target applications. We provide an extensive security analysis for our new design Griffin and a comparison with all current competitors.
Category / Keywords: secret-key cryptography / Sponge Hash Function, Griffin, Zero-Knowledge Proof Systems, Horst, Fluid-SPN Date: received 28 Mar 2022 Contact author: lgrassi at science ru nl, haoyonglin at yeah net, christian rechberger at tugraz at, markus schofnegger at tugraz at, roman walch at iaik tugraz at, qingju wang at uni lu Available format(s): PDF | BibTeX Citation Version: 20220331:072336 (All versions of this report) Short URL: ia.cr/2022/403