Paper 2024/886
A New Security Evaluation Method Based on Resultant for Arithmetic-Oriented Algorithms
Abstract
The rapid development of advanced cryptographic applications like multi-party computation (MPC), fully homomorphic encryption (FHE), and zero-knowledge (ZK) proofs have motivated the designs of the so-called arithmetic-oriented (AO) primitives. Efficient AO primitives typically build over large fields and use large S-boxes. Such design philosophy brings difficulties in the cryptanalysis of these primitives as classical cryptanalysis methods do not apply well. The generally recognized attacks against these primitives are algebraic attacks, especially Groebner basis attacks. Thus, the numbers of security rounds are usually derived through the complexity of solving the system of algebraic equations using Groebner bases. In this paper, we propose a novel framework for algebraic attacks against AO primitives. Instead of using Groebner basis, we use resultants to solve a system of multivariate equations that can better exploit the algebraic structures of AO primitives. We employ several techniques to reduce the dimensions of the resultants and avoid rapid increases in degrees, including meet-in-the-middle modeling, variable substitutions, and fast Lagrange interpolation. We apply our attack to three mainstream AO cryptographic primitives: Rescue-Prime, Anemoi, and Jarvis. For Rescue-Prime, we theoretically prove that the final univariate equation has a degree of at most a specific power of three and practically attack five rounds for the first time. We attack the full-round of Anemoi with complexity 2^110.10, which has been claimed to provide 127 bits of security. We also give the first practical attack against eight rounds of Anemoi over a 55-bit prime field. For Jarvis, we improve the existing practical attack by a factor of 100. Therefore, we point out that our analysis framework can be used as a new evaluation method for AO designs.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2024
- DOI
- https://doi.org/10.1007/978-981-96-0941-3_15
- Keywords
- Resultantarithmetic-oriented primitivesRescue-PrimeAnemoiJarvisnew evaluation method
- Contact author(s)
-
moonlight0833 @ outlook com
qunxiong_zheng @ 163 com
yangjingfi @ 163 com
liuquanfeng1022 @ 163 com
dengtang @ sjtu edu cn - History
- 2024-12-06: revised
- 2024-06-03: received
- See all versions
- Short URL
- https://ia.cr/2024/886
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/886, author = {Hong-Sen Yang and Qun-Xiong Zheng and Jing Yang and Quan-feng Liu and Deng Tang}, title = {A New Security Evaluation Method Based on Resultant for Arithmetic-Oriented Algorithms}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/886}, year = {2024}, doi = {https://doi.org/10.1007/978-981-96-0941-3_15}, url = {https://eprint.iacr.org/2024/886} }