ReSCALE

Symmetric cryptography is finding new uses because of the emergence of novel and more complex (e.g. distributed) computing environments.

These are based on sophisticated zero-knowledge and Multi-Party Computation (MPC) protocols, and they aim to provide strong security guarantees of types that were unthinkable before. In particular, they make it theoretically possible to prove that a computation was done as claimed by those performing it \emph{without} revealing its inputs or outputs. This would make it possible e.g. for e-governance algorithms to prove that they are run honestly; and overall would increase the trust we can have in various automated processes.

The security techniques providing these guarantees are sequences of operations in a large finite field \(\mathbb{F}_{q}\), where typically \(q>2^{64}\). However, these procedures also rely on hash functions and other "symmetric" cryptographic algorithms that are defined over \(\mathbb{F}_{2}=\{0,1\}\). But modeling \(\mathbb{F}_{2}\) operations using \(\mathbb{F}_{q}\) operations is very costly: relying on standard hash functions leads to significant performance overhead, to the point were the protocols mentionned before are unusable in practice.

In order to alleviate this bottleneck, it is necessary to devise symmetric algorithms that are natively described in \(\mathbb{F}_{q}\). This change requires great care: some hash functions described in \(\mathbb{F}_{q}\) have already been presented, and subsequently exhibited significant flaws. The inherent structural differences between \(\mathbb{F}_{2}\) and \(\mathbb{F}_{q}\) are the cause behind these problems: our understanding of the construction of symmetric primitives in \(\mathbb{F}_{2}\) does not carry over to \(\mathbb{F}_{q}\).

The aim of this project bring symmetric cryptography into \(\mathbb{F}_{q}\) in a safe and efficient fashion. To this end, we will rebuild the analysis tools and methods that are used both by designers and attackers.

• Léo Perrin (coordinator)
• Clémence Bouvier (PhD student)
• Aurélien Bœuf (PhD student)

• STAP'23

1. Clémence Bouvier, Pierre Briaud, Pyrros Chaidos, Léo Perrin, Robin Salen, Vesselin Velichkov, and Danny Willems. New Design Techniques for Efficient Arithmetization-Oriented Hash Functions:Anemoi Permutations and Jive Compression Mode. Under submission. available online