Abstract
Originalsprache | englisch |
---|---|
Titel | ASIACRYPT 2019 |
Publikationsstatus | Angenommen/In Druck - 15 Aug 2019 |
Veranstaltung | ASIACRYPT 2019 - Kobe, Japan Dauer: 8 Dez 2019 → 12 Dez 2019 |
Konferenz
Konferenz | ASIACRYPT 2019 |
---|---|
Land | Japan |
Ort | Kobe |
Zeitraum | 8/12/19 → 12/12/19 |
Fingerprint
Schlagwörter
Dies zitieren
Algebraic Cryptanalysis of STARK-Friendly Designs: Application to MARVELlous and MiMC. / Albrecht, Martin R.; Cid, Carlos; Grassi, Lorenzo; Khovratovich, Dmitry; Lüftenegger, Reinhard; Rechberger, Christian; Schofnegger, Markus.
ASIACRYPT 2019. 2019.Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Forschung › Begutachtung
}
TY - GEN
T1 - Algebraic Cryptanalysis of STARK-Friendly Designs: Application to MARVELlous and MiMC
AU - Albrecht, Martin R.
AU - Cid, Carlos
AU - Grassi, Lorenzo
AU - Khovratovich, Dmitry
AU - Lüftenegger, Reinhard
AU - Rechberger, Christian
AU - Schofnegger, Markus
PY - 2019/8/15
Y1 - 2019/8/15
N2 - The block cipher Jarvis and the hash function Friday, both members of the MARVELlous family of cryptographic primitives, were recently proposed as custom designs aimed at addressing bottlenecks involving practical applications of STARKs. In the proposal several types of algebraic attacks were ruled out, and security arguments from Rijndael/AES were used to inform the choice for the number of rounds, with extra security margin added. In this work we describe new algebraic attacks on Jarvis and Friday using Gröbner bases, showing that the proposed number of rounds is not sufficient to provide security. In Jarvis, the round function is obtained by combining a finite field inversion S-box with a full-degree linearised permutation polynomial. However, we show that even though the high degree of this polynomial should prevent some algebraic attacks (as claimed by the designers), their particular algebraic properties make the designs vulnerable to Gröbner basis attacks. Our analysis illustrates that block cipher designs for algebraic platforms such as STARKs, FHE or MPC may be particularly vulnerable to algebraic attacks. Finally, we argue that MiMC -- a cipher similar in structure to Jarvis -- is resistant against our proposed attack strategy.
AB - The block cipher Jarvis and the hash function Friday, both members of the MARVELlous family of cryptographic primitives, were recently proposed as custom designs aimed at addressing bottlenecks involving practical applications of STARKs. In the proposal several types of algebraic attacks were ruled out, and security arguments from Rijndael/AES were used to inform the choice for the number of rounds, with extra security margin added. In this work we describe new algebraic attacks on Jarvis and Friday using Gröbner bases, showing that the proposed number of rounds is not sufficient to provide security. In Jarvis, the round function is obtained by combining a finite field inversion S-box with a full-degree linearised permutation polynomial. However, we show that even though the high degree of this polynomial should prevent some algebraic attacks (as claimed by the designers), their particular algebraic properties make the designs vulnerable to Gröbner basis attacks. Our analysis illustrates that block cipher designs for algebraic platforms such as STARKs, FHE or MPC may be particularly vulnerable to algebraic attacks. Finally, we argue that MiMC -- a cipher similar in structure to Jarvis -- is resistant against our proposed attack strategy.
KW - Gröbner Basis
KW - MARVELlous
KW - Jarvis
KW - Friday
KW - MiMC
KW - STARKs
KW - Algebraic Cryptanalysis
KW - Arithmetic Circuits
M3 - Conference contribution
BT - ASIACRYPT 2019
ER -