CryptoDB
Exploring the Six Worlds of Gröbner Basis Cryptanalysis: Application to Anemoi
Authors: | |
---|---|
Download: | |
Abstract: | Gröbner basis cryptanalysis of hash functions and ciphers, and their underlying permutations, has seen renewed interest recently. Anemoi (Crypto’23) is a permutation-based hash function that is efficient for a variety of arithmetizations used in zero-knowledge proofs. In this paper, exploring both theoretical bounds as well as experimental validation, we present new complexity estimates for Gröbner basis attacks on the Anemoi permutation over prime fields.We cast our findings in what we call the six worlds of Gröbner basis cryptanalysis. As an example, keeping the same security arguments of the design, we conclude that at least 41 instead of 37 rounds would need to be used for 256-bit security, whereby our suggestion does not yet include a security margin. |
BibTeX
@article{tosc-2024-34891, title={Exploring the Six Worlds of Gröbner Basis Cryptanalysis: Application to Anemoi}, journal={IACR Transactions on Symmetric Cryptology}, publisher={Ruhr-Universität Bochum}, volume={2024}, pages={138-190}, url={https://tosc.iacr.org/index.php/ToSC/article/view/11953}, doi={10.46586/tosc.v2024.i4.138-190}, author={Katharina Koschatko and Reinhard Lüftenegger and Christian Rechberger}, year=2024 }