Abstract
While traditional symmetric algorithms like AES and SHA-3 are optimized for efficient hardware and software implementations, a range of emerging applications using advanced cryptographic protocols such as multi-party computation and zero knowledge proofs require optimization with respect to a different metric: arithmetic complexity.In this paper we study the design of secure cryptographic algorithms optimized to minimize this metric. We begin by identifying the differences in the design space between such arithmetization-oriented ciphers and traditional ones, with particular emphasis on the available tools, efficiency metrics, and relevant cryptanalysis. This discussion highlights a crucial point—the considerations for designing arithmetization-oriented ciphers are oftentimes different from the considerations arising in the design of software- and hardware-oriented ciphers.The natural next step is to identify sound principles to securely navigate this new terrain, and to materialize these principles into concrete designs. To this end, we present the Marvellous design strategy which provides a generic way to easily instantiate secure and efficient algorithms for this emerging domain. We then show two examples for families following this approach. These families — Vision and Rescue — are benchmarked with respect to three use cases: the ZK-STARK proof system, proof systems based on Rank-One Constraint Satisfaction (R1CS), and Multi-Party Computation (MPC). These benchmarks show that our algorithms achieve a highly compact algebraic description, and thus benefit the advanced cryptographic protocols that employ them.
Highlights
Block ciphers are a fundamental primitive of modern cryptography
Our matching survey of the design considerations induced by the advanced cryptographic protocols that we do cover, is likewise incomplete
Fully homomorphic encryption is missing from our list of cryptographic protocols and yet induces other design considerations
Summary
Block ciphers are a fundamental primitive of modern cryptography They are used in a host of symmetric-key constructions, e.g., directly as a pseudorandom permutation to encrypt a single block of data; inside a mode of operations to create an encryption scheme; or in a PGV construction or a truncated permutation to generate compression functions which in turn can be used to construct hash functions. This last example, hash functions, are a fundamental primitive in their own right for their fitness to approximate a random. Received: 2019-09-01 Revised: 2020-06-01 Accepted: 2020-08-01 Published: 2020-09-28
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
