УДК 681.3.06:006.354
СТОЙКОСТЬ ХЕШ-ФУНКЦИИ POSEIDON К НЕБИНАРНЫМ РАЗНОСТНЫМ
И ЛИНЕЙНЫМ АТАКАМ
Аннотация. Построены оценки стойкости хеш-функции Poseidon к небинар-ным линейным и разностным атакам.
Определены общие параметры хеш-функции Poseidon, позволяющие использовать её в рекуррентных SNARK-доказательствах,
базирующихся на триплетах MNT-4 и MNT-6. Вы-полнен анализ того, как нужно выбирать S-блоки для этой хеш-функции,
чтобы этот выбор был оптимальным с точки зрения как стойкости, так и количества констрейнтов.
Показано, какое количество раундов является дос-таточным, чтобы гарантировать стойкость этой хеш-функции
к небинарным линейным и разностным атакам, вычислено количество констрейнтов на бит информации
для предложенных реализаций этой функции с демонстрацией существенного выигрыша в сравнении с хеш-функцией Педерсена.
Ключевые слова: SNARK, констрейнты, хеш-функция Poseidon, небинар-ный линейный и разностный криптоанализ.
ПОЛНЫЙ ТЕКСТ
Kovalchuk Lyudmila,
Dr. Habil, professor, National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv; Research Fellow, IOHK, Hong Kong,
lusi.kovalchuk@gmail.com
Oliynykov Roman,
Dr. Habil, professor, V.N. Karazin Kharkiv National University; visiting professor, Kharkiv National Uni-versity of Radio Electronics; Research Fellow, IOHK, Hong Kong,
roliynykov@gmail.com
Rodinko Mariia,
PhD student, lecture assistant, V.N. Karazin Kharkiv National University; Researcher, IOHK, Hong Kong,
m.rodinko@gmail.com
СПИСОК ЛИТЕРАТУРЫ
- Ben-Sasson E., Bentov I., Horesh Y., Riabzev M. Scalable, transparent, and post-quantum secure computational integrity. IACR Cryptology ePrint Archive. 2018. URL: https://eprint.iacr.org/2018/046.pdf.
- Groth J. On the size of pairing-based non-interactive arguments. Proc. Advances in Cryptology — EUROCRYPT 2016. (8–12 May 2016, Vienna, Austria). Vienna, 2016. LNCS. Vol. 9666, P. 305–326. https://doi.org/10.1007/978-3-662-49896-5_11.
- Parno B., Howell J., Gentry C., Raykova M. Pinocchio: nearly practical verifiable computation. Proc. IEEE Symposium on Security and Privacy. (19–22 May 2013, Berkeley, CA, USA). Berkeley, 2013. P. 238–252. https://doi.org/10.1109/SP.2013.47.
- Hopwood D., Bowe S., Hornby T., Wilcox N. Zcash protocol specification: Version 2020.1.15 [Overwinter+Sapling+Blossom+Heartwood+Canopy]. Tech. rep., Electric Coin Company. 2020. URL: https://github.com/zcash/zips/blob/master/protocol/protocol.pdf.
- Grassi L., Kales D., Khovratovich D., Roy A., Rechberger C., Schofnegger M. Starkad and Poseidon: New hash functions for zero knowledge proof systems, IACR Cryptology ePrint Archive. 2019. URL: https://eprint.iacr.org/2019/458.pdf.
- Bertoni G., Joan D., Michal P., Gilles V.A. Cryptographic sponge functions. 2011: 93 p. URL: https://keccak.team/files/CSF-0.1.pdf.
- Grassi L., Lftenegger R., Rechberger C., Rotaru D., Schofnegger M. On a generalization of substitution-permutation networks: the HADES design strategy. IACR Cryptology ePrint Archive. 2019. URL: https://eprint.iacr.org/2019/1107.pdf.
- Abdelraheem M.A., gren M., Beelen P., and Leander G. On the distribution of linear biases: Three instructive examples. Proc. Advances in Cryptology — CRYPTO 2012. (19–23 August 2012, Santa Barbara, CA, USA). Santa Barbara, 2012. LNCS. Vol. 7417. P. 50–67. https://doi.org/ 10.1007/978-3-642-32009-5_4.
- Baigneres T., Stern J., Vaudenay S. Linear cryptanalysis of non binary ciphers. Proc. 14th International Workshop, SAC 2007. (16-17 August 2007, Ottawa, Canada). Ottawa, 2007. LNCS. Vol. 4876. P. 184–211. https://doi.org/10.1007/978-3-540-77360-3_13.
- Miyaji A., Nakabayashi M., Takano Sh. New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2001. Vol. E84-A, N 5. P. 1234–1243. URL: http://citeseerx.ist.psu.edu/viewdoc/ download?doi=10.1.1.20.8113&rep=rep1&type=pdf.
- Constructing optimal pairing-friendly curves. Coinlist [online]. URL: https://coinlist.co/build/ coda/pages/theory.
- Bertoni G., Daemen J., Peeters M., Assche G.V. On the indifferentiability of the sponge construction. Proc. Advances in Cryptology — EUROCRYPT 2008. (13-17 April 2008, Istanbul, Turkey) Istanbul, 2008. LNCS. Vol. 4965. P. 181–197. https://doi.org/10.1007/978-3-540-78967-3_11.
- Lai X., Massey J.L., Murphy S. Markov ciphers and differential cryptanalysis. Proc. Advances in Cryptology — EUROCRYPT’91. (8–11 April 1991, Brighton, UK). Brighton, 1991. Vol. 547. P. 17–38. https://doi.org/10.1007/3-540-46416-6_2.
- Youssef A.M., Mister S., Tavares S.E.: On the design of linear transformations for substitution permutation encryption networks. Workshop on Selected Areas of Cryptography (SAC’96): Workshop Record. 1997. P. 40–48. URL: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.17.1208&rep=rep1&type=pdf.
- Vaudenay S. On the security of CS-cipher. Proc. 6th International Workshop, FSE’99. (24–26 March 1999, Rome, Italy). Rome, 1999. P. 260–274. https://doi.org/10.1007/3-540-48519-8_19.
- Nyberg K. Differentially uniform mappings for cryptography. Proc. Advances in Cryptology — EUROCRYPT ’93. (23–27 May 1993, Lofthus, Norway). Lofthus, 1993. LNCS. Vol. 765. P. 55–64 (1994). https://doi.org/10.1007/3-540-48285-7_6.
- Lidl R., Niederreiter H. Introduction to finite fields and their applications. UK: Cambridge University Press, 1994. https://doi.org/10.1017/CBO9781139172769.
- Kovalchuk L.V. Upper-bound estimation of the average probabilities of integer-valued differentials in the composition of key adder, substitution block, and shift operator. Cybernetics and Systems Analysis. 2010. Vol. 46, N 6. P. 936–944. https://doi.org/10.1007/s10559-010-9274-2.
- Kovalchuk L.V., Bezditnyi V.T. Upper bounds for the average probabilities of difference characteristics of block ciphers with alternation of Markov transformations and generalized Markov transformations. Cybernetics and Systems Analysis. 2014. Vol. 50, Iss. 3. P. 386–393. https://doi.org/10.1007/s10559-014-9627-3.
- Alekseychuk A.N., Kovalchuk L.V., Shevtsov A.S., Yakovliev S.V. Cryptographic properties of a new national encryption standard of Ukraine. Cybernetics and Systems Analysis. 2016. Vol. 52, Iss. 3. P. 351–366. https://doi.org/10.1007/s10559-016-9835-0.