The novelty of the design principles behind Arithmetization Oriented Ciphers (AOCs) like (G)MiMC, Jarvis, Poseidon, Rescue, and the hash functions derived from them raise the important issue: How much can we trust these new primitives?
Shortly after the publication of the AOC Jarvis, a team of cryptanalysts voiced doubts about the structural soundness, providing an algebraic analysis using Gröbner bases. The authors of Jarvis abandonded the cipher and started working on what eventually became Rescue.
Perhaps obvious in hindsight, ciphers and hash functions optimized for algebraic efficiency appear to be especially prone to algebraic analysis. Since this vector of attack is generally less threatening to “traditional” symmetric primitives¹ than, say, linear or differential cryptanalysis, it has recieved comparably little attention from the cryptographic community.
Proud to be sponsored by the Ethereum Foundation, we at AS Discrete Mathematics are cryptanalyzing above Ciphers and Hash functions algebraically. This adds to our understanding of them, raising confidence in their security – or uncovering weaknesses. All reports, articles, code, and other results are dedicated to the public domain.
¹ Exceptions exist: Flurry and Curry are educational ciphers designed to be resilient to linear, differential, and other more traditional cryptanalysis, but prone to Gröbner basis attacks.
- https://eprint.iacr.org/2018/1098 — Cipher Jarvis, hash function Friday
- https://eprint.iacr.org/2019/419 — Gröbner Basis analysis: Jarvis & MiMC
- https://eprint.iacr.org/2020/568 — Commentary of Jarvis’s design process
- https://eprint.iacr.org/2005/200 — Flurry & Curry, prone to GB attacks