GrΓΆbner Basis Cryptanalysis of Ciminion and Hydra

May 08, 2024 Β· Declared Dead Β· πŸ› IACR Transactions on Symmetric Cryptology

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Matthias Johann Steiner arXiv ID 2405.05040 Category cs.CR: Cryptography & Security Citations 1 Venue IACR Transactions on Symmetric Cryptology Last Checked 4 months ago
Abstract
Ciminion and Hydra are two recently introduced symmetric key Pseudo-Random Functions for Multi-Party Computation applications. For efficiency, both primitives utilize quadratic permutations at round level. Therefore, polynomial system solving-based attacks pose a serious threat to these primitives. For Ciminion, we construct a quadratic degree reverse lexicographic (DRL) GrΓΆbner basis for the iterated polynomial model via linear transformations. With the GrΓΆbner basis we can simplify cryptanalysis, as we no longer need to impose genericity assumptions to derive complexity estimates. For Hydra, with the help of a computer algebra program like SageMath we construct a DRL GrΓΆbner basis for the iterated model via linear transformations and a linear change of coordinates. In the Hydra proposal it was claimed that $r_\mathcal{H} = 31$ rounds are sufficient to provide $128$ bits of security against GrΓΆbner basis attacks for an ideal adversary with $Ο‰= 2$. However, via our Hydra GrΓΆbner basis standard term order conversion to a lexicographic (LEX) GrΓΆbner basis requires just $126$ bits with $Ο‰= 2$. Moreover, using a dedicated polynomial system solving technique up to $r_\mathcal{H} = 33$ rounds can be attacked below $128$ bits for an ideal adversary.
Community shame:
Not yet rated
πŸ“„ View on arXiv 🌐 View on ar5iv πŸ“‘ PDF πŸŽ‰ Report Code Found
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Cryptography & Security

Died the same way β€” πŸ‘» Ghosted