Welcome to the resource topic for 2022/840
Title:
Anemoi: Exploiting the Link between Arithmetization-Orientation and CCZ-Equivalence
Authors: Clémence Bouvier, Pierre Briaud, Pyrros Chaidos, Léo Perrin, and Vesselin Velichkov
Abstract:Advanced cryptographic protocols such as Zero-knowledge (ZK) proofs of knowledge, widely used in cryptocurrency applications such as Bitcoin, Ethereum and Zcash, demand new cryptographic hash functions that are efficient not only over the binary field \mathbb{F}_2, but also over large fields of prime characteristic \mathbb{F}_p. This need has been acknowledged by the wider community and new so-called Arithmetization-Oriented (AO) hash functions have been proposed in response, e.g. MiMC-Hash, Rescue and Poseidon to name a few. In this paper we propose Anemoi: a new family of ZK-friendly AO hash functions. The main features that set Anemoi apart from other such families are that 1) it is designed to be efficient within multiple proof systems (e.g. Groth16, Plonk, etc.), 2) it contains dedicated functions optimised for specific applications (namely Merkle tree hashing and general purpose hashing), 3) has competitive performance e.g. about a factor of 2 improvement over Poseidon and Rescue in terms of R1CS constraints, and a 10%-28% improvement over a highly optimized Poseidon implementation in Plonk constraints. On the theoretical side, Anemoi pushes further the frontier in understating the design principles that are truly entailed by arithmetization-orientation. In particular, we identify and exploit a previously unknown relationship between CCZ-equivalence and arithmetization-orientation. In addition, we propose two new standalone components that can be easily reused in new designs. One is a new S-box called Flystel, based on the well-studied butterfly structure, and the second is Jive – a new mode of operation, inspired by the "Latin dance’’ symmetric algorithms (Salsa, ChaCha and derivatives).
ePrint: https://eprint.iacr.org/2022/840
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .