BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//CERN//INDICO//EN
BEGIN:VEVENT
SUMMARY:Clémence Bouvier (Inria Paris): New uses in Symmetric Cryptograph
y: An equation between Practical needs and Mathematical concepts
DTSTART;VALUE=DATE-TIME:20220623T090000Z
DTEND;VALUE=DATE-TIME:20220623T100000Z
DTSTAMP;VALUE=DATE-TIME:20230327T003500Z
UID:indico-event-6737@indico.math.cnrs.fr
DESCRIPTION:The use of symmetric cryptography enables to provide various s
ecurity features such as confidentiality\, authentication or hashing by co
mbining a low-level primitive (i.e. a permutation or a block cipher)\, wit
h a mode of operation. In this presentation we will focus on the design an
d security analysis of some symmetric primitives.\n\nNew symmetric primiti
ves are designed to be executed in abstract contexts such as zero-knowledg
e proof systems (ZK)\, widely used in crypto-currency applications such as
Bitcoin or Ethereum. ZK protocols are algorithms involving several partie
s that allow a prover to convince a verifier that he knows a secret withou
t revealing it. These protocols have\, in particular\, highlighted the nee
d to minimise the number of multiplications performed by the primitive in
large finite fields. As the number of the so-called Arithmetization-Orient
ed (AO) designs increases\, it is important to better understand the prope
rties of their underlying operations.\n\nFirst\, we will study the algebra
ic degree of one of the first such block ciphers\, namely MiMC\, that is m
ainly composed a low-degree power permutation (usually the cube). We wil
l show that\, while the univariate degree increases predictably with the n
umber of rounds\, the algebraic degree has a much more complex behaviour\,
and simply stays constant during some rounds. In particular\, we will pro
vide a precise guarantee on the algebraic degree of this cipher\, and then
on the minimal complexity for integral attacks. In addition to this mathe
matical analysis\, we will also be interested in practical attacks on othe
r primitives like Rescue or Poseidon.\n\nFinally\, from the cryptanalysis
of these different designs we will see how we came up with our own family
of ZK-friendly hash functions: Anemoi. With this new family\, we will push
further the frontier in understating the design principles behind AO hash
functions. Indeed\, we will rely on a mathematical concept\, namely the C
CZ equivalence\, to design our main component: the Flystel.\n\nhttps://ind
ico.math.cnrs.fr/event/6737/
LOCATION:001 (batiment I)
URL:https://indico.math.cnrs.fr/event/6737/
END:VEVENT
END:VCALENDAR