BEGIN:VCALENDAR VERSION:2.0 PRODID:-//CERN//INDICO//EN BEGIN:VEVENT SUMMARY:Clémence Bouvier (Inria Paris): New uses in Symmetric Cryptograph y: An equation between Practical needs and Mathematical concepts DTSTART:20220623T090000Z DTEND:20220623T100000Z DTSTAMP:20260614T161900Z UID:indico-event-6737@indico.math.cnrs.fr DESCRIPTION:The use of symmetric cryptography enables to provide various s ecurity features such as confidentiality\, authentication or hashing by co mbining a low-level primitive (i.e. a permutation or a block cipher)\, wit h a mode of operation. In this presentation we will focus on the design an d security analysis of some symmetric primitives.\n\nNew symmetric primiti ves are designed to be executed in abstract contexts such as zero-knowledg e proof systems (ZK)\, widely used in crypto-currency applications such as Bitcoin or Ethereum. ZK protocols are algorithms involving several partie s that allow a prover to convince a verifier that he knows a secret withou t revealing it. These protocols have\, in particular\, highlighted the nee d to minimise the number of multiplications performed by the primitive in large finite fields. As the number of the so-called Arithmetization-Orient ed (AO) designs increases\, it is important to better understand the prope rties of their underlying operations.\n\nFirst\, we will study the algebra ic degree of one of the first such block ciphers\, namely MiMC\, that is m ainly composed a low-degree power permutation (usually the cube).  We wil l show that\, while the univariate degree increases predictably with the n umber of rounds\, the algebraic degree has a much more complex behaviour\, and simply stays constant during some rounds. In particular\, we will pro vide a precise guarantee on the algebraic degree of this cipher\, and then on the minimal complexity for integral attacks. In addition to this mathe matical analysis\, we will also be interested in practical attacks on othe r primitives like Rescue or Poseidon.\n\nFinally\, from the cryptanalysis of these different designs we will see how we came up with our own family of ZK-friendly hash functions: Anemoi. With this new family\, we will push further the frontier in understating the design principles behind AO hash functions. Indeed\, we will rely on a mathematical concept\, namely the C CZ equivalence\, to design our main component: the Flystel.\n\nhttps://ind ico.math.cnrs.fr/event/6737/ LOCATION:001 (batiment I) URL:https://indico.math.cnrs.fr/event/6737/ END:VEVENT END:VCALENDAR