Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/171682
Title: Towards the links of cryptanalytic methods on MPC/FHE/ZK-friendly symmetric-key primitives
Authors: Chen, Shiyao
Guo, Chun
Guo, Jian
Liu, Li
Wang, Meiqin
Wei, Puwen
Xu, Zeyu
Keywords: Science::Mathematics
Issue Date: 2023
Source: Chen, S., Guo, C., Guo, J., Liu, L., Wang, M., Wei, P. & Xu, Z. (2023). Towards the links of cryptanalytic methods on MPC/FHE/ZK-friendly symmetric-key primitives. IACR Transactions On Symmetric Cryptology, 2023(2), 132-175. https://dx.doi.org/10.46586/tosc.v2023.i2.132-175
Project: 04INS000397C230 
RG91/20 
Journal: IACR Transactions on Symmetric Cryptology 
Abstract: Symmetric-key primitives designed over the prime field Fp with odd characteristics, rather than the traditional Fn2, are becoming the most popular choice for MPC/FHE/ZK-protocols for better efficiencies. However, the security of Fp is less understood as there are highly nontrivial gaps when extending the cryptanalysis tools and experiences built on Fn2 in the past few decades to Fp. At CRYPTO 2015, Sun et al. established the links among impossible differential, zero-correlation linear, and integral cryptanalysis over Fn2 from the perspective of distinguishers. In this paper, following the definition of linear correlations over Fp by Baignères, Stern and Vaudenay at SAC 2007, we successfully establish comprehensive links over Fp, by reproducing the proofs and offering alternatives when necessary. Interesting and important differences between Fp and Fn2 are observed.-Zero-correlation linear hulls can not lead to integral distinguishers for some cases over Fp, while this is always possible over Fn2 proven by Sun et al..-When the newly established links are applied to GMiMC, its impossible differen-tial, zero-correlation linear hull and integral distinguishers can be increased by up to 3 rounds for most of the cases, and even to an arbitrary number of rounds for some special and limited cases, which only appeared in Fp. It should be noted that all these distinguishers do not invalidate GMiMC’s security claims. The development of the theories over Fp behind these links, and properties identified (be it similar or different) will bring clearer and easier understanding of security of primitives in this emerging Fp field, which we believe will provide useful guides for future cryptanalysis and design.
URI: https://hdl.handle.net/10356/171682
ISSN: 2519-173X
DOI: 10.46586/tosc.v2023.i2.132-175
Schools: School of Physical and Mathematical Sciences 
Research Centres: Strategic Centre for Research in Privacy-Preserving Technologies & Systems (SCRIPTS) 
Rights: © 2023 The Author(s). This work is licensed under a Creative Commons Attribution 4.0 International License.
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:SPMS Journal Articles

Files in This Item:
File Description SizeFormat 
ToSC2023_2_05.pdf1.09 MBAdobe PDFThumbnail
View/Open

Page view(s)

105
Updated on Jul 17, 2024

Download(s)

37
Updated on Jul 17, 2024

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.