Skip to main content

TODO

Reading queue: AO primitive designs

  • Grassi et al. "Poseidon: A New Hash Function for Zero-Knowledge Proof Systems" ePrint 2019/458
  • Grassi et al. "Poseidon2: A Faster Version of the Poseidon Hash Function" ePrint 2023/323
  • Bouvier et al. "Anemoi Permutations and Jive Compression Mode" ePrint 2022/840
  • Grassi et al. "Horst Meets Fluid-SPN: Griffin" ePrint 2022/403
  • Aly et al. "Efficient Symmetric Primitives for Advanced Cryptographic Protocols" (Rescue/Vision/etc.) ePrint 2020/1143
  • Grassi et al. "Reinforced Concrete" ePrint 2021/1038
  • Grassi, Khovratovich, Luftenegger, Rechberger, Schofnegger, Walch. "Monolith: Circuit-Friendly Hash Functions with New Nonlinear Layers for Fast and Constant-Time Implementations" ePrint 2023/1025
  • Szepieniec. "The Tip5 Hash Function for Recursive STARKs" ePrint 2023/107
  • Bouvier, Grassi, Khovratovich, Koschatko, Rechberger, Schmid, Schofnegger. "Skyscraper-v2: Fast Hashing on Big Primes" ePrint 2025/058
  • Ha, Hwang, Lee, Park, Son. "Polocolo: A ZK-Friendly Hash Function Based on S-boxes Using Power Residues" (EUROCRYPT 2025) ePrint 2025/926
  • Grassi et al. "Poseidon(2)b: Binary Field Versions of Poseidon/Poseidon2" ePrint 2025/1893
  • Ashur, Mahzoun, Posen, Sijacic. "Vision Mark-32: ZK-Friendly Hash Function Over Binary Tower Fields" ePrint 2024/633
  • Ashur, Tariq. "RPO-M31 and XHash-M31: Efficient Hash Functions for Circle STARKs" ePrint 2024/1635
  • Ashur, Al Kindi. "Arithmetization Oriented Encryption" (AEAD via MonkeySpongeWrap + RPO) ePrint 2023/1668
  • Feneuil, Rivain. "CAPSS: A Framework for SNARK-Friendly Post-Quantum Signatures" ePrint 2025/061
  • Duzyol, Otal. "Leveraging Smaller Finite Fields for More Efficient ZK-Friendly Hash Functions" ePrint 2025/1593
  • Adomnicai. "Towards Practical Multi-Party Hash Chains using AO Primitives - With Applications to Threshold Hash-Based Signatures" ePrint 2025/2290
  • Albrecht, Grassi, Rechberger, Roy, Tiessen. "MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity" (ASIACRYPT 2016) ePrint 2016/492
  • Albrecht, Grassi, Perrin, Ramacher, Rechberger, Rotaru, Roy, Schofnegger. "Feistel Structures for MPC, and More" (GMiMC, ESORICS 2019) ePrint 2019/397
  • Grassi, Luftenegger, Rechberger, Rotaru, Schofnegger. "On a Generalization of Substitution-Permutation Networks: The HADES Design Strategy" ePrint 2019/1107
  • Grassi, Luftenegger, Rechberger, Rotaru, Schofnegger. "Mind the Middle Layer: The HADES Design Strategy Revisited" ePrint 2020/179
  • Ashur, Dhooghe. "MARVELlous: a STARK-Friendly Family of Cryptographic Primitives" (Jarvis, Friday, Vision, Rescue) ePrint 2018/1098
  • Ashur, Mahzoun, Posen, Willems. "Rescue-Prime Optimized" (RPO) ePrint 2022/1577
  • Ashur, Bhati, Al Kindi, Mahzoun, Perrin. "XHash: Efficient STARK-friendly Hash Function" ePrint 2023/1045
  • Dobraunig, Grassi, Guinet, Kuijsters. "Ciminion: Symmetric Encryption Based on Toffoli-Gates over Large Finite Fields" (EUROCRYPT 2021) ePrint 2021/267
  • Grassi, Oygarden, Schofnegger, Walch. "From Farfalle to Megafono via Ciminion: The PRF Hydra for MPC Applications" (EUROCRYPT 2023) ePrint 2022/342
  • Dobraunig, Kales, Rechberger, Schofnegger, Zaverucha. "Shorter Signatures Based on Tailor-Made Minimalist Symmetric-Key Crypto" (RAIN/Rainier, CCS 2022) ePrint 2021/692
  • Kim, Ha, Son, Lee, Moon, Lee, Lee, Kwon, Cho, Yoon, Cho. "AIM: Symmetric Primitive for Shorter Signatures with Stronger Security" (AIMer, CCS 2023) ePrint 2022/1387
  • Szepieniec. "On the Use of the Legendre Symbol in Symmetric Cipher Design" (Grendel) ePrint 2021/984
  • Roy, Steiner et al. "Arion: Arithmetization-Oriented Permutation and Hashing from Generalized Triangular Dynamical Systems" arXiv 2303.04639
  • Bettale, Kahrobaei, Perret, Verbel. "Biscuit: New MPCitH Signature Scheme from Structured Multivariate Polynomials" ePrint 2023/1760

Reading queue: algebraic VDFs

  • Lenstra, Wesolowski. "A random zoo: sloth, unicorn, and trx" (Sloth, foundational slow-hash VDF) ePrint 2015/366
  • Khovratovich, Maller, Tiwari. "MinRoot: Candidate Sequential Function for Ethereum VDF" ePrint 2022/1626

Reading queue: AO primitive signatures (Legendre/Power-Residue PRF)

  • Loquat group. "Loquat: A SNARK-Friendly Post-Quantum Signature based on the Legendre PRF" (Crypto 2024) ePrint 2024/868
  • Zhang, Li, Steinfeld, Zhao, Liu, Yuen. "Pegasus and PegaRing: Efficient (Ring) Signatures from Sigma-Protocols for Power Residue PRFs" ePrint 2025/1841

Reading queue: cryptanalysis of AO primitives

  • Bariant, Peyrin. "Algebraic Attacks against Some AO Primitives" (2022)
  • Keller, Rosemarin. "STARK Friendly Hash Survey" (2020)
  • Bariant, Boeuf, Briaud, Hostettler, Oygarden, Raddum. "Improved Resultant Attack against Arithmetization-Oriented Primitives" ePrint 2025/259
  • Yang, Zheng, Yang, Liu, Tang. "A New Security Evaluation Method Based on Resultant for Arithmetic-Oriented Algorithms" ePrint 2024/886
  • Steiner. "Zero-Dimensional Groebner Bases for Rescue-XLIX" ePrint 2024/468
  • Ashur, Buschman, Mahzoun. "Algebraic Cryptanalysis of HADES Design Strategy: Application to POSEIDON and Poseidon2" ePrint 2023/537
  • Sun, Chen, Liu, Wang, Niu. "High Exponents May Not Suffice to Patch AIM (On Attacks, Weak Parameters, and Patches for AIM2)" ePrint 2025/2272
  • Sanso, Vitto. "Attacking Poseidon via Graeffe-Based Root-Finding over NTT-Friendly Fields" ePrint 2025/937
  • Zhao, Ding. "Breaking Poseidon Challenges with Graeffe Transforms and Complexity Analysis by FFT Lower Bounds" ePrint 2025/950
  • Grassi, Koschatko, Rechberger. "Poseidon and Neptune: Groebner Basis Cryptanalysis Exploiting Subspace Trails" ePrint 2025/954
  • Zhao, Sanso, Vitto, Ding. "Graeffe-Based Attacks on Poseidon and NTT Lower Bounds" ePrint 2025/1916
  • Bak, Bariant, Boeuf, Briaud, Oygarden, Phanse. "The Algebraic CheapLunch: Extending FreeLunch Attacks on AO Primitives Beyond CICO-1" ePrint 2025/2040
  • Yang, Zheng, Yang. "Algebraic Cryptanalysis of AO Primitives Based on Polynomial Decomposition: Applications to Rain and Full AIM-III/IV" ePrint 2025/981
  • Campa, Roy. "Groebner Basis Cryptanalysis of Anemoi" ePrint 2025/814
  • Chang, Qiao, Cheng, Ou, Zhu. "Programming Equation Systems of AO Primitives with Constraints" ePrint 2024/2061
  • Liu, Mahzoun, Meier. "Modelling Ciphers with Overdefined Systems of Quadratic Equations: Application to Friday, Vision, RAIN and Biscuit" ePrint 2024/786
  • Bariant, Boeuf, Lemoine, Manterola Ayala, Oygarden, Perrin, Raddum. "The Algebraic FreeLunch: Efficient Groebner Basis Attacks Against Arithmetization-Oriented Primitives" (Crypto 2024) ePrint 2024/347
  • Koschatko, Luftenegger, Rechberger. "Exploring the Six Worlds of Groebner Basis Cryptanalysis: Application to Anemoi" (ToSC 2024/4) ePrint 2024/250
  • Briaud. "A Note on Groebner Bases for Anemoi" (withdrawn April 2025) ePrint 2024/693
  • Koschatko et al. "Opening the Blackbox: Collision Attacks on Round-Reduced Tip5, Tip4, Tip4' and Monolith" (ToSC 2024/4) ePrint 2024/1900
  • Bak. "A Practical Distinguisher on the Full Skyscraper Permutation" ePrint 2025/102
  • Liu, Mahzoun, Oygarden, Meier. "Algebraic Attacks on RAIN and AIM Using Equivalent Representations" (ToSC 2023/4) ePrint 2023/1133
  • Zhang et al. "Algebraic Attacks on Round-Reduced RAIN and Full AIM-III" ePrint 2023/1397
  • Bariant. "A Univariate Attack against Ciminion in the Limited-Data Regime" ePrint 2023/1283
  • Steiner. "Groebner Basis Cryptanalysis of Ciminion and Hydra" (ToSC 2025/1)
  • Bak, Perrin. "On the Security of Split-and-Lookup-Based ZK-Friendly Primitives" (ToSC 2025/2)
  • Bak, Jazeron, Galissant, Perrin. "Attacking Split-and-Lookup-Based Primitives Using Probabilistic Polynomial System Solving: Applications to Round-Reduced Monolith and Full-Round Skyscraper" (ToSC 2025/3)
  • Hovhannisyan, Asaturyan, Hovhannisyan. "Cryptanalysis of Poseidon-Based Fiat-Shamir Protocols" ePrint 2026/409
  • Bak, Bariant, Boeuf, Hostettler, Jazeron. "Claiming Bounties on Small Scale Poseidon and Poseidon2 Instances Using Resultant-Based Algebraic Attacks" ePrint 2026/150
  • Merz, Rodriguez Garcia. "Skipping Class: Algebraic Attacks Exploiting Weak Matrices and Operation Modes of Poseidon2(b)" ePrint 2026/306
  • Biryukov, Fisch, Herold, Khovratovich, Leurent, Naya-Plasencia, Wesolowski. "Cryptanalysis of Algebraic Verifiable Delay Functions" (Crypto 2024, analyzes Sloth++/Veedo/MinRoot) ePrint 2024/873

Reading queue: security proofs and frameworks for AO

  • Boeuf, Perrin. "ALFOMs and the Moirai: Quantifying the Performance/Security Tradeoff for ZK-friendly Hash Functions" ePrint 2025/1920
  • Andreeva, Bhattacharyya, Roy, Trevisani. "On Efficient and Secure Compression Modes for Arithmetization-Oriented Hashing" (IEEE CSF 2024) ePrint 2024/047
  • Guo, Hu, Jiang, Fan, Fu, Preneel, Wang. "Permutation-Based Hash from Non-Idealized Assumptions: Adding Feed-Forward to Sponge" (SpongeFwd) ePrint 2025/1006
  • Ozdemir, Pailoor, Bassa, Ferles, Barrett, Dillig. "Split Groebner Bases for Satisfiability Modulo Finite Fields" (CAV 2024) ePrint 2024/572

Reading queue: Groebner bases, computational algebra, finite fields

Textbooks

  • Cox, Little, O'Shea. "Ideals, Varieties, and Algorithms" (4th ed., Springer 2015). The standard introduction to Groebner bases, Buchberger's algorithm, elimination theory, resultants, Nullstellensatz.
  • Cox, Little, O'Shea. "Using Algebraic Geometry" (2nd ed., Springer 2005). Sequel: resultants, syzygies, Hilbert functions, coding theory.
  • Adams, Loustaunau. "An Introduction to Groebner Bases" (AMS GSM Vol. 3, 1994). Concise graduate-level treatment of Groebner bases.
  • Becker, Weispfenning. "Groebner Bases: A Computational Approach to Commutative Algebra" (Springer, 1993). Rigorous treatment with detailed proofs and term orderings.
  • Kreuzer, Robbiano. "Computational Commutative Algebra 1 and 2" (Springer, 2000/2005). Theory + computation with CoCoA system.
  • Lidl, Niederreiter. "Finite Fields" (CUP, 2nd ed., 1997). The comprehensive reference on finite field theory, polynomial arithmetic over GF(p) and GF(p^n), factorization algorithms.
  • Lidl, Niederreiter. "Introduction to Finite Fields and Their Applications" (CUP, revised ed., 1994). Accessible version of the above.
  • von zur Gathen, Gerhard. "Modern Computer Algebra" (CUP, 3rd ed., 2013). Algorithms for polynomial arithmetic, GCD, factorization, resultants, modular methods.
  • Bard. "Algebraic Cryptanalysis" (Springer, 2009). The only textbook-length treatment: modeling ciphers as polynomial systems, finite field linear algebra, solving methods (SAT, Groebner, XL).
  • Joux. "Algorithmic Cryptanalysis" (CRC Press, 2009). Broader scope including algebraic methods, Groebner bases, lattice techniques.
  • Ding, Petzoldt, Schmidt. "Multivariate Public Key Cryptosystems" (Springer, 2nd ed., 2020). MQ problem, HFE, UOV, Rainbow, solving algorithms over finite fields.

Key papers: Groebner basis algorithms

  • Faugere. "A New Efficient Algorithm for Computing Groebner Bases (F4)" (J. Pure Appl. Algebra, 1999). Parallel reductions via sparse matrix linear algebra.
  • Faugere. "A New Efficient Algorithm for Computing Groebner Bases without Reduction to Zero (F5)" (ISSAC 2002). Signature-based criteria to avoid redundant reductions. State of the art.
  • Lazard. "Resolution des Systemes d'Equations Algebriques" (TCS, 1981). Connects Groebner bases to Macaulay matrices. Lazard/Macaulay bound.
  • Lazard. "Groebner Bases, Gaussian Elimination and Resolution of Systems of Algebraic Equations" (EUROCAL 83). GB computation as generalized Gaussian elimination.

Key papers: semi-regularity, degree of regularity, complexity

  • Bardet, Faugere, Salvy. "On the Complexity of Groebner Basis Computation of Semi-Regular Overdetermined Algebraic Equations" (ICPSS 2004). Defines semi-regular sequences, D_reg, sharp asymptotic complexity. Basis for most multivariate security analyses.
  • Bardet, Faugere, Salvy. "Complexity of Groebner Basis Computation for Semi-Regular Overdetermined Sequences over F_2" (INRIA RR-5049, 2003). Boolean specialization of the above.
  • Bardet, Faugere, Salvy. "On the Complexity of the F5 Groebner Basis Algorithm" (J. Symbolic Computation, 2015). Refined F5 complexity bounds. arXiv:1312.1655
  • Ding, Hodges. "Solving Degree and Degree of Regularity for Polynomial Systems over Finite Fields" (SAC 2013). Clarifies when D_reg gives valid security estimates.
  • Caminata, Gorla. "Solving Degree, Last Fall Degree, and Related Invariants" (J. Symbolic Computation, 2023). Rigorous framework relating solving degree, first/last fall degree, D_reg, Castelnuovo-Mumford regularity. ePrint 2021/1611
  • Caminata, Gorla. "On Hilbert-Poincare Series of Affine Semi-Regular Polynomial Sequences and Related Groebner Bases" (2024). Hilbert series for inhomogeneous semi-regular systems (closer to crypto setting). ePrint 2024/086

Key papers: XL algorithm and hybrid approaches

  • Courtois, Klimov, Patarin, Shamir. "Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations" (Eurocrypt 2000). Introduces XL algorithm for overdetermined MQ systems.
  • Ars, Faugere, Imai, Kawazoe, Sugita. "Comparison Between XL and Groebner Basis Algorithms" (Asiacrypt 2004). Proves XL is a redundant variant of F4.
  • Bettale, Faugere, Perret. "Hybrid Approach for Solving Multivariate Systems over Finite Fields" (J. Math. Cryptology, 2009). Combines exhaustive search + Groebner computation.

Key papers: algebraic cryptanalysis of symmetric primitives

  • Courtois, Pieprzyk. "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations" (Asiacrypt 2002). Founded algebraic cryptanalysis of block ciphers (AES/Serpent as polynomial systems). ePrint 2002/044
  • Buchmann, Pyshkin, Weinmann. "Block Ciphers: Algebraic Cryptanalysis and Groebner Bases" (in Sala et al., Springer, 2009). Survey of GB-based cryptanalysis of block ciphers.

Coauthor analysis

  • List all coauthors across all AO primitives papers (design and cryptanalysis). Map out who has worked on what, and investigate their other publications. Useful for understanding the research landscape, finding related work, and identifying key contributors to the field.

Author directory

Researchers appearing across the papers above, grouped by primary field.

AO primitive designers

NameAffiliationField
Lorenzo GrassiRuhr University BochumSymmetric crypto, AO design (Poseidon, Poseidon2, Griffin, Reinforced Concrete, Monolith, Skyscraper)
Dmitry KhovratovichEthereum FoundationSymmetric crypto, hash design, memory-hard functions (Argon2)
Christian RechbergerTU GrazSymmetric crypto, privacy-preserving computation, AO design
Clemence BouvierInria Paris / SorbonneSymmetric crypto, algebraic cryptanalysis, AO design (Anemoi, Skyscraper)
Charalambos ChaidosUniv. of Athens / UCLZero-knowledge proofs, SNARKs, blockchain protocols
Robin SalenPolygon ZeroZK proofs, ZK-friendly hashing, Plonky ecosystem
Vesselin VelichkovUniv. of EdinburghSymmetric crypto, differential cryptanalysis, automated tools
Danny Willemso1Labs (Mina)ZK proofs, elliptic curves, proof systems engineering
Reinhard LufteneggerShielded TechnologiesAO primitive analysis, ZK-friendly crypto (PhD: "Algebraic Analysis of AO Primitives")
Markus SchofneggerHorizen LabsZK proofs, ZK-friendly hash functions
Roman WalchTU GrazSymmetric crypto (Monolith co-author)
Fabian SchmidTU GrazSymmetric crypto (Skyscraper-v2 co-author)
Tomer Ashur3MI Labs (prev. TU Eindhoven, KU Leuven)Symmetric crypto design (Rescue, Vision, RPO-M31, XHash)
Alan SzepieniecNeptune Cash / Triton SoftwarePost-quantum crypto, STARKs, Tip5 designer
Jincheol HaKAISTSymmetric crypto (Polocolo co-author)
Seongha HwangKAISTSymmetric crypto (Polocolo co-author)
Jooyoung LeeKAISTSymmetric crypto (Polocolo co-author)
Seungmin ParkKAISTSymmetric crypto (Polocolo co-author)
Mincheol SonKAISTSymmetric crypto (Polocolo co-author)
Al KindiPolygonAO encryption (MonkeySpongeWrap + RPO)
Gokce DuzyolBogazici UniversityZK-friendly hash functions, finite fields
Kamil OtalTUBITAK BILGEMSymmetric crypto, coding theory
Alexandre Adomnicaiprev. CryptoNext / NTU SingaporeCrypto engineering, lightweight crypto, efficient implementations
Martin AlbrechtKing's College London / SandboxAQComputational algebra, lattice crypto, AO design (MiMC)
Siemen DhoogheKU Leuven (COSIC)Symmetric crypto (MARVELlous: Jarvis, Friday, Vision, Rescue)
Amit Singh BhatiKU Leuven (COSIC)Symmetric crypto (XHash co-author)
Christoph DobraunigIntel Labs / TU GrazSymmetric crypto (Ciminion, RAIN/Rainier, ASCON)
Anna Guinet(Ciminion co-author)AO cipher design
Daniel Kuijsters(Ciminion co-author)AO cipher design
Daniel KalesTU GrazPost-quantum signatures (RAIN/Rainier)
Greg ZaveruchaMicrosoft ResearchPost-quantum signatures (RAIN/Rainier, Picnic)
Dragos RotaruNordVPN / prev. KU LeuvenMPC, HADES design strategy, GMiMC
Sebastian RamacherAIT Austrian Inst. of TechnologyMPC-friendly crypto (GMiMC)
Tyge Tiessenprev. DTU DenmarkSymmetric crypto (MiMC co-author)
Seongkwang KimSamsung SDSAIM/AIMer designer
Byeonghak LeeSamsung SDSAIM/AIMer designer
Dukjae MoonSamsung SDSAIM/AIMer designer
Sangyup LeeSamsung SDSAIM/AIMer designer
Jihoon KwonSamsung SDSAIM/AIMer designer
Jihoon ChoSamsung SDSAIM/AIMer designer
Hyojin YoonSamsung SDSAIM/AIMer designer
Joungmo ChoSamsung SDSAIM/AIMer designer
Mary MallerEthereum Foundation / PQShieldCrypto (MinRoot VDF co-author)
Pratyush Ranjan TiwariJohns Hopkins / prev. KU LeuvenCrypto (MinRoot VDF co-author)
Arjen K. LenstraEPFLComputational number theory (Sloth VDF)

AO cryptanalysts (algebraic attacks, Groebner bases)

NameAffiliationField
Augustin BariantInria Paris (COSMIQ)Algebraic cryptanalysis, differential crypto, AO attacks
Pierre BriaudInria Paris (COSMIQ)Algebraic cryptanalysis, multivariate crypto, Groebner bases
Leo PerrinInria ParisSymmetric crypto, S-box analysis, Boolean functions
Aurelien BoeufInria Paris / ENSAlgebraic cryptanalysis, AO security metrics (ALFOMs)
Morten OygardenSimula UiBAlgebraic cryptanalysis, Boolean functions, Groebner bases
Havard RaddumSimula UiBAlgebraic cryptanalysis
Antoine BakInria ParisAlgebraic attacks on AO primitives (FreeLunch, CheapLunch, Skyscraper)
Guilhem JazeronInria Paris (COSMIQ)Algebraic attacks on ZK-friendly primitives
Pierre GalissantInria Paris (post-doc)White-box crypto, algebraic constructions
Axel LemoineInria / DGA (French MoD)Algebraic cryptanalysis, Groebner basis attacks
Irati Manterola AyalaSimula UiB / Univ. BergenAlgebraic attacks on AO primitives
Atharva PhanseSimula UiBSymmetric crypto, cryptanalysis
Mael HostettlerTelecom SudParis (IP Paris)Algebraic cryptanalysis, resultant attacks on AO
Katharina KoschatkoTU GrazAlgebraic cryptanalysis, "Six Worlds" GB framework
Luca CampaUniv. of InnsbruckGB cryptanalysis, algebraic geometry applied to crypto
Arnab RoyUniv. of InnsbruckSymmetric crypto design/analysis, algebraic number theory
Matthias Johann SteinerUniv. of KlagenfurtAlgebraic analysis of AO primitives (Rescue, Ciminion, Hydra)
Antonio SansoEthereum FoundationApplied crypto, Graeffe-based attacks on Poseidon
Giuseppe VittoEthereum FoundationZK-friendly hashing, Graeffe-based attacks
Ziyu ZhaoTsinghua University (YMSC)Lattice crypto, Graeffe/FFT attacks on Poseidon
Jintai DingXJTLU / Univ. Cincinnati (emeritus)Post-quantum crypto (ML-KEM/Kyber co-designer)
Thomas PeyrinNTU SingaporeSymmetric crypto design and cryptanalysis
Nathan KellerBar-Ilan UniversitySymmetric cryptanalysis, combinatorics
Asaf RosemarinBar-Ilan UniversitySymmetric cryptanalysis (HADES/Poseidon analysis)
Fukang LiuInstitute of Science TokyoSymmetric cryptanalysis (SHA-256 collision, AO attacks)
Mohammad MahzounTU Eindhoven / 3MI LabsCryptanalysis of symmetric primitives, FHE-friendly ciphers
Willi MeierFHNW SwitzerlandSymmetric crypto, stream ciphers (ASCON co-designer)
Thomas BuschmanTU EindhovenAlgebraic cryptanalysis (HADES/Poseidon)
Hong-Sen YangPLA Info. Engineering Univ.Algebraic cryptanalysis, polynomial decomposition attacks
Qun-Xiong ZhengPLA Info. Engineering Univ.Algebraic cryptanalysis, AO security evaluation
Jing YangPLA Info. Engineering Univ.Symmetric cryptanalysis (linear, algebraic)
Mengyu ChangBeijing Institute of TechnologyAlgebraic cryptanalysis, equation systems for AO
Kexin QiaoBeijing Institute of TechnologySymmetric cryptanalysis (differential, MILP), AO attacks
Simon-Philipp MerzETH ZurichPost-quantum crypto, Poseidon2(b) attacks
Alex Rodriguez GarciaUPC BarcelonaZK proofs, Poseidon2(b) attacks
Kaiyi ZhangShanghai Jiao Tong Univ.Algebraic attacks (RAIN, AIM-III)
Qingju WangUniv. of LuxembourgSymmetric cryptanalysis
Yu YuShanghai Jiao Tong Univ.Foundations of crypto
Hongrui CuiShanghai Jiao Tong Univ.Algebraic attacks
Yimeng SunShandong UniversityAIM analysis
Shiyao ChenShandong UniversityAO cryptanalysis (AIM, Tip5/Monolith collisions)
Guowei LiuShandong UniversityAIM analysis
Meiqin WangShandong UniversitySymmetric cryptanalysis
Chao NiuAnt GroupAIM analysis
Hailun Yan(Tip5/Monolith collisions co-author)Symmetric cryptanalysis
Subhadeep Banik(Tip5/Monolith collisions co-author)Lightweight crypto, side-channel

AO cryptanalysts (VDF, Fiat-Shamir)

NameAffiliationField
Alex BiryukovUniv. of Luxembourg (CryptoLUX)Applied crypto, cryptanalysis (Argon2 co-designer)
Ben FischYale / Espresso SystemsApplied crypto, verifiable computation
Gottfried HeroldRuhr University BochumPublic-key crypto, FHE
Gaetan LeurentInria Paris (COSMIQ)Symmetric crypto, block cipher/hash cryptanalysis
Maria Naya-PlasenciaInria Paris (COSMIQ)Symmetric crypto, post-quantum symmetric security
Benjamin WesolowskiCNRS / ENS LyonNumber-theoretic crypto, isogenies (IACR Secretary)
Hayk HovhannisyanYerevan State UniversityPoseidon-based Fiat-Shamir cryptanalysis
Nerses AsaturyanYerevan State Univ. / Layerswap LabsPoseidon-based Fiat-Shamir cryptanalysis
Gohar HovhannisyanYerevan State UniversityPoseidon-based Fiat-Shamir cryptanalysis

Security proofs and frameworks

NameAffiliationField
Elena AndreevaTU WienSymmetric authenticated encryption, AO hashing modes
Rishiraj BhattacharyyaUniv. of BirminghamCryptographic hash functions, provable security
Stefano Trevisani(AO compression modes co-author)Provable security
Chun GuoShandong UniversityProvable security, SpongeFwd
Kai HuShandong UniversityProvable security, SpongeFwd
Bart PreneelKU Leuven (COSIC)Symmetric crypto, hash functions
Alex OzdemirStanfordFormal verification, SMT for finite fields
Alp BassaVeridiseFormal verification, algebraic geometry

Post-quantum signatures using AO primitives

NameAffiliationField
Thibauld FeneuilCryptoExperts / SorbonneZK proofs, post-quantum signatures (CAPSS)
Matthieu RivainCryptoExpertsSide-channel countermeasures, masking, white-box crypto
Xinyu ZhangMonash UniversityPost-quantum signatures (Loquat, Pegasus)
Ron SteinfeldMonash UniversityLattice crypto, post-quantum crypto
Muhammed F. EsginMonash UniversityPost-quantum crypto
Joseph K. LiuMonash UniversityPrivacy-preserving crypto
Dongxi LiuCSIRO Data61Applied crypto
Sushmita RujUNSW SydneyBlockchain, applied crypto
Ziyi LiMonash UniversityPost-quantum signatures (Pegasus)
Raymond K. ZhaoMonash UniversityPost-quantum crypto
Tsz Hon YuenUniv. of Hong KongPrivacy-preserving crypto
Jim Posen(Vision Mark-32 co-author)ZK proofs
Danilo Sijacicprev. KU Leuven (COSIC)Crypto hardware, side-channel analysis
Sundas TariqKU Leuven (COSIC) / 3MI LabsAO hash design (RPO-M31, XHash-M31)

Foundational Groebner basis / computational algebra researchers

NameAffiliationField
Jean-Charles FaugereSorbonne / Inria ParisGroebner bases (F4, F5 algorithms), algebraic cryptanalysis
Daniel LazardSorbonne (emeritus)Computer algebra, Groebner bases, polynomial solving
Magali BardetUniv. Rouen NormandieSemi-regularity complexity, algebraic cryptanalysis, code-based crypto
Bruno SalvyInria / ENS LyonComputer algebra, symbolic computation, asymptotics
Alessio Caminata(Groebner complexity)Solving degree, Hilbert series
Elisa Gorla(Groebner complexity)Algebraic geometry, solving degree, regularity
Nicolas CourtoisUCL LondonAlgebraic cryptanalysis (XL, XSL), block cipher analysis
Josef PieprzykCSIRO Data61 / Macquarie Univ.Hash functions, algebraic cryptanalysis
Jacques PatarinUVSQ (Versailles)Multivariate crypto (HFE, UOV), Feistel provable security
Adi ShamirWeizmann InstituteCryptography (RSA, differential crypto, XL). Turing Award 2002
Ludovic PerretSorbonne / Inria / CryptoNextMultivariate crypto, Groebner complexity, post-quantum
Luk BettaleIDEMIA (prev. Sorbonne)Hybrid polynomial solving, Groebner bases
Antoine JouxCISPA Helmholtz CenterAlgorithmic cryptanalysis, discrete log, pairings
Gregory V. BardUniv. Wisconsin-StoutAlgebraic cryptanalysis, SAT solvers, GF(2) linear algebra
Johannes BuchmannTU Darmstadt (emeritus)Computational number theory, lattice crypto, post-quantum

Textbook authors (computational algebra, finite fields)

NameAffiliationField
David A. CoxAmherst College (emeritus)Algebraic geometry, toric varieties
John B. LittleCollege of the Holy CrossAlgebraic geometry, algebraic coding theory
Donal B. O'SheaNew College of FloridaAlgebraic geometry, singularity theory
Martin KreuzerUniversitat PassauComputational commutative algebra, Groebner bases
Rudolf LidlUniv. of Tasmania (emeritus)Finite fields, polynomials over finite fields
Harald NiederreiterAustrian Academy of SciencesFinite fields, quasi-Monte Carlo, coding theory
Joachim von zur GathenUniv. Bonn (emeritus)Computer algebra, polynomial algorithms
Jurgen GerhardMaplesoftComputer algebra, symbolic computation
Jintai DingXJTLU / Univ. Cincinnati (emeritus)Multivariate crypto (MQ), post-quantum (ML-KEM)
Albrecht Petzoldt(Multivariate PKC co-author)Multivariate cryptography
Daniel Schmidt(Multivariate PKC co-author)Multivariate cryptography

Sage implementations needed

  • Poseidon reference implementation
  • Poseidon2 reference implementation
  • Anemoi Flystel implementation
  • Groebner basis attack demo on reduced-round Poseidon
  • Differential uniformity computation
  • Algebraic degree growth experiments
  • Interpolation attack on toy example

Content to write

  • Detailed Flystel construction walkthrough
  • Comparison table: constraints per hash across proof systems
  • MDS matrix construction methods
  • Round constant generation (Grain LFSR, etc.)
  • Performance benchmarks across different fields

Open questions to investigate

  • Actual vs. upper-bound algebraic degree for Poseidon partial rounds
  • Semi-regularity assumption validity for each primitive
  • Impact of field choice on security margins
  • Relationship between constraint efficiency and security margin