Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints

Kexin Qiao; Mengyu Chang; Junjie Cheng; Changhai Ou; An Wang; Liehuang Zhu

doi:10.1007/978-981-95-6203-9_5

Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints

Kexin Qiao
, Mengyu Chang
, Junjie Cheng
, Changhai Ou^*
, An Wang
, Liehuang Zhu

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Arithmetization-Oriented (AO) cryptographic algorithms operate on large finite fields. The most threatening attack on such designs is the Gröbner basis attack, which solves the equation system encoded from the cryptanalysis problem. However, encoding a primitive as a system of equations is not unique, and finding the optimal one with low solving complexity is a formidable challenge. This paper presents an automated tool that transforms the problem into a Mixed-Integer Quadratic Constraint Programming (MIQCP) model. By employing integer variables and constraints, the tool tracks degree propagation and determines strategic variable introduction points. The optimal MIQCP solution yields the most efficient solving complexity, offering the lowest computational burden for the Gröbner basis attack. We construct comprehensive models for the Griffin, Anemoi, and Ciminion permutations. Our experiments demonstrate reduced Gröbner basis attack complexity, surpassing the designers’ bounds. This versatile tool can be leveraged to accurately evaluate the security of new AO designs against Gröbner basis attacks.

Original language	English
Title of host publication	Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers
Editors	Rongmao Chen, Robert H. Deng, Moti Yung
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	85-106
Number of pages	22
ISBN (Print)	9789819562022
DOIs	https://doi.org/10.1007/978-981-95-6203-9_5
Publication status	Published - 2026
Externally published	Yes
Event	21st International Conference on Information Security and Cryptology, Inscrypt 2025 - Xi'an, China Duration: 19 Oct 2025 → 22 Oct 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	16409 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Information Security and Cryptology, Inscrypt 2025
Country/Territory	China
City	Xi'an
Period	19/10/25 → 22/10/25

Keywords

Automatic cryptanalysis
CICO
Griffin
Gröbner basis
MIQCP

Access to Document

10.1007/978-981-95-6203-9_5

Cite this

Qiao, K., Chang, M., Cheng, J., Ou, C., Wang, A., & Zhu, L. (2026). Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints. In R. Chen, R. H. Deng, & M. Yung (Eds.), Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers (pp. 85-106). (Lecture Notes in Computer Science; Vol. 16409 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-95-6203-9_5

Qiao, Kexin ; Chang, Mengyu ; Cheng, Junjie et al. / Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints. Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers. editor / Rongmao Chen ; Robert H. Deng ; Moti Yung. Springer Science and Business Media Deutschland GmbH, 2026. pp. 85-106 (Lecture Notes in Computer Science).

@inproceedings{44106e26a4e640aa82b21e68e5511b2d,

title = "Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints",

abstract = "Arithmetization-Oriented (AO) cryptographic algorithms operate on large finite fields. The most threatening attack on such designs is the Gr{\"o}bner basis attack, which solves the equation system encoded from the cryptanalysis problem. However, encoding a primitive as a system of equations is not unique, and finding the optimal one with low solving complexity is a formidable challenge. This paper presents an automated tool that transforms the problem into a Mixed-Integer Quadratic Constraint Programming (MIQCP) model. By employing integer variables and constraints, the tool tracks degree propagation and determines strategic variable introduction points. The optimal MIQCP solution yields the most efficient solving complexity, offering the lowest computational burden for the Gr{\"o}bner basis attack. We construct comprehensive models for the Griffin, Anemoi, and Ciminion permutations. Our experiments demonstrate reduced Gr{\"o}bner basis attack complexity, surpassing the designers{\textquoteright} bounds. This versatile tool can be leveraged to accurately evaluate the security of new AO designs against Gr{\"o}bner basis attacks.",

keywords = "Automatic cryptanalysis, CICO, Griffin, Gr{\"o}bner basis, MIQCP",

author = "Kexin Qiao and Mengyu Chang and Junjie Cheng and Changhai Ou and An Wang and Liehuang Zhu",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2026.; 21st International Conference on Information Security and Cryptology, Inscrypt 2025 ; Conference date: 19-10-2025 Through 22-10-2025",

year = "2026",

doi = "10.1007/978-981-95-6203-9\_5",

language = "English",

isbn = "9789819562022",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "85--106",

editor = "Rongmao Chen and Deng, \{Robert H.\} and Moti Yung",

booktitle = "Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers",

address = "Germany",

}

Qiao, K, Chang, M, Cheng, J, Ou, C, Wang, A & Zhu, L 2026, Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints. in R Chen, RH Deng & M Yung (eds), Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers. Lecture Notes in Computer Science, vol. 16409 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 85-106, 21st International Conference on Information Security and Cryptology, Inscrypt 2025, Xi'an, China, 19/10/25. https://doi.org/10.1007/978-981-95-6203-9_5

Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints. / Qiao, Kexin; Chang, Mengyu; Cheng, Junjie et al.
Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers. ed. / Rongmao Chen; Robert H. Deng; Moti Yung. Springer Science and Business Media Deutschland GmbH, 2026. p. 85-106 (Lecture Notes in Computer Science; Vol. 16409 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints

AU - Qiao, Kexin

AU - Chang, Mengyu

AU - Cheng, Junjie

AU - Ou, Changhai

AU - Wang, An

AU - Zhu, Liehuang

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2026.

PY - 2026

Y1 - 2026

N2 - Arithmetization-Oriented (AO) cryptographic algorithms operate on large finite fields. The most threatening attack on such designs is the Gröbner basis attack, which solves the equation system encoded from the cryptanalysis problem. However, encoding a primitive as a system of equations is not unique, and finding the optimal one with low solving complexity is a formidable challenge. This paper presents an automated tool that transforms the problem into a Mixed-Integer Quadratic Constraint Programming (MIQCP) model. By employing integer variables and constraints, the tool tracks degree propagation and determines strategic variable introduction points. The optimal MIQCP solution yields the most efficient solving complexity, offering the lowest computational burden for the Gröbner basis attack. We construct comprehensive models for the Griffin, Anemoi, and Ciminion permutations. Our experiments demonstrate reduced Gröbner basis attack complexity, surpassing the designers’ bounds. This versatile tool can be leveraged to accurately evaluate the security of new AO designs against Gröbner basis attacks.

AB - Arithmetization-Oriented (AO) cryptographic algorithms operate on large finite fields. The most threatening attack on such designs is the Gröbner basis attack, which solves the equation system encoded from the cryptanalysis problem. However, encoding a primitive as a system of equations is not unique, and finding the optimal one with low solving complexity is a formidable challenge. This paper presents an automated tool that transforms the problem into a Mixed-Integer Quadratic Constraint Programming (MIQCP) model. By employing integer variables and constraints, the tool tracks degree propagation and determines strategic variable introduction points. The optimal MIQCP solution yields the most efficient solving complexity, offering the lowest computational burden for the Gröbner basis attack. We construct comprehensive models for the Griffin, Anemoi, and Ciminion permutations. Our experiments demonstrate reduced Gröbner basis attack complexity, surpassing the designers’ bounds. This versatile tool can be leveraged to accurately evaluate the security of new AO designs against Gröbner basis attacks.

KW - Automatic cryptanalysis

KW - CICO

KW - Griffin

KW - Gröbner basis

KW - MIQCP

UR - https://www.scopus.com/pages/publications/105028250688

U2 - 10.1007/978-981-95-6203-9_5

DO - 10.1007/978-981-95-6203-9_5

M3 - Conference contribution

AN - SCOPUS:105028250688

SN - 9789819562022

T3 - Lecture Notes in Computer Science

SP - 85

EP - 106

BT - Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers

A2 - Chen, Rongmao

A2 - Deng, Robert H.

A2 - Yung, Moti

PB - Springer Science and Business Media Deutschland GmbH

T2 - 21st International Conference on Information Security and Cryptology, Inscrypt 2025

Y2 - 19 October 2025 through 22 October 2025

ER -

Qiao K, Chang M, Cheng J, Ou C, Wang A , Zhu L. Programming Equation Systems of Arithmetization-Oriented Primitives with Constraints. In Chen R, Deng RH, Yung M, editors, Information Security and Cryptology - 21st International Conference, Inscrypt 2025, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2026. p. 85-106. (Lecture Notes in Computer Science). doi: 10.1007/978-981-95-6203-9_5