A Note of $\mathsf{Anemoi}$ Gröbner Bases

ePrint Report: A Note of $\mathsf{Anemoi}$ Gröbner Bases

Pierre Briaud

Recently, [eprint/2024/250] and [eprint/2024/347] proposed two algebraic attacks on the $\mathsf{Anemoi}$ permutation [Crypto '23]. In this note, we construct a Gröbner basis for the ideal generated by the naive modeling of the $\mathsf{CICO}$ problem associated to $\mathsf{Anemoi}$, in odd and in even characteristics, for one and several branches. We also infer the degree of the ideal from this Gröbner basis, while previous works relied on upper bounds.

attacks crypto eprint report generated modeling problem report