Strengthening trust in the cryptographic algorithm “Poseidon”
Published:
A new security study of the cryptographic hash function Poseidon provides insights into how robust it is against attacks. The researchers have also developed a new method for analysing potential attacks.
There is a growing demand from developers to incorporate the cryptographic hash function Poseidon as a key building block for efficient zero-knowledge proofs (ZKPs) in blockchain systems, such as Ethereum. Poseidon is, however, a fairly recent design, and its security is currently unclear. This is the reason why the Ethereum Foundation has launched a huge initiative to analyse the security of Poseidon and decide whether the algorithm is sufficiently mature to be deployed in real-world systems. This two-year effort includes funding bounties, scientific workshops, as well as research projects.
- Zero-knowledge proofs are cryptographic methods where one party proves to another that a statement is true, without revealing any information beyond the statement's truthfulness itself.
- A hash function is used as a part of these proofs, as a one-way mathematical function that turns data into a string of text in a manner that cannot be reversed.
- These ZKPs are implemented in Blockchain systems, which are databases storing records in a transparent way that is resistant to tampering, allowing people to use functionalities such as digital currency and smart contracts.
One of the projects, funded by a grant from the Ethereum Foundation, was carried out by postdoctoral fellow Morten Øygarden and PhD student Atharva Phanse from Simula UiB. The outcomes are available as part of a preprint research article written in collaboration with other researchers from Simula UiB, as well as the French organisations INRIA and ANSSI.
Validating cryptographic integrity
The adoption of the Poseidon algorithm in high-value applications, like the Ethereum blockchain, requires thorough cryptanalysis to ensure its security, as current knowledge about its profile is still evolving. The researchers addressed this need by focusing on algebraic attacks, one of the main attack vectors against Poseidon, where the attacker tries to exploit the underlying mathematical structure of the algorithm.
New method for analysing potential attacks
A central contribution of the project was the development of a more efficient way to compute Gröbner bases in this setting. These are key mathematical objects used to study equations that represent the internal structure of the Poseidon hash function.
Being able to compute these Gröbner bases more effectively allows researchers to estimate how difficult it would be for an attacker to break Poseidon using algebraic techniques.
Increased confidence in practical parameters
The new analysis concludes that the most relevant parameter sets for practical, real-world implementations of Poseidon do not show signs of vulnerability against algebraic attacks. At the same time, the results reveal that other parameter regimes can be weaker than what earlier analysis has predicted, thus providing a word of caution for developers who may want to implement Poseidon outside “typical” use-cases. At a more conceptual level, the study helps refine and strengthen the analytic methods used to test Poseidon’s security.
As Poseidon may become a central component in Ethereum and other decentralised systems that rely on zero-knowledge proofs, this new evidence helps reduce uncertainty and supports continued confidence in its use.
Image credit: The visual in this article is generated by Google Gemini.