In this paper we propose the (keyed) permutation Arion and the hash function ArionHash over $\mathbb{F}_p$ for odd and particularly large primes. The design of Arion is based on the newly introduced Generalized Triangular Dynamical System (GTDS), which provides a new algebraic framework for constructing (keyed) permutation using polynomials over a finite field. At round level Arion is the first design which is instantiated using the new GTDS. We provide extensive security analysis of our construction including algebraic cryptanalysis (e.g. interpolation and Gr\"obner basis attacks) that are particularly decisive in assessing the security of permutations and hash functions over $\mathbb{F}_p$. From an application perspective, ArionHash aims for efficient implementation in zkSNARK protocols and Zero-Knowledge proof systems. For this purpose, we exploit that CCZ-equivalence of graphs can lead to a more efficient implementation of Arithmetization-Oriented primitives. We compare the efficiency of ArionHash in R1CS and Plonk settings with other hash functions such as Poseidon, Anemoi and Griffin. For demonstrating the practical efficiency of ArionHash we implemented it with the zkSNARK libraries libsnark and Dusk Network Plonk. Our result shows that ArionHash is significantly faster than Poseidon - a hash function designed for zero-knowledge proof systems. We also found that an aggressive version of ArionHash is considerably faster than Anemoi and Griffin in a practical zkSNARK setting.

翻译：本文提出在奇素数特别是大素数有限域$\mathbb{F}_p$上构造的（带密钥）置换函数Arion及哈希函数ArionHash。Arion的设计基于新引入的广义三角动力系统（GTDS），该体系为利用有限域多项式构造（带密钥）置换提供了新的代数框架。在轮函数层面，Arion是首个采用新型GTDS实例化的设计方案。我们对该构造进行了全面的安全性分析，包括对评估$\mathbb{F}_p$上置换与哈希函数安全性具有决定性作用的代数密码分析（如插值攻击和Gröbner基攻击）。从应用角度看，ArionHash旨在为zkSNARK协议和零知识证明系统提供高效实现。为此，我们利用图论中的CCZ等价性优化算术化友好型原语的实现效率。在R1CS和Plonk计算模型下，我们比较了ArionHash与Poseidon、Anemoi、Griffin等哈希函数的效率。为验证ArionHash的实际效率，我们基于libsnark和Dusk Network Plonk的zkSNARK库实现了该函数。实验结果表明，ArionHash在速度上显著优于专为零知识证明系统设计的Poseidon哈希函数；同时，其激进版本在实际zkSNARK场景中的性能表现也明显超越Anemoi和Griffin。