In this paper we propose the (keyed) permutation Arion and the hash function ArionHash over $\mathbb{F}_p$ for odd and particularly large primes. The design of Arion is based on the newly introduced Generalized Triangular Dynamical System (GTDS), which provides a new algebraic framework for constructing (keyed) permutation using polynomials over a finite field. At round level Arion is the first design which is instantiated using the new GTDS. We provide extensive security analysis of our construction including algebraic cryptanalysis (e.g. interpolation and Groebner basis attacks) that are particularly decisive in assessing the security of permutations and hash functions over $\mathbb{F}_p$. From a application perspective, ArionHash is aimed for efficient implementation in zkSNARK protocols and Zero-Knowledge proof systems. For this purpose, we exploit that CCZ-equivalence of graphs can lead to a more efficient implementation of Arithmetization-Oriented primitives. We compare the efficiency of ArionHash in R1CS and Plonk settings with other hash functions such as Poseidon, Anemoi and Griffin. For demonstrating the practical efficiency of ArionHash we implemented it with the zkSNARK libraries libsnark and Dusk Network Plonk. Our result shows that ArionHash is significantly faster than Poseidon - a hash function designed for zero-knowledge proof systems. We also found that an aggressive version of ArionHash is considerably faster than Anemoi and Griffin in a practical zkSNARK setting.

翻译：本文提出（带密钥的）置换函数Arion及哈希函数ArionHash，其定义在奇素数，特别是大素数域$\mathbb{F}_p$上。Arion的设计基于新引入的广义三角动力系统（GTDS），该框架利用有限域上的多项式为构造（带密钥的）置换提供了新的代数基础。在轮函数层面，Arion是首个采用新型GTDS实例化的设计。我们对该构造进行了全面的安全性分析，特别关注代数密码分析（如插值攻击和Gröbner基攻击），这些在评估$\mathbb{F}_p$上置换与哈希函数安全性时具有决定性作用。从应用角度看，ArionHash旨在高效实现于zkSNARK协议与零知识证明系统中。为此，我们利用图的CCZ等价性可提升面向算术化原语的实现效率。我们在R1CS和Plonk环境下将ArionHash与Poseidon、Anemoi、Griffin等哈希函数进行效率对比。为验证ArionHash的实际性能，我们将其分别集成至libsnark与Dusk Network Plonk的zkSNARK库中。结果表明，ArionHash显著快于专为零知识证明系统设计的哈希函数Poseidon。同时，在实用zkSNARK场景下，ArionHash的激进版本比Anemoi与Griffin快得多。