[aszepieniec]

AES/Rijdael is already somewhat arithmetization-oriented, because all its constituent operations are over the field GF(256). Hash functions like SHA2-256 and SHA3/Keccak do not have this property. However, you need to adapt the field to the zk-SNARK proof system if you want to save on performance cost, so you won't be able to use AES in this context anyway.

The first cipher to have this property was, I think, LowMC (2015). There have been a bunch more proposals since -- MiMC (2016), GMiMC (2019), Starkad and Poseidon (2019), Vision and Rescue (2019), and Rescue-Prime [1] (2020). I may be missing some; there was a rapid development in this field in the last years.

[1]: https://eprint.iacr.org/2020/1143