Differential-ML Distinguisher: Machine Learning Based Generic Extension for Differential Cryptanalysis (original) (raw)
Related papers
Cryptanalysis of Block Ciphers Using Almost-Impossible Differentials
In this paper, inspired from the notion of impossible differentials, we present a model to use differentials that are less probable than a random permutation. We introduce such a distinguisher for 2 rounds of Crypton, and present an attack on 6 rounds of this predecessor AES candidate. As a special case of this idea, we embed parts of the additional rounds around the impossible differential into the distinguisher to make a probabilistic distinguisher with more rounds. We show that with this change, the data complexity is increased but the time complexity may be reduced or increased. Then we discuss that this change in the impossible differential cryptanalysis is commodious and rational when the data complexity is low and time complexity is marginal.
Hypothesis testing and advanced distinguishers in differential cryptanalysis of block ciphers
Tatra Mountains Mathematical Publications
Distinguishing distributions is a major part during cryptanalysis of symmetric block ciphers. The goal of the cryptanalyst is to distinguish two distributions; one that characterizes the number of certain events which occur totally at random and another one that characterizes same type of events but due to propagation inside the cipher. This can be realized as a hypothesis testing problem, where a source is used to generate independent random samples in some given finite set with some distribution P, which is either R or W, corresponding to propagation inside the cipher or a random permutation respectively. Distinguisher’s goal is to determine which one is most likely the one which was used to generate the sample. In this paper, we study a general hypothesis-testing based approach to construct statistical distinguishers using truncated differential properties. The observable variable in our case is the expected number of pairs that follow a certain truncated differential property of...
Differential Cryptanalysis on Block Ciphers: New Research Directions
International Journal of Computer Applications
Differential Cryptanalysis is a powerful technique in cryptanalysis, applied to symmetric-key block ciphers. It is a chosen plain-text attack which means the cryptanalyst has some sets of the plain-text and the corresponding cipher-text pairs of his choice. These pairs of the plain-text are related by a constant difference. Basically it is the study of how differences in input information can affect the resultant difference at the output. In this paper, differential cryptanalysis is applied on substitutionpermutation network and data encryption standards cipher. The survey is based on the analysis of a simple, yet realistically structured, basic Substitution-Permutation Network cipher. Along with this, the paper also presents our contribution in this paper as well as our future research work.
Variants of Differential and Linear Cryptanalysis
Block cipher is in vogue due to its requirement for integrity, confidentiality and authentication. Differential and Linear cryptanalysis are the basic techniques on block cipher and till today many cryptanalytic attacks are developed based on these. Each variant of these have different methods to find distinguisher and based on the distinguisher, the method to recover key. This paper illustrates the steps to find distinguisher and steps to recover key of all variants of differential and linear attacks developed till today. This is advantageous to cryptanalyst and cryptographer to apply various attacks simultaneously on any crypto algorithm.
New Results on Machine Learning-Based Distinguishers
IEEE Access
This work has been supported in parts by the "University SAL Labs" initiative of Silicon Austria Labs (SAL) and its Austrian partner universities for applied fundamental research for electronic based systems. ABSTRACT Machine Learning (ML) is almost ubiquitously used in multiple disciplines nowadays. Recently, we have seen its usage in the realm of differential distinguishers for symmetric key ciphers. It has been shown that ML-based differential distinguishers can be easily extended to break round-reduced versions of ciphers. In this paper, we show new distinguishers on the unkeyed and round-reduced versions of SPECK-32, SPECK-128, ASCON, SIMECK-32, SIMECK-64, and SKINNY-128. We explore multiple avenues in the process. In summary, we use neural networks and support vector machines in various settings (such as varying the activation function), apart from experimenting with a number of input difference tuples. Among other results, we show a distinguisher of 8-round SPECK-32 that works with low data complexity. INDEX TERMS speck, ascon, simeck, skinny, distinguisher, machine learning, differential. I. INTRODUCTION M ACHINE learning (ML) is becoming ubiquitous in multiple research areas in computer science. Naturally, there has been a number of attempts to use ML in cryptography, particularly fitting it to work with the well-known differential attack model. In fact, ML tools typically have native support for the classification problems, which is similar to the distinguisher model where one attempts to classify CIPHER from RANDOM.
IACR Cryptol. ePrint Arch., 2015
Lightweight cryptography is a rapidly evolving area of research and it has great impact especially on the new computing environment called the Internet of Things (IoT) or the Smart Object networks (Holler et al., 2014), where lots of constrained devices are connected on the Internet and exchange information on a daily basis. Every year there are many new submissions of cryptographic primitives which are optimized towards both software and hardware implementation so that they can operate in devices which have limited resources of hardware and are subject to both power and energy consumption constraints. In 2013, two families of ultra-lightweight block ciphers were proposed, SIMON and SPECK, which come in a variety of block and key sizes and were designed to be optimized in hardware and software implementation respectively (Beaulieu et al., 2013). In this paper, we study the security of the 64-bit SIMON with 128-bit key against advanced forms of differential cryptanalysis using trunca...
A unified method for finding impossible differentials of block cipher structures
Information Sciences, 2014
In this paper, we propose a systematic method for finding impossible differentials for block cipher structures, better than the Umethod introduced by Kim et al [4]. It is referred as a unified impossible differential finding method (UID-method). We apply the UID-method to some popular block ciphers such as Gen-Skipjack, Gen-CAST256, Gen-MARS, Gen-RC6, Four-Cell, SMS4 and give the detailed impossible differentials. By the UID-method, we find a 16-round impossible differential on Gen-Skipjack and a 19-round impossible differential on Gen-CAST256. Thus we disprove the Conjecture 2 proposed in Asiacrypt'00 [9] and the theorem in FSE'09 rump session presentation [8]. On Gen-MARS and SMS4, the impossible differentials find by the UID-method are much longer than that found by the U-method. On the Four-Cell block cipher, our result is the same as the best result previously obtained by case-bycase treatment.
Review of a New Distinguishing Attack Using Block Cipher with a Neural Network
2014
This paper describes a new distinguishing type attack to identify block ciphers, which grounded in a neural network, by means of a linguistic approach and an information retrieval approach, from patterns which is found on a ciphertexts set collection. The ideas were performed on a set of ciphertexts, which were encrypted by the finalist algorithms of AES contest: MARS, RC6, Rijndael, Serpent and Twofish; each one has a unique 128-bit key. This experiment shows the processes of clustering and classification were successful, which allows the formation of well-formed and well-defined groups, here ciphertexts encrypted by the same algorithm stayed close to each other.
We propose a new method for evaluating the security of block ciphers against dierential cryptanalysis and propose new structures for block ciphers. To this end, we dene the word-wise Markov (Feistel) cipher and random output-dierential (Feistel) cipher and clarify the relations among the dierential, the truncated dierential and the impossible dierential cryptanalyses of the random output-dierential (Feistel) cipher. This random output-dierential (Feistel) cipher model uses a not too strong assumption because denying this approximation model is equivalent t o denying truncated dierential cryptanalysis. Utilizing these relations, we e v aluate the truncated dierential probability and the maximum average of dierential probability of the word-wise Markov (Feistel) ciphers like Rijndael, E2 and the modied version of block cipher E2. This evaluation indicates that all three are provably secure against dierential cryptanalysis, and that Rijndael and a modied version of block cipher E2 have stronger security than E2.
Assessing Block Cipher Security using Linear and Nonlinear Machine Learning Models
IACR Cryptol. ePrint Arch., 2020
In this paper, we investigate the use of machine learning classifiers to assess block cipher security from the perspective of differential cryptanalysis. The models are trained using the general block cipher features, making them generalizable to an entire class of ciphers. The features include the number of rounds, permutation pattern, and truncated differences whereas security labels are based on the number of differentially active substitution boxes. Prediction accuracy is further optimized by investigating the different ways of representing the cipher features in the dataset. Machine learning experiments involving six classifiers (linear and nonlinear) were performed on a simplified generalized Feistel cipher as a proof-of-concept, achieving a prediction accuracy of up to 95%. When predicting the security of unseen cipher variants, prediction accuracy of up to 77% was obtained. Our findings show that nonlinear classifiers outperform linear classifiers for the prediction task due...