神经网络差分区分器的改进方案与应用

doi:10.19665/j.issn1001-2400.20241001

摘要/Abstract

摘要：

为深入研究深度学习在密码安全性分析方面的应用,采用神经网络对轻量级分组密码进行差分分析,主要得到以下研究结果:① 采用引入注意力机制的深度残差网络构造神经网络差分区分器,并将其应用于SIMON、SIMECK和SPECK 3类轻量级分组密码。结果表明,SIMON32/64和SIMECK32/64有效区分器最高可达11轮,精度分别为0.517 2和0.516 4;SPECK32/64有效区分器最高可达8轮,精度为0.586 8。② 探究不同的输入差分对神经网络差分区分器精度的影响。针对SIMON、SIMECK和SPECK 3类密码,采用神经网络的快速训练得到不同输入差分对应的神经网络差分区分器的精度。结果表明,低汉明重量且高概率的输入差分能够提高神经网络差分区分器的精度。同时,寻找到SIMON32/64、SIMECK32/64和SPECK32/64神经网络差分区分器的合适输入差分分别为0x0000/0040、0x0000/0001和0x0040/0000。③ 探究包含不同信息量的输入数据格式对神经网络差分区分器精度的影响。根据密码算法的特点改变输入数据包含的信息量,并重新训练相应的神经网络差分区分器。结果表明,相比于只包含密文对信息,输入数据中包含密文对信息以及倒数第2轮差分信息的神经网络差分区分器会获得更高的精度。④ 在上述研究的基础上,进一步对11轮 SIMON32/64 进行最后一轮子密钥恢复攻击,当选择明密文对的数量为2⁹时,在100次攻击中的攻击成功率可达100%。

关键词: 神经网络, 密码学, 轻量级分组密码, 差分密码分析, 注意力机制, 神经网络差分区分器, 密钥恢复攻击

Abstract:

In order to further study the application of deep learning in cryptographic security analysis,neural networks are used for differential analysis of lightweight block cryptography.The following four research results are obtained.First,a neural network differential distinguisher is constructed by using a deep residual network with an attention mechanism,and applied to three types of lightweight block ciphers:SIMON,SIMECK and SPECK.The results show that the effective distinguisher of SIMON32/64 and SIMECK32/64 can reach up to 11 rounds,and the accuracy is 0.5172 and 0.5164,respectively.The SPECK32/64 has an effective distinguisher of up to 8 rounds with an accuracy of 0.5868.Second,the influence of different input differences on the accuracy of the neural network differential distinguisher is explored.For SIMON,SIMECK and SPECK ciphers,the accuracy of the neural network differential distinguisher corresponding to different input differences is obtained by using the fast training of neural networks.The results show that the input difference with a low Hamming weight and high probability can improve the accuracy of the neural network differential distinguisher.At the same time,the suitable input difference for the SIMON32/64,SIMECK32/64 and SPECK32/64 neural network differential distinguisher is found to be 0x0000/0040,0x0000/0001 and 0x0040/0000,respectively.Third,the influence of the input data format containing different information on the accuracy of the neural network differential distinguisher is explored.Changing the amount of information contained in the input data according to the characteristics of the cryptographic algorithm and retraining the corresponding neural network differential distinguisher.The results show that,compared to a neural network differential distinguisher that only includes ciphertext pair information,those that incorporate both ciphertext pair information and differential information from the penultimate round achieve a higher accuracy.Fourth,on the basis of the above research,the last wheel key recovery attack is carried out on 11 rounds of SIMON32/64.When 2⁹ plaintext-ciphertext pairs are selected,the attack success rate in 100 attacks can reach 100%.

Key words: neural networks, cryptography, lightweight block cipher, differential cryptanalysis, attention mechanism, neural network differential distinguisher, key recovery attack

中图分类号:

TP309.7

栗琳轲, 陈杰, 刘君. 神经网络差分区分器的改进方案与应用[J]. 西安电子科技大学学报, 2025, 52(1): 196-214.

LI Linke, CHEN Jie, LIU Jun. Improved schemes and applications of the neural network differential distinguisher[J]. Journal of Xidian University, 2025, 52(1): 196-214.

图/表 22

表1

符号说明"

符号	含义
⊕	比特异或操作XOR
&	比特与操作AND
S^j or<<<j	循环左移位j比特
S^-^j or>>>j	循环右移位j比特
	模加运算
$F 2 n$	n比特向量集合

表1

图1

表2

图2

图3

表3

图4

表4

图5

表5

表6

表7

图6

表8

表9

表10

图7

表11

表12

表13

表14

表15

参考文献 36

[1]	樊婷, 冯伟, 韦永壮. 一种大状态轻量级密码S盒的设计与分析[J]. 西安电子科技大学学报, 2023, 50(4):170-179.
	FAN Ting, FENG Wei, WEI Yongzhuang. The Design and Cryptanalysis of Large State Lightweight Cryptographic S-Box[J]. Journal of Xidian University, 2023, 50(4):170-179.
[2]	郑雅菲, 吴文玲. LBlock 算法的改进中间相遇攻击[J]. 计算机学报, 2017, 40(5):1080-1091.
	ZHENG Yafei, WU Wenling. Improved Meet-In-The-Middle Attack of LBlock Cipher[J]. Chinese Journal of Computers, 2017, 40(5):1080-1091.
[3]	RAJAN R, ROY R K, SEN D, et al. Deep Learning-Based Differential Distinguisher for Lightweight Cipher GIFT-COFB[C]//Proceedings of the Conference on Machine Intelligence and Smart Systems. Heidelberg:Springer, 2022:397-406.
[4]	XU H, HAO C, XU Z, et al. Linear Cryptanalysis of Lightweight Block Cipher WARP[C]// Proceedings of the 17th International Conference on Provable Security(ProvSec 2023).Heidelberg:Springer, 2023:83-90.
[5]	SAJWAN A, MISHRA G. Comparative Analysis of ResNet and DenseNet for Differential Cryptanalysis of SPECK 32/64 Lightweight Block Cipher[C]//Proceedings of the International Conference on Cryptology and Network Security with Machine Learning. Heidelberg:Springer, 2023:495-504.
[6]	杨小雪, 陈杰. 几类密码算法的神经网络差分区分器的改进[J]. 西安电子科技大学学报, 2024, 51(1):210-222.
	YANG Xiaoxue, CHEN Jie. Improvement of the Neural Distinguishers of Several Ciphers[J]. Journal of Xidian University, 2024, 51(1):210-222.
[7]	RIVEST R L. Cryptography and Machine Learning[C]//Proceedings of the Internaional Conference on the Theory and Application of Cryptology and Information Security. Heidelberg:Springer, 1991:427-439.
[8]	BAFGHI A G, SAFABAKHSH R, SADEGHIYAN B. Finding the Differential Characteristics of Block Ciphers with Neural Networks-Science Direct[J]. Information Sciences, 2008, 178(15):3118-3132.
[9]	ALANI M M. Neuro-Cryptanalysis of DES and Triple-DES[C]//Proceedings of the International Conference on Neural Information Processing. Heidelberg:Springer, 2012:637-646.
[10]	DANZIGER M, HENRIQUES M. Improved Cryptanalysis Combining Differential and Artificial Neural Network Schemes[C]//Proceedings of the 2014 International Telecommunications Symposium(ITS). Piscataway:IEEE, 2014:1-5.
[11]	HU X, ZHAO Y. Research on Plaintext Restoration of AES Based on Neural Network[J]. Security and Communication Networks, 2018, 2018(6868506):1-9.
[12]	GOHR A. Improving Attacks on Round-Reduced Speck32/64 Using Deep Learning[C]//Proceedings of the 39th Annual Internaional Cryptology Conference. Heidelberg:Springer, 2019:150-179.
[13]	BAKSI A, BREIER J, CHEN Y, et al. Machine Learning Assisted Differential Distinguishers for Lightweight Ciphers[C]//Proceedings of the Design,Automation & Test in Europe Conference & Exhibition(DATE). Piscataway:IEEE, 2021:176-181.
[14]	BENAMIRA A, GERAULT D, PEYRIN T, et al. A Deeper Look at Machine Learning-Based Cryptanalysis[C]//Proceedings of the 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg:Springer, 2021:805-835.
[15]	PAL D, MANDAL U, CHAUDHURY M, et al. A Deep Neural Differential Distinguisher for ARX Based Block Cipher(2022)[R/OL].[2022-09-10]. https://eprint.iacr.org/2022/1195.
[16]	BAO Z, LU J, YAO Y, et al. More Insight on Deep Learning-Aided Cryptanalysis[C]//Proceedings of the 29th International Conference on the Theory and Application of Cryptology and Information Security. Heidelberg:Springer, 2023:436-467.
[17]	ZHENG W, ZHANG L, WANG Z. Theoretical Explanation and Improvement of Deep Learning-Aided Cryptanalysis(2024)[R/OL].[2024-02-26]. https://eprint.iacr.org/2024/322.
[18]	BIHAM E, SHAMIR A. Differential Cryptanalysis of DES-Like Cryptosystems[J]. Journal of Cryptology, 1991, 4(1):3-72.
[19]	HE K, ZHANG X, REN S, et al. Deep Residual Learning for Image Recognition[C]//Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition(CVPR). Piscataway:IEEE, 2016:770-778.
[20]	ZHANG L, WANG Z, WANG B. Improving Differential-Neural Cryptanalysis(2022)[R/OL].[2022-02-20]. https://eprint.iacr.org/2022/183.
[21]	KIM H, LIM S, KANG Y, et al. Deep-Learning-Based Cryptanalysis of Lightweight Block Ciphers Revisited[J]. Entropy, 2023, 25(7):986.
[22]	HOU Z, REN J, CHEN S. Improve Neural Distinguishers of SIMON and SPECK[J]. Security and Communication Networks, 2021, 2021(9288229):1-11.
[23]	CHEN Y, SHEN Y, YU H, et al. A New Neural Distinguisher Considering Features Derived from Multiple Ciphertext Pairs[J]. The Computer Journal, 2023, 66(6):1419-1433.
[24]	BAHDANAU D, CHO K, BENGIO Y. Neural Machine Translation by Jointly Learning to Align and Translate(2014)[R/OL].[2014-09-04]. https://arxiv.org/pdf/1409.0473v2.pdf.
[25]	BAO Z, GUO J, LIU M, et al. Enhancing Differential-Neural Cryptanalysis[C]//Proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security. Heidelberg:Springer, 2022:318-347.
[26]	DENG H, CAO X, CHENG Y. Attention in Differential Cryptanalysis on Lightweight Block Cipher SPECK[C]//Proceedings of the 20th Annual International Conference on Privacy,Security and Trust(PST). Piscataway:IEEE, 2023:1-9.
[27]	BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and SPECK Families of Lightweight Block Ciphers(2013)[R/OL].[2013-06-20]. https://eprint.iacr.org/2013/404.
[28]	LU J, LIU G, SUN B, et al. Improved(Related-Key) Differential-Based Neural Distinguishers for SIMON and SIMECK Block Ciphers(2022)[R/OL].[2022-12-30]. https://eprint.iacr.org/2022/030.
[29]	HOU Z, REN J, CHEN S. Cryptanalysis of Round-Reduced SIMON32 Based on Deep Learning(2021)[R/OL].[2021-03-18]. https://eprint.iacr.org/2021/362.
[30]	KÖLBL S, LEANDER G, TIESSEN T. Observations on the SIMON Block Cipher Family[C]//Proceedings of the 35th Annual International Cryptology Conference. Heidelberg:Springer, 2015:161-185.
[31]	BEIERLE C. Pen and Paper Arguments for SIMON and SIMON-Like Designs[C]//Proceedings of the 10th International Conference on Security and Cryptography for Networks. Heidelberg:Springer, 2016:431-446.
[32]	SU H, ZHU X, MING D. Polytopic Attack on Round-Reduced Simon32/64 Using Deep Learning[C]//Proceedings of the 16th International Conference on Information Security and Cryptology. Heidelberg:Springer, 2020:3-20.
[33]	YANG G, ZHU B, SUDER V, et al. The Simeck Family of Lightweight Block Ciphers[C]//Proceedings of the 17th International Conference on Cryptographic Hardware and Embedded Systems. Berlin:Springer, 2015:307-329.
[34]	LYU L, TU Y, ZHANG Y. Improving the Deep-Learning-Based Differential Distinguisher and Applications to Simeck[C]//Proceedings of the 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design(CSCWD). Piscataway:IEEE, 2022:465-470.
[35]	ZHANG L, LU J, WANG Z, et al. Improved Differential-Neural Cryptanalysis for Round-Reduced SIMECK32/64[J]. Frontiers of Computer Science,2023, 17(2023):1-22.
[36]	BIHAM E, CHEN R. Near-Collisions of SHA-0[C]//Proceedings of the 24rd Annual International Cryptology Conference. Heidelberg:Springer, 2004:290-305.

真实值	预测值
真实值	正例	反例
正例	R_TP(真正例)	R_FN(假反例)
反例	R_FP(假正例)	R_TN(真反例)

超参数	值	超参数	值
优化器(Optimizer)	Adam	正则化参数(Reg_param)	10^-5
损失函数(Loss)	MSE	训练集数据量大小	10⁷
评估指标(Metrics)	Acc	验证集数据量大小	10⁶
训练周期数(Epochs)	50	测试集数据量大小	10⁶
批次大小(Batch_size)	5 000	引入注意力机制的残差块个数	2

加密轮数	输入差分	精度	真阳性率	真阴性率
6	0x0000/0001	0.999 0	1.000 0	0.998 0
6	0x0040/0000	0.981 1	0.999 3	0.962 9
7	0x0000/0001	0.980 8	0.999 4	0.962 2
7	0x0040/0000	0.742 4	0.713 1	0.771 7
8	0x0000/0001	0.799 6	0.799 9	0.799 3
8	0x0040/0000	0.629 5	0.498 3	0.760 5
9	0x0000/0001	0.622 5	0.482 4	0.762 4
9	0x0040/0000	0.500 8	1.000 0	0.000 0

输入差分	精度	输入差分	精度	输入差分	精度
0x8028/0100	0.514	0x0020/0104	0.551	0x0000/1080	0.548
0x5002/0100	0.533	0x0043/2000	0.534	0x0010/8420	0.555
0x1000/0010	0.552	0x0880/0404	0.554	0x0800/0010	0.560
0x1400/0104	0.532	0x4002/4200	0.536	0x2001/8400	0.537
0x0020/0200	0.503	0x0006/0000	0.531	0x4020/0001	0.534
0x0200/0022	0.535	0x0081/1000	0.546	0x0800/1100	0.547
0x0000/0002	0.513	0x0010/4000	0.552	0x0408/0102	0.559
0x0000/0500	0.547	0x0000/0010	0.525	0x0000/0080	0.553
0x0000/0001	0.507	0x0000/0020	0.548	0x0000/0008	0.537
0x0000/0200	0.545	0x0000/0040	0.570	0x2000/0400	0.551

加密轮数	输入数据格式	精度	真阳性率	真阴性率
6	I₀	0.999 0	1.000 0	0.998 1
6	I₁	0.999 8	1.000 0	0.999 6
7	I₀	0.979 8	0.999 4	0.960 1
7	I₁	0.990 7	0.999 2	0.982 3
8	I₀	0.751 5	0.719 5	0.783 3
8	I₁	0.840 0	0.852 7	0.827 1
9	I₀	0.632 9	0.510 9	0.755 0
9	I₁	0.658 1	0.571 3	0.745 2
10	I₁	0.565 8	0.464 5	0.667 0
11	I₁	0.517 2	0.467 2	0.567 2