TY - JOUR
T1 - Investigating and Enhancing the Neural Distinguisher for Differential Cryptanalysis
AU - Wang, Gao
AU - Wang, Gaoli
AU - Sun, Siwei
N1 - Publisher Copyright:
© 2024 The Institute of Electronics.
PY - 2024/8
Y1 - 2024/8
N2 - At Crypto 2019, Gohr first adopted the neural distinguisher for differential cryptanalysis, and since then, this work received increasing attention. However, most of the existing work focuses on improving and applying the neural distinguisher, the studies delving into the intrinsic prin- ciples of neural distinguishers are finite. At Eurocrypt 2021, Benamira et al. conducted a study on Gohr's neural distinguisher. But for the neural dis- tinguishers proposed later, such as the r-round neural distinguishers trained with k ciphertext pairs or ciphertext differences, denoted as NDcp k_r (Gohr's neural distinguisher is the special NDcp k_r with k = 1) and NDcd k_r , such research is lacking. In this work, we devote ourselves to study the intrin- sic principles and relationship between NDcd k_r and NDcp k_r . Firstly, we explore the working principle of NDcd 1_r through a series of experiments and find that it strongly relies on the probability distribution of cipher- text differences. Its operational mechanism bears a strong resemblance to that of NDcp 1_r given by Benamira et al.. Therefore, we further compare them from the perspective of differential cryptanalysis and sample features, demonstrating the superior performance of NDcp 1_r can be attributed to the relationships between certain ciphertext bits, especially the significant bits. We then extend our investigation to NDcp k_r , and show that its ability to recognize samples heavily relies on the average differential probability of k ciphertext pairs and some relationships in the ciphertext itself, but the reliance between k ciphertext pairs is very weak. Finally, in light of the findings of our research, we introduce a strategy to enhance the accuracy of the neural distinguisher by using a fixed difference to generate the negative samples instead of the random one. Through the implementation of this ap- proach, we manage to improve the accuracy of the neural distinguishers by approximately 2% to 8% for 7-round Speck32/64 and 9-round Simon32/64.
AB - At Crypto 2019, Gohr first adopted the neural distinguisher for differential cryptanalysis, and since then, this work received increasing attention. However, most of the existing work focuses on improving and applying the neural distinguisher, the studies delving into the intrinsic prin- ciples of neural distinguishers are finite. At Eurocrypt 2021, Benamira et al. conducted a study on Gohr's neural distinguisher. But for the neural dis- tinguishers proposed later, such as the r-round neural distinguishers trained with k ciphertext pairs or ciphertext differences, denoted as NDcp k_r (Gohr's neural distinguisher is the special NDcp k_r with k = 1) and NDcd k_r , such research is lacking. In this work, we devote ourselves to study the intrin- sic principles and relationship between NDcd k_r and NDcp k_r . Firstly, we explore the working principle of NDcd 1_r through a series of experiments and find that it strongly relies on the probability distribution of cipher- text differences. Its operational mechanism bears a strong resemblance to that of NDcp 1_r given by Benamira et al.. Therefore, we further compare them from the perspective of differential cryptanalysis and sample features, demonstrating the superior performance of NDcp 1_r can be attributed to the relationships between certain ciphertext bits, especially the significant bits. We then extend our investigation to NDcp k_r , and show that its ability to recognize samples heavily relies on the average differential probability of k ciphertext pairs and some relationships in the ciphertext itself, but the reliance between k ciphertext pairs is very weak. Finally, in light of the findings of our research, we introduce a strategy to enhance the accuracy of the neural distinguisher by using a fixed difference to generate the negative samples instead of the random one. Through the implementation of this ap- proach, we manage to improve the accuracy of the neural distinguishers by approximately 2% to 8% for 7-round Speck32/64 and 9-round Simon32/64.
KW - block ciphers
KW - deep learning
KW - differential cryptanalysis
KW - interpretability
KW - neural distinguisher
UR - https://www.scopus.com/pages/publications/85200512134
U2 - 10.1587/transinf.2024EDP7011
DO - 10.1587/transinf.2024EDP7011
M3 - 文章
AN - SCOPUS:85200512134
SN - 0916-8532
VL - E107.D
SP - 1016
EP - 1028
JO - IEICE Transactions on Information and Systems
JF - IEICE Transactions on Information and Systems
IS - 8
ER -