Keeping classical distinguisher and neural distinguisher in balance

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-06-15 DOI:10.1016/j.jisa.2024.103816

Gao Wang, Gaoli Wang

{"title":"Keeping classical distinguisher and neural distinguisher in balance","authors":"Gao Wang, Gaoli Wang","doi":"10.1016/j.jisa.2024.103816","DOIUrl":null,"url":null,"abstract":"<div>At CRYPTO 2019, Gohr pioneered the use of the neural distinguisher (<math><mrow><mi>N</mi><mi>D</mi></mrow></math>) for differential cryptanalysis, sparking growing interest in this approach. However, a key limitation of <math><mrow><mi>N</mi><mi>D</mi></mrow></math> is its inability to analyze as many rounds as the classical differential distinguisher (<math><mrow><mi>C</mi><mi>D</mi></mrow></math>). To overcome this, researchers have begun combining <math><mrow><mi>N</mi><mi>D</mi></mrow></math> with <math><mrow><mi>C</mi><mi>D</mi></mrow></math> into a classical-neural distinguisher (<math><mrow><mi>C</mi><mi>N</mi><mi>D</mi></mrow></math>) for differential cryptanalysis. Nevertheless, the optimal integration of <math><mrow><mi>C</mi><mi>D</mi></mrow></math> and <math><mrow><mi>N</mi><mi>D</mi></mrow></math> remains an under-studied and unresolved challenge.In this paper, we introduce a superior approach for constructing the <math><mrow><mo>(</mo><mi>r</mi><mo>+</mo><mi>s</mi><mo>)</mo></mrow></math>-round differential distinguisher <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math> by keeping the <math><mi>r</mi></math>-round classical distinguisher <math><mrow><mi>C</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi></mrow></msub></mrow></math> and the <math><mi>s</mi></math>-round neural distinguisher <math><mrow><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>s</mi></mrow></msub></mrow></math> in balance. Through experimental analysis, we find that the data complexity of <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math> closely approximates the product of that for <math><mrow><mi>C</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi></mrow></msub></mrow></math> and <math><mrow><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>s</mi></mrow></msub></mrow></math>. This finding highlights the limitations of current strategies. Subsequently, we introduce an enhanced scheme for constructing <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math>, which comprises three main components: a new method for searching the suitable differential characteristics, a scheme for constructing the neural distinguisher, and an accelerated evaluation strategy for the data complexity of <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math>. To validate the effectiveness of our approach, we apply it to the round-reduced Simon32, Speck32 and Present64, achieving improved results. Specifically, for Simon32, our <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>12</mn></mrow></msub></mrow></math> and <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>13</mn></mrow></msub></mrow></math> exhibit data complexities of <math><msup><mrow><mn>2</mn></mrow><mrow><mn>16</mn></mrow></msup></math> and <math><msup><mrow><mn>2</mn></mrow><mrow><mn>21</mn></mrow></msup></math>, respectively, whereas <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>12</mn></mrow></msub></mrow></math> in prior work required a data complexity of <math><msup><mrow><mn>2</mn></mrow><mrow><mn>22</mn></mrow></msup></math>. In the case of Speck32, Our scheme reduce the data complexity of <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>9</mn></mrow></msub></mrow></math> form <math><msup><mrow><mn>2</mn></mrow><mrow><mn>20</mn></mrow></msup></math> to <math><msup><mrow><mn>2</mn></mrow><mrow><mn>18</mn></mrow></msup></math>. For Present64, We construct <math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>8</mn></mrow></msub></mrow></math> with a data complexity of <math><msup><mrow><mn>2</mn></mrow><mrow><mn>13</mn></mrow></msup></math>, a significant improvement over the classical distinguisher of <math><msup><mrow><mn>2</mn></mrow><mrow><mn>32</mn></mrow></msup></math>. These results demonstrate the superiority of our scheme.</div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8000,"publicationDate":"2024-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001194","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

At CRYPTO 2019, Gohr pioneered the use of the neural distinguisher ( $N D$ ) for differential cryptanalysis, sparking growing interest in this approach. However, a key limitation of $N D$ is its inability to analyze as many rounds as the classical differential distinguisher ( $C D$ ). To overcome this, researchers have begun combining $N D$ with $C D$ into a classical-neural distinguisher ( $C N D$ ) for differential cryptanalysis. Nevertheless, the optimal integration of $C D$ and $N D$ remains an under-studied and unresolved challenge.

In this paper, we introduce a superior approach for constructing the $(r + s)$ -round differential distinguisher $C N D_{r + s}$ by keeping the $r$ -round classical distinguisher $C D_{r}$ and the $s$ -round neural distinguisher $N D_{s}$ in balance. Through experimental analysis, we find that the data complexity of $C N D_{r + s}$ closely approximates the product of that for $C D_{r}$ and $N D_{s}$ . This finding highlights the limitations of current strategies. Subsequently, we introduce an enhanced scheme for constructing $C N D_{r + s}$ , which comprises three main components: a new method for searching the suitable differential characteristics, a scheme for constructing the neural distinguisher, and an accelerated evaluation strategy for the data complexity of $C N D_{r + s}$ . To validate the effectiveness of our approach, we apply it to the round-reduced Simon32, Speck32 and Present64, achieving improved results. Specifically, for Simon32, our $C N D_{12}$ and $C N D_{13}$ exhibit data complexities of $2^{16}$ and $2^{21}$ , respectively, whereas $C N D_{12}$ in prior work required a data complexity of $2^{22}$ . In the case of Speck32, Our scheme reduce the data complexity of $C N D_{9}$ form $2^{20}$ to $2^{18}$ . For Present64, We construct $C N D_{8}$ with a data complexity of $2^{13}$ , a significant improvement over the classical distinguisher of $2^{32}$ . These results demonstrate the superiority of our scheme.

查看原文本刊更多论文

保持经典区分度和神经区分度的平衡

在 2019 年的 CRYPTO 大会上，Gohr 率先将神经区分器（ND）用于差分密码分析，引发了人们对这种方法越来越多的兴趣。然而，ND 的一个关键局限是无法像经典差分区分器（CD）那样分析那么多轮。为了克服这一问题，研究人员开始将 ND 与 CD 结合成用于差分密码分析的经典神经区分器 (CND)。在本文中，我们介绍了一种构造 (r+s) 轮差分区分器 CNDr+s 的优越方法，它能使 r 轮经典区分器 CDr 和 s 轮神经区分器 NDs 保持平衡。通过实验分析，我们发现 CNDr+s 的数据复杂度非常接近 CDr 和 NDs 的数据复杂度的乘积。这一发现凸显了当前策略的局限性。随后，我们介绍了一种用于构建 CNDr+s 的增强方案，该方案由三个主要部分组成：一种用于搜索合适差分特征的新方法、一种用于构建神经区分器的方案，以及一种用于加速评估 CNDr+s 数据复杂度的策略。为了验证我们方法的有效性，我们将其应用于经过轮减的 Simon32、Speck32 和 Present64，取得了更好的结果。具体来说，对于 Simon32，我们的 CND12 和 CND13 的数据复杂度分别为 216 和 221，而之前工作中的 CND12 需要 222 的数据复杂度。对于 Speck32，我们的方案将 CND9 的数据复杂度从 220 降至 218。对于 Present64，我们构建的 CND8 的数据复杂度为 213，比经典区分器的 232 有了显著提高。这些结果证明了我们方案的优越性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.