Keeping classical distinguisher and neural distinguisher in balance

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Gao Wang, Gaoli Wang
{"title":"Keeping classical distinguisher and neural distinguisher in balance","authors":"Gao Wang,&nbsp;Gaoli Wang","doi":"10.1016/j.jisa.2024.103816","DOIUrl":null,"url":null,"abstract":"<div><p>At CRYPTO 2019, Gohr pioneered the use of the neural distinguisher (<span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span>) for differential cryptanalysis, sparking growing interest in this approach. However, a key limitation of <span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span> is its inability to analyze as many rounds as the classical differential distinguisher (<span><math><mrow><mi>C</mi><mi>D</mi></mrow></math></span>). To overcome this, researchers have begun combining <span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span> with <span><math><mrow><mi>C</mi><mi>D</mi></mrow></math></span> into a classical-neural distinguisher (<span><math><mrow><mi>C</mi><mi>N</mi><mi>D</mi></mrow></math></span>) for differential cryptanalysis. Nevertheless, the optimal integration of <span><math><mrow><mi>C</mi><mi>D</mi></mrow></math></span> and <span><math><mrow><mi>N</mi><mi>D</mi></mrow></math></span> remains an under-studied and unresolved challenge.</p><p>In this paper, we introduce a superior approach for constructing the <span><math><mrow><mo>(</mo><mi>r</mi><mo>+</mo><mi>s</mi><mo>)</mo></mrow></math></span>-round differential distinguisher <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span> by keeping the <span><math><mi>r</mi></math></span>-round classical distinguisher <span><math><mrow><mi>C</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi></mrow></msub></mrow></math></span> and the <span><math><mi>s</mi></math></span>-round neural distinguisher <span><math><mrow><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>s</mi></mrow></msub></mrow></math></span> in balance. Through experimental analysis, we find that the data complexity of <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span> closely approximates the product of that for <span><math><mrow><mi>C</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi></mrow></msub></mrow></math></span> and <span><math><mrow><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>s</mi></mrow></msub></mrow></math></span>. This finding highlights the limitations of current strategies. Subsequently, we introduce an enhanced scheme for constructing <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span>, which comprises three main components: a new method for searching the suitable differential characteristics, a scheme for constructing the neural distinguisher, and an accelerated evaluation strategy for the data complexity of <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mi>r</mi><mo>+</mo><mi>s</mi></mrow></msub></mrow></math></span>. To validate the effectiveness of our approach, we apply it to the round-reduced Simon32, Speck32 and Present64, achieving improved results. Specifically, for Simon32, our <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>12</mn></mrow></msub></mrow></math></span> and <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>13</mn></mrow></msub></mrow></math></span> exhibit data complexities of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>16</mn></mrow></msup></math></span> and <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>21</mn></mrow></msup></math></span>, respectively, whereas <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>12</mn></mrow></msub></mrow></math></span> in prior work required a data complexity of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>22</mn></mrow></msup></math></span>. In the case of Speck32, Our scheme reduce the data complexity of <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>9</mn></mrow></msub></mrow></math></span> form <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>20</mn></mrow></msup></math></span> to <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>18</mn></mrow></msup></math></span>. For Present64, We construct <span><math><mrow><mi>C</mi><mi>N</mi><msub><mrow><mi>D</mi></mrow><mrow><mn>8</mn></mrow></msub></mrow></math></span> with a data complexity of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>13</mn></mrow></msup></math></span>, a significant improvement over the classical distinguisher of <span><math><msup><mrow><mn>2</mn></mrow><mrow><mn>32</mn></mrow></msup></math></span>. These results demonstrate the superiority of our scheme.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"84 ","pages":"Article 103816"},"PeriodicalIF":3.8000,"publicationDate":"2024-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001194","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

At CRYPTO 2019, Gohr pioneered the use of the neural distinguisher (ND) for differential cryptanalysis, sparking growing interest in this approach. However, a key limitation of ND is its inability to analyze as many rounds as the classical differential distinguisher (CD). To overcome this, researchers have begun combining ND with CD into a classical-neural distinguisher (CND) for differential cryptanalysis. Nevertheless, the optimal integration of CD and ND remains an under-studied and unresolved challenge.

In this paper, we introduce a superior approach for constructing the (r+s)-round differential distinguisher CNDr+s by keeping the r-round classical distinguisher CDr and the s-round neural distinguisher NDs in balance. Through experimental analysis, we find that the data complexity of CNDr+s closely approximates the product of that for CDr and NDs. This finding highlights the limitations of current strategies. Subsequently, we introduce an enhanced scheme for constructing CNDr+s, which comprises three main components: a new method for searching the suitable differential characteristics, a scheme for constructing the neural distinguisher, and an accelerated evaluation strategy for the data complexity of CNDr+s. To validate the effectiveness of our approach, we apply it to the round-reduced Simon32, Speck32 and Present64, achieving improved results. Specifically, for Simon32, our CND12 and CND13 exhibit data complexities of 216 and 221, respectively, whereas CND12 in prior work required a data complexity of 222. In the case of Speck32, Our scheme reduce the data complexity of CND9 form 220 to 218. For Present64, We construct CND8 with a data complexity of 213, a significant improvement over the classical distinguisher of 232. These results demonstrate the superiority of our scheme.

保持经典区分度和神经区分度的平衡
在 2019 年的 CRYPTO 大会上,Gohr 率先将神经区分器(ND)用于差分密码分析,引发了人们对这种方法越来越多的兴趣。然而,ND 的一个关键局限是无法像经典差分区分器(CD)那样分析那么多轮。为了克服这一问题,研究人员开始将 ND 与 CD 结合成用于差分密码分析的经典神经区分器 (CND)。在本文中,我们介绍了一种构造 (r+s) 轮差分区分器 CNDr+s 的优越方法,它能使 r 轮经典区分器 CDr 和 s 轮神经区分器 NDs 保持平衡。通过实验分析,我们发现 CNDr+s 的数据复杂度非常接近 CDr 和 NDs 的数据复杂度的乘积。这一发现凸显了当前策略的局限性。随后,我们介绍了一种用于构建 CNDr+s 的增强方案,该方案由三个主要部分组成:一种用于搜索合适差分特征的新方法、一种用于构建神经区分器的方案,以及一种用于加速评估 CNDr+s 数据复杂度的策略。为了验证我们方法的有效性,我们将其应用于经过轮减的 Simon32、Speck32 和 Present64,取得了更好的结果。具体来说,对于 Simon32,我们的 CND12 和 CND13 的数据复杂度分别为 216 和 221,而之前工作中的 CND12 需要 222 的数据复杂度。对于 Speck32,我们的方案将 CND9 的数据复杂度从 220 降至 218。对于 Present64,我们构建的 CND8 的数据复杂度为 213,比经典区分器的 232 有了显著提高。这些结果证明了我们方案的优越性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信