基于深度学习的多面体差分攻击及其应用  被引量：3

作　　者：付超辉 段明[1,2] 魏强 吴茜琼[1] 周睿 宿恒川[1,2] FU Chao-Hui;DUAN Ming;WEI Qiang;WU Qian-Qiong;ZHOU Rui;SU Heng-Chuan(College of Cyberspace Security,Information Engineering University,Zhengzhou 450001,China;Henan Key Laboratory of Network Cryptography Technology,Zhengzhou 450001,China)

机构地区：[1]信息工程大学网络空间安全学院,郑州450001 [2]河南省网络密码技术重点实验室,郑州450001

出　　处：《密码学报》2021年第4期591-600,共10页Journal of Cryptologic Research

基　　金：河南省自然科学基金(212300410420)。

摘　　要：自AlphaGo诞生以来,深度学习广泛应用于各行各业.2019年美密会上,研究者首次将深度学习用于分组密码算法分析,利用深度残差网络学习特定输入明文差分的密文差分分布特征,从而构造出满足一定精度的差分神经网络区分器.本文结合多面体差分的思想,提出了一种能够进一步提高精度的多面体差分神经网络区分器.例如对于Simeck32/64算法,8轮3面体差分神经网络区分器的精度可以从单差分的89.0%提升到96.7%.进一步,利用多面体差分神经网络区分器,我们改进了13轮的实际密钥恢复攻击.首先利用特定明文差分的密文数据集训练了8轮的2面体差分神经网络区分器和9轮的3面体差分神经网络区分器,然后利用概率性扩轮数、中性位扩概率等技术将区分器分别扩展到11轮,再利用贝叶斯优化的密钥搜索策略,实现了对Simeck32/64算法13轮的实际密钥恢复攻击,数据复杂度和时间复杂度分别为2^(17.7)和2^(32.8).与已有的攻击结果相比,复杂度分别减少为原来的1/2^(12)和1/2^(3).最后,我们对密钥恢复的几种策略进行了细致分析.本文提出的多面体差分神经网络区分器也可应用到其它分组密码算法分析中.Since the birth of AlphaGo,deep learning has made wide applications.At CRYPTO 2019,It was reported that deep learning was first applied to block cipher analysis,and the deep residual neural network was used to learn the difference distribution features of ciphertexts when the plaintexts have specific plaintext differences,then to construct a differential neural network distinguisher with a certain accuracy.In this paper,based on the idea of polytopic differential,a polytopic differential neural network distinguisher is proposed,which can further improve the accuracy.For example,for Simeck32/64,compared with the single differential neural network distinguisher,the accuracy of 8-round 3-polytopic differential neural network distinguisher can be improved from 89.0%to 96.7%.Moreover,with the help of the polytopic differential neural network distinguisher,we improve the practical key recovery attack of 13-rounds Simeck32/64.The data complexity and time complexity are 2^(17.7)and 2^(32.8),respectively.Compared with the best known results,they are only 2^{-12}and 2^(-3)times of previous complexities respectively.Finally,the key recovery strategy of polytopic differential attack based on deep learning is analyzed.It shows that the polytopic differential neural network distinguisher can also be applied to the analysis of other block ciphers.

关 键 词：深度学习 轻量级分组密码 多面体差分 Simeck32/64 

分 类 号：TN918.1[电子电信—通信与信息系统] TP18[电子电信—信息与通信工程]