基于神经网络区分器的SIMON-like算法参数安全性评估  

作　　者：侯泽洲 任炯炯 陈少真[1,2] HOU Zezhou;REN Jiongjiong;CHEN Shaozhen(Information Engineering University,Zhengzhou 450001,China;State Key Laboratory of Cryptology,Beijing 100878,China)

机构地区：[1]信息工程大学,河南郑州450001 [2]密码科学技术国家重点实验室,北京100878

出　　处：《网络与信息安全学报》2023年第2期154-163,共10页Chinese Journal of Network and Information Security

基　　金：数学工程与先进计算国家重点实验室开放基金(2019A08)。

摘　　要：神经网络区分器作为一种新的可被应用于密码算法安全性分析的工具,一经提出便被应用于多种密码算法的安全性分析。对于SIMON-like算法,其循环移位参数的选择有多种。利用神经网络区分器对分组长度为32 bit的SIMON-like算法的循环移位参数(a,b,c)的安全性进行了研究,并给出了好的循环移位参数选择。利用Kölbl等在CRYPTO2015中提出的SIMON-like算法仿射等价类思想,将分组长度为32 bit的SIMON-like算法的循环移位参数划分至509个等价类,并选择其中使gcd(a-b,2)=1成立的240个等价类进行研究。针对240个等价类的代表元构建了自动化搜索差分路径的SAT/SMT模型,并利用SAT/SMT求解器搜索了不同代表元的多轮最佳差分路径。利用搜索得到的最佳差分路径的输入差分训练了神经网络区分器,选择其中准确率最高的神经网络区分器作为代表元的神经网络区分器,统计了不同代表元的神经网络区分器准确率。发现Kölbl等给出的20个最佳循环参数并不能使神经网络区分器的准确率最低,而且其中4个循环移位参数对应的神经网络区分器的准确率超过了80%,这意味着这4个循环移位参数抗神经网络区分器的能力是差的。综合考虑Kölbl等的选择和不同代表元的神经网络区分器准确率,给出了3个好的循环移位参数选择,即(6,11,1)、(1,8,3)和(6,7,5)。The neural distinguisher is a new tool widely used in crypto analysis of some ciphers.For SIMON-like block ciphers,there are multiple choices for their parameters,but the reasons for designer’s selection remain unexplained.Using neural distinguishers,the security of the parameters(a,b,c)of the SIMON-like with a block size of 32 bits was researched,and good choices of parameters were given.Firstly,using the idea of affine equivalence class proposed by Kölbl et al.in CRYPTO2015,these parameters can be divided into 509 classes.And 240 classes which satisfied gcd(a-b,2)=1 were mainly researched.Then a SAT/SMT model was built to help searching differential characteristics for each equivalent class.From these models,the optimal differential characteristics of SIMON-like was obtained.Using these input differences of optimal differential characteristics,the neural distinguishers were trained for the representative of each equivalence class,and the accuracy of the distinguishers was saved.It was found that 20 optimal parameters given by Kölbl et al.cannot make the neural distinguishers the lowest accuracy.On the contrary,there were 4 parameters,whose accuracy exceeds 80%.Furthermore,the 4 parameters were bad while facing neural distinguishers.Finally,comprehensively considering the choice of Kölbl et al.and the accuracy of different neural distinguishers,three good parameters,namely(6,11,1),(1,8,3),and(6,7,5)were given.

关 键 词：SIMON-like 仿射等价类 神经网络区分器 循环移位参数 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]