基于深度学习的LBlock安全性分析及其应用  

作　　者：杨小东 李锴彬[1,4] 杜小妮 梁丽芳 贾美纯[3,4] YANG Xiaodong;LI Kaibin;DU Xiaoni;LIANG Lifang;JIA Meichun(College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070,China;Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;College of Mathematics and Statistic,Northwest Normal University,Lanzhou 730070,China;Key Laboratory of Cryptography and Data Analytics,Northwest Normal University,Lanzhou 730070,China)

机构地区：[1]西北师范大学计算机科学与工程学院,兰州730070 [2]桂林电子科技大学广西密码学与信息安全重点实验室,桂林541004 [3]西北师范大学数学与统计学院,兰州730070 [4]西北师范大学密码技术与数据分析重点实验室,兰州730070

出　　处：《电子与信息学报》2023年第10期3745-3751,共7页Journal of Electronics & Information Technology

基　　金：国家自然科学基金(62172337);广西密码学与信息安全重点实验室研究课题(GCI201910)。

摘　　要：目前通过深度学习对轻量级分组密码进行安全性分析正成为一个全新的研究热点。Gohr在2019年的美密会上首次将深度学习应用于分组密码安全性分析(doi:10.1007/978-3-030-26951-7_6),利用卷积神经网络学习固定输入差分的密文差分分布特征,从而构造出高精度的神经网络区分器。LBlock算法是一种具有优良软硬件实现效率的轻量级分组密码算法,自算法发表以来受到了研究者的广泛关注。该文基于残差网络,构造了减轮LB-lock差分神经网络区分器,所得7轮和8轮区分器模型的精度分别是0.999和0.946。进一步利用构造的9轮区分器,提出了针对11轮LBlock的密钥恢复攻击方案。实验结果表明,当密码算法迭代轮数较少时,该方案进行攻击时无需单独考虑S盒,相比于传统攻击方案具有方案流程简单和易于实现等特点,并且在数据复杂度和时间复杂度方面具有较大的优越性.Currently,the security analysis of lightweight block ciphers by using deep learning is becoming a new research hotspot.At the Crypto2019,Gohr first applied deep learning to the security analysis of block ciphers,the high-accuracy neural distinguisher is constructed,which used convolutional neural networks to learn the ciphertext distribution of the given input differentials.LBlock is a lightweight block cipher with excellent software and hardware implementation efficiency,which attracted extensive attention from scholars since its publication.In this paper,with the application of the residual network,a round-reduced neural differential distinguisher of LBlock is constructed,in which the accuracy of the 7-round and 8-round distinguishers reach 0.999 and 0.946,respectively.Moreover,based on the 9-round neural distinguisher,a key recovery attack scheme against 11-round LBlock is proposed.Experiment results show that under the case of the number of iteration rounds of the algorithm is small,the scheme need not consider the S-box separately.Compared with the traditional attack schemes,the new scheme is not only simpler and easy to be implemented,but also possess great advantages on data complexity and time complexity.

关 键 词：LBlock 差分区分器 深度学习 密钥恢复攻击 

分 类 号：TN915.08[电子电信—通信与信息系统] TP309.7[电子电信—信息与通信工程]