Enhancing Deep Learning-Based Rotational-XOR Attacks on Lightweight Block Ciphers Simon32/64 and Simeck32/64
Chengcai Liu, Siwei Chen, Zejun Xiang, Shasha Zhang, Xiangyong Zeng
TL;DR
The work targets the problem of enhancing deep-learning–based rotational-XOR cryptanalysis on lightweight ciphers by designing efficient RX-neural distinguishers and enabling related-key key-recovery. It introduces two fundamental data formats, $\mathscr{D}_1$ and $\mathscr{D}_2$, and conducts a comprehensive search over half RX-differences with low Hamming weight to build high-accuracy RX-neural distinguishers. By removing redundant components via bit sensitivity testing, employing multi-ciphertext data formats, and applying staged training, the authors extend RX-neural distinguishers to 13 rounds for Simon32/64 and 16 rounds for Simeck32/64, and achieve 14- and 17-round distinguishers respectively, surpassing prior results. They further demonstrate neural-based key-recovery under related-key settings: for Simon32/64, 14-round and 15-round attacks with Bayesian recovery; for Simeck32/64, JWKR–assisted attacks recover parts of the key up to 16–17 rounds, achieving practical results and establishing the first related-key neural key-recovery attacks for these ciphers. The findings offer new insights into RX-neural cryptanalysis and suggest directions for applying related-key neural techniques to other block ciphers.
Abstract
At CRYPTO 2019, Gohr pioneered neural cryptanalysis by introducing differential-based neural distinguishers to attack Speck32/64, establishing a novel paradigm combining deep learning with differential cryptanalysis.Since then, constructing neural distinguishers has become a significant approach to achieving the deep learning-based cryptanalysis for block ciphers.This paper advances rotational-XOR (RX) attacks through neural networks, focusing on optimizing distinguishers and presenting key-recovery attacks for the lightweight block ciphers Simon32/64 and Simeck32/64.In particular, we first construct the fundamental data formats specially designed for training RX-neural distinguishers by refining the existing data formats for differential-neural distinguishers. Based on these data formats, we systematically identify optimal RX-differences with Hamming weights 1 and 2 that develop high-accuracy RX-neural distinguishers. Then, through innovative application of the bit sensitivity test, we achieve significant compression of data format without sacrificing the distinguisher accuracy. This optimization enables us to add more multi-ciphertext pairs into the data formats, further strengthening the performance of RX-neural distinguishers. As an application, we obtain 14- and 17-round RX-neural distinguishers for Simon32/64 and Simeck32/64, which improves the previous ones by 3 and 2 rounds, respectively.In addition, we propose two novel techniques, key bit sensitivity test and the joint wrong key response, to tackle the challenge of applying Bayesian's key-recovery strategy to the target cipher that adopts nonlinear key schedule in the related-key setting without considering of weak-key space. By this, we can straightforwardly mount a 17-round key-recovery attack on Simeck32/64 based on the improved 16-round RX-nerual distinguisher. To the best of our knowledge, the presented RX-neural......