Paper 2021/287

A Deeper Look at Machine Learning-Based Cryptanalysis

Adrien Benamira, David Gerault, Thomas Peyrin, and Quan Quan Tan

Abstract

At CRYPTO'19, Gohr proposed a new cryptanalysis strategy based on the utilisation of machine learning algorithms. Using deep neural networks, he managed to build a neural based distinguisher that surprisingly surpassed state-of-the-art cryptanalysis efforts on one of the versions of the well studied NSA block cipher speck (this distinguisher could in turn be placed in a larger key recovery attack). While this work opens new possibilities for machine learning-aided cryptanalysis, it remains unclear how this distinguisher actually works and what information is the machine learning algorithm deducing. The attacker is left with a black-box that does not tell much about the nature of the possible weaknesses of the algorithm tested, while hope is thin as interpretability of deep neural networks is a well-known difficult task. In this article, we propose a detailed analysis and thorough explanations of the inherent workings of this new neural distinguisher. First, we studied the classified sets and tried to find some patterns that could guide us to better understand Gohr's results. We show with experiments that the neural distinguisher generally relies on the differential distribution on the ciphertext pairs, but also on the differential distribution in penultimate and antepenultimate rounds. In order to validate our findings, we construct a distinguisher for speck cipher based on pure cryptanalysis, without using any neural network, that achieves basically the same accuracy as Gohr's neural distinguisher and with the same efficiency (therefore improving over previous non-neural based distinguishers). Moreover, as another approach, we provide a machine learning-based distinguisher that strips down Gohr's deep neural network to a bare minimum. We are able to remain very close to Gohr's distinguishers' accuracy using simple standard machine learning tools. In particular, we show that Gohr's neural distinguisher is in fact inherently building a very good approximation of the Differential Distribution Table (DDT) of the cipher during the learning phase, and using that information to directly classify ciphertext pairs. This result allows a full interpretability of the distinguisher and represents on its own an interesting contribution towards interpretability of deep neural networks. Finally, we propose some method to improve over Gohr's work and possible new neural distinguishers settings. All our results are confirmed with experiments we have been conducted on speck block cipher (source code available online).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in Eurocrypt 2021
Keywords
Differential CryptanalysisSPECKMachine LearningDeep Neural NetworksInterpretability
Contact author(s)
adrien002 @ e ntu edu sg
dagerault @ gmail com
thomas peyrin @ ntu edu sg
quanquan001 @ e ntu edu sg
History
2021-03-22: last of 2 revisions
2021-03-07: received
See all versions
Short URL
https://ia.cr/2021/287
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/287,
      author = {Adrien Benamira and David Gerault and Thomas Peyrin and Quan Quan Tan},
      title = {A Deeper Look at Machine Learning-Based Cryptanalysis},
      howpublished = {Cryptology ePrint Archive, Paper 2021/287},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/287}},
      url = {https://eprint.iacr.org/2021/287}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.