Paper 2021/719

Conditional Differential-Neural Cryptanalysis

Zhenzhen Bao and Jian Guo and Meicheng Liu and Li Ma and Yi Tu

Abstract

In CRYPTO 2019, Gohr introduced deep learning into cryptanalysis, and for the first time successfully applied it to key recovery attacks on Speck32/64 reduced to 11 and 12 rounds, with complexities comparable with traditional differential cryptanalysis. In this paper, we introduce the technique of generalized neutral bits into Gohr's framework, and successfully mount the first practical key recovery attacks against 13-round Speck32/64 with time $2^{48}$ and data $2^{29}$ for a success rate of 0.21. Compared against the best differential attacks in literature with time $2^{51}$ for 12 rounds or impractical time $2^{57}$ on a single GPU for 13 rounds, the full implementation of our 13-round attack is able to complete execution within 3 days. We also extend the framework to Simon32/64, and reduce the data complexity for the practical 16-round attack from 1/6 of the codebook to $2^{21}$. This is arguably the first time to witness deep learning based cryptanalysis having a considerable advantage over traditional methods.