ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2021, Vol. 58 ›› Issue (5): 1056-1064.doi: 10.7544/issn1000-1239.2021.20200900

所属专题: 2021人工智能安全与隐私保护技术专题

• 信息安全 • 上一篇    下一篇



  1. (广西可信软件重点实验室(桂林电子科技大学) 广西桂林 541004) (
  • 出版日期: 2021-05-01
  • 基金资助: 

Security Analysis of SIMON32/64 Based on Deep Learning

Wang Huijiao, Cong Peng, Jiang Hua, Wei Yongzhuang   

  1. (Guangxi Key Laboratory of Trusted Software (Guilin University of Electronic Technology), Guilin, Guangxi 541004)
  • Online: 2021-05-01
  • Supported by: 
    This work was supported by the Guangxi Natural Science Foundation (2019GXNSFGA245004), the Science and Technology Major Project of Guangxi (Guike AA18118025), and the Project of Guangxi Key Laboratory of Trusted Software (KX202056).

摘要: 轻量级分组密码的安全性分析越来越倾于向自动化和智能化的方向发展.目前基于深度学习对轻量级分组密码进行安全性分析正在成为一个全新的研究热点.针对由美国国家安全局在2013年发布的一款轻量级分组密码SIMON算法,将深度学习技术应用于SIMON32/64的安全性分析.分别采用前馈神经网络和卷积神经网络模拟多差分密码分析当中的单输入差分-多输出差分情形,设计了应用于SIMON32/64的6~9轮深度学习区分器,并比较了2种神经网络结构在不同条件下的优劣.通过对前馈神经网络和卷积神经网络的7轮深度学习区分器向前向后各扩展1轮,提出了针对9轮SIMON32/64的候选密钥筛选方法.实验结果证实:采用128个选择明文对,可以成功地将65535个候选密钥筛选在675个以内.这说明基于深度学习的差分区分器相比传统差分区分器需要更少的时间复杂度和数据复杂度.

关键词: SIMON32/64, 深度学习, 差分密码分析, 区分器, 候选密钥筛选

Abstract: With the rapid development of the Internet of Things, lightweight block cipher provides a solid foundation for the data security in various resource constrained environments. Currently, the security analysis of lightweight block ciphers tends to be more and more automated and intelligent. Applying deep learning to analyze the security of lightweight block ciphers appears to be a new research hotspot in this area. In this paper, the neural network technology is used to the security analysis of SIMON32/64, a lightweight block cipher algorithm released by the National Security Agency (NSA) in 2013. The feedforward neural network and the convolutional neural network are used to simulate the case of single input differential to multi output differential in multi differential cryptanalysis. Some deep learning distinguishers of 6-round (or even 9-round) reduced SIMON32/64 are designed, and both the advantages and disadvantages of the two neural network structures under different conditions are investigated. A candidate key sieving method for the 9-round reduced SIMON32/64 is also presented by extending the 7-round distinguisher of the feed-forward and the convolution neural networks, where one round forward and one round backward of this 7-round distinguisher are respectively considered. The experimental results show that 65535 candidate keys were dramatically reduced to 675 by only using 128 chosen plaintext pairs. Compared with the traditional differential distinguishers of reduced SIMON32/64, the new distinguishers combined with deep learning notably reduce both the time complexity and data complexity.

Key words: SIMON32/64, deep learning, differential cryptanalysis, distinguisher, candidate key sieving