高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于深度学习的LBlock安全性分析及其应用

杨小东 李锴彬 杜小妮 梁丽芳 贾美纯

杨小东, 李锴彬, 杜小妮, 梁丽芳, 贾美纯. 基于深度学习的LBlock安全性分析及其应用[J]. 电子与信息学报, 2023, 45(10): 3745-3751. doi: 10.11999/JEIT221003
引用本文: 杨小东, 李锴彬, 杜小妮, 梁丽芳, 贾美纯. 基于深度学习的LBlock安全性分析及其应用[J]. 电子与信息学报, 2023, 45(10): 3745-3751. doi: 10.11999/JEIT221003
YANG Xiaodong, LI Kaibin, DU Xiaoni, LIANG Lifang, JIA Meichun. Security Analysis of LBlock and Its Application Based on Deep Learning[J]. Journal of Electronics & Information Technology, 2023, 45(10): 3745-3751. doi: 10.11999/JEIT221003
Citation: YANG Xiaodong, LI Kaibin, DU Xiaoni, LIANG Lifang, JIA Meichun. Security Analysis of LBlock and Its Application Based on Deep Learning[J]. Journal of Electronics & Information Technology, 2023, 45(10): 3745-3751. doi: 10.11999/JEIT221003

基于深度学习的LBlock安全性分析及其应用

doi: 10.11999/JEIT221003
基金项目: 国家自然科学基金(62172337),广西密码学与信息安全重点实验室研究课题(GCI201910)
详细信息
    作者简介:

    杨小东:男,博士/博士后,教授,研究方向为应用密码学与信息安全

    李锴彬:男,硕士生,研究方向为分组密码

    杜小妮:女,博士/博士后,教授,研究方向为应用密码学

    梁丽芳:女,硕士生,研究方向为应用密码学

    贾美纯:女,硕士生,研究方向为应用密码学

    通讯作者:

    杜小妮 ymldxn@126.com

  • 中图分类号: TN915.08; TP309.7

Security Analysis of LBlock and Its Application Based on Deep Learning

Funds: The National Natural Science Foundation of China (62172337), Guangxi Key Laboratory of Cryptography and Information Security (GCI201910)
  • 摘要: 目前通过深度学习对轻量级分组密码进行安全性分析正成为一个全新的研究热点。Gohr在2019年的美密会上首次将深度学习应用于分组密码安全性分析(doi: 10.1007/978-3-030-26951-7_6),利用卷积神经网络学习固定输入差分的密文差分分布特征,从而构造出高精度的神经网络区分器。LBlock算法是一种具有优良软硬件实现效率的轻量级分组密码算法,自算法发表以来受到了研究者的广泛关注。该文基于残差网络,构造了减轮LBlock差分神经网络区分器,所得7轮和8轮区分器模型的精度分别是0.999和0.946。进一步利用构造的9轮区分器,提出了针对11轮LBlock的密钥恢复攻击方案。实验结果表明,当密码算法迭代轮数较少时,该方案进行攻击时无需单独考虑S盒,相比于传统攻击方案具有方案流程简单和易于实现等特点,并且在数据复杂度和时间复杂度方面具有较大的优越性。
  • 图  1  LBlock分组密码算法

    图  2  残差网络区分器模型

    图  3  ${\varDelta _x} = 0x0/0x4$的7轮LBlock神经网络区分器的性能度量

    图  4  ${\varDelta _x} = 0x0/0x2$ 的8轮LBlock神经网络区分器的性能度量

    图  5  $ {\Delta _x} = 0x0/0x1 $ 的9轮LBlock神经网络区分器的性能度量

    图  6  LBlock11轮密钥恢复攻击错误密钥均值分布

    表  1  LBlock的11轮密钥恢复攻击复杂度对比

    方案来源数据复杂度时间复杂度
    文献[14]249252
    文献[15]248259
    本文方案223.41229.03
    下载: 导出CSV
    算法1 神经网络区分器的构造
     输入:样本数量$ n $,输入差分${\varDelta _x}$
     输出:$ {\text{model}} $
     (1) 随机生成数量为$ n $的$ ({P_0},{P_1}) $和$ K $,$({P'_0} ,{P'_1}) = ({P_0},{P_1}) \oplus {\varDelta _x}$
     (2) 通过密钥扩展算法生成子密钥$ {K^i} $
     (3) 分别对$ ({P_0},{P_1}),({P_0}^\prime ,{P_1}^\prime ) $使用LBlock加密,得到相对应的
     密文$ ({C_0},{C_1}),({C_0}^\prime ,{C_1}^\prime ) $,构成训练集和验证集的数据部分
     (4) 将$ ({C_0},{C_1}) $的标签$ Y $标为0,为负样本;$ ({C_0}^\prime ,{C_1}^\prime ) $的标签
     $ Y $标为1,为正样本
     (5) $ {\text{Traindata}} \leftarrow (({C_0},{C_1},{C_0}^\prime ,{C_1}^\prime ),Y) $
     (6) $ {\text{model}} \leftarrow {\text{TrainDistinguisher}}({\text{Traindata}}) $
     (7) return $ {\text{model}} $
    下载: 导出CSV

    表  2  LBlock 7~9轮区分器模型的性能指标

    迭代轮数(r)训练轮数(epoch)输入差分${\varDelta _x}$精度(acc) (%)损失率(loss) (%)训练时间(s)
    7200x0/0x199.630.371 240
    0x0/0x299.570.44574
    0x0/0x499.960.051 251
    0x0/0x899.910.101 220
    0x0/0x4099.910.101 212
    0x0/0x8099.930.071 211
    8300x0/0x194.344.671 812
    0x0/0x294.584.531 828
    0x0/0x493.575.271 820
    0x0/0x893.585.371 810
    0x0/0x4093.945.091 815
    0x0/0x8093.545.391 821
    9500x0/0x165.5321.052 926
    0x0/0x265.4321.093 000
    0x0/0x462.5322.063 068
    0x0/0x861.6822.261 832
    0x0/0x4064.7921.482 934
    0x0/0x8064.6121.483 015
    下载: 导出CSV
    算法2 密钥恢复攻击
     输入:样本数量$ n $,输入差分${\varDelta _x}$,$ {\text{model}} $
     输出:候选密钥的概率
     (1) 随机生成数量为$ n $的$ ({P_0},{P_1}) $和$ K $,$({P'_0} ,{P'_1} ) = ({P_0},{P_1}) \oplus {\varDelta _x}$
     (2) 通过密钥扩展算法生成子密钥$ {K^i} $
     (3) $({P'_0} ,{P'_1} )$使用LBlock加密,得到相对应的密文$({C'_0} ,{C'_1} )$
     (4) for $ i \in \{ 1,{\text{ }}n\} $ do
     (5) 对密文对$({C'_0} ,{C'_1})$分别使用LBlock解密一轮,得到$ ({x_0},{x_1}) $
     (6) 将$ ({x_0},{x_1}) $放入$ {\text{model}} $中,得到概率$ {\omega ^i} $
     (7) end for
     (8) 按$ {\omega ^i} $的大小降序排列
    下载: 导出CSV
  • [1] BIHAM E and SHAMIR A. Differential cryptanalysis of DES-like cryptosystems[J]. Journal of Cryptology, 1991, 4(1): 3–72. doi: 10.1007/BF00630563
    [2] HOSPODAR G, GIERLICHS B, DE Mulder E, et al. Machine learning in side-channel analysis: A first study[J]. Journal of Cryptographic Engineering, 2011, 1(4): 293–302. doi: 10.1007/s13389-011-0023-x
    [3] DAEMEN J and RIJMEN V. The Rijndael block cipher: AES proposal[C]. The First Candidate Conference (AeS1), Alexandria, USA, 1999: 343–348.
    [4] ALANI M M. Neuro-cryptanalysis of DES and triple-DES[C]. Proceedings of the 19th International Conference on Neural Information Processing, Doha, Qatar, 2012: 637–646.
    [5] HU Xinyi and ZHAO Yaqun. Research on plaintext restoration of AES based on neural network[J]. Security and Communication Networks, 2018, 2018: 6868506. doi: 10.1155/2018/6868506
    [6] GOHR A. Improving attacks on round-reduced speck32/64 using deep learning[C]. The 39th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 2019: 150–179.
    [7] BENAMIRA A, GERAULT D, PEYRIN T, et al. A deeper look at machine learning-based cryptanalysis[C]. The 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Zagreb, Croatia, 2021: 805–835.
    [8] SU Hengchuan, ZHU Xuanyong, and MING Duan. Polytopic attack on round-reduced simon32/64 using deep learning[C]. The 16th International Conference on Information Security and Cryptology, Guangzhou, China, 2020: 3–20.
    [9] 宿恒川, 朱宣勇, 段明. 基于PU分类的差分区分器及其应用[J]. 密码学报, 2021, 8(2): 330–337. doi: 10.13868/j.cnki.jcr.000441

    SU Hengchuan, ZHU Xuanyong, and DUAN Ming. Differential distinguisher based on PU learning and its application[J]. Journal of Cryptologic Research, 2021, 8(2): 330–337. doi: 10.13868/j.cnki.jcr.000441
    [10] HOU Zezhou, REN Jiongjiong, and CHEN Shaozhen. Improve neural distinguisher for cryptanalysis[EB/OL]. https://eprint.iacr.org/2021/1017, 2021.
    [11] CHEN Yi, SHEN Yantian, YU Hongbo, et al. Neural aided statistical attack for cryptanalysis[EB/OL]. https://eprint.iacr.org/2020/1620, 2020.
    [12] BAKSI A. Machine learning-assisted differential distinguishers for lightweight ciphers[M]. BAKSI A. Classical and Physical Security of Symmetric Key Cryptographic Algorithms. Singapore: Springer, 2022: 141–162.
    [13] WU Wenling and ZHANG Lei. LBlock: A lightweight block cipher[C]. The 9th International Conference on Applied Cryptography and Network Security, Nerja, Spain, 2011: 327–344.
    [14] XIE M, LI Jingjing, and ZANG Yuechuan. Related-key impossible differential cryptanalysis of LBlock[J]. Chinese Journal of Electronics, 2017, 26(1): 35–41. doi: 10.1049/cje.2016.06.031
    [15] CAO Wenqin and ZHANG Wentao. Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers[J]. Cybersecurity, 2021, 4(1): 32. doi: 10.1186/s42400-021-00096-4
    [16] HE Kaiming, ZHANG Xiangyu, REN Shaoqing, et al. Deep residual learning for image recognition[C]. 2016 IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, 2016: 770–778.
    [17] ZHOU Chunning, ZHANG Wentao, DING Tianyou, et al. Improving the MILP-based security evaluation algorithm against differential/linear cryptanalysis using a divide-and-conquer approach[J]. IACR Transactions on Symmetric Cryptology, 2020, 2019(4): 438–469. doi: 10.13154/tosc.v2019.i4.438-469
  • 加载中
图(6) / 表(4)
计量
  • 文章访问数:  726
  • HTML全文浏览量:  271
  • PDF下载量:  178
  • 被引次数: 0
出版历程
  • 收稿日期:  2022-07-28
  • 修回日期:  2022-09-02
  • 网络出版日期:  2022-09-06
  • 刊出日期:  2023-10-31

目录

    /

    返回文章
    返回