基于神经区分器的KATAN48算法条件差分分析方法

Conditional differential cryptanalysis method of KATAN48 algorithm based on neural distinguishers

针对KATAN48算法的安全性分析问题,提出了一种基于神经区分器的KATAN48算法条件差分分析方法。首先,研究了多输出差分神经区分器的基本原理,并将它应用于KATAN48算法,根据KATAN48算法的数据格式调整了深度残差神经网络的输入格式和超参数;其次,建立了KATAN48算法的混合整数线性规划(MILP)模型,并用该模型搜索了前加差分路径及相应的约束条件;最后,利用多输出差分神经区分器,至多给出了80轮KATAN48算法的实际密钥恢复攻击结果。实验结果表明,在单密钥下,KATAN48算法的实际攻击的轮数提高了10轮,可恢复的密钥比特数增加了22比特,数据复杂度和时间复杂度分别由2^(34)和2^(34)降至2^(16.39)和2^(19.68)。可见,相较于前人单密钥下的实际攻击,所提方法能够有效增加攻击轮数和可恢复的密钥比特数,同时降低攻击的计算复杂度。

Aiming at the security analysis problem of KATAN48 algorithm,a conditional differential cryptanalysis method of KATAN48 algorithm based on neural distinguishers was proposed.First,the basic principle of multiple output differences neural distinguishers was studied and applied to KATAN48 algorithm.According to the data format of KATAN48algorithm,the input format and hyperparameters of the deep residual neural network were adjusted.Then,the Mixed-Integer Linear Programming(MILP) model of KATAN48 algorithm was established to search the prepended differential paths and the corresponding constraint conditions.At last,using the multiple output differences neural distinguishers,at most 80-round of the practical key recovery attack results of KATAN48 algorithm were given.Experimental results show that in the single key setting,the number of practical attack rounds of KATAN48 algorithm is increased by 10 rounds,the number of recoverable key bits of KATAN48 algorithm is increased by 22 bit and the data complexity and time complexity of KATAN48 algorithm are reduced from 2~(34) and 2~(34) to 2~(16.39) and 2~(19.68) respectively.Compared to the previous practical attack at the single-key setting,the proposed method can effectively increase the number of attack rounds and recoverable key bits,and reduces the computational complexity of attack.