Improved Machine Learning Assisted (Related-key) Differential Distinguishers For Lightweight Ciphers

At CRYPTO 2019, Gohr first proposes a deep learning based attack on round-reduced Speck32/64. It is an all-in-one differential approach under the Markov assumption. Then Baksi presents the method for non-Markov ciphers and applies it to Gimli by simulating the all-in-one differentials. However, all studies are still only for single-key differential distinguishers and the selection of input difference is based on traditional cryptanalysis. Inspired by the work of Gohr and Baksi, we extend and apply machine learning techniques to related-key differential distinguishers for the first time and propose a novel approach to develop (related-key) differential distinguishers without using prior cryptanalysis. We experimentally show that the differences with low Hamming weights are more suitable for building distinguishers. Then we present an exhaustive algorithm and a greedy algorithm to find an appreciable difference for the distinguisher. Finally, to obtain a suitable machine model for distinguishers, we adopt a Bayesian optimization tool named Hyperopt for parameter optimization and model selection. As proof of works, we apply our method to round-reduced Speck32/64, Present64/80 and get some improved cryptanalysis results.