Practical Attacks of Round-Reduced SIMON Based on Deep Learning

Abstract At CRYPTO’19, Gohr built a bridge between deep learning and cryptanalysis. Based on deep neural networks, he trained neural distinguishers of SPECK32/64. Besides, with the help of neural distinguishers, he attacked 11-round SPECK32/64 using Bayesian optimization. Compared with the traditional attack, its complexity was reduced. Although his work opened a new direction of machine learning aided cryptanalysis, there are still two research gaps that researchers are eager to fill in. (i) Can the attack using neural distinguishers be used to other block ciphers? (ii) Are there effective key recovery attacks on large-size block ciphers adopting neural distinguishers? In this paper, our core target is to propose an effective neural-aided key recovery policy to attack large-size block ciphers. For large-size block ciphers, it costs too much time in pre-computation, especially in wrong key response profile, which is the main reason why there are almost no neural aided attacks on large-size block ciphers. Fortunately, we find that there is a fatal flaw in the wrong key profile. In the some experiments of SIMON32/64 and SIMON48/96, there is a regular of change in response profiles, which implies that we can use partial response instead of the complete response. Based on this, we propose a generic key recovery attack scheme which can attack large-size block ciphers. As an application, we perform a key recovery attack on 13-round SIMON64/128, which is the first practical attack using neural distinguishers to large-size ciphers. In addition, we also attack 13-round SIMON32/64 and SIMON48/96, which also shows that the neural distinguishers can be used to other block ciphers.