Lightweight Block Cipher Security Evaluation Based on Machine Learning Classifiers and Active S-Boxes

Abstract

Machine learning has recently started to gain the attention of cryptographic researchers, notably in block cipher cryptanalysis. Most of these machine learning-based approaches are black box attacks that are cipher-specific. Thus, more research is required to understand the capabilities and limitations of machine learning when being used to evaluate block cipher security. We contribute to this body of knowledge by investigating the capability of linear and nonlinear machine learning classifiers in evaluating block cipher security. We frame block cipher security evaluation as a classification problem, whereby the machine learning models attempt to classify a given block cipher output as secure or insecure based on the number of active S-boxes. We also train the machine learning models with common block cipher features such as truncated differences, the number of rounds, and permutation pattern. Various experiments were performed on small-scale (4-branch) generalized Feistel ciphers to identify the best performing machine learning model for the given security evaluation problem. Results show that nonlinear machine learning models outperform linear models, achieving a prediction accuracy of up to 93% when evaluating inputs from ciphers that they have seen before during training. When evaluating inputs from other unseen ciphers, nonlinear models again outperformed linear models with an accuracy of up to 71%. We then showcase the feasibility of our approach when used to evaluate a real-world 16-branch generalized Feistel cipher, TWINE. By training the best performing nonlinear classifiers (k-nearest neighbour and decision tree) using data from other similar ciphers, the nonlinear classifiers achieved a 74% accuracy when evaluating differential data generated from TWINE. In addition, the trained classifiers were capable of generalizing to a larger number of rounds than they were trained for. Our findings showcase the feasibility of using simple machine learning classifiers as a security evaluation tool to assess block cipher security.