Can neural cryptanalysis be applied to AES?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












12












$begingroup$


In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?










share|improve this question









$endgroup$







  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    Feb 18 at 12:36






  • 2




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    Feb 18 at 15:22















12












$begingroup$


In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?










share|improve this question









$endgroup$







  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    Feb 18 at 12:36






  • 2




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    Feb 18 at 15:22













12












12








12


5



$begingroup$


In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?










share|improve this question









$endgroup$




In this Wikipedia article about Neural cryptography (section applications) it states:




In 1995, Sebastien Dourlens applied neural networks to cryptanalyze DES by allowing the networks to learn how to invert the S-tables of the DES. The bias in DES studied through Differential Cryptanalysis by Adi Shamir is highlighted. The experiment shows about 50% of the key bits can be found, allowing the complete key to be found in a short time.




It could very well be that I misunderstood something, but I think that the same "attack" can't be used for AES, since the Inverse Rijndael S-box is public knowledge or am I wrong? Is AES designed this way to prevent an attack by inverting the S-box?







aes cryptanalysis des rijndael






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Feb 18 at 12:34









AleksanderRasAleksanderRas

2,7571834




2,7571834







  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    Feb 18 at 12:36






  • 2




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    Feb 18 at 15:22












  • 1




    $begingroup$
    The inverse S-box is useless if you don't have the key.
    $endgroup$
    – forest
    Feb 18 at 12:36






  • 2




    $begingroup$
    Possible duplicate of Any practical uses for machine learning for cryptography?
    $endgroup$
    – Ella Rose
    Feb 18 at 15:22







1




1




$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36




$begingroup$
The inverse S-box is useless if you don't have the key.
$endgroup$
– forest
Feb 18 at 12:36




2




2




$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose
Feb 18 at 15:22




$begingroup$
Possible duplicate of Any practical uses for machine learning for cryptography?
$endgroup$
– Ella Rose
Feb 18 at 15:22










1 Answer
1






active

oldest

votes


















24












$begingroup$

No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






share|improve this answer











$endgroup$












  • $begingroup$
    I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
    $endgroup$
    – Dylan
    Feb 19 at 16:35










  • $begingroup$
    @Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
    $endgroup$
    – fgrieu
    Feb 19 at 18:00










Your Answer





StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67402%2fcan-neural-cryptanalysis-be-applied-to-aes%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









24












$begingroup$

No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






share|improve this answer











$endgroup$












  • $begingroup$
    I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
    $endgroup$
    – Dylan
    Feb 19 at 16:35










  • $begingroup$
    @Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
    $endgroup$
    – fgrieu
    Feb 19 at 18:00















24












$begingroup$

No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






share|improve this answer











$endgroup$












  • $begingroup$
    I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
    $endgroup$
    – Dylan
    Feb 19 at 16:35










  • $begingroup$
    @Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
    $endgroup$
    – fgrieu
    Feb 19 at 18:00













24












24








24





$begingroup$

No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.






share|improve this answer











$endgroup$



No. Neuro-Cryptanalysis fails on serious ciphers, including DES and AES.



Sebastien Dourlens's Neuro-differential cryptanalysis of DES (in sections 5.4.2 and 5.4.3 of his 1996 mémoire) learns an S-box. Applied to Unix crypt (section 5.4.4), it memorizes passwords/hash pairs (by a training requiring "from several days to several years") and then merely performs a quick retrieval; something a hash table does routinely and quickly! Neither is relevant to cryptanalysis.



Mohammed M. Alani's Neuro-Cryptanalysis of DES and Triple-DES (in proceedings of ICONIP 2012) claims cryptanalysis of DES or 3DES from 2048 or 4096 examples in an hour of Matlab on a standard PC; but there is no indication that it recovers the key or is otherwise capable of predicting more input/output mappings than supplied in training (even though the later is a stated objective). My guess is that - at best - it performs similar plaintext/ciphertext memorization thru training.







share|improve this answer














share|improve this answer



share|improve this answer








edited Feb 18 at 14:04









Maarten Bodewes

55.3k679196




55.3k679196










answered Feb 18 at 13:42









fgrieufgrieu

81.4k7175346




81.4k7175346











  • $begingroup$
    I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
    $endgroup$
    – Dylan
    Feb 19 at 16:35










  • $begingroup$
    @Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
    $endgroup$
    – fgrieu
    Feb 19 at 18:00
















  • $begingroup$
    I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
    $endgroup$
    – Dylan
    Feb 19 at 16:35










  • $begingroup$
    @Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
    $endgroup$
    – fgrieu
    Feb 19 at 18:00















$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35




$begingroup$
I think its important to note, that Neuro-Cryptanalysis has failed so far on serious ciphers.
$endgroup$
– Dylan
Feb 19 at 16:35












$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00




$begingroup$
@Dylan: Neuro-Cryptanalysis as in these papers (thus as in the question) examines the cipher as a black box, without a description of its internals. That's dooms such Neuro-Cryptanalysis, putting it at a tremendous disadvantage compared to traditional cryptanalysis, and automated cryptanalysis crunching a description of the cipher (e.g. encoded as a satisfiability problem).
$endgroup$
– fgrieu
Feb 19 at 18:00

















draft saved

draft discarded
















































Thanks for contributing an answer to Cryptography Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f67402%2fcan-neural-cryptanalysis-be-applied-to-aes%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?